Timeline


and

09/03/13:

19:02 Changeset [a719392] by Jakub Hrozek <jhrozek@…>
sssd-1-10KRB5: Fix warning declaration shadows global declaration src/providers/krb5/krb5_utils.c:193: warning: declaration of 'rewind' shadows a global declaration /usr/include/stdio.h:754: warning: shadowed declaration is here
19:01 Changeset [e882171] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14KRB5: Fix warning declaration shadows global declaration src/providers/krb5/krb5_utils.c:193: warning: declaration of 'rewind' shadows a global declaration /usr/include/stdio.h:754: warning: shadowed declaration is here
17:56 SSSD-logo.png attached to WikiStart by sgallagh
SSSD Logo
14:29 Ticket #2074 (Switch to using GC by default for all lookups in server mode) created by jhrozek
Currently we look up identity information in the server mode from the LDAP …
14:14 Changeset [563cb29] by Jakub Hrozek <jhrozek@…>
sssd-1-9Make IPA SELinux provider aware of subdomain users Fixes https://fedorahosted.org/sssd/ticket/1892
14:00 Changeset [2db20f97] by Jakub Hrozek <jhrozek@…>
sssd-1-9UTIL: Use standard maximum value of type size_t It is better to use standard constant for maximum value of type size_t, instead of reinventing wheel with own defined constant SIZE_T_MAX This patch replace string "SIZE_T_MAX" -> "SIZE_MAX"
13:59 Changeset [3fa5bfd] by Jakub Hrozek <jhrozek@…>
sssd-1-10UTIL: Use standard maximum value of type size_t It is better to use standard constant for maximum value of type size_t, instead of reinventing wheel with own defined constant SIZE_T_MAX This patch replace string "SIZE_T_MAX" -> "SIZE_MAX"
13:55 Changeset [58dee40] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14UTIL: Use standard maximum value of type size_t It is better to use standard constant for maximum value of type size_t, instead of reinventing wheel with own defined constant SIZE_T_MAX This patch replace string "SIZE_T_MAX" -> "SIZE_MAX"
13:53 Changeset [07f8737] by Jakub Hrozek <jhrozek@…>
sssd-1-9Include sys/types.h for types id_t and uid_t
13:50 Changeset [a2ab00d] by Jakub Hrozek <jhrozek@…>
sssd-1-10Include sys/types.h for types id_t and uid_t
11:59 Changeset [546f1e3] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Include sys/types.h for types id_t and uid_t
11:54 Changeset [01d0482] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14PROXY: Handle empty GECOS If the user's GECOS as returned by the proxied module is an empty string (as opposed to NULL), the ldb transaction would error out.

09/02/13:

15:33 Changeset [3275c56] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14AUTOMAKE: Add missing escaped newline
13:36 Changeset [d98fdd8] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Fix czech specific character in my name
13:35 SSSD-vs-Winbind edited by jhrozek
Make the page up to date (diff)
10:16 Ticket #2058 (Remove use of global environemnt variables from krb5_common.c) closed by jhrozek
duplicate: Marking as duplicate of #697.
08:45 Ticket #2073 ([RFE] Extend the LDAP backend to retrieve extended set of attributes) created by jhrozek
This is a second part of ticket #2072. The LDAP provider must be extended …
08:43 Ticket #2072 ([RFE] Provide an experimental DBus responder to retrieve custom attributes ...) created by jhrozek
This is a first part of providing account data for the Gnome account …

09/01/13:

02:54 Ticket #2071 (Ccache directory creation leads to unexpected results) created by simo
When krb5_ccachedir is not used in krb5_ccname_template through the %d …

08/31/13:

03:09 Ticket #2070 (The present sssd-ad is unable to pull RFC2307 attributes from all domains ...) created by simpfeld
At the present time sssd-ad can only pull RFC2307 attributes for users and …
02:46 Ticket #2069 ([RFE] When using sssd-ad in a forest should be able to flatten usernames ...) created by simpfeld
When using sssd-ad there should be an option to flatten usernames for all …

08/30/13:

13:57 Ticket #2059 (sss_packet_grow: wrong use of module to pad data) closed by jhrozek
fixed
13:56 Ticket #2057 (Data provider endianess bug) closed by jhrozek
fixed
13:55 Ticket #2068 (Initial enumeration in the AD provider does not work) created by jhrozek
The initial enumeration is started right after the backend starts. But …
13:51 Ticket #2067 (Carry on if detecting the flat name fails) created by jhrozek
Currently if detecting the flatname (netbios) name fails, we abort the …
12:14 Changeset [0e9563e] by Jakub Hrozek <jhrozek@…>
sssd-1-9SIGCHLD handler: do not call callback when pvt data was freed https://fedorahosted.org/sssd/ticket/1992
10:03 Ticket #2066 (ad: invalid handling of Domain Users group for subdomain user) created by pbrezina
I have the following configuration of active directory forest: […] …

08/29/13:

12:45 Ticket #2065 (Sssd initial enumeration has no effect sometimes) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
11:44 Ticket #2064 (ad: unable to resolve membership when user is from different domain than ...) created by pbrezina
I have the following configuration of active directory forest: […] …
10:38 Ticket #2063 (sssd-ad unable to resolve names in other domains possibly UPN related) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Fedora): …

08/28/13:

22:20 Releases/Notes-1.11.0 edited by jhrozek
include 1.11.0 fixes (diff)
21:56 Releases/Notes-1.11.0 edited by jhrozek
add changelog (diff)
21:50 Documentation edited by jhrozek
(diff)
21:50 Releases/Notes-1.11.0 edited by jhrozek
(diff)
21:49 Releases/Notes-1.11.0 edited by jhrozek
Add 1.11.0 packaging changes (diff)
21:40 WikiStart edited by jhrozek
1.11.0 release (diff)
21:35 Milestone SSSD 1.11.0 completed
21:29 Releases/Notes-1.11.0 edited by simo
rewording (diff)
21:20 Releases/Notes-1.11.0 created by jhrozek
release notes for 1.11
21:04 Releases edited by jhrozek
1.11.0 released (diff)
20:56 Changeset [4058c68] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Updating the version for 1.11.1 release
20:44 Changeset [6515a84] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Updating the version for the 1.11.0 release
20:40 Changeset [a9228eb] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Updating translations for the 1.11.0 release
20:17 Changeset [8f209f0e] by Jakub Hrozek <jhrozek@…>
sssd-1-9MONITOR: Move function declaration out of conditional build Function monitor_config_file_fallback was defined inside of conditional block "#ifdef HAVE_SYS_INOTIFY_H", but it was also used out of this block. This patch move declaration of function before start of conditional build section.
20:17 Changeset [e526b83c] by Jakub Hrozek <jhrozek@…>
sssd-1-9UTIL: Explicitly include header file sys/socket.h We use constant AF_INET6 in util.c, but we do not explicitly include header file sys/socket.h. This header file was indirectly incuded by another header file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can have other dependencies among header files.
20:17 Changeset [9260f20] by Jakub Hrozek <jhrozek@…>
sssd-1-9MEMBEROF: Remove temporary workaround
20:17 Changeset [b7fd1a3] by Jakub Hrozek <jhrozek@…>
sssd-1-9IPA_HBAC: Explicitelly include header file time.h struct hbac_eval_req is defined in header file and it has attribute request_time with type time_t, but header file "time.h" was not included. It was not problem, because time.h was indirectly included by stdlib.h (stdlib.h -> sys/types.h -> time.h) in implementation files, but other platforms can have other dependencies among header files.
20:17 Changeset [3dc0400] by Jakub Hrozek <jhrozek@…>
sssd-1-9CONFIGURE: Get rid of bashism
20:17 Changeset [fc97ab8] by Jakub Hrozek <jhrozek@…>
sssd-1-9UTIL: Create new wraper header file sss_endian.h Some platform have header file endian.h and anothers have sys/endian.h. We nedd to use conditional build to handle it correctly, therefore new header file sss_endian.h was created.
20:17 Changeset [8abef639] by Jakub Hrozek <jhrozek@…>
sssd-1-9CLIENT: Fix non gnu sss_strnlen implementation last argument of function sss_strnlen "size_t *len" is output variable. We need to increment value of size_t being pointed to by pointer instead of incrementing pointer.
20:13 Changeset [f44bfa0] by Jakub Hrozek <jhrozek@…>
sssd-1-10UTIL: Create new wraper header file sss_endian.h Some platform have header file endian.h and anothers have sys/endian.h. We nedd to use conditional build to handle it correctly, therefore new header file sss_endian.h was created.
20:13 Changeset [98be8c7] by Jakub Hrozek <jhrozek@…>
sssd-1-10CLIENT: Fix non gnu sss_strnlen implementation last argument of function sss_strnlen "size_t *len" is output variable. We need to increment value of size_t being pointed to by pointer instead of incrementing pointer.
20:13 Changeset [b8bd6bd] by Jakub Hrozek <jhrozek@…>
sssd-1-10MONITOR: Move function declaration out of conditional build Function monitor_config_file_fallback was defined inside of conditional block "#ifdef HAVE_SYS_INOTIFY_H", but it was also used out of this block. This patch move declaration of function before start of conditional build section.
20:13 Changeset [05fa70f] by Jakub Hrozek <jhrozek@…>
sssd-1-10UTIL: Explicitly include header file sys/socket.h We use constant AF_INET6 in util.c, but we do not explicitly include header file sys/socket.h. This header file was indirectly incuded by another header file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can have other dependencies among header files.
20:13 Changeset [696605a] by Jakub Hrozek <jhrozek@…>
sssd-1-10MEMBEROF: Remove temporary workaround
20:13 Changeset [3ae207c5] by Jakub Hrozek <jhrozek@…>
sssd-1-10IPA_HBAC: Explicitelly include header file time.h struct hbac_eval_req is defined in header file and it has attribute request_time with type time_t, but header file "time.h" was not included. It was not problem, because time.h was indirectly included by stdlib.h (stdlib.h -> sys/types.h -> time.h) in implementation files, but other platforms can have other dependencies among header files.
20:13 Changeset [94c5e5a] by Jakub Hrozek <jhrozek@…>
sssd-1-10CONFIGURE: Get rid of bashism
20:02 Changeset [1658c56] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14UTIL: Create new wraper header file sss_endian.h Some platform have header file endian.h and anothers have sys/endian.h. We nedd to use conditional build to handle it correctly, therefore new header file sss_endian.h was created.
20:02 Changeset [c08e3ac] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14CLIENT: Fix non gnu sss_strnlen implementation last argument of function sss_strnlen "size_t *len" is output variable. We need to increment value of size_t being pointed to by pointer instead of incrementing pointer.
20:02 Changeset [1bf580d] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14MONITOR: Move function declaration out of conditional build Function monitor_config_file_fallback was defined inside of conditional block "#ifdef HAVE_SYS_INOTIFY_H", but it was also used out of this block. This patch move declaration of function before start of conditional build section.
20:02 Changeset [9d54fa80] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14UTIL: Explicitly include header file sys/socket.h We use constant AF_INET6 in util.c, but we do not explicitly include header file sys/socket.h. This header file was indirectly incuded by another header file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can have other dependencies among header files.
20:02 Changeset [47d35b3] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14MEMBEROF: Remove temporary workaround
20:02 Changeset [7ef1ff8] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14IPA_HBAC: Explicitelly include header file time.h struct hbac_eval_req is defined in header file and it has attribute request_time with type time_t, but header file "time.h" was not included. It was not problem, because time.h was indirectly included by stdlib.h (stdlib.h -> sys/types.h -> time.h) in implementation files, but other platforms can have other dependencies among header files.
20:02 Changeset [c481179] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14CONFIGURE: Get rid of bashism
18:04 Changeset [298b57a] by Jakub Hrozek <jhrozek@…>
sssd-1-9DP: Use the correct type for DBus boolean https://fedorahosted.org/sssd/ticket/2057
17:43 Changeset [a27e330] by Jakub Hrozek <jhrozek@…>
sssd-1-10DP: Use the correct type for DBus boolean https://fedorahosted.org/sssd/ticket/2057
17:28 Changeset [46c5dee] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14DP: Use the correct type for DBus boolean https://fedorahosted.org/sssd/ticket/2057
17:22 Changeset [6fab6db] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14IPA: Add forgotten declaration A conflict between two patches was not resolved correctly
17:02 Ticket #1942 (convert enumeration timer to be_ptask) closed by jhrozek
fixed
17:00 Ticket #1963 ([RFE] Implement or Improve enumeration) closed by jhrozek
fixed: * master: 31dd31b00ad759f256282ef0f7054e60672161ce
16:08 Changeset [8b9fc71] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14NSS: Descend into subdomains if enumerate=true Since we now store the enumerate flag in sysdb for subdomains, we can always descend to all available subdomains and if they do not allow enumeration, simply skip them.
16:08 Changeset [31dd31b0] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14IPA: enable enumeration if parent domain enumerates in server mode https://fedorahosted.org/sssd/ticket/1963
16:07 Changeset [33c8654] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Add a new option to control subdomain enumeration
16:06 Changeset [4c63d8a] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14LDAP: Add enum_{users,groups}_recv to follow the tevent_req style The enum code was quite old and predated the tevent_req style. In particular, the enum code was checking tevent state direcly and not using _recv functions or the helper macros we added later. As a consequence, it was not easy to read. This patch adds the standard _recv functions to read the status of the enum requests.
16:06 Changeset [25e64ab] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14LDAP: Remove unused constant The constant was not used since Euegene came up with his reconnection logic.
16:06 Changeset [8ca7391] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14LDAP: Move the ldap enum request to its own reusable module The LDAP enumeration was too closely tied to the LDAP identity provider. Because some providers might need special handling such as refresh the master domain record before proceeding with the enumeration itself, this patch splits the request itself to a separate async request and lets the ldap_id_enum.c module only configure this new request. Also move the enum timestamp to sdap_domain to make the enum tracking per sdap domain. The cleanup timestamp will be moved in another patch.
16:06 Changeset [5894f05] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14LDAP: Convert enumeration to the ptask API https://fedorahosted.org/sssd/ticket/1942 Identity providers other than LDAP need to customize the enumeration in different ways while sharing the way the task is scheduled etc. The easiest way to accomplish it is to leverage the recently introduced ptask framework.
16:06 Changeset [34a63c4] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14LDAP: Make cleanup synchronous The LDAP cleanup request was asynchronous for no good reason, probably a leftover from the days of async sysdb. This patch makes it sychronous again, removing a lot of uneeded code.
16:06 Changeset [66edf42] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14LDAP: Make the cleanup task reusable for subdomains Instead of always performing the cleanup on the main domain, the task now accepts a sdap_domain structure to perform the cleanup on. This change will make the cleanup task reusable for subdomains.
16:06 Changeset [1c4144a] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14LDAP: Make sdap_id_setup_tasks reusable for subdomains Instead of always performing the setup for the main domain, the setup can now be performed for subdomains as well.
16:06 Changeset [b3458bb] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14SYSDB: Store enumerate flag for subdomain
16:06 Changeset [a6cca9c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Read enumerate state for subdomains from cache The enumerate flag will be read from the cache for subdomains and the domain object will be created accordingly.
16:05 Changeset [3b0e035] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14DB: Update sss_domain_info with new updated data
16:05 Changeset [a4644da] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14DB: remove unused realm parameter from sysdb_master_domain_add_info The parameter was not used at all.
15:30 Changeset [caee982] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14ipa-server-mode: add IPA group memberships to AD users When IPA trusts an AD domain the AD user or groups can be placed into IPA groups e.g. to put AD users under the control of HBAC. Since IPA group can only have members from the IPA directory tree and the AD users and groups are not stored there a special IPA object called external group was introduced. SIDs of users and groups can be added to the external group and since the external groups are in the IPA directory tree they can be member of IPA groups. To speed things up and to remove some load from the IPA servers SSSD reads all external groups and stores them in memory for some time before rereading the data. Enhances https://fedorahosted.org/sssd/ticket/1962
14:53 Ticket #2049 (sssd_nss core dumps under load) closed by jhrozek
fixed: * master: 4662725ffef62b3b2502481438effa7c8fef9f80
14:49 Changeset [b493966] by Jakub Hrozek <jhrozek@…>
sssd-1-9mmap_cache: Skip records which doesn't have same hash The code uses 2 hashes for each record, but only one hash table to index them both, furthermore each record has only one single 'next' pointer. This means that in certain conditions a record main end up being on a hash chain even though its hashes do not match the hash chain. This can happen when another record 'drags' it in from another hash chain where they both belong. If the record without matching hashes happens to be the second of the chain and the first record is removed, then the non matching record is left on the wrong chain. On removal of the non-matching record the hash chain will not be updated and the hash chain will end up pointing to an invalid slot. This slot may be later reused for another record and may not be the first slot of this new record. In this case the hash chain will point to arbitrary data and may cause issues if the slot is interpreted as the head of a record. By skipping any block that has no matching hashes upon removing the first record in a chain we insure that dangling references cannot be left in the hash table Resolves: https://fedorahosted.org/sssd/ticket/2049
14:49 Changeset [98ce2a15] by Jakub Hrozek <jhrozek@…>
sssd-1-9mmap_cache: Use stricter check for hash keys. ht_size is size of hash_table in bytes, but hash keys have type uint32_t
14:48 Changeset [f6b311b] by Jakub Hrozek <jhrozek@…>
sssd-1-10mmap_cache: Skip records which doesn't have same hash The code uses 2 hashes for each record, but only one hash table to index them both, furthermore each record has only one single 'next' pointer. This means that in certain conditions a record main end up being on a hash chain even though its hashes do not match the hash chain. This can happen when another record 'drags' it in from another hash chain where they both belong. If the record without matching hashes happens to be the second of the chain and the first record is removed, then the non matching record is left on the wrong chain. On removal of the non-matching record the hash chain will not be updated and the hash chain will end up pointing to an invalid slot. This slot may be later reused for another record and may not be the first slot of this new record. In this case the hash chain will point to arbitrary data and may cause issues if the slot is interpreted as the head of a record. By skipping any block that has no matching hashes upon removing the first record in a chain we insure that dangling references cannot be left in the hash table Resolves: https://fedorahosted.org/sssd/ticket/2049
14:48 Changeset [b1d8725] by Jakub Hrozek <jhrozek@…>
sssd-1-10mmap_cache: Use stricter check for hash keys. ht_size is size of hash_table in bytes, but hash keys have type uint32_t
14:47 Changeset [b8d0374] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14mmap_cache: Use stricter check for hash keys. ht_size is size of hash_table in bytes, but hash keys have type uint32_t
14:43 Changeset [4662725] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14mmap_cache: Skip records which doesn't have same hash The code uses 2 hashes for each record, but only one hash table to index them both, furthermore each record has only one single 'next' pointer. This means that in certain conditions a record main end up being on a hash chain even though its hashes do not match the hash chain. This can happen when another record 'drags' it in from another hash chain where they both belong. If the record without matching hashes happens to be the second of the chain and the first record is removed, then the non matching record is left on the wrong chain. On removal of the non-matching record the hash chain will not be updated and the hash chain will end up pointing to an invalid slot. This slot may be later reused for another record and may not be the first slot of this new record. In this case the hash chain will point to arbitrary data and may cause issues if the slot is interpreted as the head of a record. By skipping any block that has no matching hashes upon removing the first record in a chain we insure that dangling references cannot be left in the hash table Resolves: https://fedorahosted.org/sssd/ticket/2049
14:22 Changeset [8b9b986] by Jakub Hrozek <jhrozek@…>
sssd-1-9sss_packet_grow: correctly pad packet length to 512B https://fedorahosted.org/sssd/ticket/2059 If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number, we can end up with totlen < len and return EINVAL. It also does not pad the length, but usually allocates much more memory than is desired. len = 1024 n = 1024 % 512 + 1 = 0 + 1 = 1 totlen = 1 * 512 = 512 => totlen < len len = 511 n = 511 % 512 + 1 = 511 + 1 totlen = 512 * 512 = 262144 totlen is way bigger than it was supposed to be
14:21 Changeset [0574adc] by Jakub Hrozek <jhrozek@…>
sssd-1-10sss_packet_grow: correctly pad packet length to 512B https://fedorahosted.org/sssd/ticket/2059 If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number, we can end up with totlen < len and return EINVAL. It also does not pad the length, but usually allocates much more memory than is desired. len = 1024 n = 1024 % 512 + 1 = 0 + 1 = 1 totlen = 1 * 512 = 512 => totlen < len len = 511 n = 511 % 512 + 1 = 511 + 1 totlen = 512 * 512 = 262144 totlen is way bigger than it was supposed to be
14:21 Changeset [3575235d] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14sss_packet_grow: correctly pad packet length to 512B https://fedorahosted.org/sssd/ticket/2059 If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number, we can end up with totlen < len and return EINVAL. It also does not pad the length, but usually allocates much more memory than is desired. len = 1024 n = 1024 % 512 + 1 = 0 + 1 = 1 totlen = 1 * 512 = 512 => totlen < len len = 511 n = 511 % 512 + 1 = 511 + 1 totlen = 512 * 512 = 262144 totlen is way bigger than it was supposed to be
14:20 Ticket #1964 ([RFE] Enhance IPA SRV plugin to do AD site lookups as well) closed by jhrozek
fixed: * master: de307ab8e390deabc5df9884a3f762bfb1581936
14:19 Changeset [de307ab] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14IPA: Enable AD sites when in server mode https://fedorahosted.org/sssd/ticket/1964 Currently the AD sites are enabled unconditionally
14:04 Ticket #2062 (Leverage RFC 4533 in server mode for enumeration and synchronization of ...) created by jhrozek
When the 389DS server gains the ability of persistent searches according …
12:58 Ticket #2061 (ccache mangament simplification) created by simo
The current ccache code is split in backends with the idea that each one …
11:46 Changeset [b525aa5] by Jakub Hrozek <jhrozek@…>
sssd-1-5SIGCHLD handler: do not call callback when pvt data where freed https://fedorahosted.org/sssd/ticket/1992
11:27 Changeset [1c27f00] by Jakub Hrozek <jhrozek@…>
sssd-1-9Removing unused parameter type from sudosrv_get_sudorules_query_cache() Resolves: https://fedorahosted.org/sssd/ticket/1825
09:03 Changeset [32615ff] by Jakub Hrozek <jhrozek@…>
sssd-1-10krb5_common: Refactor to use a talloc temp context In preparation for handling some more allocations in the following patches and fixes a curent memleak on the opts struct. Related: https://fedorahosted.org/sssd/ticket/2036
09:03 Changeset [7994522] by Jakub Hrozek <jhrozek@…>
sssd-1-10krb5: Fetch ccname template from krb5.conf In order to use the same defaults in all system daemons that needs to know how to generate or search for ccaches we introduce ode here to take advantage of the new option called default_ccache_name provided by libkrb5. If set this variable we establish the same default for all programs that surce it out of krb5.conf therefore providing a consistent experience across the system. Related: https://fedorahosted.org/sssd/ticket/2036
09:03 Changeset [0681ea99] by Jakub Hrozek <jhrozek@…>
sssd-1-10BUILD: Remove unnecessary patch and configure opts Now that we use the libkrb5 defaults for the default ccname template we do not need the patch that changes the man pages defaults nor the configure options to change sssd defaults anymore. Related: https://fedorahosted.org/sssd/ticket/2036
09:00 Changeset [a524b037] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14krb5_common: Refactor to use a talloc temp context In preparation for handling some more allocations in the following patches and fixes a curent memleak on the opts struct. Related: https://fedorahosted.org/sssd/ticket/2036
09:00 Changeset [dcc6877] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14krb5: Fetch ccname template from krb5.conf In order to use the same defaults in all system daemons that needs to know how to generate or search for ccaches we introduce ode here to take advantage of the new option called default_ccache_name provided by libkrb5. If set this variable we establish the same default for all programs that surce it out of krb5.conf therefore providing a consistent experience across the system. Related: https://fedorahosted.org/sssd/ticket/2036
09:00 Changeset [ac54a88] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14BUILD: Remove unnecessary patch and configure opts Now that we use the libkrb5 defaults for the default ccname template we do not need the patch that changes the man pages defaults nor the configure options to change sssd defaults anymore. Related: https://fedorahosted.org/sssd/ticket/2036

08/27/13:

18:58 Changeset [7839537] by Simo Sorce <simo@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14BUILD: Ignore translations when building RPMs When we're running 'make rpms' for development purposes, the nested call to 'make distdir' ends up forcing an update of the translation pot files. With this patch, we'll automatically ignore them during (S)RPM actions.
15:13 Ticket #2036 (Convert to the new Kerberos KEYRING ccache) closed by jhrozek
fixed: * master: aeb1e654c337037b6bdb350e1ec8aaa065e86794 * sssd-1-10: …
15:06 Changeset [ff79911] by Jakub Hrozek <jhrozek@…>
sssd-1-10KRB5: Add low-level debugging to sss_get_ccache_name_for_principal
15:06 Changeset [a9b3ecf] by Jakub Hrozek <jhrozek@…>
sssd-1-10KRB5: Remove unnecessary call to become_user() By the time that the create_ccache_in_dir() routine is called, we are already guaranteed to have dropped privileges. This has either happened because we dropped them before the exec() in the normal operation case or because we dropped them explicitly after we completed the TGT validation step if that or FAST is configured.
15:06 Changeset [3b31339] by Jakub Hrozek <jhrozek@…>
sssd-1-10KRB5: Add support for KEYRING cache type https://fedorahosted.org/sssd/ticket/2036
15:05 Changeset [aeb1e65] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14KRB5: Add support for KEYRING cache type https://fedorahosted.org/sssd/ticket/2036
15:01 Changeset [fe1afacc] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14KRB5: Remove unnecessary call to become_user() By the time that the create_ccache_in_dir() routine is called, we are already guaranteed to have dropped privileges. This has either happened because we dropped them before the exec() in the normal operation case or because we dropped them explicitly after we completed the TGT validation step if that or FAST is configured.
15:01 Changeset [d9816ac] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14KRB5: Add low-level debugging to sss_get_ccache_name_for_principal
11:07 Ticket #2060 (Cached credentials aren't working with sssd-ad UPN logins) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Fedora): …
08:40 Ticket #2059 (sss_packet_grow: wrong use of module to pad data) created by pbrezina
This code in sss_packet_grow() is used to pad data to 512 bytes. […] …

08/26/13:

16:07 Ticket #2058 (Remove use of global environemnt variables from krb5_common.c) created by simo
Using setenv() to set global variables is just wrong. Set values in an …
15:04 Ticket #2057 (Data provider endianess bug) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
09:57 Ticket #2052 (sudo: if USN is not found, store the rule anyway) closed by jhrozek
fixed: * master: 9b43a2a6462b07075d403dbd5de487cbe7ada92c * sssd-1-10: …
09:54 Changeset [4e9d5eb] by Jakub Hrozek <jhrozek@…>
sssd-1-10sudo: do not strdup usn on ENOENT If USN attribute is not present, we call strdup on uninitialized variable. This may cause segfault, or if we are lucky and usn is NULL it will return ENOMEM.
09:54 Changeset [c50fd91] by Jakub Hrozek <jhrozek@…>
sssd-1-10sudo: do not fail to store the rule if we can't read usn Resolves: https://fedorahosted.org/sssd/ticket/2052
09:53 Changeset [2211abf] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14sudo: do not strdup usn on ENOENT If USN attribute is not present, we call strdup on uninitialized variable. This may cause segfault, or if we are lucky and usn is NULL it will return ENOMEM.
09:50 Changeset [9b43a2a] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14sudo: do not fail to store the rule if we can't read usn Resolves: https://fedorahosted.org/sssd/ticket/2052
09:49 Changeset [59a9512] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14PAC: Skip SIDs that cannot be resolved to domain
09:46 Ticket #1996 (PAC responder: update cached user object instead of deleting and ...) closed by jhrozek
fixed: * master: 1e9930690691360d8963eecea4918b36b6d51013
09:44 Changeset [1e99306] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14PAC: if user entry already exists keep it Currently the PAC responder deletes a user entry and recreates it if some attributes seems to be different. Two of the attributes where the home directory and the shell of the user. Those two attributes are not available from the PAC but where generates by the PAC responder. The corresponding ID provider might have better means to determine those attributes, e.g. read them from LDAP, so we shouldn't change them here. The third attribute is the user name. Since the PAC responder does lookups only based on the UID we can wait until the ID provider updates the entry. Fixes https://fedorahosted.org/sssd/ticket/1996
09:44 Changeset [5c28b1bd] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14PAC: do not create users with missing GID If the user entry does not exist in the cache and a primary GID cannot be found it does not make sense to create a user entry.
09:44 Changeset [e5aa9ba] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14PAC: handle non-POSIX groups in cache Since the DN of the group is used to remove a membership it is not necessary to check if the GID is valid.
09:44 Changeset [5aab4d1] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14PAC: read user DN instead of constructing it To avoid issues with case-sensitivity it is more reliable to search the user entry in the cache and use the returned DN instead of constructing it.
09:44 Changeset [76916fe] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14PAC: do not fail if a single group cannot be added/removed When processing a list of groups we try to process as much as possible only not stop on the first error.
09:44 Changeset [05cf2b7] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14PAC: use SID instead of GID to search for groups With the support of POSIX IDs managed on the AD side we may find non-POSIX groups, i.e. groups which do not have a GID assigned in AD, in the PAC. Since in this case all cached groups have a SDI attribute it is more reliable to search the groups by SID instead of GID.
09:38 Ticket #2056 (Add a sysdb utility call sysdb_attrs_add_lower_case_string) created by jhrozek
Some attributes (like aliases) need to be placed to sysdb lowercased, but …

08/24/13:

16:33 Ticket #2055 (Create unit tests for the memory cache) created by jhrozek
The memcache has seen quite a few patches lately and in general is a …
16:21 Changeset [23c1238] by Jakub Hrozek <jhrozek@…>
sssd-1-10DP: Notify propperly when removing PAC responder Adds pac_cli be_client structure pointer, to indetify and log the PAC responder termination correctly.
16:19 Changeset [f88f098] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14DP: Notify propperly when removing PAC responder Adds pac_cli be_client structure pointer, to indetify and log the PAC responder termination correctly.
16:17 Ticket #2054 (Review if responder_cli pointers are actually needed) created by jhrozek
There are per-responder pointers in the back end code. Mostly they are …
16:08 Ticket #2044 (Update sssd-ad manpage to reflect "trust between domains in single forest ...) closed by jhrozek
fixed: * master: 728a1812b7c5f70febb522342c5b357da598acfe * sssd-1-10: …
16:05 Changeset [ce07694] by Jakub Hrozek <jhrozek@…>
sssd-1-10check_cc_validity: make sure _valid is always set In the KRB5_FCC_NOFILE code path _valid is not set leading to 'may be used uninitialized' compiler warnings.
16:05 Changeset [fff5280] by Jakub Hrozek <jhrozek@…>
sssd-1-10MAN: AD provider only supports trusted domains from the same forest Resolves: https://fedorahosted.org/sssd/ticket/2044
16:04 Changeset [8cae675] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14check_cc_validity: make sure _valid is always set In the KRB5_FCC_NOFILE code path _valid is not set leading to 'may be used uninitialized' compiler warnings.
16:04 Changeset [728a181] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14MAN: AD provider only supports trusted domains from the same forest Resolves: https://fedorahosted.org/sssd/ticket/2044

08/23/13:

14:37 Ticket #2053 (Stop saving the ccache collection name to sysdb unless it's needed) created by jhrozek
For cases where the ccache resides in a collection that is named …
12:25 Ticket #1769 (proxy provider: id lookup shows "Memory buffer error" in domain log) closed by jhrozek
fixed

08/22/13:

18:11 Changeset [8f1ba6b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14pam: Bad debug message format and parameter.
18:10 Changeset [bea1c46] by Jakub Hrozek <jhrozek@…>
sssd-1-10Fix memory leak insss_krb5_get_error_message warning reported by cppcheck
18:05 Changeset [38bf0c9] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Remove include recursion warning reported by coverity include_recursion: #include file "src/providers/dp_backend.h" includes itself: dp_backend.h -> dp_refresh.h -> dp_backend.h (other events go to each file) primary_file: During compilation of file 'src/krb5_plugin/sssd_krb5_locator_plugin.c include_recursion: #include file "src/providers/dp_backend.h" includes itself: dp_backend.h -> dp_refresh.h -> dp_ptask.h -> dp_backend.h (other events go to each file) primary_file: During compilation of file 'src/krb5_plugin/sssd_krb5_locator_plugin.c'
18:05 Changeset [6f6f757] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Use brackets around macros. warnings reported by cppcheck.
18:05 Changeset [e0b89ca] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Fix memory leak insss_krb5_get_error_message warning reported by cppcheck
18:00 Ticket #2051 (Do not fail if initgroups returns NOT_FOUND) closed by jhrozek
fixed: * master: 66d1f565dfb39325ab7daa264b5795b1f348756e * sssd-1-10: …
17:58 Changeset [d804bc1c] by Jakub Hrozek <jhrozek@…>
sssd-1-10proxy: Allow initgroup to return NOTFOUND When the user is only member of its own primary group, initgroups_dyn may return NOTFOUND as, at least for the 'files' nss provider the code skips the passed in group. Resolves: https://fedorahosted.org/sssd/ticket/2051
17:57 Changeset [66d1f56] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14proxy: Allow initgroup to return NOTFOUND When the user is only member of its own primary group, initgroups_dyn may return NOTFOUND as, at least for the 'files' nss provider the code skips the passed in group. Resolves: https://fedorahosted.org/sssd/ticket/2051
17:46 Changeset [9eae161] by Jakub Hrozek <jhrozek@…>
sssd-1-10mmap_cache: Use sss_atomic_write_s instead of write. Use sss_atomic_write_s() instead of write() in sss_mc_save_corrupted(). Also unlink() the file if no data were written. It is better to use sss_atomic_write_s instead of write
17:42 Changeset [1f7fb30] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14mmap_cache: Use sss_atomic_write_s instead of write. Use sss_atomic_write_s() instead of write() in sss_mc_save_corrupted(). Also unlink() the file if no data were written. It is better to use sss_atomic_write_s instead of write
17:40 Changeset [e91a181] by Jakub Hrozek <jhrozek@…>
sssd-1-10gitignore: Add Eclipse project files to ignore list
17:40 Changeset [0016b09] by Jakub Hrozek <jhrozek@…>
sssd-1-10BUILD: Fix contrib build macros to display warnings There was an inconsistency with how the warnings were specified and how they were consumed by the macros. The result was that warnings were hidden.
17:34 Changeset [9ac2585a] by Jakub Hrozek <jhrozek@…>
sssd-1-10KRB5: Only set active and valid on success The FILE cache only sets the return values of _active and _bool if the entire function succeeds. The DIR cache was setting it even on failure. This patch makes both consistent. This will benefit static analysis tools which would be able to detect if the variable is ever used uninitialized anywhere.
17:34 Changeset [ab5a1c2] by Jakub Hrozek <jhrozek@…>
sssd-1-10KRB5: Refactor cc_*_check_existing There was duplicated code in cc_file_check_existing() and in cc_dir_check_existing(). I pulled them into the same function. There are two changes made to the original code here: 1) Fixes a use-after-free bug in cc_file_check_existing(). In the original code, we called krb5_free_context() and then used that context immediately after that in krb5_cc_close(). This patch corrects the ordering 2) The krb5_cc_resolve() call handles KRB5_FCC_NOFILE for all cache types. Previously, this was only handled for DIR caches.
17:33 Changeset [50a34e4] by Jakub Hrozek <jhrozek@…>
sssd-1-10KRB5: Add new #define for collection cache types Kerberos now supports multiple types of collection caches, not just DIR: caches. We should add a macro for generic collection behavior and use that where appropriate.
17:33 Changeset [b111d6d] by Jakub Hrozek <jhrozek@…>
sssd-1-10Use conditional build for retrieving ccache. Some krb5 functions needn't be available for retrieving ccache with principal. Therefore ifdef is used to solve this situation with older version of libkrb5. There were two functions with similar functionality in krb5_child and krb5_utils. They were merged to one universal function, which was moved to file src/util/sss_krb5.c
17:29 Changeset [2930ff3] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14BUILD: Fix contrib build macros to display warnings There was an inconsistency with how the warnings were specified and how they were consumed by the macros. The result was that warnings were hidden.
17:29 Changeset [628f47f] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14gitignore: Add Eclipse project files to ignore list
17:29 Changeset [8340ca4] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14KRB5: Add new #define for collection cache types Kerberos now supports multiple types of collection caches, not just DIR: caches. We should add a macro for generic collection behavior and use that where appropriate.
17:29 Changeset [18dff5d] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14KRB5: Refactor cc_*_check_existing There was duplicated code in cc_file_check_existing() and in cc_dir_check_existing(). I pulled them into the same function. There are two changes made to the original code here: 1) Fixes a use-after-free bug in cc_file_check_existing(). In the original code, we called krb5_free_context() and then used that context immediately after that in krb5_cc_close(). This patch corrects the ordering 2) The krb5_cc_resolve() call handles KRB5_FCC_NOFILE for all cache types. Previously, this was only handled for DIR caches.
17:29 Changeset [884b130] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14KRB5: Only set active and valid on success The FILE cache only sets the return values of _active and _bool if the entire function succeeds. The DIR cache was setting it even on failure. This patch makes both consistent. This will benefit static analysis tools which would be able to detect if the variable is ever used uninitialized anywhere.
13:44 DesignDocs/Smartcards edited by nalin
(diff)
10:40 Ticket #2052 (sudo: if USN is not found, store the rule anyway) created by pbrezina
If USN attribute (entryUSN or modifyTimestamp) is not found in SDAP result …

08/21/13:

14:09 Ticket #2051 (Do not fail if initgroups returns NOT_FOUND) created by simo
I was testing with id_provider = proxy and the files nss lib. When trying …

08/20/13:

21:59 DesignDocs/Smartcards edited by nalin
Overhaul (diff)

08/19/13:

20:32 Changeset [15b5d88] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14sdap_add_incomplete_groups: use fully qualified name if needed For subdomains the group names must be expanded to fully qualified names to be able to find existing groups or properly add new ones.
20:32 Changeset [fd04fbbf] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14save_rfc2307bis_user_memberships: use fq names for subdomains For subdomains the group names must be expanded to fully qualified names to be able to find existing groups or properly add new ones.
20:32 Changeset [75dd4b0] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14sysdb_add_incomplete_group: store SID string is available During initgroups request we read the SID of a group from the server but do not save it to the cache. This patch fixes this and might help to avoid an additional lookup of the SID later.
20:26 Changeset [6a06ea8] by Jakub Hrozek <jhrozek@…>
sssd-1-9mmap_cache: Store corrupted mmap cache before reset This patch adds function to store corrupted mmap cache file to disk for further analysis.
20:25 Changeset [5f54cc0] by Jakub Hrozek <jhrozek@…>
sssd-1-10mmap_cache: Store corrupted mmap cache before reset This patch adds function to store corrupted mmap cache file to disk for further analysis.
20:24 Changeset [f909107] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14mmap_cache: Store corrupted mmap cache before reset This patch adds function to store corrupted mmap cache file to disk for further analysis.
19:27 Ticket #2043 (sudo: do not fail when unable to resolve fqdn) closed by jhrozek
fixed: * master: 7d40fefdb9b51e8c0c53b475a2d8d86befd03e17 * sssd-1-10: …
19:24 Changeset [0bf631e] by Jakub Hrozek <jhrozek@…>
sssd-1-10sudo: continue if we are unable to resolve fqdn https://fedorahosted.org/sssd/ticket/2043
19:14 Changeset [7d40fef] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14sudo: continue if we are unable to resolve fqdn https://fedorahosted.org/sssd/ticket/2043
18:57 Changeset [f01f4cc] by Jakub Hrozek <jhrozek@…>
sssd-1-9mmap_cache: Check data->name value in client code data->name value must be checked to prevent segfaults in case of corrupted memory cache. resolves: https://fedorahosted.org/sssd/ticket/2018
18:57 Changeset [87fb9c0] by Jakub Hrozek <jhrozek@…>
sssd-1-9mmap_cache: Remove triple checks in client code. We had pattern in client code with 3 conditions that can be replaced with one.
18:57 Changeset [c58c458] by Jakub Hrozek <jhrozek@…>
sssd-1-9mmap_cache: Off by one error. Removes off by one error when using macro MC_SIZE_TO_SLOTS and adds new macro MC_SLOT_WITHIN_BOUNDS.
18:57 Changeset [c49ddf7] by Jakub Hrozek <jhrozek@…>
sssd-1-9mmap_cache: Use better checks for corrupted mc in responder We introduced new way to check integrity of memcache in the client code. We should use similiar checks in the responder.
18:52 Changeset [63bd998] by Jakub Hrozek <jhrozek@…>
sssd-1-10mmap_cache: Check data->name value in client code data->name value must be checked to prevent segfaults in case of corrupted memory cache. resolves: https://fedorahosted.org/sssd/ticket/2018
18:52 Changeset [71ad08af] by Jakub Hrozek <jhrozek@…>
sssd-1-10mmap_cache: Remove triple checks in client code. We had pattern in client code with 3 conditions that can be replaced with one.
18:52 Changeset [562bb4e] by Jakub Hrozek <jhrozek@…>
sssd-1-10mmap_cache: Off by one error. Removes off by one error when using macro MC_SIZE_TO_SLOTS and adds new macro MC_SLOT_WITHIN_BOUNDS.
18:52 Changeset [4b71cb3] by Jakub Hrozek <jhrozek@…>
sssd-1-10mmap_cache: Use better checks for corrupted mc in responder We introduced new way to check integrity of memcache in the client code. We should use similiar checks in the responder.
18:51 Changeset [8a5931b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14mmap_cache: Check data->name value in client code data->name value must be checked to prevent segfaults in case of corrupted memory cache. resolves: https://fedorahosted.org/sssd/ticket/2018
18:51 Changeset [e61044d] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14mmap_cache: Remove triple checks in client code. We had pattern in client code with 3 conditions that can be replaced with one.
18:51 Changeset [13df7b9] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14mmap_cache: Off by one error. Removes off by one error when using macro MC_SIZE_TO_SLOTS and adds new macro MC_SLOT_WITHIN_BOUNDS.
18:51 Changeset [441e605] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14mmap_cache: Use better checks for corrupted mc in responder We introduced new way to check integrity of memcache in the client code. We should use similiar checks in the responder.
18:31 Ticket #2050 (ssh login reject is abrupt) created by sp4
When a user is rejected due to invalid LDAP group membership, the …
17:00 Ticket #2049 (sssd_nss core dumps under load) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
16:58 Ticket #2048 ([RFE] Provide a regex mapping similar to pam_krb5's mechanism) created by jhrozek
pam_krb5 has the following functionality (from man pam_krb5): mappings = …
13:18 Changeset [626d2ba1] by Jakub Hrozek <jhrozek@…>
sssd-1-10KRB5: Formatting changes
13:18 Changeset [9d0447d2] by Jakub Hrozek <jhrozek@…>
sssd-1-10KRB5: Do not log to syslog on each login
13:17 Changeset [50e694b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14KRB5: Formatting changes
13:17 Changeset [c235f672] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14KRB5: Do not log to syslog on each login
13:14 Ticket #2027 (Domain Users memberships removed in subsequent lookups in server_mode) closed by jhrozek
fixed: * master: * 39f13b3bf5b3cf79f5f16575403f03b539300dc7 * …
13:13 Changeset [0b544f84] by Jakub Hrozek <jhrozek@…>
sssd-1-10sdap_get_initgr_done: use the right SID to get a GID
10:53 Changeset [85089c1] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14sdap_get_initgr_done: use the right SID to get a GID
10:53 Changeset [8cdb9b98] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14sdap_save_user: save original primary GID of subdomain users If ID mapping is enabled we use magic private groups (MPG) for subdomains, i.e. the UID and the primary GID of the user will have the same numerical value. As a consequence the information about the original primary group might get lost because neither in AD domains nor on a typical UNIX system the user is an explicit member of it's primary group. With this patch the mapped GID or the original primary group is saved in the cached user object under a new attribute. Fixes https://fedorahosted.org/sssd/ticket/2027
10:53 Changeset [39f13b3] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14fill_initgr: add original primary GID if available In some cases when MPG domains are used the information about the original primary group of a user cannot be determined by looking at the explicit group memberships. In those cases the GID related to the original primary group is stored in a special attribute of the user object. This patch adds the GID of the original primary group when available and needed. Fixes https://fedorahosted.org/sssd/ticket/2027
10:39 Ticket #1630 (Fix case related issues in IPA provider) closed by jhrozek
fixed: * master: 83b5a69a90dd74aaef01d48846a5504789a28317 * sssd-1-10: …
10:38 Changeset [3875a2f] by Jakub Hrozek <jhrozek@…>
sssd-1-10ipa_s2n_get_user_done: free group_attrs as well
10:38 Changeset [c963ea6] by Jakub Hrozek <jhrozek@…>
sssd-1-10ipa_s2n_get_user_done: make sure ALIAS name is lower case Fixes https://fedorahosted.org/sssd/ticket/1630
10:36 Changeset [a9a619a] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14ipa_s2n_get_user_done: free group_attrs as well
10:36 Changeset [83b5a69] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14ipa_s2n_get_user_done: make sure ALIAS name is lower case Fixes https://fedorahosted.org/sssd/ticket/1630
09:15 Changeset [8192c00] by Jakub Hrozek <jhrozek@…>
sssd-1-10AD: Use the correct include guard
09:15 Changeset [1276262] by Jakub Hrozek <jhrozek@…>
sssd-1-10UTIL: Remove obsolete compat macros All supported tevent releases contain these macros.
09:13 Changeset [93192eb] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14AD: Use the correct include guard
09:13 Changeset [a7185ac5] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14UTIL: Remove obsolete compat macros All supported tevent releases contain these macros.
09:08 Changeset [a8973f7] by Jakub Hrozek <jhrozek@…>
sssd-1-10Remove include recursion Header file proxy.h included itself.
08:21 Changeset [a67d8ee] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Remove include recursion Header file proxy.h included itself.
08:14 Changeset [8cf13d1c] by Jakub Hrozek <jhrozek@…>
sssd-1-10Check whether servername is not empty string. Previous check was wrong, servername cannot be NULL.
08:14 Changeset [5170a8c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Check whether servername is not empty string. Previous check was wrong, servername cannot be NULL.
08:06 Ticket #2046 (sssd proxy_child segfault) closed by jhrozek
fixed: * master: 545f49b72cdf8453fb0b85c9d87e7d4711da57da * sssd-1-10: …
08:05 Changeset [7586fbe] by Jakub Hrozek <jhrozek@…>
sssd-1-10proxy: Alocate auth tokens in struct authtok_conv Struct sss_auth_token became opaque in commit 9acfb09f7969a69f58bd45c856b01700541853ca. All ocasions of "struct sss_auth_token" was replaced with pointer to this struct, but proper initialization of auth_tokens was missing in struct authtok_conv. Resolves: https://fedorahosted.org/sssd/ticket/2046
08:04 Changeset [545f49b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14proxy: Alocate auth tokens in struct authtok_conv Struct sss_auth_token became opaque in commit 9acfb09f7969a69f58bd45c856b01700541853ca. All ocasions of "struct sss_auth_token" was replaced with pointer to this struct, but proper initialization of auth_tokens was missing in struct authtok_conv. Resolves: https://fedorahosted.org/sssd/ticket/2046

08/15/13:

09:57 Ticket #2047 (sssd_be crashes when referrals enabled) created by mkosek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …

08/14/13:

11:04 Ticket #2046 (sssd proxy_child segfault) created by okos
Ticket was cloned from Red Hat Bugzilla (product Fedora): …

08/12/13:

17:02 windows2008ADAuthenticationUsingKeytabs edited by bryanlharris
(diff)
16:59 windows2008ADAuthenticationUsingKeytabs created by bryanlharris
16:57 WikiNewPage edited by bryanlharris
(diff)

08/11/13:

20:45 Changeset [658e275] by Jakub Hrozek <jhrozek@…>
sssd-1-9print hint about password complexity when new password is rejected https://fedorahosted.org/sssd/ticket/1827
20:34 Ticket #2029 (passwd returns "Authentication token manipulation error" when entering ...) closed by jhrozek
fixed: * master: 86c985481c2fdb1d8996a77576b12bff431c18d5 * sssd-1-10: …
20:33 Changeset [f4f0a4c] by Jakub Hrozek <jhrozek@…>
sssd-1-9ldap, krb5: More descriptive msg on chpass failure. Print more descriptive message when wrong current password is given during password change operation. resolves: https://fedorahosted.org/sssd/ticket/2029
20:04 Changeset [651ab87] by Jakub Hrozek <jhrozek@…>
sssd-1-9back end: periodic task API https://fedorahosted.org/sssd/ticket/1891
20:04 Changeset [f47934c] by Jakub Hrozek <jhrozek@…>
sssd-1-9back end: periodical refresh of expired records API https://fedorahosted.org/sssd/ticket/1713
20:04 Changeset [edbafc2] by Jakub Hrozek <jhrozek@…>
sssd-1-9back end: add refresh expired records periodic task https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
20:04 Changeset [261bc18] by Jakub Hrozek <jhrozek@…>
sssd-1-9providers: refresh expired netgroups https://fedorahosted.org/sssd/ticket/1713
18:41 Ticket #2018 (sssd_nss terminated with segmentation fault) closed by jhrozek
fixed: * master: 9028706a00da1bc48547e74aa872c825ac15adb2 * sssd-1-10: …
18:39 Changeset [4fda997] by Jakub Hrozek <jhrozek@…>
sssd-1-9mmap_cache: Check if slot and name_ptr are not invalid. This patch prevents jumping outside of allocated memory in case of corrupted slot or name_ptr values. It is not proper solution, just hotfix until we find out what is the root cause of ticket https://fedorahosted.org/sssd/ticket/2018
18:37 Changeset [d3eadee] by Jakub Hrozek <jhrozek@…>
sssd-1-10ldap, krb5: More descriptive msg on chpass failure. Print more descriptive message when wrong current password is given during password change operation. resolves: https://fedorahosted.org/sssd/ticket/2029
18:37 Changeset [269c115] by Jakub Hrozek <jhrozek@…>
sssd-1-10mmap_cache: Check if slot and name_ptr are not invalid. This patch prevents jumping outside of allocated memory in case of corrupted slot or name_ptr values. It is not proper solution, just hotfix until we find out what is the root cause of ticket https://fedorahosted.org/sssd/ticket/2018
18:36 Changeset [9028706] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14mmap_cache: Check if slot and name_ptr are not invalid. This patch prevents jumping outside of allocated memory in case of corrupted slot or name_ptr values. It is not proper solution, just hotfix until we find out what is the root cause of ticket https://fedorahosted.org/sssd/ticket/2018
18:36 Changeset [86c9854] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14ldap, krb5: More descriptive msg on chpass failure. Print more descriptive message when wrong current password is given during password change operation. resolves: https://fedorahosted.org/sssd/ticket/2029
17:32 Ticket #2045 (Create a test that corrupts the memcache) created by jhrozek
Simo proposed that we crate a unit test that would corrupt the memcache …

08/09/13:

16:13 Changeset [1e50573] by Jakub Hrozek <jhrozek@…>
sssd-1-9Lower timeout to contact DNS server c-ares timeout to wait for response from DNS server before moving to next DNS server is lowered from 5s to 2s. Partially solves https://fedorahosted.org/sssd/ticket/1966
16:13 Changeset [8d4485d] by Jakub Hrozek <jhrozek@…>
sssd-1-9Set default DNS resolution timeout to 6 seconds. Partially solves ticket: https://fedorahosted.org/sssd/ticket/1966 To avoid the problem mentioned in the ticket above, option dns_discovery_domain must be set properly
16:13 Changeset [560e2b4] by Jakub Hrozek <jhrozek@…>
sssd-1-9resolv-tests failing with memory leak Wait for c-ares to finish before checking for memory leaks. https://fedorahosted.org/sssd/ticket/1899
16:06 Changeset [fdc6aa9] by Jakub Hrozek <jhrozek@…>
sssd-1-10AD: Cast SASL callbacks to propper type The initialization of ad_sasl_callbacks raised an incompatible pointer type warning. This was caused because the cyrus-sasl API hasa changed. The callback function list needs to be cast now.
16:06 Changeset [483728c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14AD: Cast SASL callbacks to propper type The initialization of ad_sasl_callbacks raised an incompatible pointer type warning. This was caused because the cyrus-sasl API hasa changed. The callback function list needs to be cast now.
16:05 Changeset [49b3331] by Jakub Hrozek <jhrozek@…>
sssd-1-10Use the correct resolv timeout
16:05 Changeset [29070b5c] by Jakub Hrozek <jhrozek@…>
sssd-1-10Remove unused constant
16:03 Changeset [0664ecd0] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Remove unused constant
16:03 Changeset [9576c4b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Use the correct resolv timeout
15:42 Changeset [7a45875] by Jakub Hrozek <jhrozek@…>
sssd-1-9Add a commit template Explanation: In order to use a common style when creating commits a commit template will be helpful espcially to new developers. The commit template can be activated with the following command: git config commit.template .git-commit-template When this is done any new commit will use the template as the default commit message.
15:37 Changeset [321f485] by Jakub Hrozek <jhrozek@…>
sssd-1-10Add a commit template Explanation: In order to use a common style when creating commits a commit template will be helpful espcially to new developers. The commit template can be activated with the following command: git config commit.template .git-commit-template When this is done any new commit will use the template as the default commit message.

08/08/13:

20:34 Changeset [4a3ad2f] by Jakub Hrozek <jhrozek@…>
sssd-1-9Handle too many results from getnetgr.
20:34 Changeset [60d3b256] by Jakub Hrozek <jhrozek@…>
sssd-1-9Configure SYSV init scripts properly Previously, these contained hard-coded paths. Now they are populated correctly by the configure script. https://fedorahosted.org/sssd/ticket/1986
20:34 Changeset [230e4e48] by Jakub Hrozek <jhrozek@…>
sssd-1-9init script: source /etc/sysconfig/sssd https://fedorahosted.org/sssd/ticket/1959
15:06 Changeset [67771f6] by Jakub Hrozek <jhrozek@…>
sssd-1-9Do not call sss_cmd_done in function check_cache. Function sysdb_getpwnam return more results than 1 and therefore sss_cmd_done was called. Inside of function sss_cmd_done memory was freed, but this freed memory was used in caller functions, therefore sssd crashed. https://fedorahosted.org/sssd/ticket/1980
13:27 Ticket #2044 (Update sssd-ad manpage to reflect "trust between domains in single forest ...) created by kaushikub
While testing, we found that trusts between separate forests are not …
11:39 Ticket #1881 (Determine how to map SID to UID/GID based on IdM server configuration) closed by jhrozek
fixed: The functionality required by this tracker was already implemented in …
11:39 Ticket #1821 (Allow using UIDs and GIDs from AD in trust case) closed by jhrozek
fixed: The functionality required by this tracker was already implemented in …
11:39 Ticket #1408 (It should be possible to use uid/gid defined in AD instead of SIDs) closed by jhrozek
fixed: The functionality required by this tracker was already implemented in …
09:25 Changeset [5d762a9] by Jakub Hrozek <jhrozek@…>
sssd-1-9MAN: Clarify the min_id/max_id limits further https://fedorahosted.org/sssd/ticket/2005 Some users were confused by our description of min_id/max_id and thought the limits only applied to returning entries from the NSS responder. However, the limits are actually enforced on the back end side, so the entries are not even saved to cache.
09:24 Changeset [41a7e6e] by Jakub Hrozek <jhrozek@…>
sssd-1-10MAN: Clarify the min_id/max_id limits further https://fedorahosted.org/sssd/ticket/2005 Some users were confused by our description of min_id/max_id and thought the limits only applied to returning entries from the NSS responder. However, the limits are actually enforced on the back end side, so the entries are not even saved to cache.
09:10 Changeset [845deed] by Jakub Hrozek <jhrozek@…>
sssd-1-9NSS: allow removing entries from netgroup hash table There is a timed desctructor in the nss responder that, when the entry timeout passes, removes the netgroup from the hash table while the netgroup is freed. This patch adds a hash delete callback so that if the netgroup is removed from the hash table with hash_delete, its hash table pointer will be invalidated. Later, when the entry is being freed, the destructor won't attempt to remove it from the hash table.
09:10 Changeset [3678074] by Jakub Hrozek <jhrozek@…>
sssd-1-9NSS: Clear cached netgroups if a request comes in from the sss_cache In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759

08/07/13:

22:52 Changeset [edcf38f] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Enable removing nonexisting dn in sdap_handle_account_info Change was introduced in commit ca344fde
22:48 Ticket #1932 (sssd_be crashing with nested ldap groups contain a dangling member) closed by jhrozek
fixed: * sssd-1-9: f081ea9da2647a1788021bd4de812a371ac0334a
22:47 Changeset [f081ea9d] by Jakub Hrozek <jhrozek@…>
sssd-1-9LDAP: Fix crash when processing nested groups https://fedorahosted.org/sssd/ticket/1932 There is a rather strange workaround in the nested groups processing code that calls tevent_req_post outside _send(). However, it broke in certain situations where the tevent_req_call resulted in req being freed, which freed state by extension and then the subsequent _post call was a use-after-free. This patch saves the two variables used outside state so that it's safe to use them even after the callback.
22:44 Changeset [ddbe6bc5] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14PAM: Check negcache when searching for fully qualified users, too
22:44 Changeset [efa8ca8] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14PAM: Set negcache if user is not found after provider check
22:41 Ticket #1759 (sss_cache -N/-n should invalidate the hash table in sssd_nss) closed by jhrozek
fixed: * master: db440b3ba6b848010cf2a1fe9f76db394ce860da * sssd-1-10: …
22:38 Changeset [ada4d12] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14NSS: allow removing entries from netgroup hash table There is a timed desctructor in the nss responder that, when the entry timeout passes, removes the netgroup from the hash table while the netgroup is freed. This patch adds a hash delete callback so that if the netgroup is removed from the hash table with hash_delete, its hash table pointer will be invalidated. Later, when the entry is being freed, the destructor won't attempt to remove it from the hash table.
22:38 Changeset [db440b3] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14NSS: Clear cached netgroups if a request comes in from the sss_cache In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759
22:32 Changeset [f4e1535] by Jakub Hrozek <jhrozek@…>
sssd-1-10Enable removing nonexisting dn in sdap_handle_account_info Change was introduced in commit ca344fde
22:32 Changeset [81159e4] by Jakub Hrozek <jhrozek@…>
sssd-1-10NSS: allow removing entries from netgroup hash table There is a timed desctructor in the nss responder that, when the entry timeout passes, removes the netgroup from the hash table while the netgroup is freed. This patch adds a hash delete callback so that if the netgroup is removed from the hash table with hash_delete, its hash table pointer will be invalidated. Later, when the entry is being freed, the destructor won't attempt to remove it from the hash table.
22:32 Changeset [755c40f] by Jakub Hrozek <jhrozek@…>
sssd-1-10NSS: Clear cached netgroups if a request comes in from the sss_cache In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759
22:31 Changeset [e754a6e] by Jakub Hrozek <jhrozek@…>
sssd-1-10Fix memory context for hash entries In sdap_nested_group_populate_users() username and orignal_dn are allocated on a temporary memory context. If the corresponding user is not found in the cache both are added to a hash which is later on returned to the caller. To avoid a use-after-free when the hash entries are looked up both must be reassigned to the memory context of the hash.
22:30 Changeset [f7aef1e] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Fix memory context for hash entries In sdap_nested_group_populate_users() username and orignal_dn are allocated on a temporary memory context. If the corresponding user is not found in the cache both are added to a hash which is later on returned to the caller. To avoid a use-after-free when the hash entries are looked up both must be reassigned to the memory context of the hash.
22:13 Ticket #1952 (DIfferent group membership behavior between 1.9 and 1.10.) closed by jhrozek
worksforme: No problem, I'm glad we got the confirmation that everything seems to be …
11:28 Ticket #2026 (allow fqdn in simple access provider lists) closed by jhrozek
fixed: * master: ffb83ee934f6ea1d9077ab601530436eff2d20e4 * sssd-1-10: …
11:19 Changeset [91b43ef] by Jakub Hrozek <jhrozek@…>
sssd-1-10simple access provider: allow fully qualified names https://fedorahosted.org/sssd/ticket/2026
11:19 Changeset [6468c09] by Jakub Hrozek <jhrozek@…>
sssd-1-10add simple access provider init test
11:18 Changeset [ffb83ee] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14simple access provider: allow fully qualified names https://fedorahosted.org/sssd/ticket/2026
11:18 Changeset [d35ff4d] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14add simple access provider init test
09:40 Changeset [6b3a9c2] by Jakub Hrozek <jhrozek@…>
sssd-1-10Add script make_srpm.sh to dist tarball.
09:40 Changeset [39fab6f] by Jakub Hrozek <jhrozek@…>
sssd-1-10Fix memory context for a state member primary_name was allocated on a temporary memory context but as it is a member of the state struct it should belong to the memory context of the state.
09:36 Changeset [9615f4c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Fix memory context for a state member primary_name was allocated on a temporary memory context but as it is a member of the state struct it should belong to the memory context of the state.
09:36 Changeset [48d7840] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Add script make_srpm.sh to dist tarball.

08/06/13:

19:45 Changeset [ae0f3e9] by Jakub Hrozek <jhrozek@…>
sssd-1-10sssd_ad: Add hackish workaround for sasl ad_compat This tries to set the ad_compat option for sasl, by working around the openldap/sasl initialization as openldap does not allow us to pass down to sasl our own getopt callback. Resolves: https://fedorahosted.org/sssd/ticket/2040
19:43 Changeset [fb945a2] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14sssd_ad: Add hackish workaround for sasl ad_compat This tries to set the ad_compat option for sasl, by working around the openldap/sasl initialization as openldap does not allow us to pass down to sasl our own getopt callback. Resolves: https://fedorahosted.org/sssd/ticket/2040
19:40 Changeset [3d9edb4] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Add a commit template Explanation: In order to use a common style when creating commits a commit template will be helpful espcially to new developers. The commit template can be activated with the following command: git config commit.template .git-commit-template When this is done any new commit will use the template as the default commit message.
14:19 Changeset [c487f42] by Jakub Hrozek <jhrozek@…>
sssd-1-9sudo: print better debug message when a rule has multiple cn values
14:19 Changeset [a810814] by Jakub Hrozek <jhrozek@…>
sssd-1-9sudo: skip rule on error instead of failing completely https://fedorahosted.org/sssd/ticket/2031
10:33 Ticket #2043 (sudo: do not fail when unable to resolve fqdn) created by pbrezina
When sssd with sudo fails to obtain fqdn from hostname, we fail to …

08/05/13:

15:21 Ticket #1932 (sssd_be crashing with nested ldap groups contain a dangling member) reopened by jhrozek
14:57 Ticket #2031 (sssd fails instead of skipping when a sudo ldap filter returns entries ...) closed by jhrozek
fixed: * master: 2c7ab882bcc64c9d2bc16091d10a56073c472775 * sssd-1-10: …
14:56 Changeset [5a81e5b] by Jakub Hrozek <jhrozek@…>
sssd-1-10sudo: skip rule on error instead of failing completely https://fedorahosted.org/sssd/ticket/2031
14:56 Changeset [a4ee8d2] by Jakub Hrozek <jhrozek@…>
sssd-1-10sudo: print better debug message when a rule has multiple cn values
14:52 Changeset [2c7ab882] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14sudo: skip rule on error instead of failing completely https://fedorahosted.org/sssd/ticket/2031
14:52 Changeset [006d178c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14sudo: print better debug message when a rule has multiple cn values
14:50 Ticket #1970 (Dereference after a NULL check in sshsrv_cmd.c) closed by jhrozek
fixed: * master: 1d45113cd45f8509d1088f941da932c29dd8ab2a * sssd-1-10: …
14:49 Changeset [e90b6dc] by Jakub Hrozek <jhrozek@…>
sssd-1-10SSH: Ensure that cmd_ctx->name will not be NULL. If cmd_ctx->name was not initialized by sss_parse_name then copy of name will be used. https://fedorahosted.org/sssd/ticket/1970 Coverity ID: 11647
14:48 Changeset [1d45113] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14SSH: Ensure that cmd_ctx->name will not be NULL. If cmd_ctx->name was not initialized by sss_parse_name then copy of name will be used. https://fedorahosted.org/sssd/ticket/1970 Coverity ID: 11647
Note: See TracTimeline for information about the timeline view.