summaryrefslogtreecommitdiffstats
path: root/src/monitor
Commit message (Collapse)AuthorAgeFilesLines
* MONITOR: Fix warning may be used uninitializedMichal Zidek2014-10-311-1/+3
| | | | | | | | | | | | | | | This warning is caused be change 579e5d4b7a3ca161ea7518b2996905fa22c15995 "MONITOR: Allow confdb to be accessed by nonroot user" src/monitor/monitor.c: In function ‘main’: src/monitor/monitor.c:2953:24: error: ‘monitor’ may be used uninitialized in this function [-Werror=maybe-uninitialized] monitor->is_daemon = !opt_interactive; ^ cc1: all warnings being treated as errors Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SSH: Run the ssh responder as the SSSD userJakub Hrozek2014-10-221-1/+2
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SUDO: Run the sudo responder as the SSSD userJakub Hrozek2014-10-221-1/+2
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* PAC: Run the pac responder as the SSSD userJakub Hrozek2014-10-221-1/+2
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* AUTOFS: Run the autofs responder as the SSSD userJakub Hrozek2014-10-221-1/+2
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* PAM: Run pam responder as nonrootMichal Zidek2014-10-221-1/+2
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* NSS: Run as a user specified by monitorJakub Hrozek2014-10-221-0/+3
| | | | | | | | | Adds the NSS responder to the list of services known to work as a non-root user and becomes the specified user after starting the NSS responder. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SYSDB: Allow calling chown on the sysdb file from monitorMichal Zidek2014-10-221-1/+2
| | | | | | | | Sysdb must be accessible for the nonroot sssd processes. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* MONITOR: Allow confdb to be accessed by nonroot userMichal Zidek2014-10-221-1/+12
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* BE: Own the sbus socket as the SSSD userJakub Hrozek2014-10-221-0/+8
| | | | | | | | | In some cases, the back end might still be running as root, but the responder would be running unprivileged. In this case, we need to allow connecting from the SSSD user ID. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SBUS: Allow connections from other UIDsJakub Hrozek2014-10-221-0/+3
| | | | | | | | | Unless dbus_connection_set_unix_user_function() is used, D-Bus only allows connections from UID 0. This patch adds a custom checker function that allows either UID 0 or the pre-configured SSSD user ID. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SBUS: Chown the sbus socket if neededJakub Hrozek2014-10-221-1/+5
| | | | | | | | | When setting up the sbus server, we might need to chown the sbus socket to make sure non-root peers, running as the SSSD user are able to access the file. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SSSD: Load a user to run a service as from configurationJakub Hrozek2014-10-221-0/+56
| | | | | | | | | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2370 Adds a option, user to run as, that is specified in the [sssd] section. When this option is specified, SSSD will run as this user and his private group. When these are not specified, SSSD will run as the configure-time user and group (usually root). Currently all services and providers are started as root. There is a temporary svc_supported_as_nonroot() function that returns true for a service if that service runs and was tested as nonroot and false otherwise. Currently this function always returns false, but will be amended in future patches. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SSSD: Add the options to specify a UID and GID to run asJakub Hrozek2014-10-201-1/+2
| | | | | | | | | Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MONITOR: Remove useless memory contextsJakub Hrozek2014-10-101-12/+2
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* UTIL: Do not depend on monitor codeJakub Hrozek2014-10-092-36/+0
| | | | | | | Just moves code around. There should be a way to use the server.c module without linking the monitor code. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MONITOR: Make internal functions staticJakub Hrozek2014-10-062-16/+13
| | | | | | | Several functions in the monitor.c file were not marked as static even though they were only used inside monitor.c Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SSSD: Send debug to stderr when running on foregroundJakub Hrozek2014-07-091-1/+20
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2348 When SSSD is running in interactive mode, we should print DEBUG messages directly to stderr, not journal. Reviewed-by: Michal Židek <mzidek@redhat.com>
* MONITOR: Signal InfoPipe to reconnect on SIGUSR2Jakub Hrozek2014-07-081-0/+9
| | | | | | | | When the monitor receives SIGUSR2, it also signals the IFP responder to attempt to reconnect to the system bus using the sysbusReconnect SBUS method. No action is taken by other responders. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IFP: Provide a SBUS method to reconnect to sysbusJakub Hrozek2014-07-083-0/+13
| | | | | | | | | Introduces a new method implemented only by the IFP responder. When this method is received, the responder attempts to reconnect to the system bus, if not connected already. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* utils: add get_known_services()Pavel Březina2014-05-281-2/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SBUS: Implement org.freedesktop.DBus.Properties.GetAll for primitive typesJakub Hrozek2014-05-271-2/+56
| | | | | | | | | | | | This patch implements the GetAll method of the org.freedesktop.DBus.Properties interface by iterating over the available getters and putting all the results into a single getter. The patch includes a unit test that exercies all currently supported array types. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MONITOR: Fix start up with empty standard inputLukas Slebodnik2014-05-121-0/+3
| | | | | | | | | | | | The monitor process does not read data from standard input in. We can close file descriptor from stdin. [sssd] [server_stdin_handler] (0x0020): sssd: EOF on stdin - terminating Resolves: https://fedorahosted.org/sssd/ticket/2312 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Monitor: fix message wrong perm. mode on config filePavel Reichl2014-04-281-2/+2
| | | | | | | Change description of supported access modes. Add missing new line in message. Reviewed-by: Simo Sorce <simo@redhat.com>
* util: Change file check fns to use a mode maskSimo Sorce2014-04-281-1/+2
| | | | | | | | | | | | | | | Instead of using a custom way to chck file type, use the system provided macros and a mode mask to decide when we want to check. Additionally a mask also allows us to selectively check permissions. Related: https://bugzilla.redhat.com/1089098 Resolves: https://fedorahosted.org/sssd/ticket/2321 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sbus: Add type-safe DBus method handlers and finish functionsStef Walter2014-04-193-12/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Type safe method handlers allow methods not to have to do tedious unwrapping and wrapping of DBus method call messages or replies. Arguments of the following DBus types are supported in type-safe method handlers. In addition arrays of these are supported. y: uint8_t b: bool (but no arrays, yet) n: int16_t q: uint16_t i: int32_t u: uint32_t x: int64_t t: uint64_t d: double s: char * (utf8 string) o: char * (object path) As an exception, arrays of booleans are not supported, but could be added later. Other more complex types could be added later if desired. If a method has other argument types, then it must be marked as having a raw handler (see below). Internally each method can have a type specific invoker function which unpacks the incoming arguments and invokes the method handler with the correct arguments. Each method also has a finish which accepts the type-safe out arguments (ie: return values) and builds the reply message. Like other request 'finish' functions, these free the request talloc context, and are to be used in place of sbus_request_finish() or friends. Raw method handlers parse their own method arguments, and prepare their own reply (ideally using sbus_request_finish() helpers). They can also do strange things like have variable arguments. To mark a DBus method as having a raw method handler use the following annotation: <annotation name="org.freedesktop.sssd.RawHandler" value="true"/> Raw methods do not have invokers or finish functions. I've left all of the internal peer to peer communication using raw method handlers. No code changes here.
* IFP: Re-add the InfoPipe serverJakub Hrozek2014-04-041-1/+1
| | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2072 This commit only adds the responder and the needed plumbing. No DBus related code is in yet.
* Remove --with-distro-versionNikolai Kondrashov2014-04-031-1/+1
| | | | | | | | | Remove support for "--with-distro-version" configure option as unused. The option was added in August 2011 (d3da1c1). As of now nothing seems to use it. Packaging checked: rpm, deb, pacman, ebuilds, FreeBSD ports. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Use pattern #elif defined(identifier)Lukas Slebodnik2014-03-141-2/+2
| | | | | | | | | | | | | | We had in source code following pattern #elif HAVE_<name> It worked because undefined identifier(in some cases) was evaluated to 0. But we do not care about value of HAVE_SOMETHING. We just need to know whether identifier was defined. There is not equivalent to #ifdef (short for of #if definded) We need to use long form: #elif defined HAVE_<name> It causes also compiler warning with enabled compiler flag -Wundef. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sbus: Refactor how we export DBus interfacesStef Walter2014-03-143-23/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most importantly, stop using per connection private data. This doesn't scale when you have more than one thing exporting or exported on a connection. Remove struct sbus_interface and expand sbus_conn_add_interface() function. Remove various struct sbus_interface args to connection initialization functions and make callers use sbus_conn_add_interface() directly. The old method was optimized for exporting one interface on a connection. We'll have connections that export zero, one or more interfaces. To export an interface on a DBus server, call sbus_conn_add_interface() from within the sbus_server_conn_init_fn. To export an interface on a DBus client, call sbus_conn_add_interface() after sbus_new_connection() returns. As before struct sbus_interface represents an object exported via DBus. However it is now talloc allocated. One can set instance data on the struct sbus_interface. This instance data is passed to the various handlers and used in their implementation. However, we now have type safe interface exporting in the various high level sss_process_init() sss_monitor_init() and so on. Introspection support was not in use, and is now gone until we implement it using the metadata (future patch). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sbus: Add struct sbus_request to represent a DBus invocationStef Walter2014-03-143-66/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | struct sbus_request represents a request from a dbus client being handled by a dbus server implementation. The struct contains the message, connection and method (and in the future teh property) which is being requested. In the future it will contain caller information as well. sbus_request is a talloc memory context, and is a good place to attach any allocations and memory specific to the request. Each handler accepts an sbus_request. If a handler returns EOK, it is assumed that the handler will finish the request. Any of the sbus_request_*finish() methods can be used to complete the request and send back a reply. sbus_request_return_and_finish() uses the same argument varargs syntax as dbus_message_append_args(), which isn't a great syntax. Document it a bit, but don't try to redesign: The marshalling work (will follow this patch set) will remove the need to use varargs for most DBus implementation code. This patch migrates the monitor and data provider dbus code to use sbus_request, but does not try to rework the talloc context's to use it. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sbus: Use constants to make dbus callsStef Walter2014-02-243-28/+11
| | | | | | | | | | | This allows us to remove duplicated information, and have the compiler check that when an method name is changed or removed the callers are updated. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* sbus: Generate constants from interface definitionsStef Walter2014-02-241-0/+22
| | | | | | | | | | | | | | This is not strictly necessary, but avoids duplicating data in mulitple places, and makes the interface definitions benefit dbus callers (a little). After applying this commit you may need to 'make clean' as the codegen has changed. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* sbus: Rework sbus to use interface metadata and vtablesStef Walter2014-02-245-7/+196
| | | | | | | | | | | | | | | | | | | | Previous commits added support for interface metadata and handler vtables. This commit ports sbus_dbus_connection to use them. Port the internal uses of dbus to use the new scheme in a very minimal way. Further cleanup is possible here. This commit provides basic definitions of the internal dbus interfaces. The interfaces aren't fully defined, as the handlers will continue to unpack manually, and often overload DBus methods with different arguments (which is rather unorthodox, but not the end of the world). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Update DEBUG* invocations to use new levelsNikolai Kondrashov2014-02-123-93/+130
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Make DEBUG macro invocations variadicNikolai Kondrashov2014-02-123-240/+240
| | | | | | | | | | | | | | | | | | | | | | | | Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* MONITOR: Incorrect permissions on sssd.confPavel Reichl2014-02-111-1/+7
| | | | | | | | | | Print user friendly warning when permissions on sssd.conf are incorrect and provide hint. Resolves: https://fedorahosted.org/sssd/ticket/2208 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* monitor: syslog when process killed by monitorPavel Reichl2013-12-091-0/+6
| | | | https://fedorahosted.org/sssd/ticket/2162
* monitor: memory-leak bugPavel Reichl2013-12-091-2/+4
| | | | In case *mt_svc_restart* event can't be created free *svc* directly.
* monitor: monitor_kill_service - refactorPavel Reichl2013-12-091-8/+20
| | | | | | After freeing *svc* return immediately instead of creating event operating on *svc* (use-after-free). Also check tevent_add_timer failure and remove unused sigkill_ev variable.
* monitor: use-after-free bugfixPavel Reichl2013-12-091-4/+6
| | | | | | *monitor_kill_service* may create timed event which operates on *svc* and therefore *svc* should not be freed right after call of *monitor_kill_sercice*. *svc* is supposed to be freed by *mt_svc_restart*.
* monitor: Specific error message for missing sssd.confPavel Reichl2013-11-271-1/+7
| | | | | | | | Specific error message is logged for missing sssd.conf file. New sssd specific error value is introduced for this case. Resolves: https://fedorahosted.org/sssd/ticket/2156
* monitor: Stop using unnecessary helper pointer.Michal Zidek2013-11-151-8/+4
| | | | | | | | | We allocate memory using helper pointer 'buf' only to assign the address to another pointer. We should use the second pointer only. resolves: https://fedorahosted.org/sssd/ticket/1359
* monitor: return right error codeLukas Slebodnik2013-11-151-1/+1
| | | | If talloc_zero fails ENOMEM should be returned and no EIO
* Include external headers with #include <foo.h>Jakub Hrozek2013-10-221-3/+3
| | | | | | I find it more readable to include headers from outside the sssd tree with <foo.h>, not "foo.h". The latter should be used for in-tree headers only.
* Convert IN_MULTICAST parameter to host orderJakub Hrozek2013-09-241-1/+1
| | | | | | | https://fedorahosted.org/sssd/ticket/2087 IN_MULTICAST accepts address in the host order, but network order was supplied.
* Fix formating of variables with type: uid_tLukas Slebodnik2013-09-112-3/+5
|
* AUTOTOOLS: More robust detection of inotify.Lukas Slebodnik2013-09-091-4/+4
| | | | | | | | | We checked only header file "sys/inotify" for detection whether inotify works. Some platforms do not have built in inotify, but contain library, which provides inotify-compatible interface. This patch adds more robust detection of inotify in configuration time and appends linker flags to Makefile if inotify is provided by library.
* MONITOR: Move function declaration out of conditional buildLukas Slebodnik2013-08-281-5/+6
| | | | | | | Function monitor_config_file_fallback was defined inside of conditional block "#ifdef HAVE_SYS_INOTIFY_H", but it was also used out of this block. This patch move declaration of function before start of conditional build section.
* Use brackets around macros.Lukas Slebodnik2013-08-221-4/+4
| | | | warnings reported by cppcheck.
generated by cgit (git 2.34.1) at 2024-05-04 19:16:33 +0000