summaryrefslogtreecommitdiffstats
path: root/src/monitor
Commit message (Collapse)AuthorAgeFilesLines
* MONITOR: Add disable_netlink optionJustin Stephenson2016-09-121-3/+18
| | | | | | | | | | | | Adding a new monitor boolean option to disable netlink support. This will give users more control over sssd state changes without having to modify systemd unit files. Resolves: https://fedorahosted.org/sssd/ticket/3142 Reviewed-by: Petr Cech <pcech@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MONITOR: Remove --disable-netlink command-line optionJustin Stephenson2016-09-121-13/+20
| | | | | | | | Removing monitor command-line option, to be superceded by sssd.conf option Reviewed-by: Petr Cech <pcech@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* netlink: Don't define USE_GNUJakub Hrozek2016-08-301-1/+2
| | | | | | | | | | | Applications should never #define USE_GNU themselves, but rather _GNU_SOURCE. This patch removes USE_GNU and replaces it with including config.h which has _GNU_SOURCE defined if applicable for that platform See for example: https://gcc.gnu.org/ml/fortran/2005-10/msg00365.html Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* MONITOR: Remove the no longer used kill_service commandJakub Hrozek2016-08-301-141/+0
| | | | | | | | | | After introducing the watchdog, the force_timeout option is no longer used. Resolves: https://fedorahosted.org/sssd/ticket/3052 Reviewed-by: Petr Čech <pcech@redhat.com>
* MONITOR: Remove the no longer used diag_cmd commandJakub Hrozek2016-08-301-163/+0
| | | | | | | | | | | After introducing the watchdog, the diag_cmd is longer used and makes no sense trying to make it usable by watchdog as the result of "pstack %p" seems next to useless in this context. Related: https://fedorahosted.org/sssd/ticket/3051 Reviewed-by: Petr Čech <pcech@redhat.com>
* Monitor: Add support for disabling netlinkJustin Stephenson2016-08-171-9/+15
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2860 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* UTILS: Fixing duplication of pid file declarationPetr Cech2016-08-091-2/+1
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2978 Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SYSDB: Upgrade sysdb to use qualified names for users and groups, sudo rules ↵Jakub Hrozek2016-07-071-0/+1
| | | | | | | | | | and override objects Runs a sysdb upgrade that changes objects that represent users, groups, sudo rules and overrides to the new schema, which uses the fully qualified names. Reviewed-by: Sumit Bose <sbose@redhat.com>
* SYSDB: Allow passing a context to sysdb upgrade functionsJakub Hrozek2016-07-071-1/+3
| | | | | | | | | We decide on whether to upgrade or not based on a pointer value, not a boolean. This pointer points to a structure that the upgrade invoker (typically the monitor) can use to fill auxilary data the sysdb upgrade has no means of instantiating. Reviewed-by: Sumit Bose <sbose@redhat.com>
* Monitor: Add mode to generate confdb onlySimo Sorce2016-06-291-3/+21
| | | | | | | | | | With this mode we can add socket activated services and have systemd pre exec sssd to genrate the configuration file w/o starting the whole sssd if not necessary. https://fedorahosted.org/sssd/ticket/2243 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Monitor: Remove ping infrastructureSimo Sorce2016-06-292-226/+7
| | | | | | | | | | | Now thast services use an internal watchdog we do not need pings anymore, this will cut down the chatter and allow more flexible process management, for example socket activation and exit-on-idle. Resolves: https://fedorahosted.org/sssd/ticket/2921 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* confdb: Make it possible to use config snippetsMichal Židek2016-06-271-2/+4
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2247 Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss_tools: create confdb if not existPavel Březina2016-06-271-45/+3
| | | | | | | So tools (especially sssctl) may be run even when databases where removed. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Internal: Rename CONFDB_DEFAULT_CONFIG_FILEStephen Gallagher2016-05-111-1/+1
| | | | | | | | New name is SSSD_CONFIG_FILE. This is done because we will start to ship a static default configuration in addition to the runtime configuration. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Netlink: Ignore RTM_NEWADDR signals from link-localStephen Gallagher2016-04-061-0/+50
| | | | | | | | We only need to go online if we receive a netlink signal that might indicate that the external connection might have become available. This will never be true for link-local addresses. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SSSD: Add a new option diag_cmdJakub Hrozek2015-11-131-22/+194
| | | | | | | | | | | | | | | | | | | | This option is an optional one that is run when a sbus ping times out and before a SIGKILL signal is sent. It is undocumented by default. diag_cmd (string): A command that should be run for diagnostic purpose when an sbus timeout fails. The option value may contain %p which would be expanded for the process ID of the process that timed out Example: pstack %p This setting would print the stackstrace of the service whose ping timed out. Default: not set. Reviewed-by: Petr Cech <pcech@redhat.com>
* Monitor: Show service pings at debug level 8Stephen Gallagher2015-10-291-2/+3
| | | | | | | | | SSSDBG_CONF_SETTINGS is reserved for configuration information. These pings are generally just noise (when they fail, this is logged at SSDBG_FATAL_FAILURE). We should only log these at SSSDBG_TRACE_INTERNAL. Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Petr Cech <pcech@redhat.com>
* util: Update get_next_domain's interfaceMichal Židek2015-10-231-5/+5
| | | | | | | | | | | | Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MONITOR: Do not report missing file as fatal in monitor_config_fileMichal Židek2015-07-021-5/+5
| | | | | | | resolv.conf can be missing during boot. This is not fatal and we will check for its existence later. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MONITOR: Poll for resolv.conf if not available during bootMichal Židek2015-07-021-2/+36
| | | | | | | | | | If resolv.conf is not available when SSSD is starting, check for its existence later. Ticket: https://fedorahosted.org/sssd/ticket/2590 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Fix a few typos in commentsPavel Reichl2015-03-261-1/+1
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Add missing new lines to debug messagesLukas Slebodnik2015-03-172-11/+11
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: use hard coded getters instead of generatedPavel Březina2015-02-171-54/+3
| | | | | | | | | | | | | | | Properties are single value of a small number of predefined D-Bus types. There is no need to generate them with codegen. Actually, the source generator for property getters is already quite mess with branching for array, strings and object paths. Adding any more complex type in the future (such as dictionary) would require even more branching or creating a separate path for it. Hard coding the getters will simplify creating new ones for more complex types. This patch also reduces lots of code duplication and creates a simple function for GetAll. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MONITOR: Fix double freeLukas Slebodnik2015-02-121-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If kill timer was successfully executed then it will be released by libtevent. So we should not released it in mt_svc_exit_handler for the second time. [sssd] [mt_svc_exit_handler] (0x0040): Child [ifp] terminated with signal [9] [sssd] [talloc_log_fn] (0x0010): talloc: access after free error - first free may be at ../tevent_timed.c:351 [sssd] [talloc_log_fn] (0x0010): Bad talloc magic value - access after free ==19129== Invalid read of size 4 ==19129== at 0x50470CD: talloc_chunk_from_ptr (talloc.c:372) ==19129== by 0x50470CD: _talloc_free (talloc.c:1559) ==19129== by 0x11086C: mt_svc_exit_handler (monitor.c:2754) ==19129== by 0x8AF9B2F: sss_child_invoke_cb (child_common.c:181) ==19129== by 0x4E39823: tevent_common_loop_immediate (tevent_immediate.c:135) ==19129== by 0x4E3AF4D: poll_event_loop_once (tevent_poll.c:649) ==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530) ==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677) ==19129== by 0x84C4B02: server_loop (server.c:668) ==19129== by 0x10D9A6: main (monitor.c:3028) ==19129== Address 0xb8a06c0 is 64 bytes inside a block of size 176 free'd ==19129== at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==19129== by 0x50472F2: _talloc_free_internal (talloc.c:1057) ==19129== by 0x50472F2: _talloc_free (talloc.c:1581) ==19129== by 0x4E3D0A3: tevent_common_loop_timer_delay (tevent_timed.c:351) ==19129== by 0x4E3AF59: poll_event_loop_once (tevent_poll.c:653) ==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530) ==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677) ==19129== by 0x84C4B02: server_loop (server.c:668) ==19129== by 0x10D9A6: main (monitor.c:3028) Resolves: https://fedorahosted.org/sssd/ticket/2572 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* sbus: add new iface via sbus_conn_register_iface()Pavel Březina2015-01-232-14/+3
| | | | | | | | | | | | | | | | | | | Rename sbus_conn_add_interface() to sbus_conn_register_iface() and remove sbus_new_interface() calls since it is just one more unnecessary call outside the sbus code. The function sbus_new_interface() is made static and used directly in sbus_conn_register_iface(). The name was chosen to better describe what the function is doing. That it registers an interface on a given object path. The same interface can be used with different paths so it is not really about adding an interface. Preparation for: https://fedorahosted.org/sssd/ticket/2339 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* monitor: Service restart fixesStephen Gallagher2015-01-071-20/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are actually two bugs here: 1) When either the kill(SIGTERM) or kill(SIGKILL) commands returned failure (for any reason), we would talloc_free(svc) which removed it from being eligible for restart, resulting in the service never starting again without an SSSD service restart. 2) There is a fairly wide race condition where it's possible for a SIGKILL timer to "catch up" to the child exit handler between us noticing the termination and actually restarting it. The race happens because we re-enter the mainloop and add a restart timeout to avoid a quick failure if we keep restarting due to a transitory issue (the mt_svc object, and therefore the SIGKILL timer, were never freed until we got to the actual service restart). We can minimize this race by recording the timer_event for the SIGKILL timeout in the mt_svc object. This way, if the process exits via SIGTERM, we will immediately remove the timer for the SIGKILL. Additionally, we'll catch the special-case of an ESRCH response from the kill(SIGKILL) and assume that it means that the process has exited. The only other two possible errors are * EINVAL: (an invalid signal was specified) - This should be impossible, obviously. * EPERM: This process doesn't have permission to send signals to this PID. If this happens, it's either an SELinux bug or else the process has terminated and a new process that SSSD doesn't control has taken the ID over. So in the incredibly unlikely case that one of those occurs, we'll just go ahead and try to start a new process. This patch also removes the incorrect talloc_free(svc) calls on the kill() failures and replaces them with an attempt to just start up the service again and hope for the best. Resolves: https://fedorahosted.org/sssd/ticket/2525 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* MONITOR: Disable inlining of function load_configurationLukas Slebodnik2014-12-111-6/+12
| | | | | | | | | | | | | | | | | | | This reverts commit cff89439b21f8573c6896b09cb1a8d5f9de3144c. The previous fix was not sufficient and similar warning appears after different change in function load_configuration. src/monitor/monitor.c: In function ‘main’: src/monitor/monitor.c:2962:24: error: ‘monitor’ may be used uninitialized in this function [-Werror=maybe-uninitialized] monitor->is_daemon = !opt_interactive; ^ cc1: all warnings being treated as errors It's better to disable optimisation of function load_configuration after fail in chown(unlink) instead of checking errno for 0 and overriding it with EINVAL. Reviewed-by: Michal Židek <mzidek@redhat.com>
* Fix: always check return value of unlink()Pavel Reichl2014-11-281-1/+8
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2506 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MONITOR: Fix warning may be used uninitializedMichal Zidek2014-10-311-1/+3
| | | | | | | | | | | | | | | This warning is caused be change 579e5d4b7a3ca161ea7518b2996905fa22c15995 "MONITOR: Allow confdb to be accessed by nonroot user" src/monitor/monitor.c: In function ‘main’: src/monitor/monitor.c:2953:24: error: ‘monitor’ may be used uninitialized in this function [-Werror=maybe-uninitialized] monitor->is_daemon = !opt_interactive; ^ cc1: all warnings being treated as errors Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SSH: Run the ssh responder as the SSSD userJakub Hrozek2014-10-221-1/+2
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SUDO: Run the sudo responder as the SSSD userJakub Hrozek2014-10-221-1/+2
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* PAC: Run the pac responder as the SSSD userJakub Hrozek2014-10-221-1/+2
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* AUTOFS: Run the autofs responder as the SSSD userJakub Hrozek2014-10-221-1/+2
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* PAM: Run pam responder as nonrootMichal Zidek2014-10-221-1/+2
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* NSS: Run as a user specified by monitorJakub Hrozek2014-10-221-0/+3
| | | | | | | | | Adds the NSS responder to the list of services known to work as a non-root user and becomes the specified user after starting the NSS responder. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SYSDB: Allow calling chown on the sysdb file from monitorMichal Zidek2014-10-221-1/+2
| | | | | | | | Sysdb must be accessible for the nonroot sssd processes. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* MONITOR: Allow confdb to be accessed by nonroot userMichal Zidek2014-10-221-1/+12
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* BE: Own the sbus socket as the SSSD userJakub Hrozek2014-10-221-0/+8
| | | | | | | | | In some cases, the back end might still be running as root, but the responder would be running unprivileged. In this case, we need to allow connecting from the SSSD user ID. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SBUS: Allow connections from other UIDsJakub Hrozek2014-10-221-0/+3
| | | | | | | | | Unless dbus_connection_set_unix_user_function() is used, D-Bus only allows connections from UID 0. This patch adds a custom checker function that allows either UID 0 or the pre-configured SSSD user ID. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SBUS: Chown the sbus socket if neededJakub Hrozek2014-10-221-1/+5
| | | | | | | | | When setting up the sbus server, we might need to chown the sbus socket to make sure non-root peers, running as the SSSD user are able to access the file. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SSSD: Load a user to run a service as from configurationJakub Hrozek2014-10-221-0/+56
| | | | | | | | | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2370 Adds a option, user to run as, that is specified in the [sssd] section. When this option is specified, SSSD will run as this user and his private group. When these are not specified, SSSD will run as the configure-time user and group (usually root). Currently all services and providers are started as root. There is a temporary svc_supported_as_nonroot() function that returns true for a service if that service runs and was tested as nonroot and false otherwise. Currently this function always returns false, but will be amended in future patches. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SSSD: Add the options to specify a UID and GID to run asJakub Hrozek2014-10-201-1/+2
| | | | | | | | | Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MONITOR: Remove useless memory contextsJakub Hrozek2014-10-101-12/+2
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* UTIL: Do not depend on monitor codeJakub Hrozek2014-10-092-36/+0
| | | | | | | Just moves code around. There should be a way to use the server.c module without linking the monitor code. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MONITOR: Make internal functions staticJakub Hrozek2014-10-062-16/+13
| | | | | | | Several functions in the monitor.c file were not marked as static even though they were only used inside monitor.c Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SSSD: Send debug to stderr when running on foregroundJakub Hrozek2014-07-091-1/+20
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2348 When SSSD is running in interactive mode, we should print DEBUG messages directly to stderr, not journal. Reviewed-by: Michal Židek <mzidek@redhat.com>
* MONITOR: Signal InfoPipe to reconnect on SIGUSR2Jakub Hrozek2014-07-081-0/+9
| | | | | | | | When the monitor receives SIGUSR2, it also signals the IFP responder to attempt to reconnect to the system bus using the sysbusReconnect SBUS method. No action is taken by other responders. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IFP: Provide a SBUS method to reconnect to sysbusJakub Hrozek2014-07-083-0/+13
| | | | | | | | | Introduces a new method implemented only by the IFP responder. When this method is received, the responder attempts to reconnect to the system bus, if not connected already. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* utils: add get_known_services()Pavel Březina2014-05-281-2/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SBUS: Implement org.freedesktop.DBus.Properties.GetAll for primitive typesJakub Hrozek2014-05-271-2/+56
| | | | | | | | | | | | This patch implements the GetAll method of the org.freedesktop.DBus.Properties interface by iterating over the available getters and putting all the results into a single getter. The patch includes a unit test that exercies all currently supported array types. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
generated by cgit (git 2.34.1) at 2026-02-06 10:49:52 +0000