summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--server/examples/sssd.conf1
-rw-r--r--server/monitor/monitor.c4
-rw-r--r--server/providers/data_provider_be.c35
-rw-r--r--server/responder/nss/nsssrv_cmd.c43
-rw-r--r--server/responder/pam/pam_LOCAL_domain.c2
5 files changed, 34 insertions, 51 deletions
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf
index b15e92ff..c5fd7e65 100644
--- a/server/examples/sssd.conf
+++ b/server/examples/sssd.conf
@@ -23,7 +23,6 @@ timeout = 10
[services/monitor]
description = Service Monitor Configuration
sbusTimeout = 10
-servicePingTime = 10
[domains]
description = Domains served by SSSD
diff --git a/server/monitor/monitor.c b/server/monitor/monitor.c
index 16811224..69640b99 100644
--- a/server/monitor/monitor.c
+++ b/server/monitor/monitor.c
@@ -276,8 +276,10 @@ static void tasks_check_handler(struct tevent_context *ev,
}
if (svc->last_pong != 0) {
- if ((now - svc->last_pong) > 30) { /* TODO: get val from config */
+ if ((now - svc->last_pong) > (svc->ping_time * 3)) {
/* too long since we last heard of this process */
+ DEBUG(1, ("Killing service [%s], not responding to pings!\n",
+ svc->name));
monitor_kill_service(svc);
process_alive = false;
}
diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c
index 796ab532..3d824c39 100644
--- a/server/providers/data_provider_be.c
+++ b/server/providers/data_provider_be.c
@@ -543,22 +543,17 @@ static int be_pam_handler(DBusMessage *message, struct sbus_conn_ctx *sconn)
DBusError dbus_error;
DBusMessage *reply;
struct be_ctx *ctx;
- struct be_req *be_req;
dbus_bool_t ret;
void *user_data;
- struct pam_data *pd;
- uint32_t pam_status=99;
+ struct pam_data *pd = NULL;
+ struct be_req *be_req = NULL;
+ uint32_t pam_status = PAM_SYSTEM_ERR;
user_data = sbus_conn_get_private_data(sconn);
if (!user_data) return EINVAL;
ctx = talloc_get_type(user_data, struct be_ctx);
if (!ctx) return EINVAL;
- pd = talloc_zero(ctx, struct pam_data);
- if (!pd) return ENOMEM;
-
- dbus_error_init(&dbus_error);
-
reply = dbus_message_new_method_return(message);
if (!reply) {
DEBUG(1, ("dbus_message_new_method_return failed, cannot send reply.\n"));
@@ -566,6 +561,15 @@ static int be_pam_handler(DBusMessage *message, struct sbus_conn_ctx *sconn)
return ENOMEM;
}
+ /* return an error if no auth backend is configured */
+ if (!ctx->auth_ops)
+ goto done;
+
+ pd = talloc_zero(ctx, struct pam_data);
+ if (!pd) return ENOMEM;
+
+ dbus_error_init(&dbus_error);
+
ret = dp_unpack_pam_request(message, pd, &dbus_error);
if (!ret) {
DEBUG(1,("Failed, to parse message!\n"));
@@ -576,28 +580,23 @@ static int be_pam_handler(DBusMessage *message, struct sbus_conn_ctx *sconn)
DEBUG(4, ("Got request with the following data\n"));
DEBUG_PAM_DATA(4, pd);
- be_req = talloc(ctx, struct be_req);
- if (!be_req) {
- pam_status = PAM_SYSTEM_ERR;
+ be_req = talloc_zero(ctx, struct be_req);
+ if (!be_req)
goto done;
- }
+
be_req->be_ctx = ctx;
be_req->fn = be_pam_handler_callback;
be_req->pvt = reply;
be_req->req_data = pd;
ret = be_file_request(ctx, ctx->auth_ops->pam_handler, be_req);
- if (ret != EOK) {
- pam_status = PAM_SYSTEM_ERR;
+ if (ret != EOK)
goto done;
- }
return EOK;
done:
- if (be_req) {
- talloc_free(be_req);
- }
+ talloc_free(be_req);
DEBUG(4, ("Sending result [%d][%s]\n", pam_status, ctx->domain->name));
ret = dbus_message_append_args(reply,
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c
index f5555ed9..ba444ccf 100644
--- a/server/responder/nss/nsssrv_cmd.c
+++ b/server/responder/nss/nsssrv_cmd.c
@@ -347,7 +347,7 @@ static void nss_cmd_getpwnam_callback(void *ptr, int status,
cmdctx->name));
ret = ENOENT;
}
- if (dctx->domain == NULL) {
+ if (dom == NULL) {
DEBUG(2, ("No matching domain found for [%s], fail!\n",
cmdctx->name));
ret = ENOENT;
@@ -696,31 +696,22 @@ static void nss_cmd_getpwuid_callback(void *ptr, int status,
ret = EOK;
- for (dom = dctx->domain->next; dom; dom = dom->next) {
-
- ncret = nss_ncache_check_uid(nctx->ncache, nctx->neg_timeout,
+ dom = dctx->domain->next;
+ ncret = nss_ncache_check_uid(nctx->ncache, nctx->neg_timeout,
cmdctx->id);
- if (ncret == ENOENT) break;
-
- neghit = true;
- }
- /* reset neghit if we still have a domain to check */
- if (dom) neghit = false;
-
- dctx->domain = dom;
-
- if (neghit) {
+ if (ncret == EEXIST) {
DEBUG(3, ("Uid [%lu] does not exist! (negative cache)\n",
(unsigned long)cmdctx->id));
ret = ENOENT;
}
- if (dctx->domain == NULL) {
+ if (dom == NULL) {
DEBUG(0, ("No matching domain found for [%lu], fail!\n",
(unsigned long)cmdctx->id));
ret = ENOENT;
}
if (ret == EOK) {
+ dctx->domain = dom;
dctx->check_provider = (dctx->domain->provider != NULL);
if (dctx->res) talloc_free(res);
dctx->res = NULL;
@@ -1723,7 +1714,7 @@ static void nss_cmd_getgrnam_callback(void *ptr, int status,
cmdctx->name));
ret = ENOENT;
}
- if (dctx->domain == NULL) {
+ if (dom == NULL) {
DEBUG(2, ("No matching domain found for [%s], fail!\n",
cmdctx->name));
ret = ENOENT;
@@ -2057,31 +2048,23 @@ static void nss_cmd_getgrgid_callback(void *ptr, int status,
ret = EOK;
- for (dom = dctx->domain->next; dom; dom = dom->next) {
-
- ncret = nss_ncache_check_gid(nctx->ncache, nctx->neg_timeout,
- cmdctx->id);
- if (ncret == ENOENT) break;
+ dom = dctx->domain->next;
- neghit = true;
- }
- /* reset neghit if we still have a domain to check */
- if (dom) neghit = false;
-
- dctx->domain = dom;
-
- if (neghit) {
+ ncret = nss_ncache_check_gid(nctx->ncache, nctx->neg_timeout,
+ cmdctx->id);
+ if (ncret == EEXIST) {
DEBUG(3, ("Gid [%lu] does not exist! (negative cache)\n",
(unsigned long)cmdctx->id));
ret = ENOENT;
}
- if (dctx->domain == NULL) {
+ if (dom == NULL) {
DEBUG(0, ("No matching domain found for [%lu], fail!\n",
(unsigned long)cmdctx->id));
ret = ENOENT;
}
if (ret == EOK) {
+ dctx->domain = dom;
dctx->check_provider = (dctx->domain->provider != NULL);
if (dctx->res) talloc_free(res);
dctx->res = NULL;
diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c
index df2803e5..dc394ab8 100644
--- a/server/responder/pam/pam_LOCAL_domain.c
+++ b/server/responder/pam/pam_LOCAL_domain.c
@@ -407,7 +407,7 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
ret = sysdb_get_user_attr(lreq, lreq->dbctx,
preq->domain, preq->pd->user, attrs,
- local_handler_callback, preq);
+ local_handler_callback, lreq);
if (ret != EOK) {
DEBUG(1, ("sysdb_get_user_attr failed.\n"));