| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit b5f61c9b3f5ea79bf319c18ff59394070c04d607)
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2349
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 26510727739c3e8d14f804568e496b7d7b073964)
|
| |
|
|
|
|
|
| |
Commit 2d9df96c8a801ababcb136f665f3f1ebd0ac05c1 was pushed to sssd-1-11
after I pushed the translation updates already. This patch synchronizes
the translations with the tip of the sssd-1-11 branch before the
release.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Reported by: scan-build
krb5_free_principal(cc->context, ccprinc);
^~
warning: Access to field 'context' results in a dereference of a null pointer
(loaded from variable 'cc')
Variable 'cc' needn't be initialised if function sss_open_ccache_as_user
fails.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
(cherry picked from commit 7fa8c51e7ece2f4fed046d9f2a43d20c13db645c)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2291
The dbus tests that mock an sbus server were failing when make distcheck
was ran by a user logged in through the SSSD.
The reason was that the libtool wrapper around the test library alters
the LD_LIBRARY_PATH and as a consequence, the standard getpwuid_r() calls
the dbus server performs would load the in-tree NSS library and not the
system one. The-in tree library would then attempt to talk to an in-tree
NSS socket, fail, which would fail the getpwuid_r call with an error such as:
"""
Could not get password database information for UID of current process:
User "???" unknown or no memory to allocate password entry
"""
This patch adds a new configure-time option called --enable-dbus-tests
that is enabled by default and disabled during distcheck. When the
option is disabled, the tests that require a mocked dbus server are not
compiled at all.
(cherry picked from commit 4bd20c075f0f187db0181dc53d00ab6cd47fdb4d)
Conflicts:
Makefile.am
src/conf_macros.m4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use AM_DISTCHECK_CONFIGURE_FLAGS in Makefile.am instead of
DISTCHECK_CONFIGURE_FLAGS to allow using the latter at build time,
upon making distcheck target.
In particular, the above would allow specifying --with-test-dir option
to help archive test data in CI runs, like this:
make distcheck DISTCHECK_CONFIGURE_FLAGS=--with-test-dir=/dev/shm/ci-test-dir
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 8d15291907aaa4d50bb66fdb7a5002fce7ac7bf4)
Conflicts:
Makefile.am
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 8d5d91878875fec2930b37ff79ef6bb6782faa65)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
man gethostanme says:
NOTES
SUSv2 guarantees that "Host names are limited to 255 bytes".
POSIX.1-2001 guarantees that "Host names (not including the terminating
null byte) are limited to HOST_NAME_MAX bytes". On Linux,
HOST_NAME_MAX is defined with the value 64, which has been the limit
since Linux 1.0 (earlier kernels imposed a limit of 8 bytes).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit bf6f1b3d49e17b1adf0448c0b06e94b1e52ddffd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Older versions of glibc requires extra feature macros
for function open_memstream.
fmemopen(), open_memstream(), open_wmemstream():
Since glibc 2.10:
_XOPEN_SOURCE >= 700 || _POSIX_C_SOURCE >= 200809L
Before glibc 2.10:
_GNU_SOURCE
src/sbus/sssd_dbus_introspect.c: In function 'introspect_begin':
src/sbus/sssd_dbus_introspect.c:82: error: implicit declaration of function 'open_memstream'
src/sbus/sssd_dbus_introspect.c:82: warning: assignment makes pointer from integer without a cast
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 18647db9e275e7aa3e002551237abae756a2afb9)
Conflicts:
src/sbus/sssd_dbus.h
|
| |
|
|
|
|
|
|
|
| |
Functions pam_vsyslog and pam_modutil_getlogin are not available in openpam.
This patch conditionally define macros for these function if they are not
available. Compatible macros use standard functions vsyslog, getlogin
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 683e1f67d08be7165ea456d4594c4c8a4eddc9b3)
|
| |
|
|
|
|
|
|
| |
The header file security/_pam_macros.h is not available in openapam.
This patch copies necessary macros from linux-pam 1.1.8.
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 78eae10aa035bc0e0996189b9d11c8db4904a98d)
|
| |
|
|
|
|
|
| |
linuxpam and openpam use different functions for text based conversation.
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 9e17b0516d2b640d34cbb50933bd065e65bfab9d)
|
| |
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit d2d21d45a88d0869f860e215c2cf946f032818ca)
|
| |
|
|
|
|
|
|
|
|
|
| |
libsss_simple does not call any pam function.
sh-4.2$ nm --dynamic --undefined-only .libs/libsss_simple.so | grep pam
sh-4.2$ echo $?
1
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 5385172799f6dea59fe1c0ef8f482db59bfc9c5c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need this file for declaration of pam functions
pam_get_item, pam_putenv, pam_set_data, pam_strerror, pam_set_item
There is already test in configure script for this header file,
but it was not included in pam_sss.c
sh-4.2$ git grep pam_appl.h
src/external/pam.m4:AC_CHECK_HEADERS([security/pam_appl.h ...
src/providers/data_provider_be.c:#include <security/pam_appl.h>
src/providers/proxy/proxy.h:#include <security/pam_appl.h>
src/providers/proxy/proxy_child.c:#include <security/pam_appl.h>
src/responder/pam/pamsrv.h:#include <security/pam_appl.h>
src/sss_client/pam_test_client.c:#include <security/pam_appl.h>
src/util/auth_utils.h:#include <security/pam_appl.h>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 81d6673764c4e2f635482be1efd52eba3ab5a27f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The macros SOL_TCP and IPPROTO_TCP have the same value on linux,
but the first one is not portable.
man in.h says:
The <netinet/in.h> header shall define the following macros for use as
values of the level argument of getsockopt() and setsockopt():
IPPROTO_IP Internet protocol.
IPPROTO_IPV6 Internet Protocol Version 6.
IPPROTO_ICMP Control message protocol.
IPPROTO_RAW Raw IP Packets Protocol.
IPPROTO_TCP Transmission control protocol.
IPPROTO_UDP User datagram protocol.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit cf901f549abe18f32562cbe1ef7a1ef258edab1a)
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2232
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit ffa42f689dded74b0c0b0451bff3516bc4003179)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We defined macro _XOPEN_SOURCE before time.h, because we need function strptime
The problem is with undef after including header time.h
The macro _XOPEN_SOURCE can be defined on some platforms
and undef can cause problems.
We detect all necessary feature macros in configure script
using AC_USE_SYSTEM_EXTENSIONS or AC_GNU_SOURCE.
It is better to include header file config.h
instead of defining macro _XOPEN_SOURCE
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 80c092f94a7ac24ea00e560201e37ae27cfbf665)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The older version of glibc and different implementations of libs
requires feature macros for enabling function getline.
getline(), getdelim():
Since glibc 2.10:
_POSIX_C_SOURCE >= 200809L || _XOPEN_SOURCE >= 700
Before glibc 2.10:
_GNU_SOURCE
All feature macros are in header file config.h and are detected by configure
script. The header file config.h was included after few other header files.
The problem is that header files stdio.h is included just once and
is included from many external header files. We need to include config.h
before any other header file to prevent problems.
src/util/nscd.c: In function ‘sss_nscd_parse_conf’:
src/util/nscd.c:150: error: implicit declaration of function ‘getline’
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit b3007e32fa5d6b722f3aaaf9fe7593103cb443c3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The functions strdup and strncmp are used in pam_test_client,
but header file string.h was not included directly in this file.
The header file string.h was indirectly included by the header file
security/pam_client.h.
src/sss_client/pam_test_client.c: In function 'main':
src/sss_client/pam_test_client.c:45:
error: implicit declaration of function 'strdup'
src/sss_client/pam_test_client.c:45:
warning: incompatible implicit declaration of built-in function 'strdup'
src/sss_client/pam_test_client.c:49:
warning: incompatible implicit declaration of built-in function 'strdup'
src/sss_client/pam_test_client.c:52:
warning: incompatible implicit declaration of built-in function 'strdup'
src/sss_client/pam_test_client.c:64:
error: implicit declaration of function 'strncmp'
gmake[2]: *** [src/sss_client/pam_test_client.o] Error 1
sh-4.2$ nm --undefined-only ./pam_test_client | grep -E "strdup|strncmp"
U __strdup@@GLIBC_2.2.5
U strncmp@@GLIBC_2.2.5
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 654f1abaec4e26453cb88ef02a8a71ba9aea0026)
|
| |
|
|
|
|
|
|
| |
This part was introduced in commit dba7903ba7fc04bc331004b0453938c116be3663
"PAM: close socket fd with pam_set_data"
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit a4b2352c97053c79fd0d78d0dd647beed69b17e5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
glibc contains two versions of finction stpncpy
sh-4.2$ nm --dynamic --defined-only /lib64/libc.so.6 | grep stpncpy
0000003ce1c89b00 i stpncpy
0000003ce1c89b00 i __stpncpy
0000003ce1d040a0 T __stpncpy_chk
We should use more portable version of stpncpy without prefix with underscores.
The function __stpncpy was used in initial veersion
e65c65fc710fa030bfb8319efc43fcdc9ce5a26f, which was based on
http://people.redhat.com/drepper/SHA-crypt.txt
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 83e1ea9e24aabe6ade180649ecfc9c253ad19395)
|
| |
|
|
|
|
|
| |
The same test is in file src/external/pam.m4
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 421e98b0df539b9b0afed837b1972fa01a416087)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We should call freeaddrinfo only in situation if getaddrinfo succeeds.
It is not specified in RFC2553 the behaviour of calling freeaddrinfo
with the NULL argument. It is more portable to do not rely on undocumented
behaviour of glibc.
http://www.ietf.org/rfc/rfc2553.txt [Page 28]
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 7aaf9138ccf7ab73883f28cfafd6e508d29ffa67)
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 4084ccd3442917c7aa88ba4d76ba1e71e67d3846)
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 93a7dc1ed50a1f7a82d6e3985f16be774c84ada0)
|
| |
|
|
|
|
|
|
|
|
| |
src/sbus/sssd_dbus_meta.c: In function 'sbus_meta_find_signal':
src/sbus/sssd_dbus_meta.c:43: warning: declaration of 'signal' shadows a global
declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit e998f7e52cea5344f12a444761cb2d9cc6b00007)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a new method on the bus with the following synopsis:
<method name="GetUserGroups">
<arg name="user" type="s" direction="in" />
<arg name="values" type="as" direction="out"/>
</method>
Its purpose is to return names of groups the user is a member of as a
list of strings.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 3fe339bcba0e211cc666bb3afe34e5c8fce85f4f)
|
| |
|
|
|
|
|
|
|
| |
For the GetGroupsList function it would be handy to get the user names as
well with a single sysdb_initgroups() call. This patch adds SYSDB_NAME to
the default attribute list.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit cf2cc44d6293165379d6470b8bf6bb6a87d62b31)
|
| |
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 4e3ff98739191aef3e305785076fd82104a552e4)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Introduces a new option called user_attributes that allows to specify
which user attributes are allowed to be queried from the IFP responder.
By default only the default POSIX set is allowed, this option allows to
either add other attributes (+attrname) or remove them from the default
set (-attrname).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 770dc892f867639f36f84455d65be6287935a529)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a DBus method that allows the caller to retrieve attributes of a
user. The synopsis of the call is as follows:
<method name="GetUserAttr">
<arg type="s" name="user" direction="in"/>
<arg type="as" name="attr" direction="in"/>
<arg type="a{sv}" name="values" direction="out"/>
</method>
The return value is an array (one attribute per array member) of
dictionaries. The key of the dictionary is the attribute name, the value
is a variant containing the attribute values as strings.
If an attribute does not exist or is not permitted to be read, no error
is returned. If the users does not exist, the method returns an error.
In future patches this function will be marked as obsolete in favor of
object-oriented approach.
ifp_user_get_attr_unpack_msg is a separate function to allow extending
it in a later patch.
The function to check the cache validity duplicates quite a bit of code
with the NSS responder. The refactoring would be nice to get done along
with #843.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit 2fbe9b9373dcdc28558da07690e57ff7a162a11d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to avoid hitting the back end with repetitive requests, the
InfoPipe responder needs a negative cache, too. This patch follows the
convention set by other responders, where the negative cache timeouts are
read from the [nss] section. This is not ideal, however, and ticket #2318
tracks moving the configuration to the [ifp] section primarily.
The timeout is also a separate parameter in the NSS context. We should
consider moving it to the negcache context instead (#2317).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit 6cbb9f0d7c6be2cd3553dcb548984bb98926d5cb)
|
| |
|
|
|
|
|
|
|
| |
Similar to the PAC responder, the InfoPipe uses a list of UIDs that are
allowed to communicate with the IFP responder.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit 3660f49f81e4db07be66fe0887af9d62065f1f2c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a number of utility functions, most importanly ifp_req_create().
The ifp_req is a structure that will be passed along with the ifp
request and would provide easy access to both the sbus_request data and
per-responder data, like the ifp_ctx.
Also includes a utility function to split a path prefix from a full path
and add a ldb_element into a dictionary. These will be reused later.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit f92ace4a52602e8c38a34f2392bec3deeac2dddd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sbus_message_handler() is refactored so that it only verifies the
message matches any of the interfaces SSSD listens on in order to be
able to return either of HANDLED or NOT_YET_HANDLED.
If the interface is one of those the SSSD should handle, the caller ID
is first resolved using sbus_get_sender_id_send and only then passed on
to the appropriate special handler.
If the sernder ID can't be retrieved, the message is dropped with an
error.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit dbf4bb232fdc38e741973822c64300f28f17af3a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds an async request sbus_get_sender_id_{send,recv} that allows
retrieval of UID based on "sender" as returned by
dbus_message_get_sender().
The UID is an int64_t to be able to use "-1" to as a fallback value for
uknown or error cases.
The unit test is added as a standalone one, not part of the sbus_tests
because the request, and by extension the unit test relies on being
connected to the system bus, which is very unlikely to work in a build
system.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit 0161a3c5637a0c0092bf54c436bb3d6508d7df26)
Conflicts:
Makefile.am
|
| |
|
|
|
|
|
|
|
|
| |
We need to retrieve caller IDs for each call from the system bus. This
commit adds a new SBUS connection type that identifies system bus
connection. The connection is used in the IFP provider.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit b81ad4a7c59cade13d52216f805d904392627136)
|
| |
|
|
|
|
|
|
|
|
|
| |
Split dbus_conn_send out of sbus_conn_send to be able to call DBus
messages without having a full sbus connection. This function is
available to the sbus code only, consumers of sbus (responders and
providers) should use sbus_conn_send.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit 393099fb7caa2c128277e26ba3463aa7f95a0ebb)
|
| |
|
|
|
|
|
|
|
|
| |
Adds a convenience function that constructs a DBusError on top of a talloc
context and as such can be used to mark an sbus request as failed without
having to create a DBusError instance by the caller.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit 87729e3a6c56383642a8d3a86b2856487f2ee064)
|
| |
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit 94f07a6f4375ec25d8fa5c99a0c4f68de7002457)
|
| |
|
|
|
|
|
|
|
|
|
| |
In SSSD we tend to use {} brackets around single-line blocks, too to
make sure we don't forget to add them should the block become larger.
We also don't add a space between function name and the opening "(".
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit 3d5908ed0faf400a5c7d9c3e4312597ee1b7786a)
|
| |
|
|
|
|
|
|
| |
There was a resource leak in the introspection code. This patch fixes
the leak.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 09f6afae29a2e80655496f7f71a72e50424e6f1c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The file sssd_ifp was installed by two subpackages: sssd-common and sssd-dbus
I din't have instaled file org.freedesktop.sssd.infopipe.conf, because it is
in package sssd-dbus. Missing conf file caused problem with starting
the ifp service.
[sssd] [monitor_service_init] (0x0400): Initializing D-BUS Service
[sssd] [mt_svc_exit_handler] (0x0040): Child [ifp] exited with code [3]
[sssd] [mt_svc_exit_handler] (0x0010): Process [ifp], definitely stopped!
[sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.522"
is not allowed to own the service "org.freedesktop.sssd.infopipe" due to
security policies in the configuration file
[sssd[ifp]] [ifp_process_init] (0x0020):
Failed to connect to the system message bus
[sssd[ifp]] [sss_responder_ctx_destructor] (0x0400):
Responder is being shut down
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 3c2a6219550488e33fd9d50c74ac30b325f6b99a)
|
| |
|
|
|
|
|
|
| |
fixes:
sssd_dbus_request.c:28:1: error: missing initializer [-Werror=missing-field-initializers]
sssd_dbus_request.c:28:1: error: (near initialization for 'error_internal.dummy1') [-Werror=missing-field-initializers]
(cherry picked from commit 8779b9ee101ed3e5a6836b5366c006dc21dd36c0)
|
| |
|
|
| |
(cherry picked from commit 615316359a8cef049f1bb4e8fef5fd52cb1755fa)
|
