summaryrefslogtreecommitdiffstats
path: root/src/util
Commit message (Collapse)AuthorAgeFilesLines
...
* Stop creating fake sysdb contextsSimo Sorce2013-01-151-7/+2
| | | | | | Now that the sysdb context does not contain anymore domain related data we can simply stop creating faxe sysdb context and just reference the parent context.
* Move mpg flag to the domain where it belongsSimo Sorce2013-01-151-0/+1
| | | | | A sysdb contains now multiple domains, but the mpg property is a property of a specific domain not of the underlying database.
* Add domain to sysdb_search_user_by_name()Simo Sorce2013-01-152-1/+3
| | | | Also remove unused sysdb_search_domuser_by_name()
* Pass domain to sysdb_get<pw/gr>nam() functionsSimo Sorce2013-01-151-1/+1
| | | | | | Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not.
* Refactor single domain initializationSimo Sorce2013-01-152-0/+40
| | | | | Bring it out of sysdb, which will slowly remove internal dependencies on domains and instead will always require them to be passed by callers.
* Add authtok utility functions.Simo Sorce2013-01-102-0/+382
| | | | | | These functions allow handling of auth tokens in a completely opaque way, with clear semantics and accessor fucntions that guarantee consistency, proper access to data and error conditions.
* Add function to safely wipe memory.Simo Sorce2013-01-102-0/+18
| | | | | This is useful for wiping passwords, as it prevents the compiler from optimizing out a memset to zero before a free()
* memcache: make MC_PTR_TO_SLOT() more readablePavel Březina2013-01-071-2/+1
|
* memcache: add macro that validates record lengthPavel Březina2013-01-071-0/+6
|
* Search for SHORTNAME$@REALM instead of fqdn$@REALM by defaultJakub Hrozek2013-01-071-3/+35
| | | | | | | | The search was intended for the AD provider mostly, but keytabs coming from AD via samba don't contain fqdn$@REALM but rather uppercased SHORTNAME$@REALM https://fedorahosted.org/sssd/ticket/1740
* failover: Protect against empty host namesMichal Zidek2013-01-022-92/+72
| | | | | | | | | | Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
* Carefully check records when forcibly invalidatingSimo Sorce2012-12-201-2/+4
| | | | | | | | | | | | We should never try to invalidate an already invalid record as internal pointers will not be consistent. Carefully test that the record really is valid when we are fishing for free space, and properly invalidate records or return a fatal error if something goes wrong. In order to make the code more robust always invalidate the whole data space on initialization by setting all bits to 1, and make sure to invalidate the whole last allocated slot by converting rec->len to the number of slots instead of just the space used.
* Free resources if fileno failedJakub Hrozek2012-12-201-0/+2
|
* select_principal_from_keytab() do wildcard lookups after specific onesSumit Bose2012-12-181-3/+3
| | | | | | | | | | Currently the wildcard lookup '*$' is done before the one for host/our.hostname@REALM. This means we would ignore a more specific match in favour of an unspecific match with a principal which is only used in a AD environment. I think this is wrong an wildcards should only be used is all specific lookups fail.
* select_principal_from_keytab() look for plain input as wellSumit Bose2012-12-181-2/+6
| | | | | | | Currently in select_principal_from_keytab() all kind of different versions of the host principal are looked up in the keytab except for the plain name the ldap_sasl_authid option. With this patch the plain name is looked up first.
* Set cloexec flag for log filesJakub Hrozek2012-12-181-0/+11
| | | | | | | | https://fedorahosted.org/sssd/ticket/1708 The services kept the fd to /var/log/sssd/sssd.log open. I don't think there's any point in keeping the logfiles open after exec-ing for the child, so I set the CLOEXEC flag.
* Avoid const warnings when deallocating memorySimo Sorce2012-11-281-1/+1
| | | | | | | In some case we allocate and assign data to a const pointer. When we then try to free it we would get a const warning because talloc_free accepts a void, not a const void pointer. Use discard_const to avoid the warning, it is safe in this case.
* Revert "Avoid accessing half-deallocated memory when using talloc_zfree macro."Simo Sorce2012-11-281-5/+1
| | | | | | | | | This reverts commit ff57c6aeb80a52b1f52bd1dac9308a69dc7a4774. This commit doesn't really make sense, we are never accessing freed memory as all we are dealing with is a pointer which is never itsef part of the memory we are freeing (if it were, it would be an error in the caller and we shouldn't mask it in this macro).
* debug: print fatal and critical errors if debug level is unresolvedMichal Zidek2012-11-261-1/+4
| | | | | | | If global variable debug_level has value SSSDBG_UNRESOLVED, we should print at least fatal and critical errors. https://fedorahosted.org/sssd/ticket/1345
* Handle compiling FQDN regular expression with old pcre gracefullyJakub Hrozek2012-11-221-0/+9
| | | | https://fedorahosted.org/sssd/ticket/1661
* MONITOR: Fix off-by-one error in add_string_to_listJakub Hrozek2012-11-211-1/+4
| | | | | We need to allocate num_services+2 - one extra space for the new service and one for NULL.
* Refactor the way subdomain accounts are savedSimo Sorce2012-11-191-1/+1
| | | | | | | | | | | | | | | | | The original sysdb code had a strong assumption that only users from one domain are saved in the databse, with the subdomain feature, we have changed reality, but have not adjusted all the code arund the sysdb calls to not rely on the original assumption. One of the side effects of this incongrunece is that currently group memberships do not return fully qualified names for subdomain users as they should. In oreder to fix this and other potential issues surrounding the violation of the original assumption, we need to fully qualify subdomain user names. By savin them fully qualified we do not risk aliasing local users and have group memberhips or other name based matching code mistake a domain user with subdomain usr or vice versa.
* SERVER: Check the return value of waitpidJakub Hrozek2012-11-191-11/+27
| | | | | | | We should at least print an error message and error out if waitpid() fails. https://fedorahosted.org/sssd/ticket/1651
* Always start PAC responder if IPA ID provider is configuredSumit Bose2012-11-141-0/+6
| | | | | | | | Since the PAC responder is used during the authentication of users from trusted realms it is started automatically if the IPA ID provider is configured for a domain to simplify the configuration. Fixes https://fedorahosted.org/sssd/ticket/1613
* Add string_in_list() and add_string_to_list() with testsSumit Bose2012-11-142-0/+69
| | | | | | | | string_in_list() and add_string_to_list() are two utilities for NULL terminated strings arrays. add_string_to_list() adds a new string to an existing list or creates a new one with the strings as only item if there is not list. string_in_list() checks if a given string is in the list. It can be used case sensitive or in-sensitive.
* Only build extract_and_send_pac on platforms that support itJakub Hrozek2012-11-122-0/+118
|
* Do not always return PAM_SYSTEM_ERR when offline krb5 authentication failsJakub Hrozek2012-11-121-0/+42
|
* util_lock.c: sss_br_lock_file accepted invalid parameter valueMichal Zidek2012-11-082-3/+7
| | | | | | Return EINVAL if number of tries is <= 0. Also the parameter retries was renamed to num_tries, so it is more obvious that it also includes the first try.
* util: Added new file util_lock.cMichal Zidek2012-11-062-0/+87
|
* exit original process after sssd is initializedPavel Březina2012-11-062-2/+30
| | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1357 Neither systemd or our init script use pid file as a notification that sssd is finished initializing. They will continue starting up next service right after the original (not daemonized) sssd process is terminated. If any of the responders fail to start, we will never terminate the original process via signal and "service sssd start" will hang. Thus we take this as an error and terminate the daemon with a non-zero value. This will also terminate the original process and init script or systemd will print failure.
* fix indendation, coding style and debug levels in server.cPavel Březina2012-11-061-110/+114
|
* add SSSDBG_IMPORTANT_INFO macroPavel Březina2012-11-061-0/+1
| | | | | | | We currently have only SSSDBG_FATAL_FAILURE macro that corresponds to original debug level 0. But there are several level 0 messages that are not actually failures but an important information. We should use this new macro to represent them.
* Include talloc log in our debug facilityMichal Zidek2012-10-292-5/+15
| | | | https://fedorahosted.org/sssd/ticket/1495
* Make sub-domains case-insensitiveSumit Bose2012-10-261-1/+1
| | | | | | | | | | Currently the only type of supported sub-domains are AD domains which are not case-sensitive. To make it easier for Windows user we make sub-domains case-insensitive as well which allows to write the username in any case at the login prompt. If support for other types of sub-domains is added it might be necessary to set the case-sensitive flag based on the domain type.
* sss_parse_name_for_domains: always return the canonical domain nameSumit Bose2012-10-261-2/+7
| | | | | | Domains may have a flat or short name to save some keystrokes when typing fully qualified user names. Internally sssd will always use the canonical name to allow consistent processing.
* Add replacement for krb5_find_authdata()Sumit Bose2012-10-262-0/+19
| | | | | | | | | krb5_find_authdata() is only available in MIT Kerberos 1.10 or higher. To allow sssd to be compiled on platform with lower version of MIT Kerberos a replacement call is added. Please note that on those platform the replacement call will only return an error. If the krb5_find_authdata functionality is really needed on those platform it must be implemented by a different patch.
* Only call krb5_set_trace_callback on platforms that support itJakub Hrozek2012-10-122-4/+18
|
* Collect krb5 trace on high debug levelsJakub Hrozek2012-10-122-0/+19
| | | | | | | If the debug level contains SSSDBG_TRACE_ALL, then the logs would also include tracing information from libkrb5. https://fedorahosted.org/sssd/ticket/1539
* remove left over principal selectionPavel Březina2012-10-022-106/+0
| | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1303 Domain start up was taking too long when there are many principals in a kerberos keytab. We were looking up in the keytab two times. The first time we try to select a proper principal and remember it. The second call happens almost right after the first one and it is just a check if the principal exists in the keytab, without any output information other than success/failure. It is probably a left over from https://fedorahosted.org/sssd/ticket/781. This patch removes the second call.
* monitor: create pid file after all responders are startedPavel Březina2012-10-021-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1357
* Use flat name for master domain as wellSumit Bose2012-10-011-1/+2
|
* Add new option default_domain_suffixSumit Bose2012-10-011-11/+41
|
* sss_cache tool invalidates records in memory cache.Michal Zidek2012-09-241-0/+2
|
* Add provider specific default regular expressionsSumit Bose2012-09-201-0/+62
| | | | Fixes https://fedorahosted.org/sssd/ticket/1524
* Out-of-bounds read fix in hmac-sha-1Ondrej Kos2012-09-071-1/+3
|
* Check flat names when searching for sub-domains as wellSumit Bose2012-09-041-1/+3
|
* SSH: Add support for OpenSSH-style public keysJan Cholasta2012-09-041-13/+37
|
* SSH: Simplify public key formatting functionJan Cholasta2012-09-042-40/+9
|
* SSH: Return error code in SSH utility functionsJan Cholasta2012-09-042-17/+40
|
* Fix: IPv6 address with square brackets doesn't work.Michal Zidek2012-08-232-0/+32
| | | | https://fedorahosted.org/sssd/ticket/1365
generated by cgit (git 2.34.1) at 2024-05-21 00:07:22 +0000