| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a function sss_cli_check_socket which checks
socket in client code. The socket is reopened in case of some
issues e.g. responder terminated connections ...
We use syscall poll for checking status of socket.
It's not 100% reliable method because there is still
chance that responder will terminate socket after this check.
Here is a schema of sss_*_make_request functions:
sss_cli_check_socket
sss_cli_make_request_nochecks {
sss_cli_send_req {
poll
send
}
sss_cli_recv_rep {
poll
read
}
}
The syscall pool does not return EPIPE directly but we convert
special revents from poll to EPIPE. As it was mentioned earlier,
checking of socket in the sss_cli_check_socket is not 100% reliable.
It can happen very rarely due to TOCTOU issue (Time of check to time of use)
We can return EPIPE from the sss_cli_make_request_nochecks function
in case of failure in poll in sss_cli_send_req. The send function
in sss_cli_send_req can also return EPIPE is responder close socket
in the same time. The send function can succeed in sss_cli_send_req
but it does not mean that responder read the message. It can happen
that timer for closing socket can be handled before reading a message.
Therefore there is a still a chance that we might return EPIPE in case
of failure in poll in sss_cli_recv_rep.
Therefore we need to reconnect to responder(sss_cli_check_socket)
in case of EPIPE returned from sss_cli_make_request_nochecks and
try to do the same request one more time.
Resolves:
https://fedorahosted.org/sssd/ticket/2626
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Patch for #2626 will be simpler with this small refactoring
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously the sma lock was used as for communication with
responder. However it would cause a deadlock in case of
re-checking memcache after acquiring the lock and before communication with
responder..
Required by:
https://fedorahosted.org/sssd/ticket/2581
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although errno was cleared in function sss_nss_make_request
some sss glic functions set errno with value of output argument errnop.
Reproducer:
* sssd compiled with enabled option sss-default-nss-plugin
* sss is the last value in group (/etc/nsswitch.conf)
* sssd-client is installed but sssd is stopped.
C-program:
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <grp.h>
int main(int argc, char *argv[])
{
struct group *p_group;
setgrent();
while (1) {
errno = 0; /* initialize for getgrent() */
p_group = getgrent();
if (p_group == NULL) {
if (errno == 0) {
break; /* end of groups */
} else {
perror("getgrent");
printf("getgrent error %d \n", errno);
endgrent();
exit(-2);
}
}
printf("getgrent() OK group(%d) = %s \n",
p_group->gr_gid, p_group->gr_name);
}
exit(0);
}
Resolves:
https://fedorahosted.org/sssd/ticket/2619
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The PAC responder by default allows only connections from the root user.
This patch opens the socket to the PAC responder before the krb5_child
drops privileges so the connection seemingly comes from root.
https://fedorahosted.org/sssd/ticket/2559
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
glibc is inconsistent with how it treats and returns NSS_STATUS_UNAVAIL.
The sss nss plugin is present in nsswitch by default on some platforms
due to glibc caching and problem with long living applications (e.g. GNOME).
But sssd needn't be configuread and it cause problems in some programs.
In this situation, the SSSD nss plugin should behave as if it was functioning
but had no data even thought sssd is not running. The errors have to be passed
from nss plugin up to the user with minimal moidiffication.
Thanks to Stephen Gallagher for initial patch.
Resolves:
https://fedorahosted.org/sssd/ticket/2439
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We had in source code following pattern #elif HAVE_<name>
It worked because undefined identifier(in some cases) was evaluated to 0.
But we do not care about value of HAVE_SOMETHING. We just need to know
whether identifier was defined.
There is not equivalent to #ifdef (short for of #if definded)
We need to use long form: #elif defined HAVE_<name>
It causes also compiler warning with enabled compiler flag -Wundef.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
| |
resolves:
https://fedorahosted.org/sssd/ticket/1359
|
| |
|
|
|
|
| |
last argument of function sss_strnlen "size_t *len" is output variable.
We need to increment value of size_t being pointed to by pointer instead of
incrementing pointer.
|
| | |
|
| |
|
|
|
| |
* Protect the fd with a mutex when closing
* Set it to a safe value after closing
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1569
|
| |
|
|
|
|
|
|
|
|
|
| |
This cause troubles when we send data to a pipe and close the
file descriptor before data is read. The pipe is still readable,
but POLLHUP is detected and we fail to read them.
For example, this may cause a user beeing unable to log in.
Now if POLLHUP appears, we read the pipe and then close it on
the client side too.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1460
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1379
|
| | |
|
| |
|
|
|
|
|
|
| |
Note we set MSG_NOSIGNAL to avoid
having to fiddle with signal masks
but also do not want to die in case
SIGPIPE gets raised and the application
does not handle it.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the library the autofs client is using. automounter dlopen()s
the library so there is no header file, no pkgconfig file and the
library is in the libsss_autofs package, not in -devel.
The library provides the following interface:
* _sss_setautomntent() - select the map for processing
* _sss_getautomntent_r() - iterates through key/value pairs in the
selected map. The key is usually the mount
point, the value is mount information
(server:/export)
* _sss_getautomntbyname_r() - returns value for a specific key.
* _sss_endautomntent() deselect a map, clean up
|
| |
|
|
|
|
|
| |
There were many places in the client code where we were
duplicating a loop to copy data in from the response buffer. This
patch turns those loops into a function for easier maintenance and
easier-to-read *readrep() routines.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
If a pam or nss module is dlcolse()d and unloaded we were leaking
the file descriptor used to communicate to sssd in the process.
Make sure the fucntion used to close the socket file descriptor is
called on dlclose()
Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
|
| | |
|
| |
|
|
|
|
|
| |
select is limited to fd numbers up to 1024, we need to use poll() here
to avoid causing memory corruption in the calling process.
Fixes: https://fedorahosted.org/sssd/ticket/861
|
| | |
|
| |
|
|
| |
Fixes: https://fedorahosted.org/sssd/ticket/790
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/723
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/723
|
| |
|
|
|
|
|
|
|
|
| |
Add mutexes around nss operations and serialize them.
This is necessary because nss operations may have global state.
For pam it is sufficient to protect socket operations instead.
As pam functions use only the provided pam handler.
Fixes: https://fedorahosted.org/sssd/ticket/640
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/657
|
| |
|
|
| |
This is useful for guaranteeing the size of an input buffer.
|
| |
|
|
|
|
|
| |
Currently the PAM and NSS client just return an error if there are
problems on an open socket. This will lead to problems in long running
programs like gdm if sssd is restarted, e.g. during an update. With this
patch the socket is closed and reopened.
|
| |
|
|
|
|
|
| |
We need to guarantee at all times that reads and writes complete
successfully. This means that they must be checked for returning
EINTR and EAGAIN, and all writes must be wrapped in a loop to
ensure that they do not truncate their output.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the second attempt to let the PAM client and the PAM responder
exchange their credentials, i.e. uid, gid and pid. Because this approach
does not require any message interchange between the client and the
server the protocol version number is not changed.
On the client side the connection is terminated it the responder is not
run by root. On the server side the effective uid and gid and the pid of
the client are available for future use.
The following additional changes are made by this patch:
- the checks of the ownership and the permissions on the PAM sockets are
enhanced
- internal error codes are introduced on the client side to generate
more specific log messages if an error occurs
|
| |
|
|
| |
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
|
| |
|
|
|
|
| |
buf needs to be 32 bit aligned on ARM. Also made the fix on the server side.
Signed-off-by: George McCollister <George.McCollister@gmail.com>
|
| |
|
|
|
| |
- check if the public socket belongs to root and has 0666 permissions
- use a SCM_CREDENTIALS message if available
|
|
|
Also update BUILD.txt
|
