summaryrefslogtreecommitdiffstats
path: root/src/responder/common/responder_common.c
Commit message (Collapse)AuthorAgeFilesLines
* accept_fd_handler: add missing returnSumit Bose2012-08-211-0/+1
|
* Fix segfault when using local providerStephen Gallagher2012-07-101-6/+5
| | | | | | | | | The name context was not being initialized for local provider domains because it was handled after skipping over the back-end initialization routine. This patch moves the name context init routine to occur earlier. https://fedorahosted.org/sssd/ticket/1412
* pac responder: limit access by checking UIDsSumit Bose2012-07-101-4/+132
| | | | | | | | | | | | A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
* Move some debug lines to new debug log levelsStef Walter2012-06-201-1/+1
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* Make the client idle timeout configurableStephen Gallagher2012-06-181-4/+18
|
* Add support for terminating idle connectionsShantanu Goel2012-06-181-2/+65
|
* Log message if close() fails in destructor.Shantanu Goel2012-06-181-1/+12
|
* Make re_expression and full_name_format per domain optionsStef Walter2012-06-121-6/+8
| | | | | | | | | | | * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
* RESPONDER: check return value from confdb_get_intJakub Hrozek2012-05-021-0/+7
| | | | sss_process_init forgot to check return value of confdb_get_int
* Modified responder_get_domain()Jan Zeleny2012-04-241-5/+32
| | | | Now it checks for subdomains as well as for the domain itself
* Responder part of the subdomain retrieval workJan Zeleny2012-04-241-0/+8
|
* Use the correct hash table for pending requestsSimo Sorce2012-03-081-0/+1
| | | | | | | | | | | | | The function that handled pending requests on reconnect was checking an orphaned global variable that was never used, redenring the whole function uselsess. This fixes a very nasty bug that was causing requests for which we never received an answer for (for example because the backend failed and was restarted) to be never removed and therefore causing a black hole effect for any other request of the same type. Fixes: https://fedorahosted.org/sssd/ticket/1229
* RESPONDERS: Make the fd_limit setting configurableStephen Gallagher2012-02-171-1/+18
| | | | | | | | | | This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197
* RESPONDERS: Allow increasing the file-descriptor limitStephen Gallagher2012-02-171-0/+36
| | | | | | | This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197
* Use the case sensitivity flag in respondersJakub Hrozek2011-12-161-1/+0
|
* Responders: Split getting domain by name into separate functionJakub Hrozek2011-12-161-0/+13
|
* Allow using Glib for UTF8 supportStephen Gallagher2011-12-051-9/+1
|
* RESPONDER: Refactor DP requests into tevent_req styleStephen Gallagher2011-11-291-0/+8
|
* RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher2011-11-181-0/+9
|
* Converge accept_fd_handler and accept_priv_fd_handlerStephen Gallagher2011-07-291-85/+50
| | | | | These two functions were almost identical. Better to maintain them as a single function.
* Set _GNU_SOURCE globallySumit Bose2011-05-231-3/+1
|
* Allow changing the log level without restartStephen Gallagher2011-05-061-0/+12
| | | | | | We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
* Create common sss_monitor_init()Stephen Gallagher2011-05-061-34/+3
| | | | | | | | This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use.
* Fix unchecked return value in set_nonblockingStephen Gallagher2010-12-171-10/+53
| | | | | | Also fixes the same problem with set_close_on_exec https://fedorahosted.org/sssd/ticket/713
* Properly null-terminate socket pathStephen Gallagher2010-06-141-2/+4
| | | | https://fedorahosted.org/sssd/ticket/540
* Use SO_PEERCRED on the PAM socketSumit Bose2010-04-161-1/+52
| | | | | | | | | | | | | | | | | This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
* Revert "Add better checks on PAM socket"Sumit Bose2010-04-161-136/+1
| | | | This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
* sysydb: Finally stop using a common event contextSimo Sorce2010-04-121-1/+1
| | | | This commit completes the migration to a synchronous sysdb
* Fixes for client communicationSumit Bose2010-03-171-5/+5
| | | | | | | - catch all errors of send() and recv(), not only EAGAIN - check if send() or recv() return EWOULDBLOCK or EINTR - remove unused parameter from client_send() and client_recv() - fix a debugging message
* Fixed buffer alignment in exchange_credentials().George McCollister2010-03-151-3/+7
| | | | | | buf needs to be 32 bit aligned on ARM. Also made the fix on the server side. Signed-off-by: George McCollister <George.McCollister@gmail.com>
* Add better checks on PAM socketSumit Bose2010-03-111-1/+132
| | | | | - check if the public socket belongs to root and has 0666 permissions - use a SCM_CREDENTIALS message if available
* Add forgotten \n in DEBUG statementsMartin Nagy2010-03-041-2/+2
| | | | | | Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.
* Remove unnecessary "domain" parameter from DP registrationStephen Gallagher2010-02-221-1/+1
| | | | | | This was a holdover from when the DP and the providers were unique processes. The NSS and PAM registrations do not need to send the domain, as it is not ambiguous which one they are talking to.
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+589
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-04 00:22:04 +0000