summaryrefslogtreecommitdiffstats
path: root/src/util
Commit message (Collapse)AuthorAgeFilesLines
* LDAP: Ignore returned referrals if referral support is disabledJakub Hrozek2014-09-022-0/+2
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit a2ea3f5d9ef9f17efbb61e942c2bc6cff7d1ebf2)
* Replace space: add some checksSumit Bose2014-09-012-4/+24
| | | | | | | | | | | | | | | | | | | | | | | | This patch adds some additional checks if the option for replacing spaces in user and group names is used. When replacing space with the replacement character it is checked if the name already contains the replacement character. If it does the unmodified name is returned because in this case a revers operation would not be possible. For the reverse operation is it checked if the input contains both a space and the replacement character. If this is true the unmodified name is returned as well, because we have to assume that it is the original name because otherwise it wouldn't contain both characters. Additionally a shortcut if the replacement characters is a space and tests for the new checks are added. The man page is updated accordingly. Related to https://fedorahosted.org/sssd/ticket/1854 and https://fedorahosted.org/sssd/ticket/2397 . Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 92d19f76449817dfb125da9510d478a30eed37bc)
* Only replace space with the specified substitutionJakub Hrozek2014-08-132-117/+32
| | | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2397 - make sss_replace_whitespaces only replace space (' ') not any whitespace - make sss_replace_whitespaces only replace a single char, not the whole string - rename CONFDB_NSS_OVERRIDE_DEFAULT_WHITESPACE to CONFDB_NSS_OVERRIDE_DEFAULT_SPACE - rename the override_default_whitespace option to override_space - rename sss_replace_whitespaces() to sss_replace_space() - rename sss_reverse_replace_whitespaces() to sss_reverse_replace_space() - rename nctx->override_default_wsp_str to nctx->override_space - make the return value of sss_replace_space non-const to avoid freeing the result without compilation warnings Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 1f3127e88a87953f059c9a70d3582ae1719594b1)
* UTIL: Add functions for replacing whitespaces.Lukas Slebodnik2014-07-282-0/+158
| | | | | | | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com> (cherry picked from commit 022c6b90bb37851c0e8704c0e5388ebc113c6470) Conflicts: Makefile.am src/util/util.h
* LDAP: tokengroups do not work with id_provider=ldapPavel Reichl2014-07-212-0/+19
| | | | | | | | | | | | | | | | | | | With plain LDAP provider we already have a sdap_handle, so it should be possible that in the case where sdom->pvt == NULL sdap_id_op_connect_send() can be skipped and sdap_get_ad_tokengroups_send() can be already send with the sdap_handle passed to sdap_ad_tokengroups_initgr_mapping_send(). So we should only fail if sdom->pvt == NULL and sh == NULL. if find_subdomain_by_sid() failed we can check if there is only one domain in the domain list (state->domain) and in this case continue with this domain since the LDAP provider does not know about sub-domains and hence can only have one configured domain. Resolves: https://fedorahosted.org/sssd/ticket/2345 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit b12e2500237f33c44807d7e5b377ec06007c7252)
* IFP: Return a specific value on failure connecting to the system busJakub Hrozek2014-07-162-0/+2
| | | | | | | | We need to treat the failure to connect to the system bus as non-fatal. In this commit, we introduce a special error code and only print a DEBUG message when this error code is returned from the startup function. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SSH: Allow newline at the end of public key values in LDAPJan Cholasta2014-06-181-6/+12
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2349 Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit 26510727739c3e8d14f804568e496b7d7b073964)
* SDAP: Use portable constant as level in setsockoptLukas Slebodnik2014-06-031-1/+1
| | | | | | | | | | | | | | | | | | | The macros SOL_TCP and IPPROTO_TCP have the same value on linux, but the first one is not portable. man in.h says: The <netinet/in.h> header shall define the following macros for use as values of the level argument of getsockopt() and setsockopt(): IPPROTO_IP Internet protocol. IPPROTO_IPV6 Internet Protocol Version 6. IPPROTO_ICMP Control message protocol. IPPROTO_RAW Raw IP Packets Protocol. IPPROTO_TCP Transmission control protocol. IPPROTO_UDP User datagram protocol. Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit cf901f549abe18f32562cbe1ef7a1ef258edab1a)
* UTIL: Fix order of header files.Lukas Slebodnik2014-06-031-1/+3
| | | | | | | | | | | | | | | | | | | | | | | The older version of glibc and different implementations of libs requires feature macros for enabling function getline. getline(), getdelim(): Since glibc 2.10: _POSIX_C_SOURCE >= 200809L || _XOPEN_SOURCE >= 700 Before glibc 2.10: _GNU_SOURCE All feature macros are in header file config.h and are detected by configure script. The header file config.h was included after few other header files. The problem is that header files stdio.h is included just once and is included from many external header files. We need to include config.h before any other header file to prevent problems. src/util/nscd.c: In function ‘sss_nscd_parse_conf’: src/util/nscd.c:150: error: implicit declaration of function ‘getline’ Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit b3007e32fa5d6b722f3aaaf9fe7593103cb443c3)
* CRYPTO: Use unprefixed version of function stpncpyLukas Slebodnik2014-06-032-4/+4
| | | | | | | | | | | | | | | | | glibc contains two versions of finction stpncpy sh-4.2$ nm --dynamic --defined-only /lib64/libc.so.6 | grep stpncpy 0000003ce1c89b00 i stpncpy 0000003ce1c89b00 i __stpncpy 0000003ce1d040a0 T __stpncpy_chk We should use more portable version of stpncpy without prefix with underscores. The function __stpncpy was used in initial veersion e65c65fc710fa030bfb8319efc43fcdc9ce5a26f, which was based on http://people.redhat.com/drepper/SHA-crypt.txt Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 83e1ea9e24aabe6ade180649ecfc9c253ad19395)
* SBUS: Add an async request to retrieve the caller IDJakub Hrozek2014-06-032-0/+4
| | | | | | | | | | | | | | | | | | | | | Adds an async request sbus_get_sender_id_{send,recv} that allows retrieval of UID based on "sender" as returned by dbus_message_get_sender(). The UID is an int64_t to be able to use "-1" to as a fallback value for uknown or error cases. The unit test is added as a standalone one, not part of the sbus_tests because the request, and by extension the unit test relies on being connected to the system bus, which is very unlikely to work in a build system. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com> (cherry picked from commit 0161a3c5637a0c0092bf54c436bb3d6508d7df26) Conflicts: Makefile.am
* NSS: Add option to expand homedir template formatLukas Slebodnik2014-06-033-0/+13
| | | | | | | | | | | LDAP server can contain template for home directory instead of plain string. This patch adds new expand option "%H", which will be replaced with value from configuration option homedir_substring (from sssd.conf) Resolves: https://fedorahosted.org/sssd/ticket/1853 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* NSS: Refactor expand_homedir_templateLukas Slebodnik2014-06-032-21/+34
| | | | | | | | | | Function expand_homedir_template had lot of parameters. After adding new expand option, all function call should be rewritten, (usually argument NULL will be added) This patch wraps all necessary arguments to structure. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* refactor calls of sss_parse_namePavel Reichl2014-06-031-2/+1
| | | | | | | sss_parse_name now supports NULL as output parameters so existing calls passing arguments which were never read were substituted by NULL. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: Add function sss_parse_name_constLukas Slebodnik2014-06-032-0/+28
| | | | | | | | | | | Variable with type 'const char *' can be used as output argument in function sss_parse_name, but there will be warning. warning: passing 'const char **' to parameter of type 'char **' discards qualifiers in nested pointer types [-Wincompatible-pointer-types-discards-qualifiers] Reviewed-by: Pavel Reichl <preichl@redhat.com>
* LDAP: Make it possible to extend an attribute mapJakub Hrozek2014-06-032-0/+4
| | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2073 This commit adds a new option ldap_user_extra_attrs that is unset by default. When set, the option contains a list of LDAP attributes the LDAP provider would download and store in addition to the usual set. The list can either contain LDAP attribute names only, or colon-separated tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP attribute name is specified, the attribute is saved to the cache verbatim. Using a custom SSSD attribute name might be required by environments that configure several SSSD domains with different LDAP schemas. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* RESPONDERS: Add a new request sss_parse_inp_sendJakub Hrozek2014-06-032-0/+2
| | | | | | | | | | | | | The responders were copying code to parse input and on encountering an uknown domain, send the discover subdomain request. This patch adds a reusable request that can always be called in responders and in case the name can be parsed, just shortcut. Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 7caf7ed4f2eae1ec1c0717b4ee6ce78bdacd5926) Conflicts: Makefile.am
* UTIL: Move sss_parse_name_for_domains declaration to util.hJakub Hrozek2014-06-031-0/+5
| | | | (cherry picked from commit 9de5878d247b77b8f520a57727cd55f42e179caa)
* UTIL: Use constant instead of value for stdin.Lukas Slebodnik2014-05-121-1/+1
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 7f4ff1b4c829af421a64aa11c992780eac4a9fde)
* Remove DEBUG macro support for old debug levelsNikolai Kondrashov2014-05-022-43/+9
| | | | | | | | | | | | | | | Remove support for specifying old debug levels to the DEBUG macro: * remove debug_get_level function which was used for conversion, * remove debug_get_level tests, * remove mentions of old/new levels from DEBUG and DEBUG_IS_SET macro descriptions, * rename "newlevel" argument of debug_fn to just "level". Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> (cherry picked from commit 5c233380e1ebf641f6106a34d7b94f9e9a606589)
* Update DEBUG* invocations to use new levelsNikolai Kondrashov2014-05-0213-148/+209
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a script (identical to commit 83bf46f4066e3d5e838a32357c201de9bd6ecdfd) to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done
* Fixup DEBUG macro invocations updateNikolai Kondrashov2014-05-021-2/+2
| | | | | | | | | | Fix mistakes made by the update script in "Make DEBUG macro invocations variadic". Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> (cherry picked from commit 45a1d9d597df977354428440aeff11c6a0a947fe)
* Make DEBUG macro invocations variadicNikolai Kondrashov2014-05-0227-436/+436
| | | | | | | | | | | | | | | | | | | | | | | | | Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code (identical to commit a3c8390d19593b1e5277d95bfb4ab206d4785150): grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Make DEBUG macro definition variadicNikolai Kondrashov2014-05-021-6/+6
| | | | | | | | | | | Update DEBUG macro definition to accept format string and its arguments as direct variadic macro arguments, instead of expecting them as an expression in parens. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> (cherry picked from commit cc026fd9ba386f2197e3217940d597dcad1a26fe)
* Cleanup debug_fnNikolai Kondrashov2014-05-021-4/+6
| | | | | | | | | Cleanup debug_fn to better match coding conventions. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> (cherry picked from commit 1eedbd1bd2037437f5b9aed1f4061af396ef6733)
* Remove extra flushing from debug message outputNikolai Kondrashov2014-05-021-1/+6
| | | | | | | | | Remove extra fflush(3) invocation when outputting debug messages. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> (cherry picked from commit 63ec0cbd668b251708fad23b60cf557163963dc4)
* Move DEBUG macro body to debug_fnNikolai Kondrashov2014-05-022-75/+53
| | | | | | | | | | | | | | | | | | Move DEBUG macro body to the debug_fn function, adding "function" argument to the latter. Rename "debug_fn" in sssd_krb5_locator_plugin.c to "plugin_debug_fn" to remove conflict with the sssd debug_fn. Replace DEBUG_MSG macro usage with debug_fn function usage. Remove DEBUG_MSG macro along with tests. The above makes the total size of binaries drop by 20% for the standard Fedora build and by 44% for a build configured according to Debian packaging script. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> (cherry picked from commit fb0332565892bc10998ca98b567d4dde2213844d)
* DOC: Fix names of arguments in doxygen commentsLukas Slebodnik2014-02-261-1/+1
| | | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 3b35ff47651e4893ce537a273466766b962362da)
* UTIL: Sanitize whitespaces.Lukas Slebodnik2014-02-261-0/+10
| | | | | | | | | | | | | Original patches submitted by: mpesari(Thanks!!) It can cause problems if user will hit spaces before entering username. (e.g in gdm). Spaces are ignored by LDAP; it's better to escape them. Resolves: https://fedorahosted.org/sssd/ticket/1955 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 2b8208b45feb2aab64d560d3e12e01e7b6d00d39)
* LDAP: Detect the presence of POSIX attributesJakub Hrozek2014-02-122-0/+2
| | | | | | | | | | | | | | | | | | | | When the schema is set to AD and ID mapping is not used, there is a one-time check ran when searching for users to detect the presence of POSIX attributes in LDAP. If this check fails, the search fails as if no entry was found and returns a special error code. The sdap_server_opts structure is filled every time a client connects to a server so the posix check boolean is reset to false again on connecting to the server. It might be better to move the check to where the rootDSE is retrieved, but the check depends on several features that are not known to the code that retrieves the rootDSE (or the connection code for example) such as what the attribute mappings are or the authentication method that should be used. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit e81deec535d11912b87954c81a1edd768c1386c9)
* utils: handling NULL params in sss_parse_namePavel Reichl2014-02-112-26/+30
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: Inherit parent domain's default_shellJakub Hrozek2014-01-151-1/+4
| | | | | Some override parameters were not inherited when creating subdomains. Especially with AD trusts, this gave strange results.
* LDAP: Add a new error code for malformed access control filterJakub Hrozek2014-01-092-0/+2
| | | | | | | https://fedorahosted.org/sssd/ticket/2164 The patch adds a new error code and special cases the new code so that access is denied and a nicer log message is shown.
* Use lower-case name for case-insensitive searchesSumit Bose2013-12-192-0/+36
| | | | | | | | | | | | The patch makes sure that a completely lower-cased version of a fully qualified name is used for case insensitive searches. Currently there are code paths where the domain name was used as configured and was not lower-cased. To make sure this patch does not break with old entries in the cache or case sensitive domains a third template was added to the related filters templates which is either filled with a completely lower-cased version or with the old version. The other two template values are unchanged.
* SSSD: Improved domain detectionPavel Reichl2013-11-292-5/+29
| | | | | | | A bit more elegant way of detection of what domain the group member belongs to Resolves: https://fedorahosted.org/sssd/ticket/2132
* monitor: Specific error message for missing sssd.confPavel Reichl2013-11-272-0/+2
| | | | | | | | Specific error message is logged for missing sssd.conf file. New sssd specific error value is introduced for this case. Resolves: https://fedorahosted.org/sssd/ticket/2156
* utils: add ERR_DOMAIN_NOT_FOUND error codePavel Březina2013-10-252-0/+2
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/1968
* find_subdomain_by_sid: skip domains with missing domain_idSumit Bose2013-10-251-11/+19
|
* Inherit ID limits of parent domains if setJakub Hrozek2013-10-241-3/+5
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2123 Previously, the subdomains were always unbound even if the administrator limited the ranges with min_id/max_id. This could have posed problems when running programs that scan the whole ID space, such as "groupadd -r".
* INI: Disable line-wrapping functionalityJakub Hrozek2013-10-111-1/+1
| | | | | | | Supporting the latest INI release brought an incompatible change. Lines beginning with a whitespace were treated as continuation of the previous line. This patch reverts to ignoring the whitespace as we did previously so that the existing configurations keep working.
* ipa_server_mode: write capaths to krb5 include fileSumit Bose2013-09-272-2/+52
| | | | | | | | | | | | If there are member domains in a trusted forest which are DNS-wise not proper children of the forest root the IPA KDC needs some help to determine the right authentication path. In general this should be done internally by the IPA KDC but this works requires more effort than letting sssd write the needed data to the include file for krb5.conf. If this functionality is available for the IPA KDC this patch might be removed from the sssd tree. Fixes https://fedorahosted.org/sssd/ticket/2093
* IPA: store forest name for forest member domainsSumit Bose2013-09-272-2/+12
| | | | | In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of the forest must be known for a member domain of the forest.
* util: add get_domains_head()Pavel Březina2013-09-262-0/+15
| | | | | | | This function will return head of the domain list. Resolves: https://fedorahosted.org/sssd/ticket/2066
* util: add find_subdomain_by_object_name()Pavel Březina2013-09-172-0/+39
| | | | | | | | This function will parse object name into name and domain name part and return appropriate sss domain. Resolves: https://fedorahosted.org/sssd/ticket/2034
* util: add find_subdomain_by_sid()Pavel Březina2013-09-172-0/+35
| | | | | | | | | | | | | | This function takes domain SID (doesn't have the last component) or object SID (have all components) and returns subdomain. The subdomain is found by comparing domain->domainid with the SID. E.g. domain SID: S-1-5-21-3940105347-3434501867-2690409756 object SID: S-1-5-21-3940105347-3434501867-2690409756-513 Resolves: https://fedorahosted.org/sssd/ticket/2034
* util: add sss_idmap_talloc[_free]Pavel Březina2013-09-172-0/+60
| | | | Remove code duplication.
* Enable printf format string checkingLukas Slebodnik2013-09-111-2/+8
| | | | https://fedorahosted.org/sssd/ticket/1945
* Fix formating of variables with type: id_tLukas Slebodnik2013-09-111-1/+25
|
* Fix formating of variables with type: rlim_tLukas Slebodnik2013-09-111-0/+7
|
* Fix formating of variables with type: key_serial_tLukas Slebodnik2013-09-111-0/+3
|
generated by cgit (git 2.34.1) at 2024-06-02 08:50:32 +0000