summaryrefslogtreecommitdiffstats
path: root/src/responder/nss
Commit message (Collapse)AuthorAgeFilesLines
* Add utility functions for formatting fully-qualified namesJakub Hrozek2013-05-301-30/+19
| | | | | | Instead of using printf-like functions directly, provide two wrappers that would encapsulate formatting the fully-qualified names. No functional change is present in this patch.
* Fixing critical format string issues.Lukas Slebodnik2013-05-202-6/+11
| | | | | | --missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'
* Add SID related calls to the NSS responderSumit Bose2013-05-032-3/+795
| | | | | | | | | | The patch adds 4 new calls to the NSS responder: - SSS_NSS_GETSIDBYNAME - SSS_NSS_GETSIDBYID - SSS_NSS_GETNAMEBYSID - SSS_NSS_GETIDBYSID to either return the SIDs of the requested object or map the SID to the name or the POSIX ID of the related object.
* Add idmap context to nss contextSumit Bose2013-05-022-0/+22
| | | | | This allows the nss responder to use libsss_idmap to convert between different SID representations.
* Remove unused TALLOC_CTX from responder_get_domain()Sumit Bose2013-05-023-4/+4
| | | | | | Recent refactoring removed the need to copy the domain info data of sub-domains because the related objects will not be removed from memory anymore.
* DB: Switch to new libini_config APIOndrej Kos2013-04-262-2/+1
| | | | | | | https://fedorahosted.org/sssd/ticket/1786 Since we need to support the old interface as well, the configure scritp is modified and correct ini interface is chosen.
* Refactoring: remove duplicated code in nss responderSumit Bose2013-04-212-622/+240
| | | | | Different user and group lookup requests used nearly identical code, this patch unifies some of the related code paths.
* Inform about function duplication.Michal Zidek2013-04-171-0/+3
| | | | | | | | | | | | | | | sss_mc_set_recycled is a static function, that should not be used outside nsssrv_mmap_cache.c. The sss_cache tool is an exception, because in the case when sssd is not running, sss_cache must invalidate the memory cache file. That is why sss_mc_set_recycled was copied to the tools_mc_util.c (as helper function for sss_memcache_invalidate function). It was duplicated to allow this function to remain static (and invisible to any .h files), so that it is not used anywhere else. Wrong usage of this function might cause race conditions and corrupt the cache. I'll add comments about the duplication to the code.
* Allow using flatname for subdomain home dir templateJakub Hrozek2013-04-101-4/+6
| | | | https://fedorahosted.org/sssd/ticket/1609
* change responder contexts hierarchyPavel Březina2013-03-201-15/+20
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1575 The hierarchy is now: main_ctx -> responder_ctx -> specific_ctx where specific_ctx is one of sudo, pam, etc.
* do not leak memory on failure in *_process_init()Pavel Březina2013-03-201-7/+12
|
* Removing unused declaration of functions and variable.Lukas Slebodnik2013-03-191-1/+0
| | | | | | Variables dir_cc and file_cc are used in three modules: krb5_common.c, krb5_utils.c, krb5_child-test.c, therefore should be declared with extern in krb5_utils.h.
* Debug message in sss_mc_create_file.Michal Zidek2013-03-071-0/+5
| | | | | | This patch adds debug message for the case if sssd fails to open old mc file for some other reason than the file does not exist.
* File descriptor leak in nss responder.Michal Zidek2013-03-071-18/+43
| | | | | | | | | File descriptors leaked every time sss_mmap_cache_reinit was called and also the old memory cache was still maped in memory (munmap was not called). This patch adds destructor for memory cache context to call close() and munmap() automaticly. https://fedorahosted.org/sssd/ticket/1826
* Use the same dbg level for all ncache hits.Michal Zidek2013-03-041-18/+25
| | | | | | | | | We used different debug levels for messages informing about negative cache hits (old levels 2,3,4). Now it is only SSSDBG_TRACE_FUNC (same level is used in nsssrv_services.c and proposed in the ticket bellow). https://fedorahosted.org/sssd/ticket/1771
* Remove unused functionsJakub Hrozek2013-03-042-18/+0
|
* Lower the DEBUG level if an entry cannot be deleted from memcacheJakub Hrozek2013-02-141-3/+3
|
* Introduce IS_SUBDOMAIN() macroSimo Sorce2013-02-101-3/+3
| | | | Fixes https://fedorahosted.org/sssd/ticket/1766
* Add function get_next_domain()Simo Sorce2013-02-103-75/+55
| | | | | | | Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
* NSS: Add original homedir to home directory template optionsStephen Gallagher2013-02-101-5/+6
| | | | https://fedorahosted.org/sssd/ticket/1805
* Invalidate user entry even if there are no groupsJakub Hrozek2013-01-161-6/+1
| | | | | | | | | Related to https://fedorahosted.org/sssd/ticket/1757 Previously we would optimize the mc invalidate code for cases where the user was a member of some groups. But if the user was removed from the server while being in memory cache, we would only invalidate the mc record if he was a member of at least one supplementary group.
* NSS: invalidate memcache user entry on initgr, tooJakub Hrozek2013-01-161-0/+11
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1757 When the user entry was missing completely after initgroups, we would never invalidate the user entry from cache. This led to dangling cache entried in memory cache if the user was removed from the server while still being in memory cache.
* Add domain arguments to sysdb services functionsSimo Sorce2013-01-151-6/+6
| | | | also fix sysdb_svc_add declarations
* Add domain argument to sysdb_initgroups()Simo Sorce2013-01-151-2/+2
|
* Add domain option to sysdb_get/netgr/attrs() fnsSimo Sorce2013-01-151-1/+1
|
* Pass domain to sysdb_enum<pw/gr>ebt() functionsSimo Sorce2013-01-151-4/+4
|
* Pass domain to sysdb_get<pwu/grg><id() functionsSimo Sorce2013-01-151-2/+2
|
* Pass domain to sysdb_get<pw/gr>nam() functionsSimo Sorce2013-01-151-9/+5
| | | | | | Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not.
* memcache: add macro that validates record lengthPavel Březina2013-01-071-2/+1
|
* sss_userdel and sss_groupdel with use_fully_qualified_namesMichal Zidek2013-01-071-15/+50
| | | | | If use_fully_qualified_names is used, we need to pass fqdn to sss_mmap_cache_*_invalidate.
* mmap cache: invalidate cache on fatal errorSimo Sorce2012-12-203-10/+30
| | | | | | | | | | If a fatal EFAULT error is returned by the internal function that frees used memory invalidate the whole cache and reinit it. This way we avoid further corruption and insure clients see consistent data. Also insure we use the right context in init() and we use talloc_zfree() in reinit so that if the init() later fails we do not leave around a pointer to free memory in the callers.
* Carefully check records when forcibly invalidatingSimo Sorce2012-12-201-18/+101
| | | | | | | | | | | | We should never try to invalidate an already invalid record as internal pointers will not be consistent. Carefully test that the record really is valid when we are fishing for free space, and properly invalidate records or return a fatal error if something goes wrong. In order to make the code more robust always invalidate the whole data space on initialization by setting all bits to 1, and make sure to invalidate the whole last allocated slot by converting rec->len to the number of slots instead of just the space used.
* Update free table when records are invalidated.Simo Sorce2012-12-201-14/+23
| | | | | We were holding up slots when entries were invalidated directly an not through our primitive garbage collection scheme.
* nss_mc: Add extra checks when dereferencing recordsSimo Sorce2012-12-201-0/+12
| | | | | | | Although it should enver happen that we pass in an invalid hash it is always better to just not do anything than access memory ouf of the hash table. It can lead to segfaults, or worse referencing memory that should not be touched.
* sssd_nss: Plug memory leaksSimo Sorce2012-12-191-2/+11
| | | | | A recent patch introduced a glaring memory leak in the routines that clean up memcache memory on initgroups calls.
* RESPONDERS: Create a common file with service names and versionsJakub Hrozek2012-12-182-3/+1
| | | | | | | The monitor sends calls different sbus methods to different responders. Instead of including headers of the particular responders directly in monitor, which breaks layering a little, create a common header file that will be included from src/responder/common/
* Allow mmap calls to gracefully return absent ctxSimo Sorce2012-12-141-0/+25
| | | | | This is to allow to freely call mc functions even if initialization failed. They will now gracefully fail instead of segfaulting.
* sssd_nss: Remove entries from memory cache if not found in sysdbMichal Zidek2012-12-131-0/+23
| | | | | Functions nss_cmd_getXXnam remove entries from memory cache if not found in sysdb cache of a local domain.
* NSS: Fix the error handler in sss_mc_create_fileJakub Hrozek2012-12-111-10/+16
| | | | | | | https://fedorahosted.org/sssd/ticket/1704 The function is short enough so that we can simply stick with return and release resources before returning as appropriate.
* Hook for mmap cache update on initgroup callsSimo Sorce2012-12-053-0/+147
| | | | | This set of functions enumerate the user's groups and invalidate them all if the list does not matches what we get from the caller.
* Hook to perform a mmap cache update from sssd_nssSimo Sorce2012-12-053-0/+118
| | | | | This set of functions enumerate each user/group from all domains and invalidate any mmap cache record that matches.
* mmap cache: public functions to invalidate recordsSimo Sorce2012-12-052-0/+135
| | | | | | These functions can be called from the nss responder to invalidate records that have ceased to exist or that need to be refreshed the first time an application needs them.
* NSS: Fix netgroup midpoint cache refreshJakub Hrozek2012-12-042-2/+2
| | | | | | | | https://fedorahosted.org/sssd/ticket/1683 The result of the percent calculation was always 0 as it used plain ints. The patch switches to using explicit floats to avoid reintroducing the bug again even with brackets.
* Refactor the way subdomain accounts are savedSimo Sorce2012-11-191-3/+7
| | | | | | | | | | | | | | | | | The original sysdb code had a strong assumption that only users from one domain are saved in the databse, with the subdomain feature, we have changed reality, but have not adjusted all the code arund the sysdb calls to not rely on the original assumption. One of the side effects of this incongrunece is that currently group memberships do not return fully qualified names for subdomain users as they should. In oreder to fix this and other potential issues surrounding the violation of the original assumption, we need to fully qualify subdomain user names. By savin them fully qualified we do not risk aliasing local users and have group memberhips or other name based matching code mistake a domain user with subdomain usr or vice versa.
* Add ignore_group_members option.Paul B. Henson2012-11-151-16/+19
| | | | https://fedorahosted.org/sssd/ticket/1376
* Add helpers to set common mc record fieldsSimo Sorce2012-11-101-16/+26
| | | | | Les copy/paste and chance of errors when setting basic record fields that are shared among all object types.
* sss_cache: Remove fastcache even if sssd is not running.Michal Zidek2012-11-061-3/+23
| | | | https://fedorahosted.org/sssd/ticket/1584
* Include talloc log in our debug facilityMichal Zidek2012-10-291-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1495
* Fix two errors in the nss responderSumit Bose2012-10-231-1/+3
| | | | | | | | | One is a copy-and-paste error which was introduce by 1774ee9a61b9d691dadd1a0538f32bcdcc84f72f. The second fixes a missing explicit setting of the return value. In the case where we want fully qualified names ret contains the number of characters from the last snprintf() which is almost ever not 0.
* Allow setting the default_shell option per-domain as wellJakub Hrozek2012-10-181-1/+3
| | | | https://fedorahosted.org/sssd/ticket/1583
generated by cgit (git 2.34.1) at 2024-05-30 05:51:44 +0000