sssd2.git/src/util, branch sssd-1-9 System Security Services Daemon [okos' clone] krb5: include backwards compatible declaration of krb5_trace_info 2013-04-15T09:44:52+00:00 Jakub Hrozek jhrozek@redhat.com 2013-02-04T16:30:48+00:00 c215e00ef09a3999f476a4fdcd007dadb59bcab9 krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11 includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info". Do the same in the SSSD to allow compiling with both 1.10 and 1.11. 
krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11
includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info".

Do the same in the SSSD to allow compiling with both 1.10 and 1.11.
NSS: Add original homedir to home directory template options 2013-02-10T18:43:16+00:00 Stephen Gallagher sgallagh@redhat.com 2013-02-07T18:04:24+00:00 fb91c1c9275ae93293d0b182c6ba892438d9cdcf https://fedorahosted.org/sssd/ticket/1805 
https://fedorahosted.org/sssd/ticket/1805
memcache: make MC_PTR_TO_SLOT() more readable 2013-01-07T16:29:46+00:00 Pavel Březina pbrezina@redhat.com 2013-01-07T14:31:44+00:00 7e3b02daa3e7b44f2a71152edcdfdcc63498f780 






memcache: add macro that validates record length
2013-01-07T16:29:46+00:00

Pavel Březina
pbrezina@redhat.com

2013-01-07T09:34:48+00:00

09d04ff881cb9e51faff1139642793ae8c7459b3












Search for SHORTNAME$@REALM instead of fqdn$@REALM by default
2013-01-07T14:47:37+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-01-05T20:16:05+00:00

07a833f06775c2e09020f9fa441515133785c457

The search was intended for the AD provider mostly, but keytabs coming
from AD via samba don't contain fqdn$@REALM but rather uppercased
SHORTNAME$@REALM

https://fedorahosted.org/sssd/ticket/1740





The search was intended for the AD provider mostly, but keytabs coming
from AD via samba don't contain fqdn$@REALM but rather uppercased
SHORTNAME$@REALM

https://fedorahosted.org/sssd/ticket/1740







Carefully check records when forcibly invalidating
2012-12-20T18:59:54+00:00

Simo Sorce
simo@redhat.com

2012-12-20T04:10:25+00:00

70d56634069fc0f044899e3933f4e61bccefd2c3

We should never try to invalidate an already invalid record as
internal pointers will not be consistent. Carefully test that the
record really is valid when we are fishing for free space, and
properly invalidate records or return a fatal error if something
goes wrong.
In order to make the code more robust always invalidate the whole
data space on initialization by setting all bits to 1, and make sure
to invalidate the whole last allocated slot by converting rec->len to
the number of slots instead of just the space used.





We should never try to invalidate an already invalid record as
internal pointers will not be consistent. Carefully test that the
record really is valid when we are fishing for free space, and
properly invalidate records or return a fatal error if something
goes wrong.
In order to make the code more robust always invalidate the whole
data space on initialization by setting all bits to 1, and make sure
to invalidate the whole last allocated slot by converting rec->len to
the number of slots instead of just the space used.







Free resources if fileno failed
2012-12-20T17:14:16+00:00

Jakub Hrozek
jhrozek@redhat.com

2012-12-18T18:33:57+00:00

a8c4867d220d64bb132088f3fcfd7e8778a94ebe












select_principal_from_keytab() do wildcard lookups after specific ones
2012-12-18T18:03:57+00:00

Sumit Bose
sbose@redhat.com

2012-12-17T21:14:55+00:00

cbc15482c7c6e5b0782cf05507b86576360e5e37

Currently the wildcard lookup '*$' is done before the one for
host/our.hostname@REALM. This means we would ignore a more specific
match in favour of an unspecific match with a principal which is only
used in a AD environment.

I think this is wrong an wildcards should only be used is all specific
lookups fail.





Currently the wildcard lookup '*$' is done before the one for
host/our.hostname@REALM. This means we would ignore a more specific
match in favour of an unspecific match with a principal which is only
used in a AD environment.

I think this is wrong an wildcards should only be used is all specific
lookups fail.







select_principal_from_keytab() look for plain input as well
2012-12-18T18:03:57+00:00

Sumit Bose
sbose@redhat.com

2012-12-17T21:08:59+00:00

163d02193d4ce9f0075ef87a6ce209ee41554272

Currently in select_principal_from_keytab() all kind of different
versions of the host principal are looked up in the keytab except for
the plain name the ldap_sasl_authid option. With this patch the plain
name is looked up first.





Currently in select_principal_from_keytab() all kind of different
versions of the host principal are looked up in the keytab except for
the plain name the ldap_sasl_authid option. With this patch the plain
name is looked up first.







Set cloexec flag for log files
2012-12-18T10:38:02+00:00

Jakub Hrozek
jhrozek@redhat.com

2012-12-15T18:56:33+00:00

ba4f38e4e377e0b1d9c6217e415fb6e1fb5591cd

https://fedorahosted.org/sssd/ticket/1708

The services kept the fd to /var/log/sssd/sssd.log open. I don't think
there's any point in keeping the logfiles open after exec-ing for the
child, so I set the CLOEXEC flag.





https://fedorahosted.org/sssd/ticket/1708

The services kept the fd to /var/log/sssd/sssd.log open. I don't think
there's any point in keeping the logfiles open after exec-ing for the
child, so I set the CLOEXEC flag.