Age | Commit message (Collapse) | Author | Files | Lines |
|
This is the second attempt to let the PAM client and the PAM responder
exchange their credentials, i.e. uid, gid and pid. Because this approach
does not require any message interchange between the client and the
server the protocol version number is not changed.
On the client side the connection is terminated it the responder is not
run by root. On the server side the effective uid and gid and the pid of
the client are available for future use.
The following additional changes are made by this patch:
- the checks of the ownership and the permissions on the PAM sockets are
enhanced
- internal error codes are introduced on the client side to generate
more specific log messages if an error occurs
|
|
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
|
|
|
|
|
|
|
|
When running 'make distcheck', the entire source directory is set
to read-only, to ensure that the build process only has write
access to $builddir. As a result, this was causing the unit test
for file mode to fail, since the file it was testing resides in
the $srcdir.
This patch guarantees that the test file has the correct
permissions prior to running the access test.
|
|
When we converted to the synchronous sysdb interface, the
synchronous-simulating function test_loop() became unnecessary,
but we forgot to remove it.
|
|
|
|
[TRACE] Adding macros for signed numbers
|
|
1) Fixed the issue that metadata was saved
as numbers. Was supposed to be saved as strings.
2) Added two functions. One is to check permissions
on the config file. Another to check if the file
has changed and thus the cinfiguration needs
to be reread.
3) Added unit test will sample code
and comments how to use the functions.
4) Added doxygen description in the comments.
5) Fixed couple typos and ommisions here and there.
[INI] Fixing crash detected on 64-bit system
This patch corrects original code to be
more on the safe side and check parameters
before using.
Instead of dereferencing metadata it is now
passed as reference to the next level.
It is not used there yet so no other new changes
needed so far.
[INI] Addressing review comments
[INI] Addressing comments.
|
|
|
|
This patch implements function that collects
stats and saves them in the ACCESS section
inside metadata.
|
|
This patch:
1) Adds the definition of the metadata interface
to the header file. The functions that were exposed
for no good reason are now hidden.
2) Previously exposed functions and their descriptions
are removed from the public header and placed into
the source code for now.
3) The function that reads the config file no longer
tries to close file in case of error.
4) Lines collection is still passed in into the reading
function but as a collection itself not as a pointer
to it.
5) All the parts related to processing lines are currently
ifdefed using HAVE_VALIDATION that is currently is not defined.
This is done to disable creation of the lines collection
utill it is actually needed. I did not want to blindly remove
it though and loose already done work that will be useful
in future.
6) Version of the library and interface is updated
7) New header and source modules are introduced to hold functions
related to the meta data. They are mostly stubbed out.
This is incomplete patch. It builds and make check runs.
It is created just to simplify the review a bit.
|
|
|
|
|
|
|
|
|
|
|
|
Since the sysdb is now synchronous and creates its own event context we
don't need an explicit event context anymore in the tools.
|
|
I tried to convert this code as mechanically as possible from the
previously existing code. I am not sure it works right, and it will
probably recurse infinetly as circular group memberships are
admitted in sysdb. The original code had the same issues.
This code should be probably discarded and redone from scratch.
|
|
This commit completes the migration to a synchronous sysdb
|
|
|
|
|
|
|
|
fill_pwent should return the number of users actually processed. Otherwise in
case of a recoverable error we may end up skipping a large chunk of users.
fill_grent doesn't need to distinguish between number of entries and number of
groups to process since we started adding memberuid. Remove remnants that are
not useful anymore.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Only functions that do multiple operations need explicit transactions
as ldb_add/ldb_modify/ldb_delete already start transactions automatically
intenrally.
|
|
not used anymore
|
|
|
|
|
|
This makes proxy use only synchronous functions again.
|
|
|
|
now all calls are synchronous
|
|
not used anymore
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|