sssd.git/src/providers, branch my-master Experimental work on SSSD - Systen Security Services Daemon Cleanup error message handling for krb5 child 2013-01-04T19:40:54+00:00 Simo Sorce simo@redhat.com 2012-11-22T21:34:18+00:00 c8febcca6b0c1e3430b6abb4eb14564e33380e54 Use the new internal SSSD errors, to simplify error handling. Instad of having up to 3 different errors to care about (system, krb5 and pam_status), collapse all error reporting into one error type mapped on errno_t. The returned error can contain either SSSD internal errors, kerberos errors or system errors, they all use differen number spaces so there is no overlap and tey can be safely merged. This means the errors bein sent from the child to the parent is not a pam status error message anymore. The parent properly deals with that. Also not that this patch removes returning SSS_PAM_SYSTEM_INFO from the krb5_child for kerberos errors as all it was doing was simply to make the parent emit the same debug log already emitted by the child, and the code is simpler if we do not do that. 
Use the new internal SSSD errors, to simplify error handling.
Instad of having up to 3 different errors to care about (system, krb5 and
pam_status), collapse all error reporting into one error type mapped on
errno_t.

The returned error can contain either SSSD internal errors, kerberos errors
or system errors, they all use differen number spaces so there is no overlap
and tey can be safely merged.

This means the errors bein sent from the child to the parent is not a pam
status error message anymore. The parent properly deals with that.

Also not that this patch removes returning SSS_PAM_SYSTEM_INFO from the
krb5_child for kerberos errors as all it was doing was simply to make the
parent emit the same debug log already emitted by the child, and the code
is simpler if we do not do that.
Refactor krb5 child 2013-01-04T19:38:36+00:00 Simo Sorce simo@redhat.com 2012-11-22T17:39:38+00:00 9366febd6ec9b1fe588fee4a4542ea75cc857abf The aim of this refactoring is to make the code readable and understandable. This code has grown organically over time and has becomed confused and baroque enough that understanding it's very simple flow had become very complex for the uninitiated. Complex flows easily hide nasty bugs. Improvements: - Remove dead/unused data storage - Fix and simplify talloc hierarchy, use a memory context (kr) for the whole code and allocate kr->pd where it is filled up. - Rename some functions to create a better name space (easier for searching fucntions across the tree) - Streamline setup function, by spliting out fast setup in a subroutine. - Avoid confusing indirection in executng actual functions by not using the krb5_req child_req member. - Make main() flow s now simmetric, send abck data from the main function instead of delegating a reply to every inner function that implements a command. Now the flow is evident from the main function: 1. read request 2. setup data 3. execute command 4. send reply back 
The aim of this refactoring is to make the code readable and understandable.
This code has grown organically over time and has becomed confused and
baroque enough that understanding it's very simple flow had become very
complex for the uninitiated. Complex flows easily hide nasty bugs.

Improvements:
- Remove dead/unused data storage
- Fix and simplify talloc hierarchy, use a memory context (kr) for the
whole code and allocate kr->pd where it is filled up.
- Rename some functions to create a better name space (easier for
searching fucntions across the tree)
- Streamline setup function, by spliting out fast setup in a subroutine.
- Avoid confusing indirection in executng actual functions by not
using the krb5_req child_req member.
- Make main() flow s now simmetric, send abck data from the main function
instead of delegating a reply to every inner function that implements a
command.

Now the flow is evident from the main function:
1. read request
2. setup data
3. execute command
4. send reply back
krb5_child style fix 2013-01-04T19:38:36+00:00 Simo Sorce simo@redhat.com 2012-11-21T23:05:22+00:00 9a0bd5e080983ad54bbbd96170b2f9be6167214a Use the standard 'done' label for exceptions. 
Use the standard 'done' label for exceptions.
LDAP: initialize refresh function handler 2013-01-04T15:34:23+00:00 Ondrej Kos okos@redhat.com 2012-12-19T09:25:39+00:00 d091342880477358cf7317111abce05fb5802aab 






let krb5_backup_kpasswd failover work
2013-01-02T16:59:02+00:00

Pavel Březina
pbrezina@redhat.com

2013-01-02T08:09:31+00:00

4bb57b5f27abd2d38f96ba8681d375fb8aec7f3d

https://fedorahosted.org/sssd/ticket/1735





https://fedorahosted.org/sssd/ticket/1735







failover: Protect against empty host names
2013-01-02T16:44:09+00:00

Michal Zidek
mzidek@redhat.com

2012-10-15T10:21:00+00:00

04759b59e71c78ab23b84d13dd29d9c6dd680adb

Added new parameter to split_on_separator that allows to skip
empty values.

The whole function was rewritten. Unit test case was added to
check the new implementation.

https://fedorahosted.org/sssd/ticket/1484





Added new parameter to split_on_separator that allows to skip
empty values.

The whole function was rewritten. Unit test case was added to
check the new implementation.

https://fedorahosted.org/sssd/ticket/1484







set ret to EOK after for loop in sdap_sudo_purge_sudoers
2013-01-02T16:39:44+00:00

Pavel Březina
pbrezina@redhat.com

2013-01-02T10:09:32+00:00

fc647b8eb5bca901658dedf3dbda2f35c63a86f2

If we are unable to delete some rule from cache we print a debug
message and ignore the error. Thus we should set ret to EOK after
the for loop otherwise we return whether the last rule was deleted
successfully or not.

This also removes compilation warning that ret may be used
uninitialized (when we don't go inside the loop at all).





If we are unable to delete some rule from cache we print a debug
message and ignore the error. Thus we should set ret to EOK after
the for loop otherwise we return whether the last rule was deleted
successfully or not.

This also removes compilation warning that ret may be used
uninitialized (when we don't go inside the loop at all).







krb5 tgt renewal: fix usage of ldb_dn_get_component_val()
2012-12-20T18:41:11+00:00

Sumit Bose
sbose@redhat.com

2012-12-19T17:37:32+00:00

10c50d237d6e3137499fcfaa5a804e6712e002ee

For some reason I was under the impression that the DN components are
counted backwards in libldb. This patch corrects this.





For some reason I was under the impression that the DN components are
counted backwards in libldb. This patch corrects this.







Add default section to switch statement
2012-12-19T17:42:58+00:00

Sumit Bose
sbose@redhat.com

2012-12-19T09:19:01+00:00

767a679fd5ac2f409476180c0dbcd8ecbe991503

switch statements should always have a default section. In this
particular case gcc gave a "'send_fn' may be used uninitialized in this
function" warning.





switch statements should always have a default section. In this
particular case gcc gave a "'send_fn' may be used uninitialized in this
function" warning.







DP: invalidate all cached maps if a request for auto.master comes in
2012-12-18T16:25:34+00:00

Jakub Hrozek
jhrozek@redhat.com

2012-12-15T12:20:30+00:00

06cb67c391dd8c2b1542a7d87fb5568fdad448cb

If the Data Provider receives a request for the auto.master map, it
passes on a flag to let the actual provider let know he should
invalidate the existing maps





If the Data Provider receives a request for the auto.master map, it
passes on a flag to let the actual provider let know he should
invalidate the existing maps