| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This part was introduced in commit dba7903ba7fc04bc331004b0453938c116be3663
"PAM: close socket fd with pam_set_data"
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The functions strdup and strncmp are used in pam_test_client,
but header file string.h was not included directly in this file.
The header file string.h was indirectly included by the header file
security/pam_client.h.
src/sss_client/pam_test_client.c: In function 'main':
src/sss_client/pam_test_client.c:45:
error: implicit declaration of function 'strdup'
src/sss_client/pam_test_client.c:45:
warning: incompatible implicit declaration of built-in function 'strdup'
src/sss_client/pam_test_client.c:49:
warning: incompatible implicit declaration of built-in function 'strdup'
src/sss_client/pam_test_client.c:52:
warning: incompatible implicit declaration of built-in function 'strdup'
src/sss_client/pam_test_client.c:64:
error: implicit declaration of function 'strncmp'
gmake[2]: *** [src/sss_client/pam_test_client.o] Error 1
sh-4.2$ nm --undefined-only ./pam_test_client | grep -E "strdup|strncmp"
U __strdup@@GLIBC_2.2.5
U strncmp@@GLIBC_2.2.5
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2271
The current krb5_child code attempts to get a TGT for the convenience of
the user using the new password after a password change operation.
However, an OTP should never be used twice, which means we can't perform
the kinit operation after chpass is finished. Instead, we only print a
PAM information instructing the user to log out and back in manually.
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We had in source code following pattern #elif HAVE_<name>
It worked because undefined identifier(in some cases) was evaluated to 0.
But we do not care about value of HAVE_SOMETHING. We just need to know
whether identifier was defined.
There is not equivalent to #ifdef (short for of #if definded)
We need to use long form: #elif defined HAVE_<name>
It causes also compiler warning with enabled compiler flag -Wundef.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2232
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Warnings reported by Coverity (12463,12464)
Dereferencing a pointer that might be null pi->pam_authtok when calling strlen.
Dereferencing a pointer that might be null action when calling strncmp.
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
| |
PAM_SM_AUTH, PAM_SM_ACCOUNT, PAM_SM_SESSION, PAM_SM_PASSWORD
I cannot find in git history where these macro were used.
|
|
|
|
|
|
|
|
| |
Properly align buffer address to sizeof(char *) when storing
pointers to strings.
resolves:
https://fedorahosted.org/sssd/ticket/1359
|
|
|
|
|
| |
resolves:
https://fedorahosted.org/sssd/ticket/1359
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1359
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
struct sss_mc_rec had two hash members (hash1 and hash2) but only one next
member. This was a big problem in case of higher probability of hash collision.
structure sss_mc_rec will have two next members (next1, next2) with this patch.
next1 is related to hash1 and next2 is related to hash1.
Iterating over chains is changed, because we need to choose right next pointer.
Right next pointer will be chosen after comparing record hashes.
This behaviour is wrapped in function sss_mc_next_slot_with_hash.
Adding new record to chain is also changed. The situation is very similar to
iterating. We need to choose right next pointer (next1 or next2).
Right next pointer will be chosen after comparing record hashes.
Adding reference to next slot is wrapped in function
sss_mc_chain_slot_to_record_with_hash
Size of structure sss_mc_rec was increased from 32 bytes to 40 bytes.
Resolves:
https://fedorahosted.org/sssd/ticket/2049
|
|
|
|
|
|
| |
If the environment variable _SSS_MC_SPECIAL is set to "NO", the
mmap cache is skipped in the client code. The name is not very
descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
|
|
|
|
|
|
| |
last argument of function sss_strnlen "size_t *len" is output variable.
We need to increment value of size_t being pointed to by pointer instead of
incrementing pointer.
|
|
|
|
|
| |
Removes off by one error when using macro MC_SIZE_TO_SLOTS
and adds new macro MC_SLOT_WITHIN_BOUNDS.
|
|
|
|
|
| |
We had pattern in client code with 3 conditions
that can be replaced with one.
|
|
|
|
|
|
|
|
| |
data->name value must be checked to prevent segfaults in
case of corrupted memory cache.
resolves:
https://fedorahosted.org/sssd/ticket/2018
|
|
|
|
|
|
|
| |
This patch prevents jumping outside of allocated memory in
case of corrupted slot or name_ptr values. It is not proper
solution, just hotfix until we find out what is the root cause
of ticket https://fedorahosted.org/sssd/ticket/2018
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch modifies the PAC responder so that it can be used with the AD
provider as well. The main difference is that the POSIX UIDs and GIDs
are now lookup up with the help of the SID instead of being calculated
algorithmically. This was necessary because the AD provider allows
either algorithmic mapping or reading the value from attributes stored
in AD.
Fixes https://fedorahosted.org/sssd/ticket/1558
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1772
SAFEALIGN macros have been renamed in this patch to
make it easy to pick the right macro when data is copied
from byte buffer to a variable or vice versa.
The renamed macros are placed in new header file to
avoid code duplication (the old ones were defined in
two files, one for the client code and one for the rest
of sssd).
|
|
|
|
|
| |
Instead of appending @domain to names when the --domain option of sss_ssh_* is
used, put domain name in a separate field in client requests.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add a library for client side lookups for a SID or with a
SID through the calls:
- sss_nss_getsidbyname
- sss_nss_getsidbyid
- sss_nss_getnamebysid
- sss_nss_getidbysid
The library is called libsss_nss_idmap and the contributed spec file
will create two new packages libsss_nss_idmap and
libsss_nss_idmap-devel.
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1889
Fixes two minor coverity issues.
|
|
|
|
|
|
|
|
|
|
| |
Adding missing dependencies for linker. Missing dependency was
introduced by commit 22d381367c27910fe82f476a76b9f4ede555e35a
in changed file src/sss_client/nss_mc_common.c
All function declaration for io.c was moved from util.h to separate file io.h,
https://fedorahosted.org/sssd/ticket/1838
|
|
|
|
|
|
|
|
|
| |
Header file "providers.h" is not included in any other
file and function "dp_process_init" declared in this header file
has no implementation.
Header file protos.h is not also included in any other file and even
hole content is commented out.
|
|
|
|
|
|
|
|
| |
Functions open_cloexec and openat_cloexec were renamed with prefix
"sss_" and moved to separete file. Replacing duplicated code of
function sss_open_cloexec everywhere in the source code.
https://fedorahosted.org/sssd/ticket/1794
|
|
|
|
|
|
|
|
|
|
|
| |
krb5 1.11 adds support for a new method for responding to
structured data queries. This method, called the responder,
provides an alternative to the prompter interface.
This patch adds support for this method. It takes the password
and provides it via a responder instead of the prompter. In the
case of OTP authentication, it also disables the caching of
credentials (since the credentials are one-time only).
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1819
|
|
|
|
| |
This reverts commit 30c76633788c498b7d34e7e5944a3d36f26ec2db.
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1748
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1724
|
|
|
|
|
|
|
| |
We have 2 places where we memcpy memory and need barriers protection.
Use a macro so we can consolidate code in one place.
Second fix for: https://fedorahosted.org/sssd/ticket/1694
|
|
|
|
| |
Fixes https://fedorahosted.org/sssd/ticket/1694
|
| |
|
|
|
|
| |
Eliminates a compiler warning
|
|
|
|
|
|
|
|
| |
This caused troubles with subdomain users and it is not really
necessary. This patch does not change the protocol itself, that
should be done on the earliest possible occasion.
Part of https://fedorahosted.org/sssd/ticket/1616
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1495
|
|
|
|
|
| |
* Protect the fd with a mutex when closing
* Set it to a safe value after closing
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1569
|
|
|
|
|
|
|
|
|
|
|
| |
This cause troubles when we send data to a pipe and close the
file descriptor before data is read. The pipe is still readable,
but POLLHUP is detected and we fail to read them.
For example, this may cause a user beeing unable to log in.
Now if POLLHUP appears, we read the pipe and then close it on
the client side too.
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1460
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1415
|
| |
|