| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
In general we just return NULL if tevent_req_create() fails because
there is nothing we can do with the request anyway. Especially
tevent_req_error() should not be called because it tries to dereference
req.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When we changed the resolver code to use the TTL values from the DNS
queries instead of harcoded ones, we changed the default value by
accident.
Add a separate SRV TTL that is backwards-compatible with the old
harcoded value.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
SSSD contained several backwards-compatible definitions of SRV and TXT
APIs as well as structures that carry TTL data. These were intended for
RHEL-5 and older releases. Since we don't support those upstream, it's
better to remove the code -- it has drifted apart from upstream anyway.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/1884
Adds an internal resolver function that reads the TTL for SRV records as
specified by RFC-2181. Several internal c-ares definitions are used
until c-ares contains a function that exposes all this information via a
parsing function.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
When the server list consist only from servers with zero weight the
output list contained only one server.
Resolves:
https://fedorahosted.org/sssd/ticket/2357
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
man gethostanme says:
NOTES
SUSv2 guarantees that "Host names are limited to 255 bytes".
POSIX.1-2001 guarantees that "Host names (not including the terminating
null byte) are limited to HOST_NAME_MAX bytes". On Linux,
HOST_NAME_MAX is defined with the value 64, which has been the limit
since Linux 1.0 (earlier kernels imposed a limit of 8 bytes).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We should call freeaddrinfo only in situation if getaddrinfo succeeds.
It is not specified in RFC2553 the behaviour of calling freeaddrinfo
with the NULL argument. It is more portable to do not rely on undocumented
behaviour of glibc.
http://www.ietf.org/rfc/rfc2553.txt [Page 28]
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2198
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
c-ares timeout to wait for response from DNS server
before moving to next DNS server is lowered from 5s
to 2s.
Partially solves https://fedorahosted.org/sssd/ticket/1966
|
| | |
|
| |
|
|
|
|
| |
--missing arguments.
--format '%s', but argument is integer.
--wrong format string, examle: '%\n'
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1832
While some servers, such as FreeIPA allow the PTR record to be
synchronized when the forward record is updated, other servers,
including Active Directory, require that the PTR record is synchronized
manually.
This patch adds a new option, dyndns_update_ptr that automatically
generates appropriate DNS update message for updating the reverse zone.
This option is off by default in the IPA provider.
Also renames be_nsupdate_create_msg to be_nsupdate_create_fwd_msg
|
| |
|
|
|
| |
This is a requirement to update the PTR records.
Includes a unit test.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1864
|
| |
|
|
|
| |
We should use talloc_zfree() when freeing state variables, so we
can later avoid undesirable access after free.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1706
|
| | |
|
| |
|
|
|
|
|
|
|
| |
allocated on stack
If we provide a hostname that was allocated on stack, it may contain
invalid data in the time when it is actually resolved.
This patch fixes it.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1274
|
| | |
|
| |
|
|
|
| |
We would only free the hostent structure itself, not its contents. Use a
wrapper provided by c-ares to do so.
|
| |
|
|
|
|
|
| |
ares_query does not take search or domain directives from
/etc/resolv.conf into account
https://fedorahosted.org/sssd/ticket/922
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/898
In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to
ares_addrttl/ares_addr6ttl so they are in the ares_ namespace.
Because they are committed to stable ABI, the contents are the same, just
the name changed -- so it is safe to just #define the new name for older
c-ares version in case the new one is not detected in configure time.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/867
|
| |
|
|
|
|
| |
The in-tree SRV record parsing is used with very old c-ares libraries
that don't implement the parsing themselves (c-ares < 1.7, used in e.g.
RHEL5)
|
| |
|
|
|
|
|
|
|
|
|
| |
We were unscheduling the timeout handler after the first lookup
(A or AAAA) returned, but not rescheduling it if we went on to
check the secondary record type. This resulted in the resolver
never returning a result for the secondary lookup, which can mean
that logins/screen unlocks after VPN drop or suspend/resume might
never complete.
Fixes https://fedorahosted.org/sssd/ticket/729
|
| |
|
|
|
|
|
| |
options.tries specifies the number of retries. Setting this to
zero means to try exactly once. Previously we were always trying
twice (internally). We want to simply honor the SSSD configuration
and fail over to the next server (or go offline) after one try.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/686
|
| |
|
|
|
|
| |
We had a hard-coded timeout of five seconds for DNS lookups in the
async resolver. This patch adds an option 'dns_resolver_timeout'
to specify this value (Default: 5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a new failover API call fo_add_srv_server that allows the caller
to specify a server that is later resolved into a list of specific
servers using SRV requests.
Also adds a new failover option that specifies how often should the
servers resolved from SRV query considered valid until we need a
refresh.
The "real" servers to connect to are returned to the user as usual,
using the fo_resolve_service_{send,recv} calls.
Make SRV resolution work with c-ares 1.6
|
