summaryrefslogtreecommitdiffstats
path: root/src/responder
Commit message (Collapse)AuthorAgeFilesLines
* coding style fixPavel Březina2013-03-201-1/+1
|
* change responder contexts hierarchyPavel Březina2013-03-206-65/+94
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1575 The hierarchy is now: main_ctx -> responder_ctx -> specific_ctx where specific_ctx is one of sudo, pam, etc.
* do not leak memory on failure in *_process_init()Pavel Březina2013-03-207-35/+62
|
* Move SELinux processing to provider.Michal Zidek2013-03-191-309/+0
| | | | | | | | | | | | The SELinux processing was distributed between provider and pam responder which resulted in hard to maintain code. This patch moves the logic to provider. IT ALSO REQUIRES CHANGE IN THE SELINUX POLICY, because the provider also writes the content of selinux login file to disk (which was done by responder before). https://fedorahosted.org/sssd/ticket/1743
* Removing unused declaration of functions and variable.Lukas Slebodnik2013-03-191-1/+0
| | | | | | Variables dir_cc and file_cc are used in three modules: krb5_common.c, krb5_utils.c, krb5_child-test.c, therefore should be declared with extern in krb5_utils.h.
* Move sss_cmd_execute from client to responder code.Jakub Hrozek2013-03-083-7/+15
| | | | | I think it logically belongs there and allows to better exercise the responder commands from unit tests.
* Debug message in sss_mc_create_file.Michal Zidek2013-03-071-0/+5
| | | | | | This patch adds debug message for the case if sssd fails to open old mc file for some other reason than the file does not exist.
* File descriptor leak in nss responder.Michal Zidek2013-03-071-18/+43
| | | | | | | | | File descriptors leaked every time sss_mmap_cache_reinit was called and also the old memory cache was still maped in memory (munmap was not called). This patch adds destructor for memory cache context to call close() and munmap() automaticly. https://fedorahosted.org/sssd/ticket/1826
* Removing unused parameter type from sudosrv_get_sudorules_query_cache()Lukas Slebodnik2013-03-071-6/+4
| | | | https://fedorahosted.org/sssd/ticket/1825
* Remove the alt_db_path parameter of sysdb_initMichal Zidek2013-03-051-1/+1
| | | | | | This parameter was never used. https://fedorahosted.org/sssd/ticket/1765
* Use the same dbg level for all ncache hits.Michal Zidek2013-03-042-21/+28
| | | | | | | | | We used different debug levels for messages informing about negative cache hits (old levels 2,3,4). Now it is only SSSDBG_TRACE_FUNC (same level is used in nsssrv_services.c and proposed in the ticket bellow). https://fedorahosted.org/sssd/ticket/1771
* Remove unused functionsJakub Hrozek2013-03-044-36/+0
|
* autofs: fix invalid header 'number of entries' in packetPavel Březina2013-03-011-1/+5
| | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1739 Pointer to packet body may change while filling packet with autofs mount points. As a consequence, we sometimes wrote the number of entries into invalid body and we recieved an arbitrary number on the client side. If the number was 0, there were some skipped entries. If the number was greater than 0, everything worked correctly, because we iterate through the cached entries until we reach packet length - we don't compare to the number.
* if selinux is disabled, ignore that selogin dir is missingPavel Březina2013-02-261-3/+15
| | | | https://fedorahosted.org/sssd/ticket/1817
* Fix uninitialized time_t var in responderOndrej Kos2013-02-211-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1810
* Lower the DEBUG level if an entry cannot be deleted from memcacheJakub Hrozek2013-02-141-3/+3
|
* Introduce IS_SUBDOMAIN() macroSimo Sorce2013-02-104-8/+8
| | | | Fixes https://fedorahosted.org/sssd/ticket/1766
* Parent and subdomains use the same sysdbSimo Sorce2013-02-102-71/+8
| | | | | | Remove code that tries to get the 'right' sysdb, as it is always going to get the same answer anyway since the recent patches to rework the domains/sysdb relationship.
* Change the way domains are linked.Simo Sorce2013-02-103-78/+32
| | | | | | | | | | | | | | | | | | | - Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()
* Add function get_next_domain()Simo Sorce2013-02-1011-101/+83
| | | | | | | Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
* Update main domain info in placeSimo Sorce2013-02-101-21/+4
|
* Avoid sysdb_subdom in sysdb_get_subdomains()Simo Sorce2013-02-101-30/+7
|
* Add realm info to sss_domain_infoSimo Sorce2013-02-101-0/+1
|
* NSS: Add original homedir to home directory template optionsStephen Gallagher2013-02-102-6/+7
| | | | https://fedorahosted.org/sssd/ticket/1805
* Check that strings do not go beyond the end of the packet body in autofs and ↵Jan Cholasta2013-01-232-7/+7
| | | | | | | | SSH requests. This fixes CVE-2013-0220. https://fedorahosted.org/sssd/ticket/1781
* sudo responder: change num_rules type from size_t to uint32_tPavel Březina2013-01-225-20/+20
| | | | | | | | https://fedorahosted.org/sssd/ticket/1779 2^32 should be enough to store sudo rules. size_t type was causing troubles on big endian architectures, because it wasn't used correctly in combination with D-Bus.
* Invalidate user entry even if there are no groupsJakub Hrozek2013-01-161-6/+1
| | | | | | | | | Related to https://fedorahosted.org/sssd/ticket/1757 Previously we would optimize the mc invalidate code for cases where the user was a member of some groups. But if the user was removed from the server while being in memory cache, we would only invalidate the mc record if he was a member of at least one supplementary group.
* NSS: invalidate memcache user entry on initgr, tooJakub Hrozek2013-01-161-0/+11
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1757 When the user entry was missing completely after initgroups, we would never invalidate the user entry from cache. This led to dangling cache entried in memory cache if the user was removed from the server while still being in memory cache.
* Add domain to some subdomain functionsSimo Sorce2013-01-151-1/+2
|
* Add domain arguments to sysdb sudo functionsSimo Sorce2013-01-151-4/+5
|
* Add domain arguments to sysdb ssh functionsSimo Sorce2013-01-151-3/+4
|
* Add domain arguments to sysdb services functionsSimo Sorce2013-01-151-6/+6
| | | | also fix sysdb_svc_add declarations
* Add domain argument to sysdb selinux functionsSimo Sorce2013-01-151-2/+4
|
* Add domain argument to sysdb autofs functionsSimo Sorce2013-01-151-2/+2
|
* Add domain argument to sysdb_delete_user()Simo Sorce2013-01-151-1/+1
| | | | Also remove sysdb_delete_domuser()
* Add domain argument to sysdb_search_custom()Simo Sorce2013-01-151-3/+7
| | | | Also changes sysdb_search_custom_by_name()
* Add domain argument to sysdb_cache_auth()Simo Sorce2013-01-151-1/+1
|
* Add domain argument to sysdb_store_user()Simo Sorce2013-01-151-1/+1
| | | | Also remove sysdb_store_domuser()
* Add domain argument to sysdb_set_user_attr()Simo Sorce2013-01-152-12/+10
|
* Add domain to sysdb_search_group_by_gid()Simo Sorce2013-01-151-1/+1
| | | | Also remove unused sysdb_search_domgroup_by_gid()
* Add domain to sysdb_search_user_by_uid()Simo Sorce2013-01-151-1/+2
| | | | Also remove unused sysdb_search_domuser_by_uid()
* Add domain argument to sysdb_get_user_attr()Simo Sorce2013-01-152-3/+3
|
* Add domain argument to sysdb_initgroups()Simo Sorce2013-01-152-3/+4
|
* Add domain option to sysdb_get/netgr/attrs() fnsSimo Sorce2013-01-151-1/+1
|
* Pass domain to sysdb_enum<pw/gr>ebt() functionsSimo Sorce2013-01-151-4/+4
|
* Pass domain to sysdb_get<pwu/grg><id() functionsSimo Sorce2013-01-151-2/+2
|
* Pass domain to sysdb_get<pw/gr>nam() functionsSimo Sorce2013-01-153-13/+7
| | | | | | Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not.
* Make sysdb_domain_dn() require a domain.Simo Sorce2013-01-151-1/+1
|
* Make sysdb_user_dn() require a domain explictly.Simo Sorce2013-01-151-1/+1
|
* Refactor sysdb initializationSimo Sorce2013-01-152-2/+1
| | | | | | | | | | | | Change the way sysdbs are initialized. Make callers responsible for providing the list of domains. Remove the returned array of sysdb contexts, it was used only by sss_cache and not really necessary there either as that tool can easily iterate the domains. Make sysdb ctx children of their respective domains. Neither sysdb context nor domains are ever freed until a program is done so there shouldn't be any memory hierarchy issue. As plus we simplify the code by removing a destructor and a setter function.
generated by cgit (git 2.34.1) at 2024-05-24 22:38:37 +0000