summaryrefslogtreecommitdiffstats
path: root/src/responder/common/responder_common.c
Commit message (Collapse)AuthorAgeFilesLines
* Fixing critical format string issues.Lukas Slebodnik2013-05-201-2/+3
| | | | | | --missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'
* Add responder_get_domain_by_id()Sumit Bose2013-05-021-0/+49
| | | | | | | | | | | This new call is similar to responder_get_domain() but uses the domain SID as search parameter. Since the length of the stored domain SID is used in the comparison, SIDs of users and groups and be used directly without stripping the RID component. The functionality is not merged into responder_get_domain() to allow to calculate the timeout correctly and return a specific error code if the entry is expired.
* responder_get_domain(): remove timeout calculationSumit Bose2013-05-021-10/+1
| | | | | | | The current timout calculation code in responder_get_domain() is flawed and I think it always was. I removed the related code because - it currently has no effect, a match is returned even if it is expired - that callers do not have any code to handle expired domains.
* responder_get_domain: do not return disabled domainsSumit Bose2013-05-021-0/+4
| | | | | | Recent refactoring introduced to concept of disabled domains, i.e. domains which does not exists anymore. responder_get_domain() should not return disabled domains.
* Remove unused TALLOC_CTX from responder_get_domain()Sumit Bose2013-05-021-2/+1
| | | | | | Recent refactoring removed the need to copy the domain info data of sub-domains because the related objects will not be removed from memory anymore.
* do not leak memory on failure in *_process_init()Pavel Březina2013-03-201-10/+14
|
* Move sss_cmd_execute from client to responder code.Jakub Hrozek2013-03-081-1/+9
| | | | | I think it logically belongs there and allows to better exercise the responder commands from unit tests.
* Remove the alt_db_path parameter of sysdb_initMichal Zidek2013-03-051-1/+1
| | | | | | This parameter was never used. https://fedorahosted.org/sssd/ticket/1765
* Fix uninitialized time_t var in responderOndrej Kos2013-02-211-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1810
* Introduce IS_SUBDOMAIN() macroSimo Sorce2013-02-101-3/+3
| | | | Fixes https://fedorahosted.org/sssd/ticket/1766
* Change the way domains are linked.Simo Sorce2013-02-101-20/+11
| | | | | | | | | | | | | | | | | | | - Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()
* Add function get_next_domain()Simo Sorce2013-02-101-2/+2
| | | | | | | Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
* Refactor sysdb initializationSimo Sorce2013-01-151-1/+1
| | | | | | | | | | | | Change the way sysdbs are initialized. Make callers responsible for providing the list of domains. Remove the returned array of sysdb contexts, it was used only by sss_cache and not really necessary there either as that tool can easily iterate the domains. Make sysdb ctx children of their respective domains. Neither sysdb context nor domains are ever freed until a program is done so there shouldn't be any memory hierarchy issue. As plus we simplify the code by removing a destructor and a setter function.
* failover: Protect against empty host namesMichal Zidek2013-01-021-1/+2
| | | | | | | | | | Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
* Always append rctx as private dataSimo Sorce2012-12-051-1/+1
| | | | This is used for the new calls back from the data provider.
* Display more information on DB version mismatchOndrej Kos2012-11-191-0/+1
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1589 Added check for determining, whether database version is higher or lower than expected. To distinguish it from other errors it uses following retun values (further used for appropriate error message): EMEDIUMTYPE for lower version than expected EUCLEAN for higher version than expected When SSSD or one of it's tools fails on DB version mismatch, new error message is showed suggesting how to proceed.
* do not call dp callbacks when responder is shutting downPavel Březina2012-10-111-0/+15
| | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1514 We were experiencing crash duting responder shut down. This happened when there were some unresolved dp request during the shut down. The memory hierarchy is main_ctx->specific_ctx->rctx, where specific_ctx may be one of the pam, nss, sudo, etc. contexts. If we try to call dp request callback as a result of responder termination, the specific context is already semi freed, which may cause crash.
* Use flat name for master domain as wellSumit Bose2012-10-011-1/+3
|
* Add new option default_domain_suffixSumit Bose2012-10-011-0/+10
|
* accept_fd_handler: add missing returnSumit Bose2012-08-211-0/+1
|
* Fix segfault when using local providerStephen Gallagher2012-07-101-6/+5
| | | | | | | | | The name context was not being initialized for local provider domains because it was handled after skipping over the back-end initialization routine. This patch moves the name context init routine to occur earlier. https://fedorahosted.org/sssd/ticket/1412
* pac responder: limit access by checking UIDsSumit Bose2012-07-101-4/+132
| | | | | | | | | | | | A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
* Move some debug lines to new debug log levelsStef Walter2012-06-201-1/+1
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* Make the client idle timeout configurableStephen Gallagher2012-06-181-4/+18
|
* Add support for terminating idle connectionsShantanu Goel2012-06-181-2/+65
|
* Log message if close() fails in destructor.Shantanu Goel2012-06-181-1/+12
|
* Make re_expression and full_name_format per domain optionsStef Walter2012-06-121-6/+8
| | | | | | | | | | | * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
* RESPONDER: check return value from confdb_get_intJakub Hrozek2012-05-021-0/+7
| | | | sss_process_init forgot to check return value of confdb_get_int
* Modified responder_get_domain()Jan Zeleny2012-04-241-5/+32
| | | | Now it checks for subdomains as well as for the domain itself
* Responder part of the subdomain retrieval workJan Zeleny2012-04-241-0/+8
|
* Use the correct hash table for pending requestsSimo Sorce2012-03-081-0/+1
| | | | | | | | | | | | | The function that handled pending requests on reconnect was checking an orphaned global variable that was never used, redenring the whole function uselsess. This fixes a very nasty bug that was causing requests for which we never received an answer for (for example because the backend failed and was restarted) to be never removed and therefore causing a black hole effect for any other request of the same type. Fixes: https://fedorahosted.org/sssd/ticket/1229
* RESPONDERS: Make the fd_limit setting configurableStephen Gallagher2012-02-171-1/+18
| | | | | | | | | | This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197
* RESPONDERS: Allow increasing the file-descriptor limitStephen Gallagher2012-02-171-0/+36
| | | | | | | This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197
* Use the case sensitivity flag in respondersJakub Hrozek2011-12-161-1/+0
|
* Responders: Split getting domain by name into separate functionJakub Hrozek2011-12-161-0/+13
|
* Allow using Glib for UTF8 supportStephen Gallagher2011-12-051-9/+1
|
* RESPONDER: Refactor DP requests into tevent_req styleStephen Gallagher2011-11-291-0/+8
|
* RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher2011-11-181-0/+9
|
* Converge accept_fd_handler and accept_priv_fd_handlerStephen Gallagher2011-07-291-85/+50
| | | | | These two functions were almost identical. Better to maintain them as a single function.
* Set _GNU_SOURCE globallySumit Bose2011-05-231-3/+1
|
* Allow changing the log level without restartStephen Gallagher2011-05-061-0/+12
| | | | | | We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
* Create common sss_monitor_init()Stephen Gallagher2011-05-061-34/+3
| | | | | | | | This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use.
* Fix unchecked return value in set_nonblockingStephen Gallagher2010-12-171-10/+53
| | | | | | Also fixes the same problem with set_close_on_exec https://fedorahosted.org/sssd/ticket/713
* Properly null-terminate socket pathStephen Gallagher2010-06-141-2/+4
| | | | https://fedorahosted.org/sssd/ticket/540
* Use SO_PEERCRED on the PAM socketSumit Bose2010-04-161-1/+52
| | | | | | | | | | | | | | | | | This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
* Revert "Add better checks on PAM socket"Sumit Bose2010-04-161-136/+1
| | | | This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
* sysydb: Finally stop using a common event contextSimo Sorce2010-04-121-1/+1
| | | | This commit completes the migration to a synchronous sysdb
* Fixes for client communicationSumit Bose2010-03-171-5/+5
| | | | | | | - catch all errors of send() and recv(), not only EAGAIN - check if send() or recv() return EWOULDBLOCK or EINTR - remove unused parameter from client_send() and client_recv() - fix a debugging message
* Fixed buffer alignment in exchange_credentials().George McCollister2010-03-151-3/+7
| | | | | | buf needs to be 32 bit aligned on ARM. Also made the fix on the server side. Signed-off-by: George McCollister <George.McCollister@gmail.com>
* Add better checks on PAM socketSumit Bose2010-03-111-1/+132
| | | | | - check if the public socket belongs to root and has 0666 permissions - use a SCM_CREDENTIALS message if available
generated by cgit (git 2.34.1) at 2024-06-26 07:17:50 +0000