summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* DP: Reduce code duplicationdpstrJakub Hrozek2015-11-111-340/+193
| | | | | | The handling of sbus requests in Data Provider was extremely duplicated, resulting in copy-paste errors. This patch adds several helpers that reduce code duplication.
* sbus: Check string arguments for valid UTF-8 stringsJakub Hrozek2015-11-113-1/+102
| | | | | | libdbus abort()s when a string argument is not valid UTF-8. Since the arguments sometimes come from untrusted sources, it's better to check the string validity explicitly.
* DP: Check callback messages for valid UTF-8Jakub Hrozek2015-11-111-16/+29
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2861 Messages passed from Data Provider to responder must be valid UTF-8 strings. Because providers might not be completely under our control, we need to check if the messages we receive are valid UTF-8 and if they are not, use a fallback.
* DP: Drop dp_pam_err_to_stringJakub Hrozek2015-11-111-52/+23
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2861 All back end requests were using pam_strerror() to print additional info about why request failed. Since pam_strerror() returns localized message and we don't know the locale beforehand, this message failed to be transferred through D-Bus, resulting in a crash.
* TESTS: Add warning for unused result of leak check functionsLukas Slebodnik2015-11-112-3/+30
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* TESTS: Make check_leaks static functionLukas Slebodnik2015-11-112-9/+4
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* TESTS: Check return value of check_leaks_popLukas Slebodnik2015-11-115-10/+16
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* TESTS: Initialize leak checkLukas Slebodnik2015-11-112-0/+6
| | | | | | | If leak_check_setup is not called then global_talloc_context was not initialized and check_leaks_pop(global_talloc_context) will fail. Reviewed-by: Petr Cech <pcech@redhat.com>
* UTIL: Fix memory leak in switch_credsLukas Slebodnik2015-11-111-0/+1
| | | | | | | | If we are already requested used then we needn't to call setreeuid(), setresgid(). But we forgot to relase local struct sss_creds *ssc, which is used for returnig saved credentials. Reviewed-by: Petr Cech <pcech@redhat.com>
* IFP: Skip non-POSIX groups properlyJakub Hrozek2015-11-111-2/+4
| | | | | | | | | | | When ifp_users_user_get_groups is called, for example via GetAll and the list of groups contains a non-POSIX group, we skip an array member, resulting in random memory being passed to the caller. Resolves: https://fedorahosted.org/sssd/ticket/2863 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* DP_PTASK: Fix warning may be used uninitializedLukas Slebodnik2015-11-111-1/+1
| | | | | | | | | | It could be unitialized only in case if we add new enum be_ptask_schedule Currently, we have only BE_PTASK_SCHEDULE_FROM_NOW and BE_PTASK_SCHEDULE_FROM_LAST which are properly covered in switch case. src/providers/dp_ptask.c:200: warning: ‘tv’ may be used uninitialized in this function Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: Remove unused memory context from ad_user_conn_listLukas Slebodnik2015-11-114-9/+5
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* INIT: Drop syslog.target from service fileLukas Slebodnik2015-11-101-2/+0
| | | | | | | | | | | The syslog.target is not part of systemd anymore. The non-socket-activated syslog daemons are not supported in systemd >= 35 and in the same version it was recomemded to not use this target in service files. http://www.freedesktop.org/wiki/Software/systemd/syslog/ Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BE: Add IFP to known clientsPavel Březina2015-11-101-0/+3
| | | | | | | This gets rid of confusing debug message: [be_client_destructor] (0x0020): Unknown client removed ... Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* TESTS: Fix warnings -WshadowLukas Slebodnik2015-11-103-14/+14
| | | | | | | | | | | | | | | | | | | | | | src/tests/cmocka/test_sss_sifp.c: In function 'test_sss_sifp_strdup_valid': src/tests/cmocka/test_sss_sifp.c:153: warning: declaration of 'dup' shadows a global declaration /usr/include/unistd.h:528: warning: shadowed declaration is here src/tests/cmocka/test_sss_sifp.c: In function 'test_sss_sifp_strdup_null': src/tests/cmocka/test_sss_sifp.c:163: warning: declaration of 'dup' shadows a global declaration /usr/include/unistd.h:528: warning: shadowed declaration is here src/tests/cmocka/test_sdap.c: In function '__wrap_ldap_next_attribute': src/tests/cmocka/test_sdap.c:203: warning: declaration of 'index' shadows a global declaration /usr/include/string.h:489: warning: shadowed declaration is here src/tests/cmocka/test_responder_cache_req.c: In function 'prepare_user': src/tests/cmocka/test_responder_cache_req.c:163: warning: declaration of 'time' shadows a global declaration /usr/include/time.h:186: warning: shadowed declaration is here src/tests/cmocka/test_responder_cache_req.c: In function 'prepare_group': src/tests/cmocka/test_responder_cache_req.c:244: warning: declaration of 'time' shadows a global declaration /usr/include/time.h:186: warning: shadowed declaration is here Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SBUS: Fix warnings -WshadowLukas Slebodnik2015-11-103-47/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | src/sbus/sssd_dbus_invokers.c -fPIC -DPIC -o src/sbus/.libs/libsss_util_la-sssd_dbus_invokers.o src/sbus/sssd_dbus_introspect.c: In function 'sbus_introspect_generate_signals': src/sbus/sssd_dbus_introspect.c:206: warning: declaration of 'signal' shadows a global declaration /usr/include/signal.h:101: warning: shadowed declaration is here src/sbus/sssd_dbus_introspect.c: In function 'sbus_introspect_generate_properties': src/sbus/sssd_dbus_introspect.c:243: warning: declaration of 'access' shadows a global declaration /usr/include/unistd.h:288: warning: shadowed declaration is here src/sbus/sssd_dbus_signals.c:29: warning: declaration of 'signal' shadows a global declaration /usr/include/signal.h:101: warning: shadowed declaration is here src/sbus/sssd_dbus_signals.c: In function 'sbus_new_incoming_signal': src/sbus/sssd_dbus_signals.c:39: warning: declaration of 'signal' shadows a global declaration /usr/include/signal.h:101: warning: shadowed declaration is here src/sbus/sssd_dbus_signals.c: In function 'sbus_incoming_signal_hash_add': src/sbus/sssd_dbus_signals.c:73: warning: declaration of 'signal' shadows a global declaration /usr/include/signal.h:101: warning: shadowed declaration is here src/sbus/sssd_dbus_signals.c: In function 'sbus_incoming_signal_hash_lookup': src/sbus/sssd_dbus_signals.c:134: warning: declaration of 'signal' shadows a global declaration /usr/include/signal.h:101: warning: shadowed declaration is here src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_listen': src/sbus/sssd_dbus_signals.c:168: warning: declaration of 'signal' shadows a global declaration /usr/include/signal.h:101: warning: shadowed declaration is here src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_handler': src/sbus/sssd_dbus_signals.c:227: warning: declaration of 'signal' shadows a global declaration /usr/include/signal.h:101: warning: shadowed declaration is here src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_handler_got_caller_id': src/sbus/sssd_dbus_signals.c:264: warning: declaration of 'signal' shadows a global declaration /usr/include/signal.h:101: warning: shadowed declaration is here src/sbus/sssd_dbus_common_signals.c: In function 'sbus_signal_name_owner_changed': src/sbus/sssd_dbus_common_signals.c:30: warning: declaration of 'signal' shadows a global declaration /usr/include/signal.h:101: warning: shadowed declaration is here src/sbus/sssd_dbus_common_signals.c: In function ‘sbus_signal_name_owner_changed’: src/sbus/sssd_dbus_common_signals.c:30: warning: declaration of ‘signal’ shadows a global declaration /usr/include/signal.h:101: warning: shadowed declaration is here Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* cache_req: Fix warning -WshadowLukas Slebodnik2015-11-101-4/+4
| | | | | | | | src/responder/common/responder_cache_req.c: In function 'cache_req_input_set_name': src/responder/common/responder_cache_req.c:199: warning: declaration of 'dup' shadows a global declaration /usr/include/unistd.h:528: warning: shadowed declaration is here Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* FAIL_OVER: Fix warning value computed is not usedLukas Slebodnik2015-11-101-1/+1
| | | | | | | src/providers/fail_over.c: In function ‘fo_ref_server’: src/providers/fail_over.c:861: warning: value computed is not used Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* tools: Don't shadow 'exit'Jakub Hrozek2015-11-101-18/+18
| | | | | | | | | | | | Fixes: /sssd/src/tools/sss_override.c: In function ‘override_user_import’: /sssd/src/tools/sss_override.c:1471: warning: declaration of ‘exit’ shadows a global declaration /usr/include/stdlib.h:544: warning: shadowed declaration is here /sssd/src/tools/sss_override.c: In function ‘override_group_import’: /sssd/src/tools/sss_override.c:1737: warning: declaration of ‘exit’ shadows a global declaration /usr/include/stdlib.h:544: warning: shadowed declaration is here Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Enforce coverage make check failuresNikolai Kondrashov2015-11-091-1/+4
| | | | | | | | | | Fail CI coverage build, if make-check stage fails. Previously make-check stage failures were ignored for coverage build for the sake of collecting coverage data in any case. However, catching extra test failures seems more important than getting coverage data in all cases, thus the change. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Workaroung for code coverage with old gccLukas Slebodnik2015-11-091-1/+11
| | | | | | | | | It's fixed in upstream gcc >= 4.6.0 Resolves: https://fedorahosted.org/sssd/ticket/2819 Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* TOOLS: DFL_UMASK --> SSS_DFL_UMASKPetr Cech2015-11-051-2/+1
| | | | | | | | | We could use SSS_DFL_UMASK instead of DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: More restrictive umask on sss_unique_file()Petr Cech2015-11-051-1/+1
| | | | | | | | | There is no need to have executable unique_file. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* KRB5_CHILD: More restrictive umaskPetr Cech2015-11-051-1/+1
| | | | | | | | | | | We could use more restrictive umask in krb5_child. I found out that there is directory creation, but it is done by create_ccache_dir() which has its own umask setup. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Remove sudo doxygen fileLukas Slebodnik2015-11-053-1888/+0
| | | | | | There aren't any documented files in directory src/sss_client/sudo/ Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Fix leak of file descriptorsLukas Slebodnik2015-11-051-8/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The state "struct sss_ldap_init_state" contains socket created in function sss_ldap_init_send. We register callback sdap_async_sys_connect_timeout for handling issue with connection The tevent request "sss_ldap_init_send" is usually (nested) subrequest of "struct resolve_service_state" related request created in fucntion fo_resolve_service_send. Function fo_resolve_service_send also register timeout callback fo_resolve_service_timeout to state "struct resolve_service_state". It might happen that fo_resolve_service_timeout will be called before sss_ldap_init_send timeout and we could not handle tiemout error for state "struct sss_ldap_init_state" and therefore created socket was not closed. We tried to release resources in function sdap_handle_release. But the structure "struct sdap_handle" had not been initialized yet with LDAP handle and therefore associated file descriptor could not be closed. [fo_resolve_service_timeout] (0x0080): Service resolving timeout reached [fo_resolve_service_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[110] [sdap_handle_release] (0x2000): Trace: sh[0x7f6713410270], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory [be_resolve_server_done] (0x1000): Server resolution failed: 14 [be_resolve_server_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[14] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] Resolves: https://fedorahosted.org/sssd/ticket/2792 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* pam-srv-tests: Change service nameSumit Bose2015-11-051-1/+1
| | | | | | | | | | | | It would be better to not use 'ssh' or 'sshd' here at all but something like 'pam_test_service' to indicate that it is a generic name. Because a default value should not lead to a code path which handles a special case. The general PAM responder test should not run through the 'sshd' case in pam_reply() only if the service is set explicitly to 'sshd' this features should be tests. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* BUILD: Fix doc directory for sss_simpleifpLukas Slebodnik2015-11-041-1/+1
| | | | | | | | make all docs && make install DESTDIR=`pwd`/_instdir will not install doxygen generated files for sss_simpleifp because directory was wrong Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* NSS: fix a use-after-free issueSumit Bose2015-11-042-7/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While handling well-known SIDs a debug statement tries to access memory that is already freed. This can be seen with the following output from valgrind. ==17600== Invalid read of size 4 ==17600== at 0x805ACC6: nss_cmd_getbysid (nsssrv_cmd.c:5458) ==17600== by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509) ==17600== by 0x80662F4: sss_cmd_execute (responder_cmd.c:161) ==17600== by 0x8067015: client_cmd_execute (responder_common.c:249) ==17600== by 0x80671F5: client_recv (responder_common.c:283) ==17600== by 0x806741C: client_fd_handler (responder_common.c:335) ==17600== by 0x45F5112: epoll_event_loop (tevent_epoll.c:728) ==17600== by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926) ==17600== by 0x45F32EE: std_event_loop_once (tevent_standard.c:114) ==17600== by 0x45EF3BF: _tevent_loop_once (tevent.c:530) ==17600== by 0x45EF5AB: tevent_common_loop_wait (tevent.c:634) ==17600== by 0x45F326E: std_event_loop_wait (tevent_standard.c:140) ==17600== by 0x45EF647: _tevent_loop_wait (tevent.c:653) ==17600== Address 0x4b248a0 is 72 bytes inside a block of size 88 free'd ==17600== at 0x402C26D: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==17600== by 0x45FEC9E: _talloc_free_internal (talloc.c:1057) ==17600== by 0x45FEC9E: _talloc_free (talloc.c:1581) ==17600== by 0x8066085: sss_cmd_done (responder_cmd.c:93) ==17600== by 0x805A9B0: nss_check_well_known_sid (nsssrv_cmd.c:5382) ==17600== by 0x805AC86: nss_cmd_getbysid (nsssrv_cmd.c:5455) ==17600== by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509) ==17600== by 0x80662F4: sss_cmd_execute (responder_cmd.c:161) ==17600== by 0x8067015: client_cmd_execute (responder_common.c:249) ==17600== by 0x80671F5: client_recv (responder_common.c:283) ==17600== by 0x806741C: client_fd_handler (responder_common.c:335) ==17600== by 0x45F5112: epoll_event_loop (tevent_epoll.c:728) ==17600== by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926) ==17600== by 0x45F32EE: std_event_loop_once (tevent_standard.c:114) ==17600== The patch contains a change to the unit tests which frees the memory in the wrapper for sss_cmd_done() too. This allows to detect this kind of issue in the unit tests as well. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* tests: Regression test with wrong LC_ALLMichal Židek2015-11-042-0/+113
| | | | | | | | | | | | | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2785 Test local domain tool with wrong LC_ALL environment variable value. NOTE: The memory cache files are not deleted properly in the test teardown to work around the problem described in ticket https://fedorahosted.org/sssd/ticket/2726 Once the ticket above is solved, the teardown will be updated to remove the memory cache files. Reviewed-by: Michal Židek <mzidek@redhat.com>
* tests: Run intgcheck without libsemanageMichal Židek2015-11-041-0/+1
| | | | | | | | | For now the libsemanage can not be used inside intgcheck tests. See the tracking ticket for this issue: https://fedorahosted.org/sssd/ticket/2859 Reviewed-by: Michal Židek <mzidek@redhat.com>
* server_setup: Log failed attempt to set localeMichal Židek2015-11-041-1/+7
| | | | | | | | Failed setlocale call could cause unexpected behaviour. It is better to generate DEBUG message if this happens. Reviewed-by: Michal Židek <mzidek@redhat.com>
* util: Continue if setlocale failsMichal Židek2015-11-042-2/+6
| | | | | | | | | | | | | setlocale needs some environment variables to be set in order to work. These variables are not present in some special cases. We should not fail completely in these cases but continue with the compatible C locale. Resolves: https://fedorahosted.org/sssd/ticket/2785 Reviewed-by: Michal Židek <mzidek@redhat.com>
* DP: successful authentication sets explicitly PAM_SUCCESSSSumit Bose2015-11-031-0/+4
| | | | | | | | Set PAM_SYSTEM_ERR as default pam_status to ensure that we always must set PAM_SUCCESSS explicitly for a successful authentication and will really return an error in all other cases. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sudo: remove unused param name in sdap_sudo_get_usn()Pavel Reichl2015-11-021-2/+1
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* SDAP: Remove unused sdap_id_ctx from sdap_id_conn_cache_createLukas Slebodnik2015-11-023-3/+1
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_tools: do not allow unexpected free argumentPavel Březina2015-10-301-2/+11
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: use more generic help textPavel Březina2015-10-301-2/+1
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: do not free ldb_dn in get_object_dn()Pavel Březina2015-10-301-9/+29
| | | | | | | When only str_dn is requested, ldb_dn is freed. This triggers access after free since str_dn is part of ldb_dn talloc context. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: add group-showPavel Březina2015-10-302-6/+102
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2736 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: add user-showPavel Březina2015-10-302-8/+116
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2736 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: add group-findPavel Březina2015-10-302-49/+114
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2736 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: add user-findPavel Březina2015-10-302-53/+154
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2736 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: fix exporting multiple domainsPavel Březina2015-10-301-2/+2
| | | | | | | There was a mistake in the code which resulted in exporting one domain several times if multiple domain were configured. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_tools: always show common and help optionsPavel Březina2015-10-301-1/+14
| | | | | | | popt don't handle merging NULL option table, thus common and help options were not displayed when command doesn't have any options. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: Removed overrides might be in memcachePavel Reichl2015-10-301-2/+8
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sss_override: Add restart requirements to man pageDan Lavu2015-10-301-2/+9
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* BUILD: Fix cleanup without NLSLukas Slebodnik2015-10-301-9/+2
| | | | | | | Manual pages were not cleaned by default. They were cleaned in make distcheck because USE_NLS was yes. Reviewed-by: Michal Židek <mzidek@redhat.com>
* Monitor: Show service pings at debug level 8Stephen Gallagher2015-10-291-2/+3
| | | | | | | | | SSSDBG_CONF_SETTINGS is reserved for configuration information. These pings are generally just noise (when they fail, this is logged at SSDBG_FATAL_FAILURE). We should only log these at SSSDBG_TRACE_INTERNAL. Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Petr Cech <pcech@redhat.com>
* DEBUG: Preventing chown_debug_file if journald onPetr Cech2015-10-271-16/+19
| | | | | | | | | | | | There is function chown_debug_file() which didn't check if the SSSD is compiled with journald support. This patch add simple checking of this state. Resolves: https://fedorahosted.org/sssd/ticket/2493 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-10 22:42:18 +0000