sssd.git/src/responder/nss, branch token System Security Services Daemon [okos' clone] mmap_cache: Use sss_atomic_write_s instead of write. 2013-08-22T17:42:31+00:00 Michal Zidek mzidek@redhat.com 2013-08-21T13:26:36+00:00 1f7fb30cc25765e54841e5d5f4192c12e3b29a16 Use sss_atomic_write_s() instead of write() in sss_mc_save_corrupted(). Also unlink() the file if no data were written. It is better to use sss_atomic_write_s instead of write 
Use sss_atomic_write_s() instead of write() in
sss_mc_save_corrupted(). Also unlink() the file if no data
were written.

It is better to use sss_atomic_write_s instead of write
mmap_cache: Store corrupted mmap cache before reset 2013-08-19T20:24:41+00:00 Michal Zidek mzidek@redhat.com 2013-08-12T14:23:59+00:00 f9091077bfbb09f052d08e25ac5e00af0baa6dfb This patch adds function to store corrupted mmap cache file to disk for further analysis. 
This patch adds function to store corrupted mmap cache file to
disk for further analysis.
mmap_cache: Use better checks for corrupted mc in responder 2013-08-19T18:51:03+00:00 Michal Zidek mzidek@redhat.com 2013-08-15T14:08:17+00:00 441e6050f4b67134d15862e401b4c4e8546d7387 We introduced new way to check integrity of memcache in the client code. We should use similiar checks in the responder. 
We introduced new way to check integrity of memcache in the
client code. We should use similiar checks in the responder.
mmap_cache: Off by one error. 2013-08-19T18:51:03+00:00 Michal Zidek mzidek@redhat.com 2013-08-14T16:22:06+00:00 13df7b9e400211c717284fb841c849ba034ed348 Removes off by one error when using macro MC_SIZE_TO_SLOTS and adds new macro MC_SLOT_WITHIN_BOUNDS. 
Removes off by one error when using macro MC_SIZE_TO_SLOTS
and adds new macro MC_SLOT_WITHIN_BOUNDS.
fill_initgr: add original primary GID if available 2013-08-19T10:53:49+00:00 Sumit Bose sbose@redhat.com 2013-08-14T15:13:13+00:00 39f13b3bf5b3cf79f5f16575403f03b539300dc7 In some cases when MPG domains are used the information about the original primary group of a user cannot be determined by looking at the explicit group memberships. In those cases the GID related to the original primary group is stored in a special attribute of the user object. This patch adds the GID of the original primary group when available and needed. Fixes https://fedorahosted.org/sssd/ticket/2027 
In some cases when MPG domains are used the information about the
original primary group of a user cannot be determined by looking at
the explicit group memberships. In those cases the GID related to the
original primary group is stored in a special attribute of the user
object.

This patch adds the GID of the original primary group when available and
needed.

Fixes https://fedorahosted.org/sssd/ticket/2027
mmap_cache: Check if slot and name_ptr are not invalid. 2013-08-11T18:36:21+00:00 Michal Zidek mzidek@redhat.com 2013-08-05T18:59:33+00:00 9028706a00da1bc48547e74aa872c825ac15adb2 This patch prevents jumping outside of allocated memory in case of corrupted slot or name_ptr values. It is not proper solution, just hotfix until we find out what is the root cause of ticket https://fedorahosted.org/sssd/ticket/2018 
This patch prevents jumping outside of allocated memory in
case of corrupted slot or name_ptr values. It is not proper
solution, just hotfix until we find out what is the root cause
of ticket https://fedorahosted.org/sssd/ticket/2018
NSS: Clear cached netgroups if a request comes in from the sss_cache 2013-08-07T22:38:31+00:00 Lukas Slebodnik lslebodn@redhat.com 2013-07-29T13:24:34+00:00 db440b3ba6b848010cf2a1fe9f76db394ce860da In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759 
In order for sss_cache to work correctly, we must also signal the nss
responder to invalidate the hash table requests.

https://fedorahosted.org/sssd/ticket/1759
NSS: allow removing entries from netgroup hash table 2013-08-07T22:38:31+00:00 Lukas Slebodnik lslebodn@redhat.com 2013-07-29T12:45:35+00:00 ada4d12f2e625ad553c6944b7d84bff144c31398 There is a timed desctructor in the nss responder that, when the entry timeout passes, removes the netgroup from the hash table while the netgroup is freed. This patch adds a hash delete callback so that if the netgroup is removed from the hash table with hash_delete, its hash table pointer will be invalidated. Later, when the entry is being freed, the destructor won't attempt to remove it from the hash table. 
There is a timed desctructor in the nss responder that, when the
entry timeout passes, removes the netgroup from the hash table while
the netgroup is freed. This patch adds a hash delete callback so that if the
netgroup is removed from the hash table with hash_delete, its hash table
pointer will be invalidated. Later, when the entry is being freed, the
destructor won't attempt to remove it from the hash table.
Fix netgroup lookup when using fully qualified name 2013-07-31T09:00:55+00:00 Pavel Březina pbrezina@redhat.com 2013-07-29T09:33:19+00:00 b410c7a9a80b0e44e3740f17d36574d3421626b7 






Netgroups should ignore the 'use_fully_qualified_names' setting
2013-07-29T10:59:17+00:00

Stephen Gallagher
sgallagh@redhat.com

2013-07-11T14:06:09+00:00

1933ff17513da1d979dd22776a03478341ef5e6b

Netgroups often have memberNisNetgroup entries included in them
that will never process correctly if we require fully-qualified
names on the nested lookup. This patch alters the behavior of
netgroup lookups to check *all* domains for an unqualified
netgroup name, instead of only the ones not requiring fully-
qualified names.

https://fedorahosted.org/sssd/ticket/2013





Netgroups often have memberNisNetgroup entries included in them
that will never process correctly if we require fully-qualified
names on the nested lookup. This patch alters the behavior of
netgroup lookups to check *all* domains for an unqualified
netgroup name, instead of only the ones not requiring fully-
qualified names.

https://fedorahosted.org/sssd/ticket/2013