| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
These two functions were almost identical. Better to maintain them
as a single function.
Conflicts:
src/responder/common/responder_common.c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code will now attempt first to see if it has privilege to set
the value as specified, and if not it will fall back to the
previous behavior. So on systems with the CAP_SYS_RESOURCE
capability granted to SSSD, it will be able to ignore the
limits.conf hard limit.
https://fedorahosted.org/sssd/ticket/1197
Conflicts:
src/config/SSSDConfig.py
src/config/SSSDConfigTest.py
src/config/etc/sssd.api.conf
|
|
|
|
|
|
|
| |
This patch will increase the file descriptor limit to 8k or the
limits.conf maximum, whichever is lesser.
https://fedorahosted.org/sssd/ticket/1197
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Also fixes the same problem with set_close_on_exec
https://fedorahosted.org/sssd/ticket/713
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/540
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the second attempt to let the PAM client and the PAM responder
exchange their credentials, i.e. uid, gid and pid. Because this approach
does not require any message interchange between the client and the
server the protocol version number is not changed.
On the client side the connection is terminated it the responder is not
run by root. On the server side the effective uid and gid and the pid of
the client are available for future use.
The following additional changes are made by this patch:
- the checks of the ownership and the permissions on the PAM sockets are
enhanced
- internal error codes are introduced on the client side to generate
more specific log messages if an error occurs
|
|
|
|
| |
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
|
|
|
|
| |
This commit completes the migration to a synchronous sysdb
|
|
|
|
|
|
|
| |
- catch all errors of send() and recv(), not only EAGAIN
- check if send() or recv() return EWOULDBLOCK or EINTR
- remove unused parameter from client_send() and client_recv()
- fix a debugging message
|
|
|
|
|
|
| |
buf needs to be 32 bit aligned on ARM. Also made the fix on the server side.
Signed-off-by: George McCollister <George.McCollister@gmail.com>
|
|
|
|
|
| |
- check if the public socket belongs to root and has 0666 permissions
- use a SCM_CREDENTIALS message if available
|
|
|
|
|
|
| |
Logs from confdb with missing '\n' in the DEBUG statements annoyed me so
I decided to fix them. I also made a quick grep through the code and
found other places so I fixed them too.
|
|
|
|
|
|
| |
This was a holdover from when the DP and the providers were unique
processes. The NSS and PAM registrations do not need to send the
domain, as it is not ambiguous which one they are talking to.
|
|
Also update BUILD.txt
|