summaryrefslogtreecommitdiffstats
path: root/src/responder
Commit message (Collapse)AuthorAgeFilesLines
...
* Update main domain info in placeSimo Sorce2013-02-101-21/+4
|
* Avoid sysdb_subdom in sysdb_get_subdomains()Simo Sorce2013-02-101-30/+7
|
* Add realm info to sss_domain_infoSimo Sorce2013-02-101-0/+1
|
* NSS: Add original homedir to home directory template optionsStephen Gallagher2013-02-102-6/+7
| | | | https://fedorahosted.org/sssd/ticket/1805
* Check that strings do not go beyond the end of the packet body in autofs and ↵Jan Cholasta2013-01-232-7/+7
| | | | | | | | SSH requests. This fixes CVE-2013-0220. https://fedorahosted.org/sssd/ticket/1781
* sudo responder: change num_rules type from size_t to uint32_tPavel Březina2013-01-225-20/+20
| | | | | | | | https://fedorahosted.org/sssd/ticket/1779 2^32 should be enough to store sudo rules. size_t type was causing troubles on big endian architectures, because it wasn't used correctly in combination with D-Bus.
* Invalidate user entry even if there are no groupsJakub Hrozek2013-01-161-6/+1
| | | | | | | | | Related to https://fedorahosted.org/sssd/ticket/1757 Previously we would optimize the mc invalidate code for cases where the user was a member of some groups. But if the user was removed from the server while being in memory cache, we would only invalidate the mc record if he was a member of at least one supplementary group.
* NSS: invalidate memcache user entry on initgr, tooJakub Hrozek2013-01-161-0/+11
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1757 When the user entry was missing completely after initgroups, we would never invalidate the user entry from cache. This led to dangling cache entried in memory cache if the user was removed from the server while still being in memory cache.
* Add domain to some subdomain functionsSimo Sorce2013-01-151-1/+2
|
* Add domain arguments to sysdb sudo functionsSimo Sorce2013-01-151-4/+5
|
* Add domain arguments to sysdb ssh functionsSimo Sorce2013-01-151-3/+4
|
* Add domain arguments to sysdb services functionsSimo Sorce2013-01-151-6/+6
| | | | also fix sysdb_svc_add declarations
* Add domain argument to sysdb selinux functionsSimo Sorce2013-01-151-2/+4
|
* Add domain argument to sysdb autofs functionsSimo Sorce2013-01-151-2/+2
|
* Add domain argument to sysdb_delete_user()Simo Sorce2013-01-151-1/+1
| | | | Also remove sysdb_delete_domuser()
* Add domain argument to sysdb_search_custom()Simo Sorce2013-01-151-3/+7
| | | | Also changes sysdb_search_custom_by_name()
* Add domain argument to sysdb_cache_auth()Simo Sorce2013-01-151-1/+1
|
* Add domain argument to sysdb_store_user()Simo Sorce2013-01-151-1/+1
| | | | Also remove sysdb_store_domuser()
* Add domain argument to sysdb_set_user_attr()Simo Sorce2013-01-152-12/+10
|
* Add domain to sysdb_search_group_by_gid()Simo Sorce2013-01-151-1/+1
| | | | Also remove unused sysdb_search_domgroup_by_gid()
* Add domain to sysdb_search_user_by_uid()Simo Sorce2013-01-151-1/+2
| | | | Also remove unused sysdb_search_domuser_by_uid()
* Add domain argument to sysdb_get_user_attr()Simo Sorce2013-01-152-3/+3
|
* Add domain argument to sysdb_initgroups()Simo Sorce2013-01-152-3/+4
|
* Add domain option to sysdb_get/netgr/attrs() fnsSimo Sorce2013-01-151-1/+1
|
* Pass domain to sysdb_enum<pw/gr>ebt() functionsSimo Sorce2013-01-151-4/+4
|
* Pass domain to sysdb_get<pwu/grg><id() functionsSimo Sorce2013-01-151-2/+2
|
* Pass domain to sysdb_get<pw/gr>nam() functionsSimo Sorce2013-01-153-13/+7
| | | | | | Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not.
* Make sysdb_domain_dn() require a domain.Simo Sorce2013-01-151-1/+1
|
* Make sysdb_user_dn() require a domain explictly.Simo Sorce2013-01-151-1/+1
|
* Refactor sysdb initializationSimo Sorce2013-01-152-2/+1
| | | | | | | | | | | | Change the way sysdbs are initialized. Make callers responsible for providing the list of domains. Remove the returned array of sysdb contexts, it was used only by sss_cache and not really necessary there either as that tool can easily iterate the domains. Make sysdb ctx children of their respective domains. Neither sysdb context nor domains are ever freed until a program is done so there shouldn't be any memory hierarchy issue. As plus we simplify the code by removing a destructor and a setter function.
* Change pam data auth tokens.Simo Sorce2013-01-102-94/+94
| | | | Use the new authtok abstraction and interfaces throught the code.
* Code can only check for cached passwordsSimo Sorce2013-01-101-15/+24
| | | | | Make it clear to the API users that we can not take arbitrary auth tokens. We can only take a password for now so simplify and clarify the interface.
* Refactor gid handling in the PAC responderSumit Bose2013-01-083-84/+202
| | | | | | Instead of using a single array of gid-domain_pointer pairs, Simo suggested to use a gid array for each domain an store it with a pointer to the domain.
* PAC responder: check if existing user differsSumit Bose2013-01-083-13/+64
| | | | | | If some of the Posix attributes of an user existing in the cache differ from the data given in the current PAC the old user entry is drop and a new one is created with the data from the PAC.
* Use hash table to collect GIDs from PAC to avoid dupsSumit Bose2013-01-081-18/+86
| | | | | | | To avoid duplicated entries in the group list all gids are added to a hash table first. Fixes: https://fedorahosted.org/sssd/ticket/1672
* Read remote groups from PACSumit Bose2013-01-081-3/+52
| | | | | | | Read the group membership of the remote domain the user belongs to from the PAC and add them to the cache. Fixes: https://fedorahosted.org/sssd/ticket/1666
* Remote groups do not have an original DN attributeSumit Bose2013-01-081-40/+34
| | | | | | | Groups from subdomains will not have an attribute holding the original DN because in general it will not be available. This attribute is only used by IPA HABC to improve performance and remote groups cannot be used for access control.
* Save domain and GID for groups from the configured domainSumit Bose2013-01-083-17/+47
| | | | | | | | | | Currently users from subdomains can only be members of groups from the configured domain and to access those groups a pointer to the domain struct of the configured domain is used. This patch sets the dom_grp member of struct pac_grp to point to the domain struct of the configured for groups from this domain. This is a first step to allow group membership for groups from subdomains as well. For those groups a pointer to the related subdomain structure will be saved.
* Always get user data from PACSumit Bose2013-01-081-7/+7
| | | | | | | Currently some user specific data from the PAC is only read when the user is not already in the cache. Since some of this information is needed later on, e.g. the domain SID the user belongs to, with this patch the data is read always from the PAC.
* Update domain ID for local domain as wellSumit Bose2013-01-081-2/+14
| | | | | | | Currently only the flat name of the configured domain is updated if it is not already set. This patch updates the domain ID as well. This is typically the case when trust support is enabled on the server side while sssd is running.
* Add find_domain_by_id()Sumit Bose2013-01-082-0/+42
| | | | | | | Currently domains can only be searched by name in the global domain list. To make it easier to find the domain for a given SID find_domain_by_id() which returns a pointer to the domain or subdomain entry in the global domain list if a matching id was found.
* Use struct pac_grp instead of gid_t for groups from PACSumit Bose2013-01-083-18/+25
| | | | | To be able to handle groupmemberships from other domains more data than just the gid must be kept for groups given in the PAC.
* memcache: add macro that validates record lengthPavel Březina2013-01-071-2/+1
|
* sss_userdel and sss_groupdel with use_fully_qualified_namesMichal Zidek2013-01-071-15/+50
| | | | | If use_fully_qualified_names is used, we need to pass fqdn to sss_mmap_cache_*_invalidate.
* failover: Protect against empty host namesMichal Zidek2013-01-021-1/+2
| | | | | | | | | | Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
* mmap cache: invalidate cache on fatal errorSimo Sorce2012-12-203-10/+30
| | | | | | | | | | If a fatal EFAULT error is returned by the internal function that frees used memory invalidate the whole cache and reinit it. This way we avoid further corruption and insure clients see consistent data. Also insure we use the right context in init() and we use talloc_zfree() in reinit so that if the init() later fails we do not leave around a pointer to free memory in the callers.
* Carefully check records when forcibly invalidatingSimo Sorce2012-12-201-18/+101
| | | | | | | | | | | | We should never try to invalidate an already invalid record as internal pointers will not be consistent. Carefully test that the record really is valid when we are fishing for free space, and properly invalidate records or return a fatal error if something goes wrong. In order to make the code more robust always invalidate the whole data space on initialization by setting all bits to 1, and make sure to invalidate the whole last allocated slot by converting rec->len to the number of slots instead of just the space used.
* Update free table when records are invalidated.Simo Sorce2012-12-201-14/+23
| | | | | We were holding up slots when entries were invalidated directly an not through our primitive garbage collection scheme.
* nss_mc: Add extra checks when dereferencing recordsSimo Sorce2012-12-201-0/+12
| | | | | | | Although it should enver happen that we pass in an invalid hash it is always better to just not do anything than access memory ouf of the hash table. It can lead to segfaults, or worse referencing memory that should not be touched.
* sssd_nss: Plug memory leaksSimo Sorce2012-12-191-2/+11
| | | | | A recent patch introduced a glaring memory leak in the routines that clean up memcache memory on initgroups calls.
generated by cgit (git 2.34.1) at 2024-05-27 20:30:35 +0000