| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch to using new debug levels in sss_semanage_error_callback.
Make SEMANAGE_MSG_WARN map to SSSDBG_MINOR_FAILURE instead of
SSSDBG_CONF_SETTINGS as it suits it better.
This prepares the function for removal of old debug level support.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit cb637a64fc51d6f4c718f75e23b19df6bdfe1c51)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script (identical to commit
83bf46f4066e3d5e838a32357c201de9bd6ecdfd) to update DEBUG* macro
invocations, which use literal numbers for levels, to use bitmask macros
instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
|
|
|
|
|
|
|
|
|
|
| |
Fix mistakes made by the update script in "Make DEBUG macro invocations
variadic".
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit 45a1d9d597df977354428440aeff11c6a0a947fe)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code
(identical to commit a3c8390d19593b1e5277d95bfb4ab206d4785150):
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move DEBUG macro body to the debug_fn function, adding "function"
argument to the latter.
Rename "debug_fn" in sssd_krb5_locator_plugin.c to "plugin_debug_fn" to
remove conflict with the sssd debug_fn.
Replace DEBUG_MSG macro usage with debug_fn function usage.
Remove DEBUG_MSG macro along with tests.
The above makes the total size of binaries drop by 20% for the standard
Fedora build and by 44% for a build configured according to Debian
packaging script.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit fb0332565892bc10998ca98b567d4dde2213844d)
|
|
|
|
|
| |
(cherry picked from commit 30ee051025753b63ceb19d3b83c44019a19554a1)
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
For case-insensitive domains the lower-case name for case-insensitive
searches is stored in SYSDB_NAME_ALIAS.
Related to https://fedorahosted.org/sssd/ticket/1741
|
|
|
|
|
|
|
|
|
| |
sss_tc_fqname() called by sss_get_domain_name() requires that the names
member of the sss_domain_info struct is set to work properly. If the
names struct is properly initialized in sss_domain_info the separate one
in the tool context is not needed anymore.
Related to https://fedorahosted.org/sssd/ticket/1741
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2007
PAC, SSH, SUDO and AUTOFS services' debug levels weren't modified when
sss_debuglevel tool was used.
|
|
|
|
|
|
| |
Option -E/--everething was added to invalide all types of entries.
https://fedorahosted.org/sssd/ticket/1988
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1778
When trying to copy special file, only message is logged now.
|
| |
|
|
|
|
|
| |
Instead of copying a block of code that checks whether domain is a subdomain
and uses only name of FQDN as appropriate, wrap the logic into a function.
|
|
|
|
|
|
| |
Instead of using printf-like functions directly, provide two wrappers
that would encapsulate formatting the fully-qualified names. No
functional change is present in this patch.
|
|
|
|
|
|
| |
Preparation for the following patch which will include the nscd.c in the
monitor code due to newly introduced function for checking the nscd
configuration file.
|
|
|
|
|
|
| |
--missing arguments.
--format '%s', but argument is integer.
--wrong format string, examle: '%\n'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sss_mc_set_recycled is a static function, that should not
be used outside nsssrv_mmap_cache.c. The sss_cache tool
is an exception, because in the case when sssd is not running,
sss_cache must invalidate the memory cache file. That is why
sss_mc_set_recycled was copied to the tools_mc_util.c
(as helper function for sss_memcache_invalidate function).
It was duplicated to allow this function to remain static
(and invisible to any .h files), so that it is not used anywhere else.
Wrong usage of this function might cause race conditions and corrupt
the cache.
I'll add comments about the duplication to the code.
|
|
|
|
|
|
| |
When requested entry was not found in one domain, an ERROR message
was written to the user even if the entry was found in
the next domain and deleted properly.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1741
|
|
|
|
| |
On success, waitpid() returns pid of terminated child, not 0.
|
|
|
|
|
|
| |
Coverity bugs.
https://fedorahosted.org/sssd/ticket/1865
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1862
|
|
|
|
|
|
|
|
| |
Functions open_cloexec and openat_cloexec were renamed with prefix
"sss_" and moved to separete file. Replacing duplicated code of
function sss_open_cloexec everywhere in the source code.
https://fedorahosted.org/sssd/ticket/1794
|
|
|
|
|
|
| |
This parameter was never used.
https://fedorahosted.org/sssd/ticket/1765
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1756
Messages from poptStrerror() passed to BAD_POPT_PARAMS macro were
printed out to the console without new line character at the end of the
message. BAD_POPT_PARAMS should now behave correctly with strings both
with or without new line character at the end.
|
|
|
|
|
|
|
| |
Use this function instead of explicitly calling domain->next
This function allows to get the next primary domain or to descend into the
subdomains and replaces also get_next_dom_or_subdom()
|
|
|
|
|
| |
Found by coverity.
https://fedorahosted.org/sssd/ticket/1791
|
|
|
|
|
| |
Provides compatible declarations for modern file management functions
such as futimens or opening with the O_CLOEXEC flag
|
|
|
|
|
|
|
|
|
|
|
| |
When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard links.
This security problem was assigned CVE-2013-0219
https://fedorahosted.org/sssd/ticket/1782
|
|
|
|
|
|
|
|
|
|
| |
The removal of a home directory is sensitive to concurrent modification
of the directory tree being removed and can unlink files outside the
directory tree.
This security issue was assigned CVE-2013-0219
https://fedorahosted.org/sssd/ticket/1782
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1775
In addition to invalidating the group being added to when adding a
member group/user, we also need to invalidate all its parent groups,
otherwise this getgrnam("parent") wouldn't report the members newly
added to its child groups.
|
|
|
|
|
|
|
| |
Tools for LOCAL domain should require FQDN if option
'use_fuly_quallified_names = TRUE' was configured.
https://fedorahosted.org/sssd/ticket/1746
|
|
|
|
|
|
|
|
| |
If bad parameteres were passed to sss_cache, the init
function returned without calling DEBUG_INIT macro and
unnecessary level 1 debug message was printed.
https://fedorahosted.org/sssd/ticket/1745
|
| |
|
| |
|
|
|
|
|
|
| |
The tools query the responder in order to sync the memcache after
performing changes to the local database. The functions will be reused
by other tools so I split them into a separate functions.
|
|
|
|
|
|
|
| |
The upcoming patches will link only users of this file with client libs,
so it's better to have it separate.
There is no functional change in this patch
|
| |
|
|
|
|
| |
also fix sysdb_svc_add declarations
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Also changes sysdb_search_custom_by_name()
|
| |
|
| |
|
| |
|