| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Also update BUILD.txt
|
|
|
|
Previously it was a string being passed and converted into an
integer. It will be more efficient this way (and simpler for other
implementers)
|
|
uint32_t pointers must point to 32 bit aligned data on ARM. Instead of padding the data to force it into alignment I altered the code to memcpy the data to an aligned location. I'd appreciate any and all feedback especially on whether I took the best approach.
pam_test_client auth and pam_test_client acct now work on my armeb-xscale-linux-gnueabi target.
Signed-off-by: George McCollister <georgem@opteron.novatech-llc.com>
|
|
Tevent frees timer handlers once done, so freeing the timer within the event is
going to cause double frees. Just attach the timer event to the request it
depends on and make sure to steal it on NULL if we are going to free the
request from within the handler.
|
|
Also pass a flag to the delete callback to tell it if this is a normal
entry removal or we are cleaning up the tbale definitively.
|
|
If we fell into the default case of the switch statement, we would
attempt to talloc_free() a random memory location. This patch
guarantees that sdp_req is NULL if it has not been initialized.
|
|
This adds a new boolean option to sss_dp_send_acct_req() called
fast_reply. If we make a request to the backends and we are
currently offline, this option will determine whether we should
immediately return from the cache (acceptable for NSS requests) or
potentially wait for an online check to complete (required for PAM
requests).
|
|
Change memctx to make clear it should be used only when a callback is being
used.
|
|
Turn the backend process into data provider servers
Make Frontends (pam, nss) directly attach to the backends
|
|
We have converted to using dhash in place of btreemap everywhere
in the code.
|
|
This should fix #218
It should also prevent us from leaking memory in case the original request times
out and should prevent races with the callbacks beeing freed after sdp_req is
freed and thus dereferencing freed memory in the callbacks detructors.
|
|
This converts a great many configuration options to the new
standard format.
|
|
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d.
Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made
use of the SYSLOG_ERROR() macro, so those portions of that code
also needed to be reverted.
|
|
This is just a band-aid until ELAPI is fully functional and ready to
use.
|
|
Fixes: #138
|
|
The special persistent local database retains the original name.
All other backends now have their own cache-NAME.ldb file.
|
|
Also remove legacy memberuid support
|
|
|
|
Remove redundant reconnection code that was interfeering with the sbus
reconnection code.
Consolidate include files for sbus relates operations.
Make pamsrv code similar to nsssrv code.
|
|
Many of the functions in responder_dp.c were originally NSS-
specific and were moved there from the NSS responder code. Since
they are now generic to any responder, rename them to sss_dp_*
|
|
Currently, if an additional request comes in for a cache entry
while that same entry is already in the process of being refreshed,
we start a duplicate cache update request. This patch adds allows
the cache to maintain a hash table of all in-progress requests and
queue up multiple callbacks for updates in progress. Once the data
is returned, all of these callbacks will fire.
|
|
D-BUS handles timeouts itself and reports DBUS_ERROR_NO_REPLY if
a timeout fires, so we can rely on this instead of having an
explicit timeout ourselves. Furthermore, the two timeouts present
a potential race condition.
|
|
Mirrors what we have done with the monitor.
|
|
Let services identify themselves voiluntarily as the first operation
instead of polling from the monitor.
Also consolidate some common functions and make them available as monitor
helpers.
|
|
Make as much as possible static, and remove use of talloc_reference and
allocation/deallocation of memory when not necessary.
Fix also responder use of rctx->conn, was mistakenly used for both
monitor and dp connections.
|
|
This reduce code duplication as it allows to use one set of watch and timeout
functions, and at the same time also allow not to use a secondary structure just
to unify these functions.
|
|
Rationalize and rename connection names in preparatoin for merging of server and
connection structures.
|
|
Simplify code by removing stuff that is never used or redundant.
|
|
|
|
|
|
|
|
|
|
|
|
- allow different protocol versions for PAM and NSS
- support more than one protocol version in the responder
|
|
If the data provider is not yet available when NSS and PAM start,
they will generate a segmentation fault when trying to configure
their automatic reconnection to the Data Provider. I've now added
code in sss_dp_init() to detect whether the dp_ctx is NULL and
return EIO.
|
|
Force a user lookup against the users domain provider.
If a user domain is not specified search though all non fully qualifying
domains.
Perform authentication against the corrent domain auth backend, based on the
user's domain found in the lookup if one was not
specified.
Also move the NSS-DP functions in COMMON-DP as they are reused by the PAM
responder too now.
|
|
To be able to correctly filter out duplicate names when multiple non-fully
qualified domains are in use we need to be able to specify the domains order.
This is now accomplished by the configuration paramets 'domains' in the
config/domains entry. 'domains' is a comma separated list of domain names.
This paramter allows also to have disbaled domains in the configuration without
requiring to completely delete them.
The domains list is now kept in a linked list of sss_domain_info objects.
The first domain is also the "default" domain.
|
|
Use common sss_parse_name function in all responders
Simplify responder headers by combining common,cmd,dp in one header and
add name parse structure as part of the common responder context.
|
|
Make nss_ctx a private pointer of the common resp_ctx
Use sss_process_init and remove all duplicate functions from nsssrv.c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The NSS provider, the Data Provider backends and the InfoPipe all
need access to the domain map provided by the confdb. Instead of
reimplimenting it in multiple places, it is now provided in a pair
of helper functions from the confdb.
confdb_get_domains() returns a domain map by reference. Always
returns the most up-to-date set of domains from the confdb.
confdb_get_domains_list() returns an array of strings of all the
domain names. Always returns the most up-to-date set of domains
from the confdb.
This patch also modifies the btreemap_get_keys() function to
better handle memory and report allocation failures.
|
|
dependencies based on the latest samba code.
Convert all references to the old events library to use the
renamed tevent library.
|
|
Also move responders under server/responder with shared code
in server/responder/common
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
