sssd.git/src/responder/nss, branch sysdb sssd with jhrozek's patches sysdb: Unify name format for groups and users 2016-01-13T10:28:45+00:00 Michal Zidek mzidek@redhat.com 2015-02-10T16:30:00+00:00 23674dfef4225b90d45c27b88fe72dc37b22e32d This is WIP patch to unify format of usernames and groupnames in sssd internals. In current form it breaks just about everything. The sysdb update function is just placeholder and it's contents are irelevant. Currently I am working on fqname attribute removal because it seems to just add confusion. If you decide to look into the code, please use sunglasses or other other protective gear and play some calm music in your backgroun to prevent eye or brain injury. 
This is WIP patch to unify format of
usernames and groupnames in sssd internals.

In current form it breaks just about everything.

The sysdb update function is just placeholder
and it's contents are irelevant.

Currently I am working on fqname attribute
removal because it seems to just add confusion.

If you decide to look into the code, please use
sunglasses or other other protective gear and play
some calm music in your backgroun to prevent
eye or brain injury.
NSS: fix a use-after-free issue 2015-11-04T08:37:57+00:00 Sumit Bose sbose@redhat.com 2015-10-30T15:28:37+00:00 343b053bc61792023003d077ae81c05ff1676a89 While handling well-known SIDs a debug statement tries to access memory that is already freed. This can be seen with the following output from valgrind. ==17600== Invalid read of size 4 ==17600== at 0x805ACC6: nss_cmd_getbysid (nsssrv_cmd.c:5458) ==17600== by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509) ==17600== by 0x80662F4: sss_cmd_execute (responder_cmd.c:161) ==17600== by 0x8067015: client_cmd_execute (responder_common.c:249) ==17600== by 0x80671F5: client_recv (responder_common.c:283) ==17600== by 0x806741C: client_fd_handler (responder_common.c:335) ==17600== by 0x45F5112: epoll_event_loop (tevent_epoll.c:728) ==17600== by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926) ==17600== by 0x45F32EE: std_event_loop_once (tevent_standard.c:114) ==17600== by 0x45EF3BF: _tevent_loop_once (tevent.c:530) ==17600== by 0x45EF5AB: tevent_common_loop_wait (tevent.c:634) ==17600== by 0x45F326E: std_event_loop_wait (tevent_standard.c:140) ==17600== by 0x45EF647: _tevent_loop_wait (tevent.c:653) ==17600== Address 0x4b248a0 is 72 bytes inside a block of size 88 free'd ==17600== at 0x402C26D: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==17600== by 0x45FEC9E: _talloc_free_internal (talloc.c:1057) ==17600== by 0x45FEC9E: _talloc_free (talloc.c:1581) ==17600== by 0x8066085: sss_cmd_done (responder_cmd.c:93) ==17600== by 0x805A9B0: nss_check_well_known_sid (nsssrv_cmd.c:5382) ==17600== by 0x805AC86: nss_cmd_getbysid (nsssrv_cmd.c:5455) ==17600== by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509) ==17600== by 0x80662F4: sss_cmd_execute (responder_cmd.c:161) ==17600== by 0x8067015: client_cmd_execute (responder_common.c:249) ==17600== by 0x80671F5: client_recv (responder_common.c:283) ==17600== by 0x806741C: client_fd_handler (responder_common.c:335) ==17600== by 0x45F5112: epoll_event_loop (tevent_epoll.c:728) ==17600== by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926) ==17600== by 0x45F32EE: std_event_loop_once (tevent_standard.c:114) ==17600== The patch contains a change to the unit tests which frees the memory in the wrapper for sss_cmd_done() too. This allows to detect this kind of issue in the unit tests as well. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
While handling well-known SIDs a debug statement tries to access memory that is
already freed. This can be seen with the following output from valgrind.

==17600== Invalid read of size 4
==17600==    at 0x805ACC6: nss_cmd_getbysid (nsssrv_cmd.c:5458)
==17600==    by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509)
==17600==    by 0x80662F4: sss_cmd_execute (responder_cmd.c:161)
==17600==    by 0x8067015: client_cmd_execute (responder_common.c:249)
==17600==    by 0x80671F5: client_recv (responder_common.c:283)
==17600==    by 0x806741C: client_fd_handler (responder_common.c:335)
==17600==    by 0x45F5112: epoll_event_loop (tevent_epoll.c:728)
==17600==    by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926)
==17600==    by 0x45F32EE: std_event_loop_once (tevent_standard.c:114)
==17600==    by 0x45EF3BF: _tevent_loop_once (tevent.c:530)
==17600==    by 0x45EF5AB: tevent_common_loop_wait (tevent.c:634)
==17600==    by 0x45F326E: std_event_loop_wait (tevent_standard.c:140)
==17600==    by 0x45EF647: _tevent_loop_wait (tevent.c:653)
==17600==  Address 0x4b248a0 is 72 bytes inside a block of size 88 free'd
==17600==    at 0x402C26D: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==17600==    by 0x45FEC9E: _talloc_free_internal (talloc.c:1057)
==17600==    by 0x45FEC9E: _talloc_free (talloc.c:1581)
==17600==    by 0x8066085: sss_cmd_done (responder_cmd.c:93)
==17600==    by 0x805A9B0: nss_check_well_known_sid (nsssrv_cmd.c:5382)
==17600==    by 0x805AC86: nss_cmd_getbysid (nsssrv_cmd.c:5455)
==17600==    by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509)
==17600==    by 0x80662F4: sss_cmd_execute (responder_cmd.c:161)
==17600==    by 0x8067015: client_cmd_execute (responder_common.c:249)
==17600==    by 0x80671F5: client_recv (responder_common.c:283)
==17600==    by 0x806741C: client_fd_handler (responder_common.c:335)
==17600==    by 0x45F5112: epoll_event_loop (tevent_epoll.c:728)
==17600==    by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926)
==17600==    by 0x45F32EE: std_event_loop_once (tevent_standard.c:114)
==17600==

The patch contains a change to the unit tests which frees the memory in
the wrapper for sss_cmd_done() too. This allows to detect this kind of
issue in the unit tests as well.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Refactor some conditions 2015-10-23T08:33:06+00:00 Michal Židek mzidek@redhat.com 2015-10-22T10:51:47+00:00 e563de9203be581acc30c7794f568ae40d22bee0 Conditions with get_next_domain were a little confusing for coverity (but also for developers' eyes). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Conditions with get_next_domain were a little
confusing for coverity (but also for developers'
eyes).

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
util: Update get_next_domain's interface 2015-10-23T08:32:23+00:00 Michal Židek mzidek@redhat.com 2015-09-09T12:37:48+00:00 877b92e80bde510d5cd9f03dbf01e2bcf73ab072 Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Update get next domain to be able to
include disbled domains and change the
interface to accept flags instead of
multiple booleans.

Ticket:
https://fedorahosted.org/sssd/ticket/2673

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
nss: send original name and id with local views if possible 2015-10-14T11:07:23+00:00 Pavel Březina pbrezina@redhat.com 2015-10-11T14:45:19+00:00 2f793681b4debbe015815f908dc12c0463711609 Resolves: https://fedorahosted.org/sssd/ticket/2833 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2833

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
nss: fix UPN lookups for sub-domain users 2015-10-08T17:56:45+00:00 Sumit Bose sbose@redhat.com 2015-10-07T13:22:34+00:00 8ded8b2f4a57d1833fd230307218d8b07a571785 Reviewed-by: Sumit Bose <sbose@redhat.com> 
Reviewed-by: Sumit Bose <sbose@redhat.com>
views: allow ghost members for LOCAL view 2015-09-18T11:22:03+00:00 Pavel Březina pbrezina@redhat.com 2015-09-17T12:46:34+00:00 87e0dcaff945f8b8f30030309e16ba26935fcb7b LOCAL view does not allow the case when both ghost member and user override is created so it is safe to allow ghost members for this view. Resolves: https://fedorahosted.org/sssd/ticket/2790 Reviewed-by: Sumit Bose <sbose@redhat.com> 
LOCAL view does not allow the case when both ghost member and
user override is created so it is safe to allow ghost members
for this view.

Resolves:
https://fedorahosted.org/sssd/ticket/2790

Reviewed-by: Sumit Bose <sbose@redhat.com>
NSS: Don't ignore backslash in usernames with ldap provider 2015-09-01T06:41:51+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-08-28T05:07:40+00:00 90b8e2e47ecc0dd555cae401a0c9b082d12ab989 The regression was caused by changing default domain regex for ldap provider in ticket #2717 Resolves: https://fedorahosted.org/sssd/ticket/2772 Reviewed-by: Sumit Bose <sbose@redhat.com> 
The regression was caused by changing default domain regex
for ldap provider in ticket #2717

Resolves:
https://fedorahosted.org/sssd/ticket/2772

Reviewed-by: Sumit Bose <sbose@redhat.com>
UTIL: Function 2string for enum sss_cli_command 2015-08-31T16:30:19+00:00 Petr Cech pcech@redhat.com 2015-07-08T11:17:28+00:00 11e8f3ecdddf8edd8b1bbe9f41b49ce8b709b92a Improvement of debug messages. Instead of:"(0x0400): Running command [17]..." We could see:"(0x0400): Running command [17][SSS_NSS_GETPWNAM]..." (It's not used in sss_client. There are only hex numbers of commands.) Resolves: https://fedorahosted.org/sssd/ticket/2708 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Improvement of debug messages.
Instead of:"(0x0400): Running command [17]..."
We could see:"(0x0400): Running command [17][SSS_NSS_GETPWNAM]..."
(It's not used in sss_client. There are only hex numbers of commands.)

Resolves:
https://fedorahosted.org/sssd/ticket/2708

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
NSS: Fix use after free 2015-08-20T20:48:28+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-08-07T12:29:45+00:00 b9901fe3d6cfe05cd75a2440c0f9c7985aea36c6 It can happed if there are two domains and user is not found in the first one. ==29279== Invalid read of size 1 ==29279== at 0x4C2CBA2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==29279== by 0x89A7AC4: talloc_strdup (in /usr/lib64/libtalloc.so.2.1.2) ==29279== by 0x11668A: nss_cmd_initgroups_search (nsssrv_cmd.c:4191) ==29279== by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208) ==29279== by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759) ==29279== by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802) ==29279== by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96) ==29279== by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341) ==29279== by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911) ==29279== by 0x879A936: std_event_loop_once (tevent_standard.c:114) ==29279== Address 0xbbad240 is 96 bytes inside a block of size 106 free'd ==29279== at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==29279== by 0x89A46E3: _talloc_free (in /usr/lib64/libtalloc.so.2.1.2) ==29279== by 0x116679: nss_cmd_initgroups_search (nsssrv_cmd.c:4190) ==29279== by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208) ==29279== by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759) ==29279== by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802) ==29279== by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96) ==29279== by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341) ==29279== by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911) ==29279== by 0x879A936: std_event_loop_once (tevent_standard.c:114) Resolves: https://fedorahosted.org/sssd/ticket/2749 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
It can happed if there are two domains and user is not found
in the first one.

==29279== Invalid read of size 1
==29279==    at 0x4C2CBA2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29279==    by 0x89A7AC4: talloc_strdup (in /usr/lib64/libtalloc.so.2.1.2)
==29279==    by 0x11668A: nss_cmd_initgroups_search (nsssrv_cmd.c:4191)
==29279==    by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208)
==29279==    by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759)
==29279==    by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802)
==29279==    by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4)
==29279==    by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4)
==29279==    by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96)
==29279==    by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341)
==29279==    by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911)
==29279==    by 0x879A936: std_event_loop_once (tevent_standard.c:114)
==29279==  Address 0xbbad240 is 96 bytes inside a block of size 106 free'd
==29279==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29279==    by 0x89A46E3: _talloc_free (in /usr/lib64/libtalloc.so.2.1.2)
==29279==    by 0x116679: nss_cmd_initgroups_search (nsssrv_cmd.c:4190)
==29279==    by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208)
==29279==    by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759)
==29279==    by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802)
==29279==    by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4)
==29279==    by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4)
==29279==    by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96)
==29279==    by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341)
==29279==    by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911)
==29279==    by 0x879A936: std_event_loop_once (tevent_standard.c:114)

Resolves:
https://fedorahosted.org/sssd/ticket/2749

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>