summaryrefslogtreecommitdiffstats
path: root/src/responder/common
Commit message (Collapse)AuthorAgeFilesLines
* DP: Use the correct type for DBus booleanJakub Hrozek2013-08-281-2/+5
| | | | https://fedorahosted.org/sssd/ticket/2057
* sss_packet_grow: correctly pad packet length to 512BPavel Březina2013-08-281-1/+1
| | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2059 If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number, we can end up with totlen < len and return EINVAL. It also does not pad the length, but usually allocates much more memory than is desired. len = 1024 n = 1024 % 512 + 1 = 0 + 1 = 1 totlen = 1 * 512 = 512 => totlen < len len = 511 n = 511 % 512 + 1 = 511 + 1 totlen = 512 * 512 = 262144 totlen is way bigger than it was supposed to be
* Update domain ID for local domain as wellSumit Bose2013-01-081-2/+14
| | | | | | | Currently only the flat name of the configured domain is updated if it is not already set. This patch updates the domain ID as well. This is typically the case when trust support is enabled on the server side while sssd is running.
* responder_dp: Add timeout to side requetsSimo Sorce2012-12-181-1/+25
| | | | | | | This is an additional proteciont in case the provider misbheaves to avoid having requests pending forever. Fixes: https://fedorahosted.org/sssd/ticket/1717
* RESPONDERS: Create a common file with service names and versionsJakub Hrozek2012-12-181-0/+43
| | | | | | | The monitor sends calls different sbus methods to different responders. Instead of including headers of the particular responders directly in monitor, which breaks layering a little, create a common header file that will be included from src/responder/common/
* Always append rctx as private dataSimo Sorce2012-12-051-1/+1
| | | | This is used for the new calls back from the data provider.
* NSS: Fix netgroup midpoint cache refreshJakub Hrozek2012-12-041-1/+1
| | | | | | | | https://fedorahosted.org/sssd/ticket/1683 The result of the percent calculation was always 0 as it used plain ints. The patch switches to using explicit floats to avoid reintroducing the bug again even with brackets.
* Display more information on DB version crashOndrej Kos2012-11-191-0/+1
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1589 Added check for determining, whether database version is higher or lower than expected. To distinguish it from other errors it uses following retun values (further used for appropriate error message): EMEDIUMTYPE for lower version than expected EUCLEAN for higher version than expected When SSSD or one of it's tools fails on DB version mismatch, new error message is showed suggesting how to proceed.
* sss_dp_get_domains_send(): handle subreq error correctlyPavel Březina2012-11-081-1/+2
| | | | | | | If force is true, ret may stay uninitialized and if ret == 0 after the subrequest is send, we will go to immediate label. Data provider request is sent, but the answer is never processed. This prohibited subdomain from working correctly.
* Free the internal DP requestJakub Hrozek2012-10-291-0/+8
|
* Save time of last get_domains requestSumit Bose2012-10-121-0/+16
|
* Fix memory hierarchy in subdomains discoveryJakub Hrozek2012-10-111-116/+160
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1571 The patch changes the subdomains discovery to use the tevent_req style. Previously, the code violated several rules which made the code very unreadable and led to memory hierarchy issues and use-after-free errors.
* do not call dp callbacks when responder is shutting downPavel Březina2012-10-113-0/+25
| | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1514 We were experiencing crash duting responder shut down. This happened when there were some unresolved dp request during the shut down. The memory hierarchy is main_ctx->specific_ctx->rctx, where specific_ctx may be one of the pam, nss, sudo, etc. contexts. If we try to call dp request callback as a result of responder termination, the specific context is already semi freed, which may cause crash.
* Fix typosYuri Chornoivan2012-10-091-1/+1
|
* Use flat name for master domain as wellSumit Bose2012-10-012-1/+18
|
* Add new option default_domain_suffixSumit Bose2012-10-013-3/+20
|
* accept_fd_handler: add missing returnSumit Bose2012-08-211-0/+1
|
* Fix LOCAL domain lookupsPavel Březina2012-08-151-19/+22
| | | | | | https://fedorahosted.org/sssd/ticket/1436 Now subdomains are not evaluated for local domains.
* Change subdomain_infoSimo Sorce2012-08-011-1/+1
| | | | | Rename the structure to use a standard name prefix so it is properly name-spaced, in preparation for changing the structure itself.
* Fix segfault when using local providerStephen Gallagher2012-07-101-6/+5
| | | | | | | | | The name context was not being initialized for local provider domains because it was handled after skipping over the back-end initialization routine. This patch moves the name context init routine to occur earlier. https://fedorahosted.org/sssd/ticket/1412
* pac responder: limit access by checking UIDsSumit Bose2012-07-102-4/+142
| | | | | | | | | | | | A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
* Move some debug lines to new debug log levelsStef Walter2012-06-201-1/+1
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* Make the client idle timeout configurableStephen Gallagher2012-06-182-4/+19
|
* Add support for terminating idle connectionsShantanu Goel2012-06-182-2/+67
|
* Log message if close() fails in destructor.Shantanu Goel2012-06-181-1/+12
|
* Make re_expression and full_name_format per domain optionsStef Walter2012-06-124-17/+19
| | | | | | | | | | | * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
* SSH: Add dp_get_host_send to common responder codeJakub Hrozek2012-05-032-13/+2
| | | | | | | | Instead of using account_info request, creates a new ssh specific request. This improves code readability and will make the code more flexible in the future. https://fedorahosted.org/sssd/ticket/1176
* RESPONDER: check return value from confdb_get_intJakub Hrozek2012-05-021-0/+7
| | | | sss_process_init forgot to check return value of confdb_get_int
* Two fixes in responder subdomain codeJan Zeleny2012-04-241-0/+6
|
* Add domain name to get_account_info requestSumit Bose2012-04-241-0/+1
|
* Modified responder_get_domain()Jan Zeleny2012-04-244-10/+39
| | | | Now it checks for subdomains as well as for the domain itself
* Responder part of the subdomain retrieval workJan Zeleny2012-04-243-0/+359
|
* Add conn_name to allow different names for domains and connectionsJan Zeleny2012-04-241-1/+1
|
* Free entry found in negative cacheJakub Hrozek2012-03-161-0/+3
|
* Use the correct hash table for pending requestsSimo Sorce2012-03-083-6/+10
| | | | | | | | | | | | | The function that handled pending requests on reconnect was checking an orphaned global variable that was never used, redenring the whole function uselsess. This fixes a very nasty bug that was causing requests for which we never received an answer for (for example because the backend failed and was restarted) to be never removed and therefore causing a black hole effect for any other request of the same type. Fixes: https://fedorahosted.org/sssd/ticket/1229
* RESPONDERS: Make the fd_limit setting configurableStephen Gallagher2012-02-171-1/+18
| | | | | | | | | | This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197
* RESPONDERS: Allow increasing the file-descriptor limitStephen Gallagher2012-02-172-0/+39
| | | | | | | This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197
* Remove setent structure when callback is calledJakub Hrozek2012-02-132-11/+11
|
* Fix group enumerationJakub Hrozek2012-02-101-2/+7
| | | | | | Also adds some more debugging and fixes a code style issue. https://fedorahosted.org/sssd/ticket/1182
* DP: Add support for hosts in sss_dp_get_accountJan Cholasta2012-02-072-2/+13
| | | | Host requests are directed to the host info handler.
* AUTOFS: responderJakub Hrozek2012-02-051-0/+2
|
* Split the logic to check cache expiration into separate functionJakub Hrozek2012-02-052-0/+56
|
* RESPONDERS: Refactor setent_req_listJakub Hrozek2012-02-052-5/+90
| | | | | Makes the setent_add_ref() and setent_notify_*() functions more generic to be reusable by the autofs responder.
* RESPONDERS: Provide a common sss_cmd_send_error functionJakub Hrozek2012-02-022-0/+18
| | | | The common function could be reused in new responders
* Refactor nss_cmd_send_emptyJakub Hrozek2012-01-312-0/+39
|
* NSS: Add service enumeration support to NSS providerStephen Gallagher2012-01-271-0/+3
|
* DP: Refactor responder_dp_req so it's reusable by other respondersJakub Hrozek2012-01-272-239/+347
| | | | | | | | | | | | | | | | | | | | | | | | * the internal request is now more generic and is decoupled from account-specific data. There is a new sss_dp_issue_request() wrapper that issues a BE request or registers a callback * the public requests all use struct sss_dp_req_state as the tevent_req state data. This allows to report back data from the internal request even if the caller is just a callback notifier * each specific request now uses an _info structure that contains all the data necessary to construct a DBusMessage passed to provider * each specific request now defines a sss_dp_get_$data_msg callback that is called from the sss_dp_issue_request() common wraper. The purpose of the wrapper is to construct a DBusMessage and bind it to a DBus method so the message can be just sent over to back end The miscellanous changes include: * change SSS_DP_ constants to an enum. This way, a switch() would error if a value is not handled. * rename sss_dp_get_account_int_send() to sss_dp_internal_get_send() request because the internal request is going to handle more than just account data * the DBus return values were renamed from err_maj, err_min to dp_err and dp_ret respectively
* NSS: Add negative cache routines for servicesStephen Gallagher2012-01-272-3/+132
|
* DP: Add support for services in dp requestsStephen Gallagher2012-01-272-0/+4
|
* DP: Fix bugs in sss_dp_get_account_intStephen Gallagher2012-01-231-66/+44
| | | | | | | | | | | | | | | | | | | | | | | The conversion to the tevent_req style introduced numerous bugs related to memory management of the various client requests. In some circumstances, this could cause memory corruption and segmentation faults in the NSS responder. This patch makes the following changes: 1) Rename the internal lookup from subreq to sidereq, to indicate that it is not a sub-request of the current lookup (and therefore is not cancelled if the current request is). 2) Change the handling of the callback loops since they call tevent_req_[done|error], which results in them being freed (and therefore removed from the cb_list. This was the source of the memory corruption that would occasionally result in dereferencing an unreadable request. 3) Remove the unnecessary sss_dp_get_account_int_recv() function and change sss_dp_get_account_done() so that it only frees the sidereq. All of the waiting processes have already been signaled with the final results from sss_dp_get_account_int_done()
generated by cgit (git 2.34.1) at 2024-05-06 03:53:14 +0000