summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-12-19Fix a 'shadows a global declaration' warningSumit Bose1-2/+2
2012-12-19sssd_nss: Plug memory leaksSimo Sorce1-2/+11
A recent patch introduced a glaring memory leak in the routines that clean up memcache memory on initgroups calls.
2012-12-19memberof: Prevent unneded failure caseSimo Sorce1-2/+7
When deleting a user we would fail the operation completely if the member attribute was not found on one of the groups it was allegedly member of. Failing in this case is unnecessary, and can cause issues. Found trying to upgrade db versione (and failing) on one of my RHEL machines. Also removed a tray \ in the companion function that removes ghost members, that function needs no changes as it was already ignoring this kind of failure.
2012-12-19use talloc_zfree when freeing rhostent in resolverPavel Březina1-1/+1
We should use talloc_zfree() when freeing state variables, so we can later avoid undesirable access after free.
2012-12-18Add responder_sbus.h to noinst_HEADERSJakub Hrozek1-0/+1
2012-12-18select_principal_from_keytab() do wildcard lookups after specific onesSumit Bose1-3/+3
Currently the wildcard lookup '*$' is done before the one for host/our.hostname@REALM. This means we would ignore a more specific match in favour of an unspecific match with a principal which is only used in a AD environment. I think this is wrong an wildcards should only be used is all specific lookups fail.
2012-12-18select_principal_from_keytab() look for plain input as wellSumit Bose1-2/+6
Currently in select_principal_from_keytab() all kind of different versions of the host principal are looked up in the keytab except for the plain name the ldap_sasl_authid option. With this patch the plain name is looked up first.
2012-12-18responder_dp: Add timeout to side requetsSimo Sorce1-1/+25
This is an additional proteciont in case the provider misbheaves to avoid having requests pending forever. Fixes: https://fedorahosted.org/sssd/ticket/1717
2012-12-18AUTOFS: Clear enum cache if a request comes in from the sss_cacheJakub Hrozek3-0/+31
In order for sss_cache to work correctly, we must also signal the autofs responder to invalidate the hash table requests.
2012-12-18RESPONDERS: Create a common file with service names and versionsJakub Hrozek11-17/+50
The monitor sends calls different sbus methods to different responders. Instead of including headers of the particular responders directly in monitor, which breaks layering a little, create a common header file that will be included from src/responder/common/
2012-12-18AUTOFS: remove all maps from hash if request for auto.master comes inJakub Hrozek2-3/+59
https://fedorahosted.org/sssd/ticket/1592 When a request for auto.master comes in, we need to remove all the maps from the lookup hash table. We can't simply delete the maps, because another request might be processing them, so instead the maps are removed from the hash table, effectively becoming orphaned. The maps will get freed when the timed destructor is invoked.
2012-12-18AUTOFS: allow removing entries from hash tableJakub Hrozek3-1/+32
There is a timed desctructor in the autofs responder that, when the entry timeout passes, removes the autofs map from the hash table while the map is freed. This patch adds a hash delete callback so that if the map is removed from the hash table with hash_delete, its hash table pointer will be invalidated. Later, when the entry is being freed, the destructor won't attempt to remove it from the hash table.
2012-12-18DP: invalidate all cached maps if a request for auto.master comes inJakub Hrozek3-0/+16
If the Data Provider receives a request for the auto.master map, it passes on a flag to let the actual provider let know he should invalidate the existing maps
2012-12-18SYSDB: Add API to invalidate all map objectsJakub Hrozek2-0/+94
This sysdb API will be used later to invalidate the autofs maps
2012-12-18SYSDB: fix copy-n-paste errorJakub Hrozek1-1/+1
2012-12-18sudo: do full refresh when data provider is back onlinePavel Březina2-7/+75
https://fedorahosted.org/sssd/ticket/1689 Add a online callback if the first full refresh fails due to the provider beeing offline so we can perform the refresh as soon as possible.
2012-12-18sudo: schedule another full refresh in short interval if the first failsPavel Březina2-0/+28
https://fedorahosted.org/sssd/ticket/1689 If the first full refresh of sudo rules fails because the data provider is offline, we will schedule another one in 2, 4, ... minutes.
2012-12-18check dp error in sdap_sudo_full_refresh_done()Pavel Březina1-3/+8
https://fedorahosted.org/sssd/ticket/1689
2012-12-18add sdap_sudo_schedule_refresh()Pavel Březina2-43/+77
Reduces amount of code duplication.
2012-12-18try primary server after retry_timeout + 1 seconds when switching to backupPavel Březina4-2/+14
https://fedorahosted.org/sssd/ticket/1679 The problem is when we are about to reset the server status, we don't get through the timeout (30 seconds) because the "switch to primary server" task is scheduled 30 seconds after fall back to a backup server. Thus the server status remains "not working" and is resetted after another 30 seconds. We need to make sure that the server status is tried after the timeout period. retry_timeout is currently hardcoded to 30, thus the change in man page.
2012-12-18RESOLV: Do not steal the resulting hostent on errorJakub Hrozek1-2/+3
https://fedorahosted.org/sssd/ticket/1706
2012-12-18Set cloexec flag for log filesJakub Hrozek1-0/+11
https://fedorahosted.org/sssd/ticket/1708 The services kept the fd to /var/log/sssd/sssd.log open. I don't think there's any point in keeping the logfiles open after exec-ing for the child, so I set the CLOEXEC flag.
2012-12-17MEMBEROF: silence compilation warningsJakub Hrozek1-15/+15
src/ldb_modules/memberof.c: In function ‘mbof_get_ghost_from_parent_cb’: src/ldb_modules/memberof.c:3085: warning: declaration of ‘dup’ shadows a global declaration /usr/include/unistd.h:528: warning: shadowed declaration is here src/ldb_modules/memberof.c: In function ‘mbof_inherited_mod’: src/ldb_modules/memberof.c:3253: warning: declaration of ‘dup’ shadows a global declaration /usr/include/unistd.h:528: warning: shadowed declaration is here src/ldb_modules/memberof.c: In function ‘mbof_fill_vals_array’: src/ldb_modules/memberof.c:3786: warning: declaration of ‘index’ shadows a global declaration /usr/include/string.h:489: warning: shadowed declaration is here
2012-12-17PROXY: fix groups cachingOndrej Kos1-0/+6
https://fedorahosted.org/sssd/ticket/1685 Properly react on deleting group which was not found in sysdb.
2012-12-15let ldap_chpass_uri failover work when using same hostnamePavel Březina1-11/+4
https://fedorahosted.org/sssd/ticket/1699 We want to continue with the next server on all errors, not only on ETIMEDOUT. This particullar ticket was dealing with ECONNREFUSED.
2012-12-14sssd_pam: Cleanup requests cache on sbus reconectSimo Sorce1-1/+4
The pam responder was not properly configured to recover from a backend disconnect. The connections that were in flight before the disconnection were never freed and new requests for the same user would just pile up on top of the now phantom requests. Fixes: https://fedorahosted.org/sssd/ticket/1655
2012-12-14Allow mmap calls to gracefully return absent ctxSimo Sorce1-0/+25
This is to allow to freely call mc functions even if initialization failed. They will now gracefully fail instead of segfaulting.
2012-12-13MAN: Fix the title of sssd-sudoJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1710
2012-12-13sudo: support generalized time formatPavel Březina2-13/+34
https://fedorahosted.org/sssd/ticket/1712 The timestamp doesn't have to be in the form yyyymmddHHMMSSZ any more. It can be in any form of generalized time format.
2012-12-13tools: sss_userdel and groupdel remove entries from memory cacheMichal Zidek3-0/+55
https://fedorahosted.org/sssd/ticket/1659
2012-12-13sssd_nss: Remove entries from memory cache if not found in sysdbMichal Zidek1-0/+23
Functions nss_cmd_getXXnam remove entries from memory cache if not found in sysdb cache of a local domain.
2012-12-13sudo: include primary group in user group listPavel Březina1-1/+41
https://fedorahosted.org/sssd/ticket/1677
2012-12-13sysdb_get_sudo_user_info() initialize attrs on declarationPavel Březina1-4/+3
2012-12-13Add a macro to copy with barriersSimo Sorce1-17/+30
We have 2 places where we memcpy memory and need barriers protection. Use a macro so we can consolidate code in one place. Second fix for: https://fedorahosted.org/sssd/ticket/1694
2012-12-12SYSDB: More debugging during the conversion to ghost usersJakub Hrozek1-0/+9
We've been hitting situations where the sysdb conversion failed. Unfortunately, the current code doesn't include enough debugging info to pinpoint the failing entries. This patch adds more DEBUG statements for each processed entry.
2012-12-11sudo: don't get stuck in rules and smart refresh when offlinePavel Březina1-4/+14
https://fedorahosted.org/sssd/ticket/1682 The problem was in following code: if (ret != EOK || state->dp_error != DP_ERR_OK || state->error != EOK) { tevent_req_error(req, ret); return; } In situation when data provider error occurs (e.g. when offline), ret == EOK but dp_error != DP_ERR_OK and we take the true branch. This results in calling tevent_req_error(req, EOK). Unfortunately, with EOK tevent_req_error only returns false, but does not trigger callback and this tevent request hangs forever, because no tevent_req_done(req) is called.
2012-12-11NSS: Fix the error handler in sss_mc_create_fileJakub Hrozek1-10/+16
https://fedorahosted.org/sssd/ticket/1704 The function is short enough so that we can simply stick with return and release resources before returning as appropriate.
2012-12-11sudo manpage: clarify that sudoHost may contain wildcards and not regular ↵Pavel Březina2-2/+2
expression https://fedorahosted.org/sssd/ticket/1690
2012-12-10MEMBEROF: Fix copy-n-paste errorJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1703
2012-12-10LDAP: remove dead assignmentJakub Hrozek1-1/+0
2012-12-10SYSDB: Move misplaced assignmentJakub Hrozek1-2/+1
2012-12-10PAC: check the return value of diff_git_listsJakub Hrozek1-0/+4
2012-12-10let krb5_kpasswd failover workPavel Březina1-3/+7
https://fedorahosted.org/sssd/ticket/1680 There were two errors: 1. kr->kpasswd_srv was never set 2. bad service name (KERBEROS) was provided when setting port status, thus the port status never changed
2012-12-10SSH: Reject requests for authorized keys of rootJan Cholasta1-0/+5
https://fedorahosted.org/sssd/ticket/1687
2012-12-10PROXY: fix negative cacheOndrej Kos1-20/+24
https://fedorahosted.org/sssd/ticket/1685 The PROXY provider wasn't storing credentials to negative cache due to bad return value. This was delegated from attempt to delete these credentials from local cache. Therefore ENOENT is replaced as EOK.
2012-12-07Bump the version and reset release back to 0Jakub Hrozek2-2/+2
2012-12-07SUDO: strdup the input variableJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1701
2012-12-06sudo: print rule name if notBefore or notAfter attribute is missingPavel Březina1-1/+1
...and if sudo_timed = true. https://fedorahosted.org/sssd/ticket/1688 A comma was missing in attribute list. This caused concatenation of the two attributes so we requested one attribute called "objectClasscn". This doesn't affect functionality, only debug messages.
2012-12-05MAN: Move ssh_known_hosts_timeout documentation to the correct sectionJan Cholasta1-12/+12
2012-12-05Fix comment on wrong lineSimo Sorce1-1/+1