| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
Extend PAM responder unit test to check 'online' cached authentication.
Resolves:
https://fedorahosted.org/sssd/ticket/2697
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 4b12be504e20173e0629835818e4db6a9617a9a4)
|
| |
|
|
|
|
|
|
|
|
|
| |
Split pam_test_setup() so domain and pam parameters can be easily set
distinctly for each test.
Resolves:
https://fedorahosted.org/sssd/ticket/2697
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 6411cd6074688762f793de8f1dddeffcb3a71d02)
|
| |
|
|
|
|
|
|
|
|
| |
It is not necessary to invalidate memory cache before removing
them. The sssd_client can handle it without any problem.
This reverts commit eabc1732ef91548616a699b7e9f8d30e5e7b8dd3.
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit 782d39e3916d16b8dbba6ae97aca1db2f3c35d76)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Long living clients should be able to reinitialize
memory cache which was removed but it not initialized.
This patch also remove workaround in test_local_domain.py
Test for:
https://fedorahosted.org/sssd/ticket/2726
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit b28f5fb097e06a97a45e0ae348e506d9d1432cc8)
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2726
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit c269ca2669706bddb25c5938b50277b0c0a94ea4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the memory cache was not initialized and there was a failure in
initialisation of memory cache context (e.g. memory cache file
does not exist) then mc_context had to be destroyed to release
resources.
However the count of active threads in sss_cli_mc_ctx is already higher
than zero because current thread is working wih the mc_context.
But this counter was zero-ed with memset in sss_nss_mc_destroy_ctx
due to issue with initialisation of memory cache.
Then we have to decrease counter of active thread in function
sss_nss_mc_get_ctx because initialisation of mc failed.
And the result of this decrement is underflow of counter.
Related to:
https://fedorahosted.org/sssd/ticket/2726
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit d4ff84434265dc959098ccfd4e8cd5d61d9052c9)
|
| |
|
|
|
|
|
|
| |
Like lookup by ID or by UPN the match for lookups by certificate can be
found in any domain and all sub-domains must be included in the search.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 04aed439cc058413e2331e9bfbe598cc563c2c7b)
|
| |
|
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
(cherry picked from commit 356eef72675cde4dc5627c1e2f1a01846ec6eb1d)
|
| |
|
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
(cherry picked from commit f4bcfcb1b91bfa6a568c4c99c2b3d16cd86090c6)
|
| |
|
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
(cherry picked from commit 20a2be57d764f58c4a6532310331e26a3273ada8)
|
| |
|
|
|
|
|
|
| |
If leak_check_setup is not called then global_talloc_context
was not initialized and check_leaks_pop(global_talloc_context) will fail.
Reviewed-by: Petr Cech <pcech@redhat.com>
(cherry picked from commit 9c62d6619b87f1255ef6515280a20552fca9d925)
|
| |
|
|
|
|
|
|
|
| |
If we are already requested used then we needn't to call
setreeuid(), setresgid(). But we forgot to relase local
struct sss_creds *ssc, which is used for returnig saved credentials.
Reviewed-by: Petr Cech <pcech@redhat.com>
(cherry picked from commit 5455da4f944145239295a2d8344f1a7602b4454d)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When ifp_users_user_get_groups is called, for example via GetAll and
the list of groups contains a non-POSIX group, we skip an array member,
resulting in random memory being passed to the caller.
Resolves:
https://fedorahosted.org/sssd/ticket/2863
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 788146c3e3a564f333f39a2fcffccf3012cc2679)
|
| |
|
|
|
|
|
|
|
|
|
| |
It could be unitialized only in case if we add new enum be_ptask_schedule
Currently, we have only BE_PTASK_SCHEDULE_FROM_NOW and
BE_PTASK_SCHEDULE_FROM_LAST which are properly covered in switch case.
src/providers/dp_ptask.c:200: warning: ‘tv’ may be used uninitialized in this function
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 911e9879cae1f8f18e73acb3c6037af651cd9db5)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There is a warning with gcc 4.8
src/tests/sbus_codegen_tests.c:1131:18: warning: 'exp_values' may be used
uninitialized in this function [-Wmaybe-uninitialized]
const char **exp_values;
^
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 617d5161d4ec454afc673ce1836b02f82435b347)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
/sssd/src/tools/sss_override.c: In function ‘override_user_import’:
/sssd/src/tools/sss_override.c:1471: warning: declaration of ‘exit’ shadows a global declaration
/usr/include/stdlib.h:544: warning: shadowed declaration is here
/sssd/src/tools/sss_override.c: In function ‘override_group_import’:
/sssd/src/tools/sss_override.c:1737: warning: declaration of ‘exit’ shadows a global declaration
/usr/include/stdlib.h:544: warning: shadowed declaration is here
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 3b9a62badec2478f978ac28d2e3b72a7dd16a6e5)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The syslog.target is not part of systemd anymore.
The non-socket-activated syslog daemons are not supported in systemd >= 35
and in the same version it was recomemded to not use this target in service
files.
http://www.freedesktop.org/wiki/Software/systemd/syslog/
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 46ef3da071401904a8c4930df4f2b1103c309c25)
|
| |
|
|
|
|
|
|
| |
This gets rid of confusing debug message:
[be_client_destructor] (0x0020): Unknown client removed ...
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit b2d7301516a8a6ca69e38999170da8a0ecb2bdba)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/tests/cmocka/test_sss_sifp.c: In function 'test_sss_sifp_strdup_valid':
src/tests/cmocka/test_sss_sifp.c:153: warning: declaration of 'dup' shadows a global declaration
/usr/include/unistd.h:528: warning: shadowed declaration is here
src/tests/cmocka/test_sss_sifp.c: In function 'test_sss_sifp_strdup_null':
src/tests/cmocka/test_sss_sifp.c:163: warning: declaration of 'dup' shadows a global declaration
/usr/include/unistd.h:528: warning: shadowed declaration is here
src/tests/cmocka/test_sdap.c: In function '__wrap_ldap_next_attribute':
src/tests/cmocka/test_sdap.c:203: warning: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: warning: shadowed declaration is here
src/tests/cmocka/test_responder_cache_req.c: In function 'prepare_user':
src/tests/cmocka/test_responder_cache_req.c:163: warning: declaration of 'time' shadows a global declaration
/usr/include/time.h:186: warning: shadowed declaration is here
src/tests/cmocka/test_responder_cache_req.c: In function 'prepare_group':
src/tests/cmocka/test_responder_cache_req.c:244: warning: declaration of 'time' shadows a global declaration
/usr/include/time.h:186: warning: shadowed declaration is here
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit df9e9a1f9b7dc255eb62c390163c25917b08f5a2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/sbus/sssd_dbus_invokers.c -fPIC -DPIC -o src/sbus/.libs/libsss_util_la-sssd_dbus_invokers.o
src/sbus/sssd_dbus_introspect.c: In function 'sbus_introspect_generate_signals':
src/sbus/sssd_dbus_introspect.c:206: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_introspect.c: In function 'sbus_introspect_generate_properties':
src/sbus/sssd_dbus_introspect.c:243: warning: declaration of 'access' shadows a global declaration
/usr/include/unistd.h:288: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c:29: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_new_incoming_signal':
src/sbus/sssd_dbus_signals.c:39: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_incoming_signal_hash_add':
src/sbus/sssd_dbus_signals.c:73: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_incoming_signal_hash_lookup':
src/sbus/sssd_dbus_signals.c:134: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_listen':
src/sbus/sssd_dbus_signals.c:168: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_handler':
src/sbus/sssd_dbus_signals.c:227: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_handler_got_caller_id':
src/sbus/sssd_dbus_signals.c:264: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_common_signals.c: In function 'sbus_signal_name_owner_changed':
src/sbus/sssd_dbus_common_signals.c:30: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_common_signals.c: In function ‘sbus_signal_name_owner_changed’:
src/sbus/sssd_dbus_common_signals.c:30: warning: declaration of ‘signal’ shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 365fe7479c753f198430812337a7ba8cdb0baf7d)
|
| |
|
|
|
|
|
|
|
| |
src/responder/common/responder_cache_req.c: In function 'cache_req_input_set_name':
src/responder/common/responder_cache_req.c:199: warning: declaration of 'dup' shadows a global declaration
/usr/include/unistd.h:528: warning: shadowed declaration is here
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 32dc4016585cbffc55a92a38e7a1e14c7e1e22ac)
|
| |
|
|
|
|
|
|
|
|
|
| |
Fail CI coverage build, if make-check stage fails. Previously make-check
stage failures were ignored for coverage build for the sake of
collecting coverage data in any case. However, catching extra test
failures seems more important than getting coverage data in all cases,
thus the change.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 8d1b572126afceb60693ff4c4a734bd6dbdaf548)
|
| |
|
|
|
|
|
|
|
|
| |
It's fixed in upstream gcc >= 4.6.0
Resolves:
https://fedorahosted.org/sssd/ticket/2819
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
(cherry picked from commit 057f699b401097ad7f48fe3760e81c6993619a4b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The state "struct sss_ldap_init_state" contains socket
created in function sss_ldap_init_send. We register callback
sdap_async_sys_connect_timeout for handling issue with connection
The tevent request "sss_ldap_init_send" is usually (nested) subrequest
of "struct resolve_service_state" related request created in fucntion
fo_resolve_service_send. Function fo_resolve_service_send also register
timeout callback fo_resolve_service_timeout to state "struct
resolve_service_state".
It might happen that fo_resolve_service_timeout will be called before
sss_ldap_init_send timeout and we could not handle tiemout error
for state "struct sss_ldap_init_state" and therefore created socket
was not closed.
We tried to release resources in function sdap_handle_release.
But the structure "struct sdap_handle" had not been initialized yet
with LDAP handle and therefore associated file descriptor could not be closed.
[fo_resolve_service_timeout] (0x0080): Service resolving timeout reached
[fo_resolve_service_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[110]
[sdap_handle_release] (0x2000): Trace: sh[0x7f6713410270], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory
[be_resolve_server_done] (0x1000): Server resolution failed: 14
[be_resolve_server_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[14]
[check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)]
Resolves:
https://fedorahosted.org/sssd/ticket/2792
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit a10f67d4c64f3b1243de5d86a996475361adf0ac)
|
| |
|
|
|
|
|
|
|
| |
make all docs && make install DESTDIR=`pwd`/_instdir
will not install doxygen generated files for sss_simpleifp
because directory was wrong
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 2d5d7761ef2b0d43c39dadf877b87aae19231036)
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 4940ba14100ad11b0ed1f2a8a4fea5daa34d56ee)
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit c8432ffd4cf29fe209b086ef69eacc9683dc5866)
|
| |
|
|
|
|
|
|
| |
When only str_dn is requested, ldb_dn is freed. This triggers access
after free since str_dn is part of ldb_dn talloc context.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 2341c8ccfe6225ee4ac5904c177a9200ba617a04)
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 55345aa1aaf1df23e5dfe8d584663f9fe6c4aeb9)
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 53d05f6a88b52b8f7acc15a803c1ef439fa30244)
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 6d0a69431a87a24dac04a9d77fbda5a6e24ac0dd)
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 1b45fed9f629d47fefc3feaba01810ca2200fed3)
|
| |
|
|
|
|
|
|
| |
There was a mistake in the code which resulted in exporting one
domain several times if multiple domain were configured.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 20222362cf9557e0e053e5e5f3b6f07899c7bfe7)
|
| |
|
|
|
|
|
|
| |
popt don't handle merging NULL option table, thus common and help
options were not displayed when command doesn't have any options.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 16065cc731687eb8779d31b79436bbf79c5e3ed3)
|
| |
|
|
|
|
|
|
|
| |
Conditions with get_next_domain were a little
confusing for coverity (but also for developers'
eyes).
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit e563de9203be581acc30c7794f568ae40d22bee0)
|
| |
|
|
|
|
|
|
| |
Recent get_next_domain refactoring enabled
us to use it also for disabled domains.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 2bbc9d6f8d5f2c1b07fd6968314b7f530b7f3a4d)
|
| |
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2673
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit f191a6f9f3313df88eaf3debf52eebfe5d3dee59)
|
| |
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2673
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit c84dcaa58449c53cf038311ce63bb2c304081b9d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update get next domain to be able to
include disbled domains and change the
interface to accept flags instead of
multiple booleans.
Ticket:
https://fedorahosted.org/sssd/ticket/2673
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 877b92e80bde510d5cd9f03dbf01e2bcf73ab072)
|
| |
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit bbe74392605808f6c7f1fda6e8c3c66fbfb035f4)
|
| |
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit beee2afce4eb18aca7f1268e0184c6c428e817a7)
|
| |
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 26cac569adbae18a11af7f9845340ec9fc49685b)
|
| |
|
|
|
|
|
|
|
|
| |
SSSDBG_CONF_SETTINGS is reserved for configuration information. These
pings are generally just noise (when they fail, this is logged at
SSDBG_FATAL_FAILURE). We should only log these at SSSDBG_TRACE_INTERNAL.
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Petr Cech <pcech@redhat.com>
(cherry picked from commit 284c22c191963f11e5c07ba6d14dcd8dc7e494fe)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There is function chown_debug_file() which didn't check
if the SSSD is compiled with journald support.
This patch add simple checking of this state.
Resolves:
https://fedorahosted.org/sssd/ticket/2493
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 152fed23797c8950ca18cf6dc2bddb61a3f615c8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the configure was called with stricter flags (-Werror=unused-variable)
then configure script did not detect tread safe initialisation.
As a result of this client code was not build with mutexes.
conftest.c: In function 'main':
conftest.c:39:17: error: unused variable 'm' [-Werror=unused-variable]
pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER;
^
cc1: all warnings being treated as errors
configure:15331: $? = 1
configure:15338: WARNING: Pthread library not found! Clients will not be thread safe...
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit f775337a7d4ca1c0be8eab683d0d753cbaee49e2)
|
| |
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 8fe87c3d35bf301cbb6ed7d441b588327d831924)
|
| |
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit 46c89176fd7f140d785bbdc399a94daca269172e)
|
| |
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit efdcf49660505e13607b99ba82eb504cf37b8794)
|
| |
|
|
|
|
|
|
|
| |
Previously some arguments passed to sdap_get_and_parse_generic_send()
were ignored. This patch fixes that and passes 'attronly',
'serverctrls' and 'clientctrls' to sdap_get_generic_ext_send().
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 86ffb3db2a6e798aaa920a0b40e0c517db8c293f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'attrsonly' parameter is directly passed to ldap_search_ext() and is
describe as:
The attrsonly parameter should be set to a non-zero value if only
attribute descriptions are wanted. It should be set to zero (0) if both
attributes descriptions and attribute values are wanted.
Boolean type should be fine for the 'attrsonly' parameter especially
since the actual parameter was already set to false in function calls.
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 108af0012e016b464790478b8aa3ad60e712930f)
|
