| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
Sometimes a UID/GID value was printed using the %d format specifier
which caused overflows for very large values of ID.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1359
|
|
|
|
| |
This reverts commit 1dc7694a1cbc62b0d7e23cc1369579e5ce0071e8.
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2169
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also fixes several corner cases and crashers.
It's not prudent to pass user input to (even admin) input as a
format string to printf, and various distros now check for this.
This can cause accessing memory incorrectly, and various also
various libc abort()'s.
In addition various assumptions were made about full_name_format
that aren't necessarily the case if the user uses a more complex
format.
Use safe-printf.c implementation for formatting full_name_format.
Adapt the NSS resolver so it doesn't barf on formatted strings that
are shorter than expected given a full_name_format.
Tests added and updated appropriately.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch makes sure that a completely lower-cased version of a fully
qualified name is used for case insensitive searches. Currently there
are code paths where the domain name was used as configured and was not
lower-cased.
To make sure this patch does not break with old entries in the cache or
case sensitive domains a third template was added to the related filters
templates which is either filled with a completely lower-cased version or
with the old version. The other two template values are unchanged.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
struct nss_cmd_ctx was not released in function nss_cmd_setnetgrent_done
and it wasn't used in the other function, because getnetgrent creates its own
nss_cmd_ctx context. struct nss_cmd_ctx was released after closing client
because it was allocated under client context. Memory leak is apparent with
long living clients.
Resolves:
https://fedorahosted.org/sssd/ticket/2170
|
| |
|
|
|
|
|
| |
resolves:
https://fedorahosted.org/sssd/ticket/1359
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
sss_packet_get_status() will currently only used to test if packets have
the right status set.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
resolves:
https://fedorahosted.org/sssd/ticket/1359
|
|
|
|
|
|
|
|
|
|
| |
Some groups could be skipped, but packet length was not trimmed.
This is a reason why valgrind reported access to uninitialised bytes.
Actually, it isn't a problem, because the first uint32 in body is number of
sended gids.
Resolves:
https://fedorahosted.org/sssd/ticket/2138
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2133
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2133
|
|
|
|
| |
Changing style of including header files from outside of sssd tree - from "header.h" to <header.h>
|
| |
|
| |
|
|
|
|
|
|
|
| |
The code wrote into the middle of the packet to a space that was already
reserved and allocated but then still advanced the pointer to the buffer.
https://fedorahosted.org/sssd/ticket/2124
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is a workaround until
https://fedorahosted.org/sssd/ticket/2129 is fixed properly.
Consider a group entry such as:
cn: subgroup@subdom
ghost: someuser
ghost: anotheruser@subdom
Currently in order to print all group members as FQDN (which is the default
for AD provider), the code needs to iterate over the ghost attributes and
parse them into (name,domain) and optionally re-add the domain.
The proper fix would be to store always just the FQDN in the hardcoded
form of user@domain
|
| |
|
| |
|
|
|
|
|
|
| |
I find it more readable to include headers from outside the sssd tree
with <foo.h>, not "foo.h". The latter should be used for in-tree headers
only.
|
|
|
|
|
|
|
|
|
|
|
|
| |
AD provider downloads domain information and initalizes ID mapping
during subdomains request. This information is necessary to lookup
objects without POSIX attributes.
We need to make sure that we postpone all responder requests until
ID mapping is initialized in the provider.
Resolves:
https://fedorahosted.org/sssd/ticket/2092
|
| |
|
|
|
|
|
| |
The only effect the failure to store a result to negative cache might
have would be a slower lookup next time.
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2090
Previously, when searching by UID or GID, the negative cache will only
work in case the UID was searched for using fully qualified names.
|
|
|
|
|
| |
Declarations of public functions was in header files,
but header files was not included in implementation file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
struct sss_mc_rec had two hash members (hash1 and hash2) but only one next
member. This was a big problem in case of higher probability of hash collision.
structure sss_mc_rec will have two next members (next1, next2) with this patch.
next1 is related to hash1 and next2 is related to hash1.
Iterating over chains is changed, because we need to choose right next pointer.
Right next pointer will be chosen after comparing record hashes.
This behaviour is wrapped in function sss_mc_next_slot_with_hash.
Adding new record to chain is also changed. The situation is very similar to
iterating. We need to choose right next pointer (next1 or next2).
Right next pointer will be chosen after comparing record hashes.
Adding reference to next slot is wrapped in function
sss_mc_chain_slot_to_record_with_hash
Size of structure sss_mc_rec was increased from 32 bytes to 40 bytes.
Resolves:
https://fedorahosted.org/sssd/ticket/2049
|
|
|
|
| |
This reverts commit 4662725ffef62b3b2502481438effa7c8fef9f80.
|
|
|
|
|
|
|
| |
Protype of function sss_ncache_check_netgr was different than
definition of function sss_ncache_check_netgr. We did not catch it,
because header file "responder/common/negcache.h" was not included in
implementation file "responder/common/negcache.c"
|