sssd.git, branch reviews Experimental work on SSSD - Systen Security Services Daemon sss_cache: fqdn not accepted 2013-01-04T16:00:04+00:00 Michal Zidek mzidek@redhat.com 2012-11-05T15:53:46+00:00 d27d11b360b92f1728206802005bb3da359e1ea4 sss_cache did not accept fully quaified domain names. https://fedorahosted.org/sssd/ticket/1620 
sss_cache did not accept fully quaified domain names.

https://fedorahosted.org/sssd/ticket/1620
LDAP: initialize refresh function handler 2013-01-04T15:34:23+00:00 Ondrej Kos okos@redhat.com 2012-12-19T09:25:39+00:00 d091342880477358cf7317111abce05fb5802aab 






let krb5_backup_kpasswd failover work
2013-01-02T16:59:02+00:00

Pavel Březina
pbrezina@redhat.com

2013-01-02T08:09:31+00:00

4bb57b5f27abd2d38f96ba8681d375fb8aec7f3d

https://fedorahosted.org/sssd/ticket/1735





https://fedorahosted.org/sssd/ticket/1735







failover: Protect against empty host names
2013-01-02T16:44:09+00:00

Michal Zidek
mzidek@redhat.com

2012-10-15T10:21:00+00:00

04759b59e71c78ab23b84d13dd29d9c6dd680adb

Added new parameter to split_on_separator that allows to skip
empty values.

The whole function was rewritten. Unit test case was added to
check the new implementation.

https://fedorahosted.org/sssd/ticket/1484





Added new parameter to split_on_separator that allows to skip
empty values.

The whole function was rewritten. Unit test case was added to
check the new implementation.

https://fedorahosted.org/sssd/ticket/1484







set ret to EOK after for loop in sdap_sudo_purge_sudoers
2013-01-02T16:39:44+00:00

Pavel Březina
pbrezina@redhat.com

2013-01-02T10:09:32+00:00

fc647b8eb5bca901658dedf3dbda2f35c63a86f2

If we are unable to delete some rule from cache we print a debug
message and ignore the error. Thus we should set ret to EOK after
the for loop otherwise we return whether the last rule was deleted
successfully or not.

This also removes compilation warning that ret may be used
uninitialized (when we don't go inside the loop at all).





If we are unable to delete some rule from cache we print a debug
message and ignore the error. Thus we should set ret to EOK after
the for loop otherwise we return whether the last rule was deleted
successfully or not.

This also removes compilation warning that ret may be used
uninitialized (when we don't go inside the loop at all).







mmap cache: invalidate cache on fatal error
2012-12-20T18:55:19+00:00

Simo Sorce
simo@redhat.com

2012-12-20T02:17:40+00:00

0e6c9d03cacf24de4265ee0f902c216ba5a131c9

If a fatal EFAULT error is returned by the internal function that frees used
memory invalidate the whole cache and reinit it. This way we avoid further
corruption and insure clients see consistent data.

Also insure we use the right context in init() and we use talloc_zfree() in
reinit so that if the init() later fails we do not leave around a pointer
to free memory in the callers.





If a fatal EFAULT error is returned by the internal function that frees used
memory invalidate the whole cache and reinit it. This way we avoid further
corruption and insure clients see consistent data.

Also insure we use the right context in init() and we use talloc_zfree() in
reinit so that if the init() later fails we do not leave around a pointer
to free memory in the callers.







Carefully check records when forcibly invalidating
2012-12-20T18:55:02+00:00

Simo Sorce
simo@redhat.com

2012-12-20T04:10:25+00:00

6acf7c92ab38ad388295b2d57cc97c4598aa95cc

We should never try to invalidate an already invalid record as
internal pointers will not be consistent. Carefully test that the
record really is valid when we are fishing for free space, and
properly invalidate records or return a fatal error if something
goes wrong.
In order to make the code more robust always invalidate the whole
data space on initialization by setting all bits to 1, and make sure
to invalidate the whole last allocated slot by converting rec->len to
the number of slots instead of just the space used.





We should never try to invalidate an already invalid record as
internal pointers will not be consistent. Carefully test that the
record really is valid when we are fishing for free space, and
properly invalidate records or return a fatal error if something
goes wrong.
In order to make the code more robust always invalidate the whole
data space on initialization by setting all bits to 1, and make sure
to invalidate the whole last allocated slot by converting rec->len to
the number of slots instead of just the space used.







Update free table when records are invalidated.
2012-12-20T18:55:02+00:00

Simo Sorce
simo@redhat.com

2012-12-20T04:10:24+00:00

da4c23b6670adb45f71cf51aaeca8df30c2144be

We were holding up slots when entries were invalidated directly an not through
our primitive garbage collection scheme.





We were holding up slots when entries were invalidated directly an not through
our primitive garbage collection scheme.







nss_mc: Add extra checks when dereferencing records
2012-12-20T18:55:02+00:00

Simo Sorce
simo@redhat.com

2012-12-19T16:56:27+00:00

8437e782fdf97945e9e0c2a793ffaf49abc2c0ca

Although it should enver happen that we pass in an invalid hash it
is always better to just not do anything than access memory ouf of
the hash table. It can lead to segfaults, or worse referencing
memory that should not be touched.





Although it should enver happen that we pass in an invalid hash it
is always better to just not do anything than access memory ouf of
the hash table. It can lead to segfaults, or worse referencing
memory that should not be touched.







krb5 tgt renewal: fix usage of ldb_dn_get_component_val()
2012-12-20T18:41:11+00:00

Sumit Bose
sbose@redhat.com

2012-12-19T17:37:32+00:00

10c50d237d6e3137499fcfaa5a804e6712e002ee

For some reason I was under the impression that the DN components are
counted backwards in libldb. This patch corrects this.





For some reason I was under the impression that the DN components are
counted backwards in libldb. This patch corrects this.