sssd.git/src/responder, branch sudo Unnamed repository; edit this file 'description' to name the repository. PAM: Avoid overwriting pam_status in _lookup_by_cert_done() 2017-10-09T08:03:15+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-10-06T11:04:15+00:00 82464078c0d38421b788393838ebfa401aa1391e In case add_pam_cert_response() failed pam_status has to be set to PAM_AUTHINFO_UNAVAIL. Although it's done properly in the code, pam_status was overwritten just after the if block with PAM_SUCCESS. The original faulty code was added as part of 32474fa2f0. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> 
In case add_pam_cert_response() failed pam_status has to be set to
PAM_AUTHINFO_UNAVAIL. Although it's done properly in the code,
pam_status was overwritten just after the if block with PAM_SUCCESS.

The original faulty code was added as part of 32474fa2f0.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
KCM: Add some forgotten NULL checks 2017-10-04T07:05:55+00:00 Jakub Hrozek jhrozek@redhat.com 2017-09-28T15:51:11+00:00 613a832d5bbf4c8174adbc1dcd881c59660cb0f1 Several memory allocations across the KCM codebase did not check their result for NULL. This patch fixes that. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Several memory allocations across the KCM codebase did not check their
result for NULL. This patch fixes that.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
KCM: Use the right memory context 2017-10-04T07:05:55+00:00 Jakub Hrozek jhrozek@redhat.com 2017-09-27T14:48:06+00:00 3e4fe6cc59419ce4c178e9ad31cd1069ab375e9b Inside the tevent request, we should use 'state' as the intermediate memory context and steal the result up to 'mem_ctx' on success. 'mem_ctx' itself should only be used to create the tevent_req as the first thing during the request creation. However, this bug is not very severe as the mem_ctx was always the KCM operation memory context, so the memory was freed when the operation terminated. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Inside the tevent request, we should use 'state' as the intermediate
memory context and steal the result up to 'mem_ctx' on success.
'mem_ctx' itself should only be used to create the tevent_req as the
first thing during the request creation.

However, this bug is not very severe as the mem_ctx was always the KCM
operation memory context, so the memory was freed when the operation
terminated.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
KCM: Do not leak newly created ccache in case the name is malformed 2017-10-04T07:05:55+00:00 Jakub Hrozek jhrozek@redhat.com 2017-09-19T11:45:19+00:00 7f68de6c2e6aaed1929dfbcf1a73606c9b79fd64 This is not a big deal as the mem_ctx parameter of the operation is typically just a short-lived operation context. Nonetheless, it is best practice to not rely on how the memory context is set up in utility functions. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
This is not a big deal as the mem_ctx parameter of the operation is
typically just a short-lived operation context. Nonetheless, it is best
practice to not rely on how the memory context is set up in utility
functions.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
IFP: parse ping arguments in codegen 2017-09-25T19:41:39+00:00 Pavel Březina pbrezina@redhat.com 2017-09-22T08:47:30+00:00 1024dbcba0c16fb5df5e6d16894a8c7a36dc75f2 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Fix warning declaration of 'index' shadows a global declaration 2017-09-25T19:35:39+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-09-06T11:48:34+00:00 39e300314cb43e534179a6950274e1e9c9a48465 src/responder/common/cache_req/cache_req.c: In function 'cache_req_add_result': src/responder/common/cache_req/cache_req.c:587: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c:387: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c: In function 'nss_getent_get_result': src/responder/nss/nss_cmd.c:433: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c: In function 'nss_endent': src/responder/nss/nss_cmd.c:671: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_protocol_netgr.c: In function 'nss_protocol_fill_netgrent': src/responder/nss/nss_protocol_netgr.c:113: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
src/responder/common/cache_req/cache_req.c: In function 'cache_req_add_result':
src/responder/common/cache_req/cache_req.c:587: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here

src/responder/nss/nss_cmd.c:387: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here
src/responder/nss/nss_cmd.c: In function 'nss_getent_get_result':
src/responder/nss/nss_cmd.c:433: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here
src/responder/nss/nss_cmd.c: In function 'nss_endent':
src/responder/nss/nss_cmd.c:671: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here

src/responder/nss/nss_protocol_netgr.c: In function 'nss_protocol_fill_netgrent':
src/responder/nss/nss_protocol_netgr.c:113: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
RESPONDER: Fix "-Wold-style-definition" caught by GCC 2017-09-25T19:35:22+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-09-09T12:57:01+00:00 d8d49ae91708a2360c5c8f7a01e531952e2f7771 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
NSS: Fix "-Wold-style-definition" caught by GCC 2017-09-25T19:34:34+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-10-12T15:08:16+00:00 0e6248c60791ccfe840a2938f27b56b9e72370e3 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Print a warning when enumeration is requested but disabled 2017-09-25T12:33:06+00:00 AmitKumar amitkuma@redhat.com 2017-07-24T14:45:13+00:00 c33fa33065b1211dba5ea2909bac62843a72e8b5 Add an explanatory message to be logged once, at the start-up, mentioning that in case enumeration is not enabled, getent passwd won't return all users by design. The debug level chosen to show the message is SSS_LOG_NOTICE. Resolves: https://pagure.io/SSSD/sssd/issue/2301 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Add an explanatory message to be logged once, at the start-up,
mentioning that in case enumeration is not enabled, getent passwd won't
return all users by design.
The debug level chosen to show the message is SSS_LOG_NOTICE.

Resolves:
https://pagure.io/SSSD/sssd/issue/2301

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SUDO: Use initgr_with_views when looking up a sudo user 2017-09-08T15:02:49+00:00 Jakub Hrozek jhrozek@redhat.com 2017-08-22T20:32:19+00:00 dee665060ba71ff61ad223e755ae61441118fbba The sudo responder code didn't take views into account when looking for rules, which resulted in sudo rules being ignored if the user's name was overriden. Please see the ticket for a detailed info on how to reproduce the bug. Resolves: https://pagure.io/SSSD/sssd/issue/3488 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
The sudo responder code didn't take views into account when looking for
rules, which resulted in sudo rules being ignored if the user's name was
overriden.

Please see the ticket for a detailed info on how to reproduce the bug.

Resolves:
https://pagure.io/SSSD/sssd/issue/3488

Reviewed-by: Pavel Březina <pbrezina@redhat.com>