| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
limits.h is not used directly by util/util.h. The header file limits.h
must be included in 17 files and after removing it from util.h it had to be
added only to 4 missing files
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When both TEVENT_FD_WRITE and TEVENT_FD_READ are set, and an error/EOF
occurs when reading from the socket, we will get a use after free
in the second call ares_process_fd. The first call will free the watch
structure via a callback.
Prevent this by calling ares_process_fd only once.
Invalid read of size 4
at fd_input_available (async_resolv.c:147)
by epoll_event_loop (tevent_epoll.c:728)
by epoll_event_loop_once (tevent_epoll.c:926)
by std_event_loop_once (tevent_standard.c:114)
by _tevent_loop_once (tevent.c:533)
by tevent_common_loop_wait (tevent.c:637)
by std_event_loop_wait (tevent_standard.c:140)
by server_loop (server.c:702)
by main (data_provider_be.c:587)
Address ... is 112 bytes inside a block of size 136 free'd
at free (vg_replace_malloc.c:530)
by _talloc_free_internal (talloc.c:1116)
by _talloc_free (talloc.c:1647)
by ares__close_sockets (ares__close_sockets.c:50)
by handle_error (ares_process.c:679)
by read_tcp_data (ares_process.c:391)
by processfds (ares_process.c:138)
by fd_input_available (async_resolv.c:144)
by epoll_event_loop (tevent_epoll.c:728)
by epoll_event_loop_once (tevent_epoll.c:926)
by std_event_loop_once (tevent_standard.c:114)
by _tevent_loop_once (tevent.c:533)
by tevent_common_loop_wait (tevent.c:637)
by std_event_loop_wait (tevent_standard.c:140)
by server_loop (server.c:702)
Resolves:
https://fedorahosted.org/sssd/ticket/3250
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2789
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
In general we just return NULL if tevent_req_create() fails because
there is nothing we can do with the request anyway. Especially
tevent_req_error() should not be called because it tries to dereference
req.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
When we changed the resolver code to use the TTL values from the DNS
queries instead of harcoded ones, we changed the default value by
accident.
Add a separate SRV TTL that is backwards-compatible with the old
harcoded value.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
| |
SSSD contained several backwards-compatible definitions of SRV and TXT
APIs as well as structures that carry TTL data. These were intended for
RHEL-5 and older releases. Since we don't support those upstream, it's
better to remove the code -- it has drifted apart from upstream anyway.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/1884
Adds an internal resolver function that reads the TTL for SRV records as
specified by RFC-2181. Several internal c-ares definitions are used
until c-ares contains a function that exposes all this information via a
parsing function.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
When the server list consist only from servers with zero weight the
output list contained only one server.
Resolves:
https://fedorahosted.org/sssd/ticket/2357
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
man gethostanme says:
NOTES
SUSv2 guarantees that "Host names are limited to 255 bytes".
POSIX.1-2001 guarantees that "Host names (not including the terminating
null byte) are limited to HOST_NAME_MAX bytes". On Linux,
HOST_NAME_MAX is defined with the value 64, which has been the limit
since Linux 1.0 (earlier kernels imposed a limit of 8 bytes).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We should call freeaddrinfo only in situation if getaddrinfo succeeds.
It is not specified in RFC2553 the behaviour of calling freeaddrinfo
with the NULL argument. It is more portable to do not rely on undocumented
behaviour of glibc.
http://www.ietf.org/rfc/rfc2553.txt [Page 28]
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2198
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
c-ares timeout to wait for response from DNS server
before moving to next DNS server is lowered from 5s
to 2s.
Partially solves https://fedorahosted.org/sssd/ticket/1966
|
| |
|
|
|
|
|
|
| |
--missing arguments.
--format '%s', but argument is integer.
--wrong format string, examle: '%\n'
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1832
While some servers, such as FreeIPA allow the PTR record to be
synchronized when the forward record is updated, other servers,
including Active Directory, require that the PTR record is synchronized
manually.
This patch adds a new option, dyndns_update_ptr that automatically
generates appropriate DNS update message for updating the reverse zone.
This option is off by default in the IPA provider.
Also renames be_nsupdate_create_msg to be_nsupdate_create_fwd_msg
|
|
|
|
|
| |
This is a requirement to update the PTR records.
Includes a unit test.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1864
|
|
|
|
|
| |
We should use talloc_zfree() when freeing state variables, so we
can later avoid undesirable access after free.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1706
|
| |
|
|
|
|
|
|
|
|
|
| |
allocated on stack
If we provide a hostname that was allocated on stack, it may contain
invalid data in the time when it is actually resolved.
This patch fixes it.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1274
|
| |
|
|
|
|
|
| |
We would only free the hostent structure itself, not its contents. Use a
wrapper provided by c-ares to do so.
|
|
|
|
|
|
|
| |
ares_query does not take search or domain directives from
/etc/resolv.conf into account
https://fedorahosted.org/sssd/ticket/922
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/898
In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to
ares_addrttl/ares_addr6ttl so they are in the ares_ namespace.
Because they are committed to stable ABI, the contents are the same, just
the name changed -- so it is safe to just #define the new name for older
c-ares version in case the new one is not detected in configure time.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/867
|
|
|
|
|
|
| |
The in-tree SRV record parsing is used with very old c-ares libraries
that don't implement the parsing themselves (c-ares < 1.7, used in e.g.
RHEL5)
|
|
|
|
|
|
|
|
|
|
|
| |
We were unscheduling the timeout handler after the first lookup
(A or AAAA) returned, but not rescheduling it if we went on to
check the secondary record type. This resulted in the resolver
never returning a result for the secondary lookup, which can mean
that logins/screen unlocks after VPN drop or suspend/resume might
never complete.
Fixes https://fedorahosted.org/sssd/ticket/729
|
|
|
|
|
|
|
| |
options.tries specifies the number of retries. Setting this to
zero means to try exactly once. Previously we were always trying
twice (internally). We want to simply honor the SSSD configuration
and fail over to the next server (or go offline) after one try.
|