summaryrefslogtreecommitdiffstats
path: root/src/util/util.h
Commit message (Collapse)AuthorAgeFilesLines
* utils: add sss_domain_is_forest_root()Sumit Bose2017-04-281-0/+1
| | | | | | | | | Related to https://pagure.io/SSSD/sssd/issue/3361 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 712e5b2e4465812c00a8667c75813322373bc657) (cherry picked from commit b5af4ce0bdfa05841c0a856868a7961269cd7bf4)
* UTILS: Fixing duplication of pid file declarationPetr Cech2017-01-091-0/+4
| | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2978 Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 08cd034c8584b6f058cf565ce66f7f9f7120622f)
* p11: add OCSP default responder optionsSumit Bose2016-09-191-0/+2
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 53ef8f81b60929a6c866efdd133627e7d7d61705)
* p11: add no_verification optionSumit Bose2016-09-191-1/+6
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit aa35995ef056aa8ae052a47c62c6750b7adf065e)
* UTIL: make domain mapping content testableSumit Bose2016-07-251-0/+4
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 2efebde7ddd5f1729a70ef4ec9de607cc393214c)
* Do not leak fds in case of failures setting up a child processJakub Hrozek2016-05-311-0/+14
| | | | | | | | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/3006 The handling of open pipes in failure cases was suboptimal. Moreover, the faulty logic was copied all over the place. This patch introduces helper macros to: - initialize the pipe endpoints to -1 - close an open pipe fd and set it to -1 afterwards - close both ends unless already closed These macros are used in the child handling code. The patch also uses child_io_destructor in the p11_child code for safer fd handling. Reviewed-by: Petr Cech <pcech@redhat.com>
* REFACTOR: umask(0177) --> umask(SSS_DFL_UMASK)Petr Cech2016-04-071-0/+2
| | | | | | | | | | | | | There are many calls of umask function with 0177 argument. This patch add new constant SSS_DFL_UMASK which stands for 0177. So all occurences of umask(0177) (except responder code) are replaced by constant SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit c299f997e20011536e365bc18e59e73f68629d2c)
* REFACTOR: umask(077) --> umask(SSS_DFL_X_UMASK)Petr Cech2016-04-071-0/+3
| | | | | | | | | | | | There are many calls of umask function with 077 argument. This patch add new constant SSS_DFL_X_UMASK which stands fot 077. So all occurences of umask(077) are replaced by constant SSS_DFL_X_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit f8e337540d280f944098cd4dd7d670e2f7166b54)
* UTIL: Move debug part from util.h -> new debug.hLukas Slebodnik2016-03-231-117/+1
| | | | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 558ec7d717735bb16c210c675c2cc5bee1da4576)
* UTIL: Provide varargs version of debug_fnLukas Slebodnik2016-02-231-0/+6
| | | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 22bbd95a48d21452fa5bb1a96b43334503bf8132)
* UTIL: Use prefix for debug functionLukas Slebodnik2016-02-231-8/+8
| | | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 2a44a8c6683cfea218ee5329bcfad953dfeb6746)
* p11: enable ocsp checksSumit Bose2015-11-261-0/+3
| | | | | | | | | | | | This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 544a20de7667f05c1a406c4dea0706b0ab507430)
* util: Update get_next_domain's interfaceMichal Židek2015-10-301-1/+4
| | | | | | | | | | | | | Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 877b92e80bde510d5cd9f03dbf01e2bcf73ab072)
* UTIL: Convert domain->disabled into tri-state with domain statesJakub Hrozek2015-09-211-0/+3
| | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* NSS: Don't ignore backslash in usernames with ldap providerLukas Slebodnik2015-09-011-0/+3
| | | | | | | | | | The regression was caused by changing default domain regex for ldap provider in ticket #2717 Resolves: https://fedorahosted.org/sssd/ticket/2772 Reviewed-by: Sumit Bose <sbose@redhat.com>
* UTIL: Provide a common interface to safely create temporary filesJakub Hrozek2015-08-141-0/+21
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* DEBUG: Add new debug category for fail over.Michal Židek2015-08-141-0/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* UTIL: Add sss_filter_sanitize_exJakub Hrozek2015-07-151-0/+5
| | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2553 In order to support wildcard request, we need to introduce an optionally relaxed version of sss_filter_sanitize that allows to select which characters are exempt from sanitizing. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* utils: add get_last_x_chars()Sumit Bose2015-06-191-0/+2
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* UTIL/SYSDB: Move new_subdomain() to sysdb_subdomains.c and make it privateJakub Hrozek2015-06-141-11/+0
| | | | | | | | | | | In order to make updating the subdomain list a two-step process. Therefore we need to make sure that update_subdomains() is the only interface towards the SSSD that changes the subdomain list. Move the new_subdomain() function to sysdb_subdomains.c and only make it available through a private header so it's usable by unit tests. Reviewed-by: Sumit Bose <sbose@redhat.com>
* SYSDB: Store trust direction for subdomainsJakub Hrozek2015-06-141-1/+2
| | | | | | | | | | | | We need to store the subdomain trust direction in order to recover the structure after SSSD restart. The trust direction is a plain uint32_t to avoid leaking the knowledge about AD trust directions to sysdb while at the same time making it easy to compare values between sysdb and LDAP and avoid translating the values. Reviewed-by: Sumit Bose <sbose@redhat.com>
* selinux: Only call semanage if the context actually changesJakub Hrozek2015-04-141-0/+2
| | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2624 Add a function to query the libsemanage database for a user context and only update the database if the context differes from the one set on the server. Adds talloc dependency to libsss_semanage. Reviewed-by: Michal Židek <mzidek@redhat.com>
* UTIL: Add a simple function to get the fd of debug_fileJakub Hrozek2015-04-141-0/+1
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sdap: properly handle binary objectGuid attributeSumit Bose2015-03-201-0/+7
| | | | | | | | | | | | | | Although in the initial processing SSSD treats the binary value right at some point it mainly assumes that it is a string. Depending on the value this might end up with the correct binary value stored in the cache but in most cases there will be only a broken entry in the cache. This patch converts the binary value into a string representation which is described in [MS-DTYP] and stores the result in the cache. Resolves https://fedorahosted.org/sssd/ticket/2588 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: convert GeneralizedTime to unix timePavel Reichl2015-03-051-0/+3
| | | | | | | | New utility function *sss_utc_to_time_t* to convert GeneralizedTime to unix time. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SELINUX: Set and reset umask when caling set_seuser from deamon codeJakub Hrozek2015-01-271-0/+4
| | | | | | https://fedorahosted.org/sssd/ticket/2563 Reviewed-by: Michal Židek <mzidek@redhat.com>
* IPA: properly handle mixed-case trusted domainsSumit Bose2015-01-231-0/+3
| | | | | | | | | | | | In the SSSD cache domain names are handled case-sensitive. As a result fully-qualified names in RDN contain the domain part in the original spelling. When IPA client lookup up group-memberships on the IPA server via the extdom plugin the names returned are all lower case. To make sure new DNs are generated correctly the domain part must adjusted. Related to https://fedorahosted.org/sssd/ticket/2159 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: Unify the fd_nonblocking implementationJakub Hrozek2015-01-151-0/+12
| | | | | | | The responder and child_common modules each had their own implementation. Unify it instead and add a unit test. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD/IPA: add krb5_confd_path configuration optionSumit Bose2014-11-251-0/+6
| | | | | | | | | With this new parameter the directory where Kerberos configuration snippets are created can be specified. Fixes https://fedorahosted.org/sssd/ticket/2473 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Enable views for all domainsSumit Bose2014-11-201-2/+1
| | | | | | | | | Currently views and overrides were only available for sub-domains, this patch enables the lookup for the configured domains as well. Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Add add_strings_lists() utility functionSumit Bose2014-11-051-0/+18
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: Add a function to convert id_t from a number or a nameJakub Hrozek2014-10-221-0/+2
| | | | | | | | | | | | We need a custom function that would convert a numeric or string input into uid_t. The function will be used to drop privileges in servers and also in the PAC and IFP responders. Includes a unit test to test all code that changed as well as a fix for a misnamed attribute in the csv_to_uid_list function synopsis. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SSSD: Chown the log filesJakub Hrozek2014-10-201-0/+1
| | | | | | | | | We need to chown the log files before dropping root to make sure they are usable by the SSSD user. Unfortunately, we can't just rely on passing the fd opened by root, because we need to be also able to rotate the log files. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* SSSD: Add the options to specify a UID and GID to run asJakub Hrozek2014-10-201-0/+7
| | | | | | | | | Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_semanage: Add mlsrange parameter to set_seuserMichal Zidek2014-10-201-1/+2
| | | | | | | mlsrange parameter will be needed in IPA provider and probably at some point in the tools as well. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* util: Move semanage related functions to src/utilMichal Zidek2014-10-201-0/+4
| | | | | | These functions will be reused by IPA provider. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sysdb: add overide lookup callsSumit Bose2014-10-201-0/+3
| | | | | | | | | | | sysdb_search_user_override_by_name() and sysdb_search_group_override_by_name() search for overrides in the given view. sysdb_add_overrides_to_object() adds the data from the override object to the original object and makes them available for further processing. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* UTIL: Always write capathsJakub Hrozek2014-10-161-2/+1
| | | | | | | | | We used to only generate the [capaths] section on the IPA server itself, when running in a trusted setup. But we also found out that the capaths are often required to make SSO fully work, so it's better to always generate them. Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
* UTIL: Move become_user outside krb5 treeJakub Hrozek2014-10-101-0/+9
| | | | | | | | In order for several other SSSD processes to run as a non-root user, we need to move the functions to become another user to a shared space in our source tree. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* UTIL: Do not depend on monitor codeJakub Hrozek2014-10-091-0/+2
| | | | | | | Just moves code around. There should be a way to use the server.c module without linking the monitor code. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: new options pam_trusted_users & pam_public_domainsPavel Reichl2014-09-291-0/+5
| | | | | | | | | | | | | pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Replace space: add some checksSumit Bose2014-09-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | This patch adds some additional checks if the option for replacing spaces in user and group names is used. When replacing space with the replacement character it is checked if the name already contains the replacement character. If it does the unmodified name is returned because in this case a revers operation would not be possible. For the reverse operation is it checked if the input contains both a space and the replacement character. If this is true the unmodified name is returned as well, because we have to assume that it is the original name because otherwise it wouldn't contain both characters. Additionally a shortcut if the replacement characters is a space and tests for the new checks are added. The man page is updated accordingly. Related to https://fedorahosted.org/sssd/ticket/1854 and https://fedorahosted.org/sssd/ticket/2397 . Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Only replace space with the specified substitutionJakub Hrozek2014-08-131-6/+6
| | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2397 - make sss_replace_whitespaces only replace space (' ') not any whitespace - make sss_replace_whitespaces only replace a single char, not the whole string - rename CONFDB_NSS_OVERRIDE_DEFAULT_WHITESPACE to CONFDB_NSS_OVERRIDE_DEFAULT_SPACE - rename the override_default_whitespace option to override_space - rename sss_replace_whitespaces() to sss_replace_space() - rename sss_reverse_replace_whitespaces() to sss_reverse_replace_space() - rename nctx->override_default_wsp_str to nctx->override_space - make the return value of sss_replace_space non-const to avoid freeing the result without compilation warnings Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* UTIL: remove get_username_from_uidJakub Hrozek2014-08-061-2/+0
| | | | | | The function was unused since 2009 and moreover it was synchronous. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* UTIL: Add functions for replacing whitespaces.Lukas Slebodnik2014-07-281-0/+8
| | | | | Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* UTIL: rename find_subdomain_by_object_namePavel Reichl2014-07-221-2/+2
| | | | | | | The function was named "find_subdomain" yet it could find both main domain and subdomain. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: rename find_subdomain_by_namePavel Reichl2014-07-221-3/+3
| | | | | | | | | The function was named "find_subdomain" yet it could find both main domain and subdomain. sed 's/find_subdomain_by_name/find_domain_by_name/' -i `find . -name "*.[ch]"` Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: rename find_subdomain_by_sidPavel Reichl2014-07-221-2/+2
| | | | | | | | | The function was named "find_subdomain" yet it could find both main domain and subdomain. sed 's/find_subdomain_by_sid/find_domain_by_sid/' -i `find . -name "*.[ch]"` Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: tokengroups do not work with id_provider=ldapPavel Reichl2014-07-211-0/+5
| | | | | | | | | | | | | | | | | | With plain LDAP provider we already have a sdap_handle, so it should be possible that in the case where sdom->pvt == NULL sdap_id_op_connect_send() can be skipped and sdap_get_ad_tokengroups_send() can be already send with the sdap_handle passed to sdap_ad_tokengroups_initgr_mapping_send(). So we should only fail if sdom->pvt == NULL and sh == NULL. if find_subdomain_by_sid() failed we can check if there is only one domain in the domain list (state->domain) and in this case continue with this domain since the LDAP provider does not know about sub-domains and hence can only have one configured domain. Resolves: https://fedorahosted.org/sssd/ticket/2345 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TOOLS: Always debug to stderrJakub Hrozek2014-07-091-0/+8
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2348 Programs that are supposed to only be executed on the foreground should log to stderr automatically. Reviewed-by: Michal Židek <mzidek@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-02 23:21:43 +0000