| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This option is an optional one that is run when a sbus ping times out
and before a SIGKILL signal is sent.
It is undocumented by default.
diag_cmd (string):
A command that should be run for diagnostic purpose when an sbus timeout
fails. The option value may contain %p which would be expanded for the
process ID of the process that timed out
Example:
pstack %p
This setting would print the stackstrace of the service whose ping timed out.
Default: not set.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
| |
This debug message is mostly a left over from development and doesn't
give us any useful information. It is just annoying in the logs.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Extend PAM responder unit test to check 'online' cached authentication.
Resolves:
https://fedorahosted.org/sssd/ticket/2697
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Split pam_test_setup() so domain and pam parameters can be easily set
distinctly for each test.
Resolves:
https://fedorahosted.org/sssd/ticket/2697
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Like lookup by ID or by UPN the match for lookups by certificate can be
found in any domain and all sub-domains must be included in the search.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
It is not necessary to invalidate memory cache before removing
them. The sssd_client can handle it without any problem.
This reverts commit eabc1732ef91548616a699b7e9f8d30e5e7b8dd3.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Long living clients should be able to reinitialize
memory cache which was removed but it not initialized.
This patch also remove workaround in test_local_domain.py
Test for:
https://fedorahosted.org/sssd/ticket/2726
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2726
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the memory cache was not initialized and there was a failure in
initialisation of memory cache context (e.g. memory cache file
does not exist) then mc_context had to be destroyed to release
resources.
However the count of active threads in sss_cli_mc_ctx is already higher
than zero because current thread is working wih the mc_context.
But this counter was zero-ed with memset in sss_nss_mc_destroy_ctx
due to issue with initialisation of memory cache.
Then we have to decrease counter of active thread in function
sss_nss_mc_get_ctx because initialisation of mc failed.
And the result of this decrement is underflow of counter.
Related to:
https://fedorahosted.org/sssd/ticket/2726
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
| |
If leak_check_setup is not called then global_talloc_context
was not initialized and check_leaks_pop(global_talloc_context) will fail.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
| |
If we are already requested used then we needn't to call
setreeuid(), setresgid(). But we forgot to relase local
struct sss_creds *ssc, which is used for returnig saved credentials.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When ifp_users_user_get_groups is called, for example via GetAll and
the list of groups contains a non-POSIX group, we skip an array member,
resulting in random memory being passed to the caller.
Resolves:
https://fedorahosted.org/sssd/ticket/2863
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
It could be unitialized only in case if we add new enum be_ptask_schedule
Currently, we have only BE_PTASK_SCHEDULE_FROM_NOW and
BE_PTASK_SCHEDULE_FROM_LAST which are properly covered in switch case.
src/providers/dp_ptask.c:200: warning: ‘tv’ may be used uninitialized in this function
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The syslog.target is not part of systemd anymore.
The non-socket-activated syslog daemons are not supported in systemd >= 35
and in the same version it was recomemded to not use this target in service
files.
http://www.freedesktop.org/wiki/Software/systemd/syslog/
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
This gets rid of confusing debug message:
[be_client_destructor] (0x0020): Unknown client removed ...
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/tests/cmocka/test_sss_sifp.c: In function 'test_sss_sifp_strdup_valid':
src/tests/cmocka/test_sss_sifp.c:153: warning: declaration of 'dup' shadows a global declaration
/usr/include/unistd.h:528: warning: shadowed declaration is here
src/tests/cmocka/test_sss_sifp.c: In function 'test_sss_sifp_strdup_null':
src/tests/cmocka/test_sss_sifp.c:163: warning: declaration of 'dup' shadows a global declaration
/usr/include/unistd.h:528: warning: shadowed declaration is here
src/tests/cmocka/test_sdap.c: In function '__wrap_ldap_next_attribute':
src/tests/cmocka/test_sdap.c:203: warning: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: warning: shadowed declaration is here
src/tests/cmocka/test_responder_cache_req.c: In function 'prepare_user':
src/tests/cmocka/test_responder_cache_req.c:163: warning: declaration of 'time' shadows a global declaration
/usr/include/time.h:186: warning: shadowed declaration is here
src/tests/cmocka/test_responder_cache_req.c: In function 'prepare_group':
src/tests/cmocka/test_responder_cache_req.c:244: warning: declaration of 'time' shadows a global declaration
/usr/include/time.h:186: warning: shadowed declaration is here
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/sbus/sssd_dbus_invokers.c -fPIC -DPIC -o src/sbus/.libs/libsss_util_la-sssd_dbus_invokers.o
src/sbus/sssd_dbus_introspect.c: In function 'sbus_introspect_generate_signals':
src/sbus/sssd_dbus_introspect.c:206: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_introspect.c: In function 'sbus_introspect_generate_properties':
src/sbus/sssd_dbus_introspect.c:243: warning: declaration of 'access' shadows a global declaration
/usr/include/unistd.h:288: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c:29: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_new_incoming_signal':
src/sbus/sssd_dbus_signals.c:39: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_incoming_signal_hash_add':
src/sbus/sssd_dbus_signals.c:73: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_incoming_signal_hash_lookup':
src/sbus/sssd_dbus_signals.c:134: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_listen':
src/sbus/sssd_dbus_signals.c:168: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_handler':
src/sbus/sssd_dbus_signals.c:227: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_signals.c: In function 'sbus_signal_handler_got_caller_id':
src/sbus/sssd_dbus_signals.c:264: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_common_signals.c: In function 'sbus_signal_name_owner_changed':
src/sbus/sssd_dbus_common_signals.c:30: warning: declaration of 'signal' shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
src/sbus/sssd_dbus_common_signals.c: In function ‘sbus_signal_name_owner_changed’:
src/sbus/sssd_dbus_common_signals.c:30: warning: declaration of ‘signal’ shadows a global declaration
/usr/include/signal.h:101: warning: shadowed declaration is here
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
src/responder/common/responder_cache_req.c: In function 'cache_req_input_set_name':
src/responder/common/responder_cache_req.c:199: warning: declaration of 'dup' shadows a global declaration
/usr/include/unistd.h:528: warning: shadowed declaration is here
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
src/providers/fail_over.c: In function ‘fo_ref_server’:
src/providers/fail_over.c:861: warning: value computed is not used
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
/sssd/src/tools/sss_override.c: In function ‘override_user_import’:
/sssd/src/tools/sss_override.c:1471: warning: declaration of ‘exit’ shadows a global declaration
/usr/include/stdlib.h:544: warning: shadowed declaration is here
/sssd/src/tools/sss_override.c: In function ‘override_group_import’:
/sssd/src/tools/sss_override.c:1737: warning: declaration of ‘exit’ shadows a global declaration
/usr/include/stdlib.h:544: warning: shadowed declaration is here
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
We could use SSS_DFL_UMASK instead of DFL_UMASK.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
There is no need to have executable unique_file.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We could use more restrictive umask in krb5_child. I found out that
there is directory creation, but it is done by create_ccache_dir()
which has its own umask setup.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
There aren't any documented files in directory src/sss_client/sudo/
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The state "struct sss_ldap_init_state" contains socket
created in function sss_ldap_init_send. We register callback
sdap_async_sys_connect_timeout for handling issue with connection
The tevent request "sss_ldap_init_send" is usually (nested) subrequest
of "struct resolve_service_state" related request created in fucntion
fo_resolve_service_send. Function fo_resolve_service_send also register
timeout callback fo_resolve_service_timeout to state "struct
resolve_service_state".
It might happen that fo_resolve_service_timeout will be called before
sss_ldap_init_send timeout and we could not handle tiemout error
for state "struct sss_ldap_init_state" and therefore created socket
was not closed.
We tried to release resources in function sdap_handle_release.
But the structure "struct sdap_handle" had not been initialized yet
with LDAP handle and therefore associated file descriptor could not be closed.
[fo_resolve_service_timeout] (0x0080): Service resolving timeout reached
[fo_resolve_service_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[110]
[sdap_handle_release] (0x2000): Trace: sh[0x7f6713410270], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory
[be_resolve_server_done] (0x1000): Server resolution failed: 14
[be_resolve_server_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[14]
[check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)]
Resolves:
https://fedorahosted.org/sssd/ticket/2792
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It would be better to not use 'ssh' or 'sshd' here at all but something like
'pam_test_service' to indicate that it is a generic name.
Because a default value should not lead to a code path which handles a
special case. The general PAM responder test should not run through the
'sshd' case in pam_reply() only if the service is set explicitly to
'sshd' this features should be tests.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While handling well-known SIDs a debug statement tries to access memory that is
already freed. This can be seen with the following output from valgrind.
==17600== Invalid read of size 4
==17600== at 0x805ACC6: nss_cmd_getbysid (nsssrv_cmd.c:5458)
==17600== by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509)
==17600== by 0x80662F4: sss_cmd_execute (responder_cmd.c:161)
==17600== by 0x8067015: client_cmd_execute (responder_common.c:249)
==17600== by 0x80671F5: client_recv (responder_common.c:283)
==17600== by 0x806741C: client_fd_handler (responder_common.c:335)
==17600== by 0x45F5112: epoll_event_loop (tevent_epoll.c:728)
==17600== by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926)
==17600== by 0x45F32EE: std_event_loop_once (tevent_standard.c:114)
==17600== by 0x45EF3BF: _tevent_loop_once (tevent.c:530)
==17600== by 0x45EF5AB: tevent_common_loop_wait (tevent.c:634)
==17600== by 0x45F326E: std_event_loop_wait (tevent_standard.c:140)
==17600== by 0x45EF647: _tevent_loop_wait (tevent.c:653)
==17600== Address 0x4b248a0 is 72 bytes inside a block of size 88 free'd
==17600== at 0x402C26D: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==17600== by 0x45FEC9E: _talloc_free_internal (talloc.c:1057)
==17600== by 0x45FEC9E: _talloc_free (talloc.c:1581)
==17600== by 0x8066085: sss_cmd_done (responder_cmd.c:93)
==17600== by 0x805A9B0: nss_check_well_known_sid (nsssrv_cmd.c:5382)
==17600== by 0x805AC86: nss_cmd_getbysid (nsssrv_cmd.c:5455)
==17600== by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509)
==17600== by 0x80662F4: sss_cmd_execute (responder_cmd.c:161)
==17600== by 0x8067015: client_cmd_execute (responder_common.c:249)
==17600== by 0x80671F5: client_recv (responder_common.c:283)
==17600== by 0x806741C: client_fd_handler (responder_common.c:335)
==17600== by 0x45F5112: epoll_event_loop (tevent_epoll.c:728)
==17600== by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926)
==17600== by 0x45F32EE: std_event_loop_once (tevent_standard.c:114)
==17600==
The patch contains a change to the unit tests which frees the memory in
the wrapper for sss_cmd_done() too. This allows to detect this kind of
issue in the unit tests as well.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2785
Test local domain tool with wrong LC_ALL
environment variable value.
NOTE: The memory cache files are not deleted
properly in the test teardown to work around the
problem described in ticket
https://fedorahosted.org/sssd/ticket/2726
Once the ticket above is solved, the teardown
will be updated to remove the memory cache
files.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Failed setlocale call could cause unexpected
behaviour. It is better to generate DEBUG
message if this happens.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
setlocale needs some environment variables
to be set in order to work. These variables
are not present in some special cases. We
should not fail completely in these cases
but continue with the compatible C locale.
Resolves:
https://fedorahosted.org/sssd/ticket/2785
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Set PAM_SYSTEM_ERR as default pam_status to ensure that we always must
set PAM_SUCCESSS explicitly for a successful authentication and will
really return an error in all other cases.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
When only str_dn is requested, ldb_dn is freed. This triggers access
after free since str_dn is part of ldb_dn talloc context.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2736
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
There was a mistake in the code which resulted in exporting one
domain several times if multiple domain were configured.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
popt don't handle merging NULL option table, thus common and help
options were not displayed when command doesn't have any options.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
| |
Manual pages were not cleaned by default.
They were cleaned in make distcheck because USE_NLS was yes.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
SSSDBG_CONF_SETTINGS is reserved for configuration information. These
pings are generally just noise (when they fail, this is logged at
SSDBG_FATAL_FAILURE). We should only log these at SSSDBG_TRACE_INTERNAL.
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Petr Cech <pcech@redhat.com>
|
