summaryrefslogtreecommitdiffstats
path: root/src/util
Commit message (Collapse)AuthorAgeFilesLines
* Handle cases where UID is -1rhel5.10Stephen Gallagher2015-03-191-6/+1
| | | | | | | | Also removes an unnecessary range check (since it's already handled by strtoint32() https://fedorahosted.org/sssd/ticket/1216 (cherry picked from commit f5df473c0234bf4b701a29f4feb61ad52f70b236)
* exit original process after sssd is initializedOndrej Kos2013-06-252-4/+32
| | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1357 Neither systemd or our init script use pid file as a notification that sssd is finished initializing. They will continue starting up next service right after the original (not daemonized) sssd process is terminated. If any of the responders fail to start, we will never terminate the original process via signal and "service sssd start" will hang. Thus we take this as an error and terminate the daemon with a non-zero value. This will also terminate the original process and init script or systemd will print failure.
* Set cloexec flag for log filesJakub Hrozek2013-05-161-0/+11
| | | | | | | | https://fedorahosted.org/sssd/ticket/1708 The services kept the fd to /var/log/sssd/sssd.log open. I don't think there's any point in keeping the logfiles open after exec-ing for the child, so I set the CLOEXEC flag.
* UTIL: Add function for atomic I/OOndrej Kos2013-05-163-0/+101
|
* Add new debug level macrosOndrej Kos2013-05-161-0/+18
|
* Handle timeout during sss_ldap_init_sendJakub Hrozek2011-12-132-2/+36
| | | | | | | | | In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
* Allow using Glib for UTF8 supportStephen Gallagher2011-12-052-0/+162
|
* Append PID to sbus server socket name, let clients use a symlinkJakub Hrozek2011-10-262-3/+4
| | | | | | | | Add option to follow symlinks to check_file() Append PID to sbus server socket name, let clients use a symlink https://fedorahosted.org/sssd/ticket/1034
* Do not attempt to close() a file descriptor < 0Stephen Gallagher2011-10-261-1/+3
| | | | Coverity 10886
* Use sss_ldap_err2string() instead of ldap_err2string()Pavel Březina2011-10-262-3/+19
| | | | | | | | | | sss_ldap_err2string() - function created https://fedorahosted.org/sssd/ticket/986 sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() https://fedorahosted.org/sssd/ticket/986
* Provide python bindings for the HBAC evaluator libraryJakub Hrozek2011-10-262-0/+167
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes for python HBAC bindings These changes were proposed during a review: * Change the signature of str_concat_sequence() to const char * * use a getsetter for HbacRule.enabled to allow string true/false and integer 1/0 in addition to bool * fix a minor memory leak (HbacRequest.rule_name) * remove overzealous discard consts Fix python HBAC bindings for python <= 2.4 Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4 Remove dead code from python HBAC bindings https://fedorahosted.org/sssd/ticket/935 Handle allocation error in python HBAC bindings https://fedorahosted.org/sssd/ticket/934 HBAC rule validation Python bindings https://fedorahosted.org/sssd/ticket/943
* Fix TLS/SSL validation after switch to ldap_init_fdSumit Bose2011-10-262-0/+368
| | | | | | | | | | | | | | Add sockaddr_storage to sdap_service Add sdap_call_conn_cb() to call add connection callback directly Use name based URI instead of IP address based URIs Use ldap_init_fd() instead of ldap_initialize() if available Do not access state after tevent_req_done() is called. Call ldap_install_tls() on ldaps connections
* Properly support IPv6 in LDAP URIs for IPA and LDAP providersJakub Hrozek2011-10-262-0/+12
| | | | | | | | | | | | | | | | | Add utility function to return IP address as string Add a utility function to escape IPv6 address for use in URIs Use escaped IP addresses in LDAP provider Escape IPv6 IP addresses in the IPA provider https://fedorahosted.org/sssd/ticket/880 Fix bad merge We merged in a patch, but missed that it missed a dependency added by another earlier patch.
* Fix uninitialized value errorSumit Bose2011-01-211-1/+1
|
* NSS obfuscation code cleanupJakub Hrozek2011-01-201-38/+97
| | | | https://fedorahosted.org/sssd/ticket/752
* Add overflow check to SAFEALIGN_COPY_*_CHECK macrosSumit Bose2011-01-111-3/+6
|
* Validate user supplied size of data itemsSumit Bose2011-01-111-0/+5
| | | | | | Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
* Introduce sss_hash_create_ex()Sumit Bose2010-12-202-6/+29
|
* Fix unchecked return value in sss_krb5_verify_keytab_exStephen Gallagher2010-12-171-1/+8
| | | | https://fedorahosted.org/sssd/ticket/711
* Fix invalid sizeof in pidfileStephen Gallagher2010-12-161-1/+1
| | | | https://fedorahosted.org/sssd/ticket/730
* Add missing break statement to sss_hash_createStephen Gallagher2010-12-141-0/+1
| | | | https://fedorahosted.org/sssd/ticket/720
* Fix build issue with older Kerberos librarySumit Bose2010-12-081-0/+7
|
* Add support for FAST in krb5 providerSumit Bose2010-12-072-0/+62
|
* krb5_child returns TGT lifetimeSumit Bose2010-12-031-0/+6
|
* Add a special filter type to handle enumerationsSumit Bose2010-12-021-0/+2
|
* Make default SIGTERM and SIGINT handlers use teventStephen Gallagher2010-12-021-1/+33
|
* Add missing error codeSumit Bose2010-11-181-0/+1
|
* Add utility function to sanitize LDAP/LDB filtersStephen Gallagher2010-11-152-0/+63
| | | | Also adds a unit test.
* Handle errors during log reopening betterStephen Gallagher2010-11-051-2/+28
|
* Always use uint32_t for UID/GID numbersJakub Hrozek2010-10-262-4/+4
|
* Write log opening failures to the syslogStephen Gallagher2010-10-191-0/+3
| | | | | If there is a problem with reopening the logs, it can be an audit trail issue.
* Use unsigned long for conversion to id_tJakub Hrozek2010-10-181-4/+4
| | | | | | | | We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead.
* Add a missing include fileSumit Bose2010-10-131-0/+1
| | | | | strcasecmp() is defined in strings.h which might not be included under certain conditions.
* Add common hash table setupStephen Gallagher2010-10-082-0/+58
| | | | | sss_hash_create() produces a dhash table living in the talloc hierarchy.
* Use new MIT krb5 API for better password expiration warningsSumit Bose2010-09-232-2/+26
|
* Fix parameter order when initializing decryptionJakub Hrozek2010-09-151-1/+1
|
* Dead assignments cleanup in various places in SSSDJan Zeleny2010-09-081-1/+1
| | | | | | Three assignments deleted, two return code inspection added. Also found and fixed one critical bug caused by dead assignment. Ticket: #590
* Password obfuscation utility functionsJakub Hrozek2010-09-083-0/+510
| | | | | | | Adds two utility functions to obfuscate a password and inverse to extract the cleartext password back. So far, only NSS-based implementation is provided.
* Add safe copy/move macros for uint16_tJakub Hrozek2010-09-081-1/+11
|
* Move crypto functions into its own subdirJakub Hrozek2010-09-085-42/+109
| | | | | | A refactoring patch that creates a common util/crypto subdir with per-implementation subdirectories for each underlying crypto library supported by SSSD.
* Add dup_string_list() utility functionStephen Gallagher2010-08-032-0/+37
|
* Add diff_string_lists utility functionStephen Gallagher2010-08-032-0/+209
| | | | Includes a unit test
* Validate keytab at startupJakub Hrozek2010-08-032-0/+162
| | | | | | | | In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556
* Add log notifications for startup and shutdown.Stephen Gallagher2010-07-091-1/+4
|
* Add sss_log() functionStephen Gallagher2010-07-092-0/+81
| | | | | Right now, this log function writes to the syslog. In the future, it could be modified to work with ELAPI or another logging API.
* Resend SIGINT as SIGTERM in servicesJakub Hrozek2010-06-281-0/+3
| | | | Fixes: #462
* Initialize len before looping to read the pidfileStephen Gallagher2010-06-171-1/+1
| | | | https://fedorahosted.org/sssd/ticket/544
* Check closedir call in find_uidJakub Hrozek2010-06-141-4/+9
| | | | Fixes: #503
* get_uid_from_pid should use fstat rather than lstatJakub Hrozek2010-06-141-11/+11
| | | | Fixes: #541
* Fix misuse of errno in find_uid.cStephen Gallagher2010-06-101-17/+26
|
generated by cgit (git 2.34.1) at 2025-09-27 19:13:57 +0000