| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/sbus/sssd_dbus_invokers.c -fPIC -DPIC -o src/sbus/.libs/libsss_util_la-sssd_dbus_invokers.o
src/sbus/sssd_dbus_introspect.c: In function 'sbus_introspect_generate_signals':
src/sbus/sssd_dbus_introspect.c:206: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_introspect.c: In function 'sbus_introspect_generate_properties':
src/sbus/sssd_dbus_introspect.c:243: warning: declaration of 'access' shadows a global declaration
/usr/include/unistd.h:288: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c:29: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_new_incoming_signal':
src/sbus/sssd_dbus_signals.c:39: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_incoming_signal_hash_add':
src/sbus/sssd_dbus_signals.c:73: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_incoming_signal_hash_lookup':
src/sbus/sssd_dbus_signals.c:134: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_listen':
src/sbus/sssd_dbus_signals.c:168: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_handler':
src/sbus/sssd_dbus_signals.c:227: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_handler_got_caller_id':
src/sbus/sssd_dbus_signals.c:264: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_common_signals.c: In function 'sbus_signal_name_owner_changed':
src/sbus/sssd_dbus_common_signals.c:30: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_common_signals.c: In function ‘sbus_signal_name_owner_changed’:
src/sbus/sssd_dbus_common_signals.c:30: warning: declaration of ‘signal’ shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
src/responder/common/responder_cache_req.c: In function 'cache_req_input_set_name':
src/responder/common/responder_cache_req.c:199: warning: declaration of 'dup' shadows a global declaration
/usr/include/unistd.h:528: warning: shadowed declaration is here
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
src/providers/fail_over.c: In function ‘fo_ref_server’:
src/providers/fail_over.c:861: warning: value computed is not used
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
/sssd/src/tools/sss_override.c: In function ‘override_user_import’:
/sssd/src/tools/sss_override.c:1471: warning: declaration of ‘exit’ shadows a global declaration
/usr/include/stdlib.h:544: warning: shadowed declaration is here
/sssd/src/tools/sss_override.c: In function ‘override_group_import’:
/sssd/src/tools/sss_override.c:1737: warning: declaration of ‘exit’ shadows a global declaration
/usr/include/stdlib.h:544: warning: shadowed declaration is here
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
We could use SSS_DFL_UMASK instead of DFL_UMASK.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
There is no need to have executable unique_file.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We could use more restrictive umask in krb5_child. I found out that
there is directory creation, but it is done by create_ccache_dir()
which has its own umask setup.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
There aren't any documented files in directory src/sss_client/sudo/
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The state "struct sss_ldap_init_state" contains socket
created in function sss_ldap_init_send. We register callback
sdap_async_sys_connect_timeout for handling issue with connection
The tevent request "sss_ldap_init_send" is usually (nested) subrequest
of "struct resolve_service_state" related request created in fucntion
fo_resolve_service_send. Function fo_resolve_service_send also register
timeout callback fo_resolve_service_timeout to state "struct
resolve_service_state".
It might happen that fo_resolve_service_timeout will be called before
sss_ldap_init_send timeout and we could not handle tiemout error
for state "struct sss_ldap_init_state" and therefore created socket
was not closed.
We tried to release resources in function sdap_handle_release.
But the structure "struct sdap_handle" had not been initialized yet
with LDAP handle and therefore associated file descriptor could not be closed.
[fo_resolve_service_timeout] (0x0080): Service resolving timeout reached
[fo_resolve_service_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[110]
[sdap_handle_release] (0x2000): Trace: sh[0x7f6713410270], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory
[be_resolve_server_done] (0x1000): Server resolution failed: 14
[be_resolve_server_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[14]
[check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)]
Resolves:
https://fedorahosted.org/sssd/ticket/2792
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It would be better to not use 'ssh' or 'sshd' here at all but something like
'pam_test_service' to indicate that it is a generic name.
Because a default value should not lead to a code path which handles a
special case. The general PAM responder test should not run through the
'sshd' case in pam_reply() only if the service is set explicitly to
'sshd' this features should be tests.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While handling well-known SIDs a debug statement tries to access memory that is
already freed. This can be seen with the following output from valgrind.
==17600== Invalid read of size 4
==17600== at 0x805ACC6: nss_cmd_getbysid (nsssrv_cmd.c:5458)
==17600== by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509)
==17600== by 0x80662F4: sss_cmd_execute (responder_cmd.c:161)
==17600== by 0x8067015: client_cmd_execute (responder_common.c:249)
==17600== by 0x80671F5: client_recv (responder_common.c:283)
==17600== by 0x806741C: client_fd_handler (responder_common.c:335)
==17600== by 0x45F5112: epoll_event_loop (tevent_epoll.c:728)
==17600== by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926)
==17600== by 0x45F32EE: std_event_loop_once (tevent_standard.c:114)
==17600== by 0x45EF3BF: _tevent_loop_once (tevent.c:530)
==17600== by 0x45EF5AB: tevent_common_loop_wait (tevent.c:634)
==17600== by 0x45F326E: std_event_loop_wait (tevent_standard.c:140)
==17600== by 0x45EF647: _tevent_loop_wait (tevent.c:653)
==17600== Address 0x4b248a0 is 72 bytes inside a block of size 88 free'd
==17600== at 0x402C26D: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==17600== by 0x45FEC9E: _talloc_free_internal (talloc.c:1057)
==17600== by 0x45FEC9E: _talloc_free (talloc.c:1581)
==17600== by 0x8066085: sss_cmd_done (responder_cmd.c:93)
==17600== by 0x805A9B0: nss_check_well_known_sid (nsssrv_cmd.c:5382)
==17600== by 0x805AC86: nss_cmd_getbysid (nsssrv_cmd.c:5455)
==17600== by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509)
==17600== by 0x80662F4: sss_cmd_execute (responder_cmd.c:161)
==17600== by 0x8067015: client_cmd_execute (responder_common.c:249)
==17600== by 0x80671F5: client_recv (responder_common.c:283)
==17600== by 0x806741C: client_fd_handler (responder_common.c:335)
==17600== by 0x45F5112: epoll_event_loop (tevent_epoll.c:728)
==17600== by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926)
==17600== by 0x45F32EE: std_event_loop_once (tevent_standard.c:114)
==17600==
The patch contains a change to the unit tests which frees the memory in
the wrapper for sss_cmd_done() too. This allows to detect this kind of
issue in the unit tests as well.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2785
Test local domain tool with wrong LC_ALL
environment variable value.
NOTE: The memory cache files are not deleted
properly in the test teardown to work around the
problem described in ticket
https://fedorahosted.org/sssd/ticket/2726
Once the ticket above is solved, the teardown
will be updated to remove the memory cache
files.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Failed setlocale call could cause unexpected
behaviour. It is better to generate DEBUG
message if this happens.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
setlocale needs some environment variables
to be set in order to work. These variables
are not present in some special cases. We
should not fail completely in these cases
but continue with the compatible C locale.
Resolves:
https://fedorahosted.org/sssd/ticket/2785
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Set PAM_SYSTEM_ERR as default pam_status to ensure that we always must
set PAM_SUCCESSS explicitly for a successful authentication and will
really return an error in all other cases.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
When only str_dn is requested, ldb_dn is freed. This triggers access
after free since str_dn is part of ldb_dn talloc context.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
There was a mistake in the code which resulted in exporting one
domain several times if multiple domain were configured.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
popt don't handle merging NULL option table, thus common and help
options were not displayed when command doesn't have any options.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
| |
Manual pages were not cleaned by default.
They were cleaned in make distcheck because USE_NLS was yes.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
SSSDBG_CONF_SETTINGS is reserved for configuration information. These
pings are generally just noise (when they fail, this is logged at
SSDBG_FATAL_FAILURE). We should only log these at SSSDBG_TRACE_INTERNAL.
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There is function chown_debug_file() which didn't check
if the SSSD is compiled with journald support.
This patch add simple checking of this state.
Resolves:
https://fedorahosted.org/sssd/ticket/2493
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
There is a warning with gcc 4.8
src/tests/sbus_codegen_tests.c:1131:18: warning: 'exp_values' may be used
uninitialized in this function [-Wmaybe-uninitialized]
const char **exp_values;
^
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
| |
The similarcahnge was done in main makefile by change
69b46c32357ccf1aab9c0bd6d1afa33a8724ad77
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
LIBCAPNG_{CFLAGS,LIBS} are not defined anywhere in sssd.
It could be introduced as copy&paste error from different project.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
responder_common_tests does not use any function which requires to link
with UNICODE linraries or with libsss_crypt
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Conditions with get_next_domain were a little
confusing for coverity (but also for developers'
eyes).
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Recent get_next_domain refactoring enabled
us to use it also for disabled domains.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2673
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2673
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update get next domain to be able to
include disbled domains and change the
interface to accept flags instead of
multiple booleans.
Ticket:
https://fedorahosted.org/sssd/ticket/2673
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2829
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Previously some arguments passed to sdap_get_and_parse_generic_send()
were ignored. This patch fixes that and passes 'attronly',
'serverctrls' and 'clientctrls' to sdap_get_generic_ext_send().
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
'attrsonly' parameter is directly passed to ldap_search_ext() and is
describe as:
The attrsonly parameter should be set to a non-zero value if only
attribute descriptions are wanted. It should be set to zero (0) if both
attributes descriptions and attribute values are wanted.
Boolean type should be fine for the 'attrsonly' parameter especially
since the actual parameter was already set to false in function calls.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
| |
Make allow_paging parameter a part of the flag parameter in
sdap_get_generic_ext_send().
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add new parameter 'flags' to sdap_get_generic_ext_send_ext() which can
be set to suppress warning about 'sizelimit exceeded'.
Resolves:
https://fedorahosted.org/sssd/ticket/2804
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
