| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
To be able to include string_in_list() without additional
dependencies it is moved into a separate file.
Related to https://pagure.io/SSSD/sssd/issue/3050
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
To be able to include split_on_separator() without additional
dependencies (only talloc), it is moved into a separate file.
Related to https://pagure.io/SSSD/sssd/issue/3050
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Introducing valid usernames with a trailing newline character triggers
the removal of valid LDB cache entries.
Resolves:
https://pagure.io/SSSD/sssd/issue/3317
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Similarly to the --socket-activated cmd option, --dbus-activated cmd
option is going to be used for dbus-activated responders in order to
easily setup a timeout to shutdown the idle responder in case it has
been socket activated and is idle.
This option has been encapsulated on is_dbus_activated() function,
which will always return "false" when called on platforms where systemd
is not supported.
For now any of the services are taking advantage of this newly
introduced option/function, but later on in this series it's going to be
used.
In order to use it, just add SSSD_RESPONDER_OPTS to the poptOption
structure.
Related:
https://fedorahosted.org/sssd/ticket/2243
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This option is going to be used for socket-activated responders as they
are special in some ways. So, by knowing this option we can:
- skip owning the debug files as it will be done by the responders' unit
files;
- skip "become_user()", as the process will already be started by the
proper user bu the responders' unit files;
- setup a timeout to shutdown the responder in case it has been
socket-activated and is idle.
This option has been encapsulated on is_socket_activated() function,
which will always return "false" when called on platforms where systemd
is not supported.
For any of the services are taking advantage of this newly introduced
option/function, but later on in this series it's going to be used.
In order to use it, just add SSSD_RESPONDER_OPTS to the poptOption
structure.
Related:
https://fedorahosted.org/sssd/ticket/2243
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Some messages did not have errno or name of problematic file.
There was also improper use of negative value.
The function strerror was called with -1 instead of errno
Reviewed-by: Petr Čech <pcech@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the sudoUser values we fetch from LDAP correspond to a user or a
group name per:
http://www.sudo.ws/man/1.8.14/sudoers.ldap.man.html
then we parse the usernames into (name,domain) tuples and store them
qualified.
This patch not only makes the sudo provider work with qualified names,
but also makes it possible to use qualified names on the LDAP side,
allowing for example AD users from different domains to access sudo
rules.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
This function is not used anywhere and const char ** suits better
in my use case (next patch) so I just changed the function.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.
Resolves https://fedorahosted.org/sssd/ticket/2812
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
There is no need to have executable unique_file.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2553
In order to support wildcard request, we need to introduce an optionally
relaxed version of sss_filter_sanitize that allows to select which
characters are exempt from sanitizing.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
New utility function *sss_utc_to_time_t* to convert GeneralizedTime to
unix time.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
The responder and child_common modules each had their own
implementation. Unify it instead and add a unit test.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need a custom function that would convert a numeric or string input
into uid_t. The function will be used to drop privileges in servers and
also in the PAC and IFP responders.
Includes a unit test to test all code that changed as well as a fix for
a misnamed attribute in the csv_to_uid_list function synopsis.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While parsing string with multiple whitespaces, it may happen variable i is
zero and we want to test end of argument "tmp[i-1] != '\0'". Side effect of
this bug is duplicite string output array.
Input string: "foo b"
Expected output: { "foo", "a", NULL }
Output: { "foo", "foo", "a", NULL }
This patch uses inverted logic. Instead of testing whether to read next char or
skip multiple whitespaces, we will test whether we have new argument which
should be stored in output array.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Original patches submitted by: mpesari(Thanks!!)
It can cause problems if user will hit spaces before entering username.
(e.g in gdm). Spaces are ignored by LDAP; it's better to escape them.
Resolves:
https://fedorahosted.org/sssd/ticket/1955
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
| |
I find it more readable to include headers from outside the sssd tree
with <foo.h>, not "foo.h". The latter should be used for in-tree headers
only.
|
|
|
|
|
| |
Added functions to check if given IP address is a special address
(broadcast, multicast...).
|
| |
|
|
|
|
|
|
|
| |
We use constant AF_INET6 in util.c, but we do not explicitly include header
file sys/socket.h. This header file was indirectly incuded by another header
file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can
have other dependencies among header files.
|
|
|
|
|
| |
The utility function will be reused to guess search base from the base
DN of AD trusted domains.
|
|
|
|
|
| |
This is useful for wiping passwords, as it prevents the compiler from
optimizing out a memset to zero before a free()
|
|
|
|
|
|
|
|
|
|
| |
Added new parameter to split_on_separator that allows to skip
empty values.
The whole function was rewritten. Unit test case was added to
check the new implementation.
https://fedorahosted.org/sssd/ticket/1484
|
|
|
|
|
| |
We need to allocate num_services+2 - one extra space for the new service
and one for NULL.
|
|
|
|
|
|
|
|
| |
string_in_list() and add_string_to_list() are two utilities for NULL
terminated strings arrays. add_string_to_list() adds a new string to an
existing list or creates a new one with the strings as only item if
there is not list. string_in_list() checks if a given string is in the
list. It can be used case sensitive or in-sensitive.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1365
|
|
|
|
|
|
| |
We'll be using it on various places of the SSSD. The function is in its
own file to allow using just the one piece without having to drag in the
whole util.c module.
|
|
|
|
| |
Also adds a unit test for sss_atomic_io()
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
It was returning the size of the array, rather than the number of
elements. (The array was NULL-terminated). This argument was only
used in one place that was actually working around this odd return
value.
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/871
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/720
|
|
|
|
| |
Also adds a unit test.
|
|
|
|
|
| |
sss_hash_create() produces a dhash table living in the talloc
hierarchy.
|
| |
|
|
|
|
| |
Includes a unit test
|
| |
|
|
Also update BUILD.txt
|