diff options
-rw-r--r-- | server/examples/sssd.conf | 1 | ||||
-rw-r--r-- | server/monitor/monitor.c | 4 | ||||
-rw-r--r-- | server/providers/data_provider_be.c | 35 | ||||
-rw-r--r-- | server/responder/nss/nsssrv_cmd.c | 43 | ||||
-rw-r--r-- | server/responder/pam/pam_LOCAL_domain.c | 2 |
5 files changed, 34 insertions, 51 deletions
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf index b15e92ff..c5fd7e65 100644 --- a/server/examples/sssd.conf +++ b/server/examples/sssd.conf @@ -23,7 +23,6 @@ timeout = 10 [services/monitor] description = Service Monitor Configuration sbusTimeout = 10 -servicePingTime = 10 [domains] description = Domains served by SSSD diff --git a/server/monitor/monitor.c b/server/monitor/monitor.c index 16811224..69640b99 100644 --- a/server/monitor/monitor.c +++ b/server/monitor/monitor.c @@ -276,8 +276,10 @@ static void tasks_check_handler(struct tevent_context *ev, } if (svc->last_pong != 0) { - if ((now - svc->last_pong) > 30) { /* TODO: get val from config */ + if ((now - svc->last_pong) > (svc->ping_time * 3)) { /* too long since we last heard of this process */ + DEBUG(1, ("Killing service [%s], not responding to pings!\n", + svc->name)); monitor_kill_service(svc); process_alive = false; } diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c index 796ab532..3d824c39 100644 --- a/server/providers/data_provider_be.c +++ b/server/providers/data_provider_be.c @@ -543,22 +543,17 @@ static int be_pam_handler(DBusMessage *message, struct sbus_conn_ctx *sconn) DBusError dbus_error; DBusMessage *reply; struct be_ctx *ctx; - struct be_req *be_req; dbus_bool_t ret; void *user_data; - struct pam_data *pd; - uint32_t pam_status=99; + struct pam_data *pd = NULL; + struct be_req *be_req = NULL; + uint32_t pam_status = PAM_SYSTEM_ERR; user_data = sbus_conn_get_private_data(sconn); if (!user_data) return EINVAL; ctx = talloc_get_type(user_data, struct be_ctx); if (!ctx) return EINVAL; - pd = talloc_zero(ctx, struct pam_data); - if (!pd) return ENOMEM; - - dbus_error_init(&dbus_error); - reply = dbus_message_new_method_return(message); if (!reply) { DEBUG(1, ("dbus_message_new_method_return failed, cannot send reply.\n")); @@ -566,6 +561,15 @@ static int be_pam_handler(DBusMessage *message, struct sbus_conn_ctx *sconn) return ENOMEM; } + /* return an error if no auth backend is configured */ + if (!ctx->auth_ops) + goto done; + + pd = talloc_zero(ctx, struct pam_data); + if (!pd) return ENOMEM; + + dbus_error_init(&dbus_error); + ret = dp_unpack_pam_request(message, pd, &dbus_error); if (!ret) { DEBUG(1,("Failed, to parse message!\n")); @@ -576,28 +580,23 @@ static int be_pam_handler(DBusMessage *message, struct sbus_conn_ctx *sconn) DEBUG(4, ("Got request with the following data\n")); DEBUG_PAM_DATA(4, pd); - be_req = talloc(ctx, struct be_req); - if (!be_req) { - pam_status = PAM_SYSTEM_ERR; + be_req = talloc_zero(ctx, struct be_req); + if (!be_req) goto done; - } + be_req->be_ctx = ctx; be_req->fn = be_pam_handler_callback; be_req->pvt = reply; be_req->req_data = pd; ret = be_file_request(ctx, ctx->auth_ops->pam_handler, be_req); - if (ret != EOK) { - pam_status = PAM_SYSTEM_ERR; + if (ret != EOK) goto done; - } return EOK; done: - if (be_req) { - talloc_free(be_req); - } + talloc_free(be_req); DEBUG(4, ("Sending result [%d][%s]\n", pam_status, ctx->domain->name)); ret = dbus_message_append_args(reply, diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c index f5555ed9..ba444ccf 100644 --- a/server/responder/nss/nsssrv_cmd.c +++ b/server/responder/nss/nsssrv_cmd.c @@ -347,7 +347,7 @@ static void nss_cmd_getpwnam_callback(void *ptr, int status, cmdctx->name)); ret = ENOENT; } - if (dctx->domain == NULL) { + if (dom == NULL) { DEBUG(2, ("No matching domain found for [%s], fail!\n", cmdctx->name)); ret = ENOENT; @@ -696,31 +696,22 @@ static void nss_cmd_getpwuid_callback(void *ptr, int status, ret = EOK; - for (dom = dctx->domain->next; dom; dom = dom->next) { - - ncret = nss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, + dom = dctx->domain->next; + ncret = nss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, cmdctx->id); - if (ncret == ENOENT) break; - - neghit = true; - } - /* reset neghit if we still have a domain to check */ - if (dom) neghit = false; - - dctx->domain = dom; - - if (neghit) { + if (ncret == EEXIST) { DEBUG(3, ("Uid [%lu] does not exist! (negative cache)\n", (unsigned long)cmdctx->id)); ret = ENOENT; } - if (dctx->domain == NULL) { + if (dom == NULL) { DEBUG(0, ("No matching domain found for [%lu], fail!\n", (unsigned long)cmdctx->id)); ret = ENOENT; } if (ret == EOK) { + dctx->domain = dom; dctx->check_provider = (dctx->domain->provider != NULL); if (dctx->res) talloc_free(res); dctx->res = NULL; @@ -1723,7 +1714,7 @@ static void nss_cmd_getgrnam_callback(void *ptr, int status, cmdctx->name)); ret = ENOENT; } - if (dctx->domain == NULL) { + if (dom == NULL) { DEBUG(2, ("No matching domain found for [%s], fail!\n", cmdctx->name)); ret = ENOENT; @@ -2057,31 +2048,23 @@ static void nss_cmd_getgrgid_callback(void *ptr, int status, ret = EOK; - for (dom = dctx->domain->next; dom; dom = dom->next) { - - ncret = nss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, - cmdctx->id); - if (ncret == ENOENT) break; + dom = dctx->domain->next; - neghit = true; - } - /* reset neghit if we still have a domain to check */ - if (dom) neghit = false; - - dctx->domain = dom; - - if (neghit) { + ncret = nss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, + cmdctx->id); + if (ncret == EEXIST) { DEBUG(3, ("Gid [%lu] does not exist! (negative cache)\n", (unsigned long)cmdctx->id)); ret = ENOENT; } - if (dctx->domain == NULL) { + if (dom == NULL) { DEBUG(0, ("No matching domain found for [%lu], fail!\n", (unsigned long)cmdctx->id)); ret = ENOENT; } if (ret == EOK) { + dctx->domain = dom; dctx->check_provider = (dctx->domain->provider != NULL); if (dctx->res) talloc_free(res); dctx->res = NULL; diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c index df2803e5..dc394ab8 100644 --- a/server/responder/pam/pam_LOCAL_domain.c +++ b/server/responder/pam/pam_LOCAL_domain.c @@ -407,7 +407,7 @@ int LOCAL_pam_handler(struct pam_auth_req *preq) ret = sysdb_get_user_attr(lreq, lreq->dbctx, preq->domain, preq->pd->user, attrs, - local_handler_callback, preq); + local_handler_callback, lreq); if (ret != EOK) { DEBUG(1, ("sysdb_get_user_attr failed.\n")); |