| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
If global variable debug_level has value SSSDBG_UNRESOLVED, we should
print at least fatal and critical errors.
https://fedorahosted.org/sssd/ticket/1345
|
| |
|
|
|
|
|
|
| |
Since the PAC responder is used during the authentication of users from
trusted realms it is started automatically if the IPA ID provider is
configured for a domain to simplify the configuration.
Fixes https://fedorahosted.org/sssd/ticket/1613
|
| |
|
|
|
|
|
|
| |
string_in_list() and add_string_to_list() are two utilities for NULL
terminated strings arrays. add_string_to_list() adds a new string to an
existing list or creates a new one with the strings as only item if
there is not list. string_in_list() checks if a given string is in the
list. It can be used case sensitive or in-sensitive.
|
| |
|
|
|
|
| |
Return EINVAL if number of tries is <= 0. Also the parameter
retries was renamed to num_tries, so it is more obvious that
it also includes the first try.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1357
Neither systemd or our init script use pid file as a notification
that sssd is finished initializing. They will continue starting up
next service right after the original (not daemonized) sssd process
is terminated.
If any of the responders fail to start, we will never terminate
the original process via signal and "service sssd start" will hang.
Thus we take this as an error and terminate the daemon with
a non-zero value. This will also terminate the original process
and init script or systemd will print failure.
|
| |
|
|
|
|
|
| |
We currently have only SSSDBG_FATAL_FAILURE macro that corresponds
to original debug level 0. But there are several level 0 messages
that are not actually failures but an important information. We
should use this new macro to represent them.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1357
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1365
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Allows different user/domain qualified names for different
domains. For example Domain\User or user@domain.
* The global re_expression and full_name_format options remain
as defaults for the domains.
* Subdomains get the re_expression and full_name_format of
their parent domain.
https://bugzilla.redhat.com/show_bug.cgi?id=811663
|
| |
|
|
|
|
| |
Since the byte-order is only important when dealing with the binary SID
the sub-auth values are stored in host order and are only converted
while reading or writing the binary SID.
|
| |
|
|
|
|
|
| |
Older versions of glibc (like that on RHEL 5) do not have the
le32toh() function exposed. We need this for handling the Active
Directory ID-mapping, so we'll copy these macros from endian.h on
a newer glibc.
|
| | |
|
| |
|
|
|
|
| |
We'll be using it on various places of the SSSD. The function is in its
own file to allow using just the one piece without having to drag in the
whole util.c module.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This is mostly a cosmetic patch.
The purpose of wrapping a multi-line macro in a do { } while(0) is to
make the macro usable as a regular statement, not a compound statement.
When the while(0) is terminated with a semicolon, the do { } while(0);
block becomes a compound statement again.
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/956
Added: --debug-microseconds=0/1
Added: debug_microseconds to sssd.conf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed:
SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED)
Added new macro:
CONVERT_AND_SET_DEBUG_LEVEL(new_value)
Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0
so DEBUG macro could be reduced by one condition. Anyway, it has a minor
effect, every time you want to load debug_level from command line parameters,
you have to use following pattern:
/* Set debug level to invalid value so we can deside if -d 0 was used. */
debug_level = SSSDBG_INVALID;
pc = poptGetContext(argv[0], argc, argv, long_options, 0);
while((opt = poptGetNextOpt(pc)) != -1) { ... }
CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
|
| |
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/925
Conversion of the old debug_level format to the new one.
(only where it was necessary)
Removed:
SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/925
Modified: DEBUG() macro to work with new levels
There are several new macros in util/util.h:
- DEBUG_MSG(level, function, message) which will format the debug message
like "(time) [prg_name] [function] (level): message\n"
- DEBUG_IS_SET(level) that you should use to check if the level is allowed
to be logged
You can use it like: if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) {...}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/925
Added functions:
- debug_convert_old_level() to convert levels 0-9 to appropriate bitmask
debug_convert_old_level(5) returns 0x03F0 (= 0 | 1 | 2 | 3 | 4 | 5)
- debug_get_level() to convert old level number to its new value
debug_get_level(5) returns 0x0200 (= 5)
There are several new macros in util/util.h:
- SSSDBG_* to reflect a debug level (same names as in the ticket) - please,
don't use magic numbers anymore
|
| |
|
|
|
|
| |
Fixed: could not overwrite debug_timestamps when set in sssd.conf
Fixed: invalid description of debug_timestamps in sssd man page
|
| | |
|
| |
|
|
|
|
| |
On RHEL 5 and other older platforms, failing to set _GNU_SOURCE
early would cause some functions - such as strndup() - to be
unavailable.
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch also makes the following changes:
1) The [sssd] debug_level setting no longer acts as a default for
all other sections.
2) We will now skip passing the debug argument to the child
processes from the master unless the SSSD was run with a
command-line argument for the debug level.
https://fedorahosted.org/sssd/ticket/764
|
| | |
|
| |
|
|
|
|
| |
Specially crafted packages might lead to an integer overflow and the
parsing of the input buffer might not continue as expected. This issue
was identified by Sebastian Krahmer <krahmer@suse.de>.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also adds a unit test.
|
| |
|
|
|
| |
strcasecmp() is defined in strings.h which might not be included under
certain conditions.
|
| |
|
|
|
| |
sss_hash_create() produces a dhash table living in the talloc
hierarchy.
|
| | |
|
| | |
|
| |
|
|
| |
Includes a unit test
|
| |
|
|
|
| |
Right now, this log function writes to the syslog. In the future,
it could be modified to work with ELAPI or another logging API.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The correct memory deallocation sequence is:
- clear pointer to memory first
- then deallocate memory
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a small window between running lstat() on a filename and
opening it where it's possible for the file to have been modified.
We were protecting against this by saving the stat data from the
original file and verifying that it was the same file (by device
and inode) when we opened it again, but this is an imperfect
solution, as it is still possible for an attacker to modify the
permissions during this window.
It is much better to simply open the file and test on the active
file descriptor.
Resolves https://fedorahosted.org/sssd/ticket/425 incidentally, as
without the initial lstat, we are implicitly accepting symlinks
and only verifying the target file.
|
