| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/tests/sbus_codegen_tests-sbus_codegen_tests.o: In function `eject_handler':
tests/sbus_codegen_tests.c:229: undefined reference to `ck_assert_uint_eq'
tests/sbus_codegen_tests.c:235: undefined reference to `ck_assert_uint_eq'
tests/sbus_codegen_tests.c:239: undefined reference to `ck_assert_uint_eq'
src/tests/sbus_codegen_tests-sbus_codegen_tests.o: In function `test_marshal_basic_types':
src/tests/sbus_codegen_tests.c:446: undefined reference to `ck_assert_uint_eq'
src/tests/sbus_codegen_tests.c:449: undefined reference to `ck_assert_uint_eq'
src/tests/sbus_codegen_tests-sbus_codegen_tests.o:
src/tests/sbus_codegen_tests.c:451: more undefined references to `ck_assert_uint_eq' follow
collect2: ld returned 1 exit status
make[3]: *** [sbus_codegen_tests] Error 1
Macro ck_assert_uint_eq was added in check-0.9.10
Resolves:
https://fedorahosted.org/sssd/ticket/2319
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_kt_resolve() returns 0 when a non-existent keytab is read, which
means there was no FATAL-level DEBUG message printed to the user in case
the keytab was missing completely and users had to enable more verbose
debugging to diagnose failure to start up.
This patch adds both the verbose DEBUG message as well as a syslog
message.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The responders were copying code to parse input and on encountering an
uknown domain, send the discover subdomain request. This patch adds a
reusable request that can always be called in responders and in case the
name can be parsed, just shortcut.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
Splitting the module would allow responders that test the Data Provider
requests to use the mock_rctx/mock_cctx functions without duplicate
definitions.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
This would allow to call create_dom_test_ctx from tests that expect to
be able to parse input with a regular expression just like a responder
would do with an input from a client.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The force argument was unused and made the code more complex than
required. Moreover, the force argument would have made the subdomain handler
behave differently than other identity domains -- when the front end decides
it's time to update the domains, the back end should just update them.
Handling multiple concurrent requests from multiple responders
(typically after startup) is handled at the generic back end level (see
be_queue_request).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
| |
Another function decides whether the responder is updating the
subdomains or just returning an error code.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
fixes:
sssd_dbus_request.c:28:1: error: missing initializer [-Werror=missing-field-initializers]
sssd_dbus_request.c:28:1: error: (near initialization for 'error_internal.dummy1') [-Werror=missing-field-initializers]
|
| |
|
|
|
|
|
|
| |
This adds a big test case for invoking a handler with all supported
basic arguments, and constructing a reply with the same. Lots of
tedious code, but worth it to make sure things work well.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Type safe method handlers allow methods not to have to do tedious
unwrapping and wrapping of DBus method call messages or replies.
Arguments of the following DBus types are supported in type-safe
method handlers. In addition arrays of these are supported.
y: uint8_t
b: bool (but no arrays, yet)
n: int16_t
q: uint16_t
i: int32_t
u: uint32_t
x: int64_t
t: uint64_t
d: double
s: char * (utf8 string)
o: char * (object path)
As an exception, arrays of booleans are not supported, but could be
added later. Other more complex types could be added later if desired.
If a method has other argument types, then it must be marked as having
a raw handler (see below).
Internally each method can have a type specific invoker function which
unpacks the incoming arguments and invokes the method handler with the
correct arguments.
Each method also has a finish which accepts the type-safe out arguments
(ie: return values) and builds the reply message. Like other request
'finish' functions, these free the request talloc context, and are to
be used in place of sbus_request_finish() or friends.
Raw method handlers parse their own method arguments, and prepare their
own reply (ideally using sbus_request_finish() helpers). They can also
do strange things like have variable arguments. To mark a DBus method
as having a raw method handler use the following annotation:
<annotation name="org.freedesktop.sssd.RawHandler" value="true"/>
Raw methods do not have invokers or finish functions.
I've left all of the internal peer to peer communication using raw
method handlers. No code changes here.
|
|
|
|
|
| |
Also fixes a warning about uninitialized 'method' as the 'method'
variable was unused and not set previously when introspecting.
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2313
|
|
|
|
|
|
|
|
|
|
|
|
| |
- use brackets after an if
- use the right variable name (candidate_domain instead of
candidate_name).
- fix a typo in a debug message
- only print a debug message about using a default domain when using a
default domain
- add a comment explaning when is a codepath executed
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
The code of sss_parse_name_for_domains is really complex and hard to
read. This patch adds a unit test to be able to see the function being
used.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2234
This patch generates the introspection data from the sbus interface meta
structure. The generated XML conforms to
http://dbus.freedesktop.org/doc/dbus-specification.html#introspection-format
The XML description of the interface also always includes the
org.freedesktop.DBus.Introspectable interface, which this patch also allows
in the policy settings.
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2239
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Until now there was only one timeout used to re-resolve SRV queries.
This patch adds new (shorter) timeout that will be used for queries that
previously failed.
Resolves:
https://fedorahosted.org/sssd/ticket/1885
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We were assuming that the forest had been looked up by netlogon, but
this is not available on Samba 4 domains. We need to check that the
forest is NULL and force the lookup.
Resolves:
https://fedorahosted.org/sssd/ticket/2311
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
Return value of sss_dp_get_account_recv is checked and logging is done accordingly.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
Instead, let the user pick the fork mode with CK_FORK variable (see info
check)
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
debug_prg_name is used in debug_fn and it was allocated under
talloc context "kr". The variable "kr" was removed before the last debug
messages in function main. It is very little change that it will be overridden.
It is possible to see this issue with exported environment variable
TALLOC_FREE_FILL=255
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
There is a warning if nsupdate does not support realm.
warning: zero-length gnu_printf format string [-Wformat-zero-length]
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
| |
The 'else' branches in ipa_get_selinux_recv are never
executed (and even if they were, the result would be
the same as if the true branches were taken).
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
There is no need for client socket in IFP responder,
since it uses D-Bus for communication with clients.
Resolves:
https://fedorahosted.org/sssd/ticket/2290
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If LDAP entries have more then one attribute "automountKey"
automount map will be skipped and error message will be printed to log files
and sssd_be will crash.
DEBUG(SSSDBG_MINOR_FAILURE, "Malformed entry, skipping\n");
The output array with automount maps will contain uninitialized pointers
because array was terminated after the expected count of entries and not
after the last successfully retrieved entry
Resolves:
https://fedorahosted.org/sssd/ticket/2288
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2072
Adds the possibility for the InfoPipe responder to connect to the system bus.
At the moment, only a dummy method "Ping" is provided. The method only
accepts a single string parameter that has to be 'ping'.
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2072
This commit only adds the responder and the needed plumbing. No DBus
related code is in yet.
|
|
|
|
|
|
|
|
|
| |
Remove support for "--with-distro-version" configure option as unused.
The option was added in August 2011 (d3da1c1). As of now nothing seems
to use it. Packaging checked: rpm, deb, pacman, ebuilds, FreeBSD ports.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2300
The list of SELinux mapping orders was allocated on tmp_ctx and parsed
into an array. The array itself was correctly allocated on mem_ctx but
its contents remained on tmp_ctx, leading to a use-after-free error.
This patch fixes the memory hierarchy so that both the array and its
contents are allocated on mem_ctx.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2285
Only the forest root has the knowledge about all the domains in the
forest, the forest leaves only see themselves and the forest root.
This patch switches to connecting to the forest root for downloading the
trusted domains instead of the server we are connected to.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function sysdb_attrs_get_el can enlarge array of ldb_message_element in "struct
sysdb_attrs" if attribute is not among available attributes. Array will be
enlarged with function talloc_realloc but realloc can move array to another
place in memory therefore ldb_message_element should not be used after next
call of function sysdb_attrs_get_el
sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_USER, &user_found);
sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_HOST, &host_found);
With netgroups, it is common to omit user or host from netgroup triple.
There is very high probability that realloc will be called. it is possible
pointer user_found can refer to the old area after the second call of function
sysdb_attrs_get_el.
Resolves:
https://fedorahosted.org/sssd/ticket/2284
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2271
The current krb5_child code attempts to get a TGT for the convenience of
the user using the new password after a password change operation.
However, an OTP should never be used twice, which means we can't perform
the kinit operation after chpass is finished. Instead, we only print a
PAM information instructing the user to log out and back in manually.
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
After changing the Kerberos password krb5-child will try to get a fresh
TGT with the new password. This patch tries to make sure the right gic
options are used.
Resolves: https://fedorahosted.org/sssd/ticket/2289
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
Additionally the lifetime option flags are unset if there are no
explicit settings to make sure the defaults from krb5.conf are used even
if other values were set manually in between.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bash function daemon will call success or fail. It is useless to call them
one more time. It may cause strange behaviour with some configurations of
terminal.
# service sssd restart
Stopping sssd: [ OK ]
[ OK ] sssd: [ OK ]
Resolves:
https://fedorahosted.org/sssd/ticket/2280
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1451
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2037
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
|
| |
sss_parse_name now supports NULL as output parameters so existing calls passing
arguments which were never read were substituted by NULL.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|