sssd.git/src/sss_client/ssh, branch sudo

ssh tools: Split connect and communication phases

2017-04-28T17:10:22+00:00

We can fallback after a connect error, but we cannot easily fall back
once we start sending data as we may have consumed part of the buffer so
reconnecting and sending what's left would not make sense.

Therefore we now fallback on connect errors, but we issue a hard fail if
error happens after communication has been established.

Resolves:
https://pagure.io/SSSD/sssd/issue/1498

Merges: https://pagure.io/SSSD/sssd/pull-request/3383

Signed-off-by: Simo Sorce 
Reviewed-by: Lukáš Slebodník

ssh tools: Fix issues with multiple IP addresses

2017-04-28T17:10:17+00:00

Cycle through all resolved address until one succeed or all fail.
This is needed for dual stack systems where either IPv4 or IPv6 are
improperly configured or selectively filtered at some point along the
route.

Resolves:
https://pagure.io/SSSD/sssd/issue/1498

Merges: https://pagure.io/SSSD/sssd/pull-request/3383

Signed-off-by: Simo Sorce 
Reviewed-by: Lukáš Slebodník

ssh tools: The ai structure is not an array,

2017-04-28T17:09:59+00:00

This structure is actually a linked list, so do not mislead readers by
treating it as an array.

Resolves:
https://pagure.io/SSSD/sssd/issue/1498

Merges: https://pagure.io/SSSD/sssd/pull-request/3383

Signed-off-by: Simo Sorce 
Reviewed-by: Lukáš Slebodník

SSH: Do not print an error message if sss_ssh_authorizedkeys is asked for a local user

2016-07-01T13:28:33+00:00

If an IPA client uses the SSH integration and a local user logs in with
SSH, the sss_ssh_authorizedkeys looks up their keys in the SSH
responder, which doesn't find the user and returns ENOENT. The
sss_ssh_authorizedkeys reports a failure on any error, including ENOENT
which produced a confusing error message in the logs.

This patch adds a new error code that handles users that are not found
by SSSD but exist on the system and also special cases root with the
same error code. Therefore, logging in as a local user no longer prints
an error message.

Resolves:
https://fedorahosted.org/sssd/ticket/3003

Reviewed-by: Pavel Březina

util: Continue if setlocale fails

2015-11-04T08:08:12+00:00

setlocale needs some environment variables
to be set in order to work. These variables
are not present in some special cases. We
should not fail completely in these cases
but continue with the compatible C locale.

Resolves:
https://fedorahosted.org/sssd/ticket/2785

Reviewed-by: Michal Židek

Remove trailing whitespace

2015-09-03T07:42:58+00:00

Reviewed-by: Lukáš Slebodník 
Reviewed-by: Nikolai Kondrashov

sssd: incorrect checks on length values during packet decoding

2015-08-31T16:34:26+00:00

https://fedorahosted.org/sssd/ticket/1697

It is safer to isolate the checked (unknown/untrusted)
value on the left hand side in the conditions
to avoid overflows/underflows.

Reviewed-by: Petr Cech

Make DEBUG macro invocations variadic

2014-02-12T21:30:55+00:00

Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.

This script was used to update the code:

grep -rwl --include '*.[hc]' DEBUG . |
    while read f; do
        mv "$f"{,.orig}
        perl -e \
            'use strict;
             use File::Slurp;
             my $text=read_file(\*STDIN);
             $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
             print $text;' < "$f.orig" > "$f"
        rm "$f.orig"
    done

Reviewed-by: Jakub Hrozek 
Reviewed-by: Stephen Gallagher 
Reviewed-by: Simo Sorce

Fix warnings: uninitialized variable

2013-07-22T09:44:09+00:00

SSH: Use separate field for domain name in client requests

2013-05-07T12:23:51+00:00

Instead of appending @domain to names when the --domain option of sss_ssh_* is
used, put domain name in a separate field in client requests.