| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
New utility function *sss_utc_to_time_t* to convert GeneralizedTime to
unix time.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2587
The case of SELinux default user mapping being an empty string is valid,
it should translate into "pick the default context on the target
machine".
In case the context is empty, we need to delete the per-user mapping from
the SELinux database to make sure the default is used.
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2592
If there is an error after ccname_file_dummy is created but before it is
renamed then the file isn't removed. This can cause a lot of files to be
created and take up inodes in a filesystem.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Implement new option which does checking password expiration policy
in accounting phase.
This allows SSSD to issue shadow expiration warning even if alternate
authentication method is used.
Resolves:
https://fedorahosted.org/sssd/ticket/2167
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Move part of pwexpire policy code to a separate function.
Relates to:
https://fedorahosted.org/sssd/ticket/2167
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1884
Removes the hardcoded SRV TTL timeout and uses TTL from the DNS instead.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When we changed the resolver code to use the TTL values from the DNS
queries instead of harcoded ones, we changed the default value by
accident.
Add a separate SRV TTL that is backwards-compatible with the old
harcoded value.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Reported by: cppcheck
void free_fun(struct info *info)
free(info->name);
free(info);
info = NULL;
^^^^^^^^^^^
Assignment to function parameter has no effect outside the function.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
Attempts to log into expired accounts were logged as SSSDBG_CRIT_FAILURE
which is misleading as no real failures were happening.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Coverity found this neglect.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
On several places, let's add a pam_strerror() call so that it's easier
to debug user problems.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2574
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
|
| |
This patch add simple bash wrappers for python tests.
They are executed either with python2 or python3.
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2574
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
|
|
| |
The script python-config was not available in older versions of python.
This patch simplify detection of python CFLAGS and LDFLAGS and increase
minimal required version of python to 2.6
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
| |
The function PyUnicode_FromString is available in python >= 2.6
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
| |
The macro PyModule_AddIntMacro is defined in python >= 2.6
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
| |
The macro PySet_Check is defined in python >= 2.6
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
| |
The function PySet_Add is available in python >= 2.6
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
| |
The function PySet_New is available in python >= 2.6
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
| |
The type Py_ssize_t is defined in python >= 2.6
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
| |
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
==31767== at 0x5B66CFC: users_get_posix_check_done (ldap_id.c:346)
==31767== by 0x4DCC6AA: _tevent_req_notify_callback (tevent_req.c:112)
==31767== by 0x4DCC724: tevent_req_finish (tevent_req.c:149)
==31767== by 0x4DCC782: _tevent_req_error (tevent_req.c:167)
==31767== by 0x5B7ED43: sdap_posix_check_done (sdap_async.c:2486)
==31767== by 0x4DCC6AA: _tevent_req_notify_callback (tevent_req.c:112)
==31767== by 0x4DCC724: tevent_req_finish (tevent_req.c:149)
==31767== by 0x4DCC782: _tevent_req_error (tevent_req.c:167)
==31767== by 0x5B7DE37: sdap_get_generic_op_finished (sdap_async.c:1523)
==31767== by 0x5B7D62B: sdap_process_result (sdap_async.c:357)
==31767== by 0x4DCFC1C: tevent_common_loop_timer_delay (tevent_timed.c:341)
==31767== by 0x4DD0E12: epoll_event_loop_once (tevent_epoll.c:911)
==31767== by 0x4DCF23E: std_event_loop_once (tevent_standard.c:114)
==31767== by 0x4DCB38F: _tevent_loop_once (tevent.c:530)
==31767== by 0x4DCB58B: tevent_common_loop_wait (tevent.c:634)
==31767== by 0x4DCF1BE: std_event_loop_wait (tevent_standard.c:140)
==31767== by 0x4DCB627: _tevent_loop_wait (tevent.c:653)
==31767== by 0x489AB98: server_loop (server.c:668)
==31767== by 0x10D035: main (data_provider_be.c:2915)
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
if pam_verbose is above one then output warning about account
expiration for all services.
Resolves:
https://fedorahosted.org/sssd/ticket/2050
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This option sets string to be printed when authenticating using SSH
keys and account is expired.
Resolves:
https://fedorahosted.org/sssd/ticket/2050
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
If account has expired then pass message.
Resolves:
https://fedorahosted.org/sssd/ticket/2050
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2203
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The cleanup task handled both count=0 and ret=ENOENT separately which
makes no sense, the count=0 handler was dead code previously. Set
count=0 on ENOENT instead to just bubble through the DEBUG message
gracefully as well.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
| |
Some failures would shortcut to the done handler without telling us
anything about why it failed. This commit decorates the cleanup task
with more DEBUG statements.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The number of interfaces will grow and in order to keep names of
object path constant consistent it means that also their names
will grow. The new naming schema is:
/org/freedesktop/sssd/infopipe -> IFP_PATH_
/ -> _
everything uppercase
Example:
/org/freedesktop/sssd/infopipe/Components/Responders
-> IFP_PATH_COMPONENTS_RESPONDERS
If the path contains a _TREE suffix, it represents the whole
subtree. For example:
IFP_PATH_DOMAINS_TREE is /org/freedesktop/sssd/infopipe/Domains/*
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prefixing getters with C name of the interface is just
redundant since it is the same as the name of the structure
that contains those fields.
The following structure:
struct test_pilot {
$type test_pilot_get_name;
}
changes to:
struct test_pilot {
$type get_name;
}
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Number of interfaces will grow. It is mandatory to unify names of
generated structures and methods to simplify coding and debugging.
The C name is created from D-Bus lowercased interface name using
the following rewrite rules:
org.freedesktop.sssd.infopipe -> iface_ifp
. -> _
Example:
org.freedesktop.sssd.infopipe.Domains -> iface_ifp_domains
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Number of IFP interfaces will grown up rapidly in the future. It is
not convenient to keep it inside ifpsrv.c.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
These functions became unused after previous patch.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Properties are single value of a small number of predefined D-Bus
types. There is no need to generate them with codegen. Actually,
the source generator for property getters is already quite mess
with branching for array, strings and object paths. Adding any
more complex type in the future (such as dictionary) would require
even more branching or creating a separate path for it.
Hard coding the getters will simplify creating new ones for more
complex types. This patch also reduces lots of code duplication
and creates a simple function for GetAll.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
* fix hashbangs
* remove strict requirements of python2 in build system
Resolves:
https://fedorahosted.org/sssd/ticket/2017
Reviewed-by: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* fix incompatible imports
* fix translation.[u]?gettext
* fix dict method has_key
* fix octal literals PEP 3127
* long is not defined in python3
Resolves:
https://fedorahosted.org/sssd/ticket/2017
Reviewed-by: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
"except ValueError, e:" was the syntax used for what is normally written
as "except ValueError as e:" in modern Python. The old syntax is still
supported in python2 for backwards compatibility.
This means "except ValueError, KeyError:" is not equivalent to
"except (ValueError, KeyError):" but to "except ValueError as KeyError:"
and variable with name "KeyError" was not used in exception handler.
Resolves:
https://fedorahosted.org/sssd/ticket/2017
Reviewed-by: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
| |
Silences a Coverity warning
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
| |
Resolves: https://fedorahosted.org/sssd/ticket/2586
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If kill timer was successfully executed then it will be released by libtevent.
So we should not released it in mt_svc_exit_handler for the second time.
[sssd] [mt_svc_exit_handler] (0x0040): Child [ifp] terminated with signal [9]
[sssd] [talloc_log_fn] (0x0010): talloc: access after free error - first free
may be at ../tevent_timed.c:351
[sssd] [talloc_log_fn] (0x0010): Bad talloc magic value - access after free
==19129== Invalid read of size 4
==19129== at 0x50470CD: talloc_chunk_from_ptr (talloc.c:372)
==19129== by 0x50470CD: _talloc_free (talloc.c:1559)
==19129== by 0x11086C: mt_svc_exit_handler (monitor.c:2754)
==19129== by 0x8AF9B2F: sss_child_invoke_cb (child_common.c:181)
==19129== by 0x4E39823: tevent_common_loop_immediate (tevent_immediate.c:135)
==19129== by 0x4E3AF4D: poll_event_loop_once (tevent_poll.c:649)
==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530)
==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677)
==19129== by 0x84C4B02: server_loop (server.c:668)
==19129== by 0x10D9A6: main (monitor.c:3028)
==19129== Address 0xb8a06c0 is 64 bytes inside a block of size 176 free'd
==19129== at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==19129== by 0x50472F2: _talloc_free_internal (talloc.c:1057)
==19129== by 0x50472F2: _talloc_free (talloc.c:1581)
==19129== by 0x4E3D0A3: tevent_common_loop_timer_delay (tevent_timed.c:351)
==19129== by 0x4E3AF59: poll_event_loop_once (tevent_poll.c:653)
==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530)
==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677)
==19129== by 0x84C4B02: server_loop (server.c:668)
==19129== by 0x10D9A6: main (monitor.c:3028)
Resolves:
https://fedorahosted.org/sssd/ticket/2572
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Example of warning:
src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23:
error: equality comparison with extraneous parentheses
[-Werror,-Wparentheses-equality]
if (((wbc_status) == WBC_ERR_SUCCESS)) {
~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23:
note: remove extraneous parentheses around the comparison
to silence this warning
if (((wbc_status) == WBC_ERR_SUCCESS)) {
~ ^ ~
src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23:
note: use '=' to turn this equality comparison into an assignment
if (((wbc_status) == WBC_ERR_SUCCESS)) {
^~
=
The reason is definition of some macros which were used in if conditions.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
SSSD contained several backwards-compatible definitions of SRV and TXT
APIs as well as structures that carry TTL data. These were intended for
RHEL-5 and older releases. Since we don't support those upstream, it's
better to remove the code -- it has drifted apart from upstream anyway.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/1884
Adds an internal resolver function that reads the TTL for SRV records as
specified by RFC-2181. Several internal c-ares definitions are used
until c-ares contains a function that exposes all this information via a
parsing function.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
