summaryrefslogtreecommitdiffstats
path: root/src/responder/common
Commit message (Collapse)AuthorAgeFilesLines
* Fix formating of variables with type: gid_tLukas Slebodnik2013-09-111-2/+2
|
* Fix formating of variables with type: uid_tLukas Slebodnik2013-09-111-2/+2
|
* Fix formating of variables with type: rlim_tLukas Slebodnik2013-09-111-5/+5
|
* Fix formating of variables with type: unsigned longLukas Slebodnik2013-09-111-1/+1
|
* DP: Use the correct type for DBus booleanJakub Hrozek2013-08-281-2/+5
| | | | https://fedorahosted.org/sssd/ticket/2057
* sss_packet_grow: correctly pad packet length to 512BPavel Březina2013-08-281-1/+1
| | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2059 If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number, we can end up with totlen < len and return EINVAL. It also does not pad the length, but usually allocates much more memory than is desired. len = 1024 n = 1024 % 512 + 1 = 0 + 1 = 1 totlen = 1 * 512 = 512 => totlen < len len = 511 n = 511 % 512 + 1 = 511 + 1 totlen = 512 * 512 = 262144 totlen is way bigger than it was supposed to be
* Missing space in debug messageMichal Zidek2013-07-151-2/+2
|
* Lookup domains at startupSumit Bose2013-06-042-0/+53
| | | | | | | | | | | | To make sure that e.g. the short/NetBIOS domain name is available this patch make sure that the responders send a get_domains request to their backends at startup the collect the domain information or read it from the cache if the backend is offline. For completeness I added this to all responders even if they do not need the information at the moment. Fixes https://fedorahosted.org/sssd/ticket/1951
* Fixing critical format string issues.Lukas Slebodnik2013-05-201-2/+3
| | | | | | --missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'
* Add sss_ncache_set_sid() and sss_ncache_check_sid()Sumit Bose2013-05-022-0/+31
| | | | | Two new calls are added to allow to add SID based lookups to the negative cache.
* Add responder_get_domain_by_id()Sumit Bose2013-05-022-0/+52
| | | | | | | | | | | This new call is similar to responder_get_domain() but uses the domain SID as search parameter. Since the length of the stored domain SID is used in the comparison, SIDs of users and groups and be used directly without stripping the RID component. The functionality is not merged into responder_get_domain() to allow to calculate the timeout correctly and return a specific error code if the entry is expired.
* Add two new request types to the data-provider interfaceSumit Bose2013-05-022-1/+9
| | | | | | | The patch adds two new request types for SID related requests. The first one is used if a SID is given and the corresponding object should be found. The second one can be used if the SID for an object is requested but it is not clear if the object is a user or a group.
* Add secid filter to responder-dp protocolSumit Bose2013-05-021-4/+14
| | | | | This patch add a new filter type to the data-provider interface which can be used for SID-based lookups.
* responder_get_domain(): remove timeout calculationSumit Bose2013-05-021-10/+1
| | | | | | | The current timout calculation code in responder_get_domain() is flawed and I think it always was. I removed the related code because - it currently has no effect, a match is returned even if it is expired - that callers do not have any code to handle expired domains.
* responder_get_domain: do not return disabled domainsSumit Bose2013-05-021-0/+4
| | | | | | Recent refactoring introduced to concept of disabled domains, i.e. domains which does not exists anymore. responder_get_domain() should not return disabled domains.
* Remove unused TALLOC_CTX from responder_get_domain()Sumit Bose2013-05-023-6/+4
| | | | | | Recent refactoring removed the need to copy the domain info data of sub-domains because the related objects will not be removed from memory anymore.
* coding style fixPavel Březina2013-03-201-1/+1
|
* do not leak memory on failure in *_process_init()Pavel Březina2013-03-201-10/+14
|
* Move sss_cmd_execute from client to responder code.Jakub Hrozek2013-03-083-7/+15
| | | | | I think it logically belongs there and allows to better exercise the responder commands from unit tests.
* Remove the alt_db_path parameter of sysdb_initMichal Zidek2013-03-051-1/+1
| | | | | | This parameter was never used. https://fedorahosted.org/sssd/ticket/1765
* Fix uninitialized time_t var in responderOndrej Kos2013-02-211-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1810
* Introduce IS_SUBDOMAIN() macroSimo Sorce2013-02-102-4/+4
| | | | Fixes https://fedorahosted.org/sssd/ticket/1766
* Change the way domains are linked.Simo Sorce2013-02-102-68/+31
| | | | | | | | | | | | | | | | | | | - Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()
* Add function get_next_domain()Simo Sorce2013-02-103-10/+10
| | | | | | | Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
* Update main domain info in placeSimo Sorce2013-02-101-21/+4
|
* Avoid sysdb_subdom in sysdb_get_subdomains()Simo Sorce2013-02-101-30/+7
|
* Add realm info to sss_domain_infoSimo Sorce2013-02-101-0/+1
|
* Add domain to some subdomain functionsSimo Sorce2013-01-151-1/+2
|
* Refactor sysdb initializationSimo Sorce2013-01-152-2/+1
| | | | | | | | | | | | Change the way sysdbs are initialized. Make callers responsible for providing the list of domains. Remove the returned array of sysdb contexts, it was used only by sss_cache and not really necessary there either as that tool can easily iterate the domains. Make sysdb ctx children of their respective domains. Neither sysdb context nor domains are ever freed until a program is done so there shouldn't be any memory hierarchy issue. As plus we simplify the code by removing a destructor and a setter function.
* Update domain ID for local domain as wellSumit Bose2013-01-081-2/+14
| | | | | | | Currently only the flat name of the configured domain is updated if it is not already set. This patch updates the domain ID as well. This is typically the case when trust support is enabled on the server side while sssd is running.
* failover: Protect against empty host namesMichal Zidek2013-01-021-1/+2
| | | | | | | | | | Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
* responder_dp: Add timeout to side requetsSimo Sorce2012-12-181-1/+25
| | | | | | | This is an additional proteciont in case the provider misbheaves to avoid having requests pending forever. Fixes: https://fedorahosted.org/sssd/ticket/1717
* RESPONDERS: Create a common file with service names and versionsJakub Hrozek2012-12-181-0/+43
| | | | | | | The monitor sends calls different sbus methods to different responders. Instead of including headers of the particular responders directly in monitor, which breaks layering a little, create a common header file that will be included from src/responder/common/
* Always append rctx as private dataSimo Sorce2012-12-051-1/+1
| | | | This is used for the new calls back from the data provider.
* NSS: Fix netgroup midpoint cache refreshJakub Hrozek2012-12-041-1/+1
| | | | | | | | https://fedorahosted.org/sssd/ticket/1683 The result of the percent calculation was always 0 as it used plain ints. The patch switches to using explicit floats to avoid reintroducing the bug again even with brackets.
* Display more information on DB version mismatchOndrej Kos2012-11-191-0/+1
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1589 Added check for determining, whether database version is higher or lower than expected. To distinguish it from other errors it uses following retun values (further used for appropriate error message): EMEDIUMTYPE for lower version than expected EUCLEAN for higher version than expected When SSSD or one of it's tools fails on DB version mismatch, new error message is showed suggesting how to proceed.
* sss_dp_get_domains_send(): handle subreq error correctlyPavel Březina2012-11-081-1/+2
| | | | | | | If force is true, ret may stay uninitialized and if ret == 0 after the subrequest is send, we will go to immediate label. Data provider request is sent, but the answer is never processed. This prohibited subdomain from working correctly.
* Free the internal DP requestJakub Hrozek2012-10-291-0/+8
|
* Save time of last get_domains requestSumit Bose2012-10-121-0/+16
|
* Fix memory hierarchy in subdomains discoveryJakub Hrozek2012-10-111-116/+160
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1571 The patch changes the subdomains discovery to use the tevent_req style. Previously, the code violated several rules which made the code very unreadable and led to memory hierarchy issues and use-after-free errors.
* do not call dp callbacks when responder is shutting downPavel Březina2012-10-113-0/+25
| | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1514 We were experiencing crash duting responder shut down. This happened when there were some unresolved dp request during the shut down. The memory hierarchy is main_ctx->specific_ctx->rctx, where specific_ctx may be one of the pam, nss, sudo, etc. contexts. If we try to call dp request callback as a result of responder termination, the specific context is already semi freed, which may cause crash.
* Fix typosYuri Chornoivan2012-10-091-1/+1
|
* Use flat name for master domain as wellSumit Bose2012-10-012-1/+18
|
* Add new option default_domain_suffixSumit Bose2012-10-013-3/+20
|
* accept_fd_handler: add missing returnSumit Bose2012-08-211-0/+1
|
* Fix LOCAL domain lookupsPavel Březina2012-08-151-19/+22
| | | | | | https://fedorahosted.org/sssd/ticket/1436 Now subdomains are not evaluated for local domains.
* Change subdomain_infoSimo Sorce2012-08-011-1/+1
| | | | | Rename the structure to use a standard name prefix so it is properly name-spaced, in preparation for changing the structure itself.
* Fix segfault when using local providerStephen Gallagher2012-07-101-6/+5
| | | | | | | | | The name context was not being initialized for local provider domains because it was handled after skipping over the back-end initialization routine. This patch moves the name context init routine to occur earlier. https://fedorahosted.org/sssd/ticket/1412
* pac responder: limit access by checking UIDsSumit Bose2012-07-102-4/+142
| | | | | | | | | | | | A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
* Move some debug lines to new debug log levelsStef Walter2012-06-201-1/+1
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
generated by cgit (git 2.34.1) at 2024-05-10 03:19:22 +0000