summaryrefslogtreecommitdiffstats
path: root/src/responder/nss/nsssrv_cmd.c
Commit message (Collapse)AuthorAgeFilesLines
* Send the correct enumeration requestsssd-1.8.0-26.el6Jakub Hrozek2012-05-101-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1329
* Lowercase group members in case-insensitive domainsJakub Hrozek2012-04-301-1/+7
| | | | https://fedorahosted.org/sssd/ticket/1312
* Avoid uninitialized value comparisonStephen Gallagher2012-02-131-0/+3
| | | | Coverity #12526
* Allocate setent structure on state, not on the client contextJakub Hrozek2012-02-131-4/+4
| | | | https://fedorahosted.org/sssd/ticket/1189
* Remove setent structure when callback is calledJakub Hrozek2012-02-131-9/+4
|
* Fix group enumerationJakub Hrozek2012-02-101-0/+2
| | | | | | Also adds some more debugging and fixes a code style issue. https://fedorahosted.org/sssd/ticket/1182
* Split the logic to check cache expiration into separate functionJakub Hrozek2012-02-051-43/+17
|
* RESPONDERS: Refactor setent_req_listJakub Hrozek2012-02-051-51/+24
| | | | | Makes the setent_add_ref() and setent_notify_*() functions more generic to be reusable by the autofs responder.
* RESPONDERS: Provide a common sss_cmd_send_error functionJakub Hrozek2012-02-021-13/+1
| | | | The common function could be reused in new responders
* Refactor nss_cmd_send_emptyJakub Hrozek2012-01-311-34/+3
|
* NSS: Add getservbyname and getservbyport support to the NSS ResponderStephen Gallagher2012-01-271-0/+6
|
* Move sized_string declaration to utilsStephen Gallagher2012-01-231-11/+0
|
* DP: Fix bugs in sss_dp_get_account_intStephen Gallagher2012-01-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | The conversion to the tevent_req style introduced numerous bugs related to memory management of the various client requests. In some circumstances, this could cause memory corruption and segmentation faults in the NSS responder. This patch makes the following changes: 1) Rename the internal lookup from subreq to sidereq, to indicate that it is not a sub-request of the current lookup (and therefore is not cancelled if the current request is). 2) Change the handling of the callback loops since they call tevent_req_[done|error], which results in them being freed (and therefore removed from the cb_list. This was the source of the memory corruption that would occasionally result in dereferencing an unreadable request. 3) Remove the unnecessary sss_dp_get_account_int_recv() function and change sss_dp_get_account_done() so that it only frees the sidereq. All of the waiting processes have already been signaled with the final results from sss_dp_get_account_int_done()
* RESPONDER: Extend sss_dp_account_send() to include extra dataStephen Gallagher2012-01-211-4/+4
| | | | | | | Some NSS maps such as 'services' require more values to be passed to the data provider than just the name or ID. In these cases, we will amend an optional component to filter value to pass to the data provider backend.
* nsssrv: use sized_string in fill_grentSimo Sorce2012-01-091-35/+48
|
* nsssrv: use sized_string in fill_pwentSimo Sorce2012-01-091-41/+56
|
* nsssrv: add string manipulation helperSimo Sorce2012-01-091-0/+11
| | | | | the sized_string structure makes it easier to keep track of string lengths and makes passing around data more compat and readable.
* Return user and group names lowercased in case insensitive domainsJakub Hrozek2011-12-211-12/+32
|
* sss_get_cased_name utility functionJakub Hrozek2011-12-211-6/+3
|
* Pass client context to sss_dp_get_account_sendJakub Hrozek2011-12-191-1/+1
|
* Use the case sensitivity flag in respondersJakub Hrozek2011-12-161-12/+27
|
* Responders: Split getting domain by name into separate functionJakub Hrozek2011-12-161-16/+3
|
* Pass the correct private data into Data Provider callbackJakub Hrozek2011-12-071-1/+1
|
* Ignore NULL-terminator when checking UTF8-validityStephen Gallagher2011-12-051-3/+3
| | | | | Glib fails if the NULL-terminator is included when a length is specified.
* RESPONDER: Refactor DP requests into tevent_req styleStephen Gallagher2011-11-291-50/+111
|
* RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher2011-11-181-0/+21
|
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-151-7/+7
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Prevent segfault if vetoed_shells are specified without allowed_shellsJakub Hrozek2011-08-081-16/+19
| | | | https://fedorahosted.org/sssd/ticket/954
* Add vetoed_shells optionJohn Hodrien2011-07-291-1/+12
| | | | | | | | There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Fix indexing of skipped groupsJakub Hrozek2011-07-211-2/+4
| | | | https://fedorahosted.org/sssd/ticket/928
* fix typosSimo Sorce2011-06-271-5/+5
|
* Non-posix group processing - ldap provider and nss responderJan Zeleny2011-06-021-3/+11
|
* Fix typo in initgroups negative cache checkStephen Gallagher2011-05-311-1/+1
|
* Add new options to override shell valueJakub Hrozek2011-05-201-1/+38
| | | | https://fedorahosted.org/sssd/ticket/742
* Add a new option to override home directory valueJakub Hrozek2011-05-201-1/+133
| | | | https://fedorahosted.org/sssd/ticket/551
* Add a new option to override primary GID numberJakub Hrozek2011-05-201-1/+9
| | | | https://fedorahosted.org/sssd/ticket/742
* Fix regression where nonexistent entries were never added to the negative cacheStephen Gallagher2011-04-151-21/+21
|
* Fix a regression with the negative cache in multi-domain configurationsStephen Gallagher2011-04-151-3/+18
|
* Remove unused enumeration cache timeout checksSumit Bose2011-01-061-30/+2
| | | | | The existence of the getent_ctx is used to track the enumeration cache timeout.
* Post enumeration tevent request if neededSumit Bose2011-01-061-8/+41
|
* Return groups and users from all domains during enumerationSumit Bose2011-01-061-3/+5
|
* Always use talloc_zero() to allocate cmdctxSumit Bose2010-10-261-2/+2
|
* sysdb interface for adding fake usersJakub Hrozek2010-10-151-1/+1
|
* sysdb interface for adding incomplete groupsJakub Hrozek2010-10-151-1/+1
| | | | Useful for optimizing the initgroups operation.
* Add netgroup support to the NSS responderStephen Gallagher2010-10-131-2/+9
|
* Split out some helper functions for the NSS responderStephen Gallagher2010-10-131-83/+17
| | | | | Create a new private header and make some functions available for other object files.
* Require explicit setting of callback context for check_cacheStephen Gallagher2010-10-131-7/+13
| | | | | Previously, it was implicitly using the nss_dom_ctx, but there are situations where we would want to send a different private context
* Initgroups on a non-cached user should go to the data providerStephen Gallagher2010-09-221-1/+2
| | | | | | | We were accidentally returning an error when sysdb_getpwnam() returned zero results internally in sysdb_initgroups(). The correct behavior here is to return EOK and a result object with zero entries.
* Handle multiple simultaneous enumeration requestsStephen Gallagher2010-09-081-289/+706
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, if a second enumeration request arrived while one was already being processed, each process would receive only a subset of the total number of available users or groups. This is because we were maintaining the response object as a global value in the NSS responder. The second request would come in, see that the data set was already populated, and start reading from wherever the cursor was currently pointed. With this patch, we now move the cursor to the client context instead of the global NSS context. Additionally, this patch completely rewrites the approach to enumerations in the tevent_req style. This makes it much easier to follow in the code. In order to ensure that a slow or malicious client cannot hold onto a reference for the setent result object indefinitely, we set an expiration on the object. We use the enum_cache_timeout here, since that is an appropriate value. If the timeout fires during the normal operation of the get*ent() loop of a client program, we will save the current values of the read index so that we can resume as soon as the object has been refreshed by an implicit setent call. Instead of deleting the enumeration result object immediately after the last in-progress client has read it, we'll keep the object around for the lifetime of enum_cache_timeout. This way, additional clients making enumeration requests can still access the results in-memory.
* Dead assignments cleanup in NSS responderJan Zeleny2010-09-081-5/+7
| | | | | | Various dead assignments were deleted, some return value inspections were added. Ticket: #588
generated by cgit (git 2.34.1) at 2024-05-10 07:13:27 +0000