summaryrefslogtreecommitdiffstats
path: root/src/responder/nss
Commit message (Collapse)AuthorAgeFilesLines
* File descriptor leak in nss responder.sssd-1.9.2-112.el6Michal Zidek2013-08-091-18/+43
| | | | | | | | | File descriptors leaked every time sss_mmap_cache_reinit was called and also the old memory cache was still maped in memory (munmap was not called). This patch adds destructor for memory cache context to call close() and munmap() automaticly. https://fedorahosted.org/sssd/ticket/1826
* Debug message in sss_mc_create_file.Michal Zidek2013-08-091-0/+5
| | | | | | This patch adds debug message for the case if sssd fails to open old mc file for some other reason than the file does not exist.
* Do not call sss_cmd_done in function check_cache.sssd-1.9.2-105.el6Lukas Slebodnik2013-08-081-6/+0
| | | | | | | | Function sysdb_getpwnam return more results than 1 and therefore sss_cmd_done was called. Inside of function sss_cmd_done memory was freed, but this freed memory was used in caller functions, therefore sssd crashed. https://fedorahosted.org/sssd/ticket/1980
* Handle too many results from getnetgr.Lukas Slebodnik2013-08-081-1/+13
|
* Add ignore_group_members option.sssd-1.9.2-102.el6Paul B. Henson2013-08-081-16/+19
| | | | https://fedorahosted.org/sssd/ticket/1376
* NSS: Add original homedir to home directory template optionssssd-1.9.2-101.el6Stephen Gallagher2013-08-081-5/+6
| | | | https://fedorahosted.org/sssd/ticket/1805
* NSS: Clear cached netgroups if a request comes in from the sss_cachesssd-1.9.2-97.el6Lukas Slebodnik2013-08-083-0/+54
| | | | | | | In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759
* NSS: allow removing entries from netgroup hash tableLukas Slebodnik2013-08-083-1/+32
| | | | | | | | | There is a timed desctructor in the nss responder that, when the entry timeout passes, removes the netgroup from the hash table while the netgroup is freed. This patch adds a hash delete callback so that if the netgroup is removed from the hash table with hash_delete, its hash table pointer will be invalidated. Later, when the entry is being freed, the destructor won't attempt to remove it from the hash table.
* Invalidate user entry even if there are no groupsJakub Hrozek2013-01-161-6/+1
| | | | | | | | | Related to https://fedorahosted.org/sssd/ticket/1757 Previously we would optimize the mc invalidate code for cases where the user was a member of some groups. But if the user was removed from the server while being in memory cache, we would only invalidate the mc record if he was a member of at least one supplementary group.
* NSS: invalidate memcache user entry on initgr, tooJakub Hrozek2013-01-161-0/+11
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1757 When the user entry was missing completely after initgroups, we would never invalidate the user entry from cache. This led to dangling cache entried in memory cache if the user was removed from the server while still being in memory cache.
* sss_userdel and sss_groupdel with use_fully_qualified_namesMichal Zidek2013-01-071-15/+50
| | | | | If use_fully_qualified_names is used, we need to pass fqdn to sss_mmap_cache_*_invalidate.
* mmap cache: invalidate cache on fatal errorSimo Sorce2012-12-203-10/+30
| | | | | | | | | | If a fatal EFAULT error is returned by the internal function that frees used memory invalidate the whole cache and reinit it. This way we avoid further corruption and insure clients see consistent data. Also insure we use the right context in init() and we use talloc_zfree() in reinit so that if the init() later fails we do not leave around a pointer to free memory in the callers.
* Carefully check records when forcibly invalidatingSimo Sorce2012-12-201-18/+101
| | | | | | | | | | | | We should never try to invalidate an already invalid record as internal pointers will not be consistent. Carefully test that the record really is valid when we are fishing for free space, and properly invalidate records or return a fatal error if something goes wrong. In order to make the code more robust always invalidate the whole data space on initialization by setting all bits to 1, and make sure to invalidate the whole last allocated slot by converting rec->len to the number of slots instead of just the space used.
* Update free table when records are invalidated.Simo Sorce2012-12-201-14/+23
| | | | | We were holding up slots when entries were invalidated directly an not through our primitive garbage collection scheme.
* nss_mc: Add extra checks when dereferencing recordsSimo Sorce2012-12-201-0/+12
| | | | | | | Although it should enver happen that we pass in an invalid hash it is always better to just not do anything than access memory ouf of the hash table. It can lead to segfaults, or worse referencing memory that should not be touched.
* sssd_nss: Plug memory leaks1.9.2-55Simo Sorce2012-12-201-2/+11
| | | | | A recent patch introduced a glaring memory leak in the routines that clean up memcache memory on initgroups calls.
* RESPONDERS: Create a common file with service names and versionsJakub Hrozek2012-12-182-3/+1
| | | | | | | The monitor sends calls different sbus methods to different responders. Instead of including headers of the particular responders directly in monitor, which breaks layering a little, create a common header file that will be included from src/responder/common/
* sssd_nss: Remove entries from memory cache if not found in sysdbMichal Zidek2012-12-141-0/+23
| | | | | Functions nss_cmd_getXXnam remove entries from memory cache if not found in sysdb cache of a local domain.
* NSS: Fix the error handler in sss_mc_create_fileJakub Hrozek2012-12-141-10/+16
| | | | | | | https://fedorahosted.org/sssd/ticket/1704 The function is short enough so that we can simply stick with return and release resources before returning as appropriate.
* NSS: Fix netgroup midpoint cache refresh1.9.2-35Jakub Hrozek2012-12-072-2/+2
| | | | | | | | https://fedorahosted.org/sssd/ticket/1683 The result of the percent calculation was always 0 as it used plain ints. The patch switches to using explicit floats to avoid reintroducing the bug again even with brackets.
* Hook for mmap cache update on initgroup callsSimo Sorce2012-12-063-0/+147
| | | | | This set of functions enumerate the user's groups and invalidate them all if the list does not matches what we get from the caller.
* Hook to perform a mmap cache update from sssd_nssSimo Sorce2012-12-063-0/+118
| | | | | This set of functions enumerate each user/group from all domains and invalidate any mmap cache record that matches.
* mmap cache: public functions to invalidate recordsSimo Sorce2012-12-062-0/+135
| | | | | | These functions can be called from the nss responder to invalidate records that have ceased to exist or that need to be refreshed the first time an application needs them.
* Refactor the way subdomain accounts are savedSimo Sorce2012-11-191-3/+7
| | | | | | | | | | | | | | | | | The original sysdb code had a strong assumption that only users from one domain are saved in the databse, with the subdomain feature, we have changed reality, but have not adjusted all the code arund the sysdb calls to not rely on the original assumption. One of the side effects of this incongrunece is that currently group memberships do not return fully qualified names for subdomain users as they should. In oreder to fix this and other potential issues surrounding the violation of the original assumption, we need to fully qualify subdomain user names. By savin them fully qualified we do not risk aliasing local users and have group memberhips or other name based matching code mistake a domain user with subdomain usr or vice versa.
* sss_cache: Remove fastcache even if sssd is not running.Michal Zidek2012-11-061-3/+23
| | | | https://fedorahosted.org/sssd/ticket/1584
* Fix two errors in the nss responderSumit Bose2012-11-051-1/+3
| | | | | | | | | One is a copy-and-paste error which was introduce by 1774ee9a61b9d691dadd1a0538f32bcdcc84f72f. The second fixes a missing explicit setting of the return value. In the case where we want fully qualified names ret contains the number of characters from the last snprintf() which is almost ever not 0.
* Check for subdomains if getpwuid or getgrgid are the first requestsSumit Bose2012-10-121-0/+72
| | | | Fixes https://fedorahosted.org/sssd/ticket/1561
* nss_cmd_retpwent(): do not go into infinite loop if n < 0Pavel Březina2012-10-111-0/+8
| | | | https://fedorahosted.org/sssd/ticket/1551
* Fix typosYuri Chornoivan2012-10-091-1/+1
|
* Fix few coding style issuesPavel Březina2012-10-021-1/+1
|
* Add new option default_domain_suffixSumit Bose2012-10-013-8/+18
|
* sss_cache tool invalidates records in memory cache.Michal Zidek2012-09-243-2/+126
|
* NSS: Fix off-by-one error in parse_getservbynameJakub Hrozek2012-09-131-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1438
* NSS: Add override_shell optionStephen Gallagher2012-07-203-2/+18
| | | | | | | | | If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
* Fix uninitialized valuesNick Guay2012-07-181-3/+3
| | | | https://fedorahosted.org/sssd/ticket/1379
* Add newline to DEBUG messagesJakub Hrozek2012-07-121-2/+2
|
* Fix re_expression matching with subdomainsJan Zeleny2012-06-212-37/+99
| | | | | | | | | | | This patch fixes an issue which resulted in a need to initialize responder with data from local domain, otherwise it would not correctly detect requests for subdomains. Similar situation can occur if new subdomain is added at runtime. The solution is to ask for a list of subdomains in case there is a candidate domain identified in the process of matching re_expressions with given name.
* Move some debug lines to new debug log levelsStef Walter2012-06-201-1/+1
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* Make re_expression and full_name_format per domain optionsStef Walter2012-06-124-20/+21
| | | | | | | | | | | * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
* Allow fast memcache timeout to be configurableJan Zeleny2012-06-103-5/+15
| | | | https://fedorahosted.org/sssd/ticket/1318
* Ghost members - various small changesJan Zeleny2012-05-311-1/+1
|
* Ghost members - NSS responder changesJan Zeleny2012-05-311-89/+147
| | | | | | | | | Since there are two attributes storing information about user memberships of the group we have to include both of them in results. This will apply only for objects that have ghost members (i.e. they contain the SYSDB_GHOST attribute). If an object has this attribute, values of this attribute are not projected to the memberuid attribute.
* NSS: Restore original protocol for getservbyportStephen Gallagher2012-05-251-1/+1
| | | | When fixing an endianness bug, we changed the protocol unnecessarily.
* Send 16bit protocol numbers from the sss_clientJakub Hrozek2012-05-251-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1348
* NSS: Fix segfault when mmap cache cannot be initializedStephen Gallagher2012-05-241-2/+2
|
* NSS: Expire in-memory netgroup cache before the nowait timeoutStephen Gallagher2012-05-161-1/+9
| | | | | | | | The fact that we were keeping it in memory for the full duration of the cache timeout meant that we would never reap the benefits of the midpoint cache refresh. https://fedorahosted.org/sssd/ticket/1340
* Use sized_string correctly in FQDN domainsJakub Hrozek2012-05-151-2/+2
|
* NSS: keep a pointer to body after body is reallocatedJakub Hrozek2012-05-151-0/+3
|
* Send the correct enumeration requestJakub Hrozek2012-05-101-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1329
* NSS: Add default_shell optionStephen Gallagher2012-05-093-1/+15
| | | | | | | This option will allow administrators to set a default shell to be used if a user does not have one set in the identity provider. https://fedorahosted.org/sssd/ticket/1289
generated by cgit (git 2.34.1) at 2024-05-11 05:02:49 +0000