summaryrefslogtreecommitdiffstats
path: root/src/responder/nss
Commit message (Collapse)AuthorAgeFilesLines
* mmap_cache: Use sss_atomic_write_s instead of write.Michal Zidek2013-08-221-2/+11
| | | | | | | | Use sss_atomic_write_s() instead of write() in sss_mc_save_corrupted(). Also unlink() the file if no data were written. It is better to use sss_atomic_write_s instead of write
* mmap_cache: Store corrupted mmap cache before resetMichal Zidek2013-08-191-0/+66
| | | | | This patch adds function to store corrupted mmap cache file to disk for further analysis.
* mmap_cache: Use better checks for corrupted mc in responderMichal Zidek2013-08-191-3/+53
| | | | | We introduced new way to check integrity of memcache in the client code. We should use similiar checks in the responder.
* mmap_cache: Off by one error.Michal Zidek2013-08-191-6/+6
| | | | | Removes off by one error when using macro MC_SIZE_TO_SLOTS and adds new macro MC_SLOT_WITHIN_BOUNDS.
* fill_initgr: add original primary GID if availableSumit Bose2013-08-191-0/+27
| | | | | | | | | | | | | In some cases when MPG domains are used the information about the original primary group of a user cannot be determined by looking at the explicit group memberships. In those cases the GID related to the original primary group is stored in a special attribute of the user object. This patch adds the GID of the original primary group when available and needed. Fixes https://fedorahosted.org/sssd/ticket/2027
* mmap_cache: Check if slot and name_ptr are not invalid.Michal Zidek2013-08-112-2/+54
| | | | | | | This patch prevents jumping outside of allocated memory in case of corrupted slot or name_ptr values. It is not proper solution, just hotfix until we find out what is the root cause of ticket https://fedorahosted.org/sssd/ticket/2018
* NSS: Clear cached netgroups if a request comes in from the sss_cacheLukas Slebodnik2013-08-083-0/+54
| | | | | | | In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759
* NSS: allow removing entries from netgroup hash tableLukas Slebodnik2013-08-083-1/+32
| | | | | | | | | There is a timed desctructor in the nss responder that, when the entry timeout passes, removes the netgroup from the hash table while the netgroup is freed. This patch adds a hash delete callback so that if the netgroup is removed from the hash table with hash_delete, its hash table pointer will be invalidated. Later, when the entry is being freed, the destructor won't attempt to remove it from the hash table.
* Fix netgroup lookup when using fully qualified namePavel Březina2013-07-311-2/+2
|
* Netgroups should ignore the 'use_fully_qualified_names' settingStephen Gallagher2013-07-291-8/+6
| | | | | | | | | | | Netgroups often have memberNisNetgroup entries included in them that will never process correctly if we require fully-qualified names on the nested lookup. This patch alters the behavior of netgroup lookups to check *all* domains for an unqualified netgroup name, instead of only the ones not requiring fully- qualified names. https://fedorahosted.org/sssd/ticket/2013
* remove unused variablePavel Březina2013-07-161-4/+0
|
* Remove unused function parameterLukas Slebodnik2013-07-161-3/+1
|
* Do not call sss_cmd_done in function check_cache.Lukas Slebodnik2013-06-271-6/+0
| | | | | | | | Function sysdb_getpwnam return more results than 1 and therefore sss_cmd_done was called. Inside of function sss_cmd_done memory was freed, but this freed memory was used in caller functions, therefore sssd crashed. https://fedorahosted.org/sssd/ticket/1980
* Handle too many results from getnetgr.Lukas Slebodnik2013-06-271-1/+13
|
* Lookup domains at startupSumit Bose2013-06-041-0/+6
| | | | | | | | | | | | To make sure that e.g. the short/NetBIOS domain name is available this patch make sure that the responders send a get_domains request to their backends at startup the collect the domain information or read it from the cache if the backend is offline. For completeness I added this to all responders even if they do not need the information at the moment. Fixes https://fedorahosted.org/sssd/ticket/1951
* Remove branching to improve readabilityJakub Hrozek2013-05-301-23/+11
|
* Allow flat name in the FQname formatJakub Hrozek2013-05-301-3/+3
| | | | | | | https://fedorahosted.org/sssd/ticket/1648 Adds another expansion in the printf format that allows the user to use the domain flat name in the format.
* Add utility functions for formatting fully-qualified namesJakub Hrozek2013-05-301-30/+19
| | | | | | Instead of using printf-like functions directly, provide two wrappers that would encapsulate formatting the fully-qualified names. No functional change is present in this patch.
* Fixing critical format string issues.Lukas Slebodnik2013-05-202-6/+11
| | | | | | --missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'
* Add SID related calls to the NSS responderSumit Bose2013-05-032-3/+795
| | | | | | | | | | The patch adds 4 new calls to the NSS responder: - SSS_NSS_GETSIDBYNAME - SSS_NSS_GETSIDBYID - SSS_NSS_GETNAMEBYSID - SSS_NSS_GETIDBYSID to either return the SIDs of the requested object or map the SID to the name or the POSIX ID of the related object.
* Add idmap context to nss contextSumit Bose2013-05-022-0/+22
| | | | | This allows the nss responder to use libsss_idmap to convert between different SID representations.
* Remove unused TALLOC_CTX from responder_get_domain()Sumit Bose2013-05-023-4/+4
| | | | | | Recent refactoring removed the need to copy the domain info data of sub-domains because the related objects will not be removed from memory anymore.
* DB: Switch to new libini_config APIOndrej Kos2013-04-262-2/+1
| | | | | | | https://fedorahosted.org/sssd/ticket/1786 Since we need to support the old interface as well, the configure scritp is modified and correct ini interface is chosen.
* Refactoring: remove duplicated code in nss responderSumit Bose2013-04-212-622/+240
| | | | | Different user and group lookup requests used nearly identical code, this patch unifies some of the related code paths.
* Inform about function duplication.Michal Zidek2013-04-171-0/+3
| | | | | | | | | | | | | | | sss_mc_set_recycled is a static function, that should not be used outside nsssrv_mmap_cache.c. The sss_cache tool is an exception, because in the case when sssd is not running, sss_cache must invalidate the memory cache file. That is why sss_mc_set_recycled was copied to the tools_mc_util.c (as helper function for sss_memcache_invalidate function). It was duplicated to allow this function to remain static (and invisible to any .h files), so that it is not used anywhere else. Wrong usage of this function might cause race conditions and corrupt the cache. I'll add comments about the duplication to the code.
* Allow using flatname for subdomain home dir templateJakub Hrozek2013-04-101-4/+6
| | | | https://fedorahosted.org/sssd/ticket/1609
* change responder contexts hierarchyPavel Březina2013-03-201-15/+20
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1575 The hierarchy is now: main_ctx -> responder_ctx -> specific_ctx where specific_ctx is one of sudo, pam, etc.
* do not leak memory on failure in *_process_init()Pavel Březina2013-03-201-7/+12
|
* Removing unused declaration of functions and variable.Lukas Slebodnik2013-03-191-1/+0
| | | | | | Variables dir_cc and file_cc are used in three modules: krb5_common.c, krb5_utils.c, krb5_child-test.c, therefore should be declared with extern in krb5_utils.h.
* Debug message in sss_mc_create_file.Michal Zidek2013-03-071-0/+5
| | | | | | This patch adds debug message for the case if sssd fails to open old mc file for some other reason than the file does not exist.
* File descriptor leak in nss responder.Michal Zidek2013-03-071-18/+43
| | | | | | | | | File descriptors leaked every time sss_mmap_cache_reinit was called and also the old memory cache was still maped in memory (munmap was not called). This patch adds destructor for memory cache context to call close() and munmap() automaticly. https://fedorahosted.org/sssd/ticket/1826
* Use the same dbg level for all ncache hits.Michal Zidek2013-03-041-18/+25
| | | | | | | | | We used different debug levels for messages informing about negative cache hits (old levels 2,3,4). Now it is only SSSDBG_TRACE_FUNC (same level is used in nsssrv_services.c and proposed in the ticket bellow). https://fedorahosted.org/sssd/ticket/1771
* Remove unused functionsJakub Hrozek2013-03-042-18/+0
|
* Lower the DEBUG level if an entry cannot be deleted from memcacheJakub Hrozek2013-02-141-3/+3
|
* Introduce IS_SUBDOMAIN() macroSimo Sorce2013-02-101-3/+3
| | | | Fixes https://fedorahosted.org/sssd/ticket/1766
* Add function get_next_domain()Simo Sorce2013-02-103-75/+55
| | | | | | | Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
* NSS: Add original homedir to home directory template optionsStephen Gallagher2013-02-101-5/+6
| | | | https://fedorahosted.org/sssd/ticket/1805
* Invalidate user entry even if there are no groupsJakub Hrozek2013-01-161-6/+1
| | | | | | | | | Related to https://fedorahosted.org/sssd/ticket/1757 Previously we would optimize the mc invalidate code for cases where the user was a member of some groups. But if the user was removed from the server while being in memory cache, we would only invalidate the mc record if he was a member of at least one supplementary group.
* NSS: invalidate memcache user entry on initgr, tooJakub Hrozek2013-01-161-0/+11
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1757 When the user entry was missing completely after initgroups, we would never invalidate the user entry from cache. This led to dangling cache entried in memory cache if the user was removed from the server while still being in memory cache.
* Add domain arguments to sysdb services functionsSimo Sorce2013-01-151-6/+6
| | | | also fix sysdb_svc_add declarations
* Add domain argument to sysdb_initgroups()Simo Sorce2013-01-151-2/+2
|
* Add domain option to sysdb_get/netgr/attrs() fnsSimo Sorce2013-01-151-1/+1
|
* Pass domain to sysdb_enum<pw/gr>ebt() functionsSimo Sorce2013-01-151-4/+4
|
* Pass domain to sysdb_get<pwu/grg><id() functionsSimo Sorce2013-01-151-2/+2
|
* Pass domain to sysdb_get<pw/gr>nam() functionsSimo Sorce2013-01-151-9/+5
| | | | | | Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not.
* memcache: add macro that validates record lengthPavel Březina2013-01-071-2/+1
|
* sss_userdel and sss_groupdel with use_fully_qualified_namesMichal Zidek2013-01-071-15/+50
| | | | | If use_fully_qualified_names is used, we need to pass fqdn to sss_mmap_cache_*_invalidate.
* mmap cache: invalidate cache on fatal errorSimo Sorce2012-12-203-10/+30
| | | | | | | | | | If a fatal EFAULT error is returned by the internal function that frees used memory invalidate the whole cache and reinit it. This way we avoid further corruption and insure clients see consistent data. Also insure we use the right context in init() and we use talloc_zfree() in reinit so that if the init() later fails we do not leave around a pointer to free memory in the callers.
* Carefully check records when forcibly invalidatingSimo Sorce2012-12-201-18/+101
| | | | | | | | | | | | We should never try to invalidate an already invalid record as internal pointers will not be consistent. Carefully test that the record really is valid when we are fishing for free space, and properly invalidate records or return a fatal error if something goes wrong. In order to make the code more robust always invalidate the whole data space on initialization by setting all bits to 1, and make sure to invalidate the whole last allocated slot by converting rec->len to the number of slots instead of just the space used.
* Update free table when records are invalidated.Simo Sorce2012-12-201-14/+23
| | | | | We were holding up slots when entries were invalidated directly an not through our primitive garbage collection scheme.
generated by cgit (git 2.34.1) at 2024-05-27 21:22:44 +0000