summaryrefslogtreecommitdiff
path: root/server/responder
AgeCommit message (Collapse)AuthorFilesLines
2009-10-05Make dp requests more robustSimo Sorce1-36/+109
This should fix #218 It should also prevent us from leaking memory in case the original request times out and should prevent races with the callbacks beeing freed after sdp_req is freed and thus dereferencing freed memory in the callbacks detructors.
2009-09-29Fix infinite loop with empty group enumerationStephen Gallagher1-13/+15
Loop control variable was not being incremented. I also converted a goto loop into a do...while loop to make it easier to follow the logic.
2009-09-25Send debug messages to logfileJakub Hrozek2-2/+6
Introduces a new option --debug-to-files which makes SSSD output its debug information to a file instead of stderr, which is still the default. Also introduces a new confdb option debug_to_files which does the same, but can be specified per-service in the config file. The logfiles are stored in /var/log/sssd by default. Changes the initscript to log to files by default.
2009-09-25Upgrade confdb to version 2Stephen Gallagher4-30/+47
This converts a great many configuration options to the new standard format.
2009-09-23Revert "Use syslog for logging error conditions in SSSD"Stephen Gallagher9-104/+88
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d. Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made use of the SYSLOG_ERROR() macro, so those portions of that code also needed to be reverted.
2009-09-21Use syslog for logging error conditions in SSSDJakub Hrozek9-88/+104
This is just a band-aid until ELAPI is fully functional and ready to use.
2009-09-14make cli_pid mandatory and increase version number of pam protocolSumit Bose1-1/+25
2009-09-14Let the PAM client send its PIDSumit Bose1-0/+19
- the client sends the PID as uint32_t and sssd will use uint32_t too - fix a possible type issue where a uint32_t is sent as int32 in internal dbus communication
2009-09-11Fix getgrnam and getgrgid callsSimo Sorce1-7/+9
The patch that added check_cache() broke them, no results returned for any group with actual members ...
2009-09-11Add copyright noticesJakub Hrozek2-0/+42
Fixes: #138
2009-09-09Add support for the EntryCacheNoWaitRefreshTimeoutStephen Gallagher3-2/+53
This timeout specifies the lifetime of a cache entry before it is updated out-of-band. When this timeout is hit, the request will still complete from cache, but the SSSD will also go and update the cached entry in the background to extend the life of the cache entry and reduce the wait time of a future request.
2009-09-09Consolidate cache lookups in the NSSStephen Gallagher1-177/+93
getpwnam, getpwuid, getgrnam and getgrgid will now use a common function, check_cache, for determining whether to return a cached value or to go to the provider.
2009-09-08Split database in multiple filesSimo Sorce6-30/+227
The special persistent local database retains the original name. All other backends now have their own cache-NAME.ldb file.
2009-09-08Fix two possible uninitialized valuesSimo Sorce1-3/+4
Make counter for used messages explicit.
2009-08-31Turn enumeration into a boolean valueSimo Sorce2-8/+4
2009-08-27Fix group replies when using member/memberofSimo Sorce3-197/+180
Also remove legacy memberuid support
2009-08-21fix handling of filtersUsers in groupsSumit Bose3-31/+44
- with the boolean option filterUsersInGroups it can be controlled wether filtered users appear in groups or not. - fixed an error which prevented the display of groups with filtered members - removed some tab indents
2009-08-18added missing hash_create which was remove by a previous patchSumit Bose1-5/+14
2009-08-17Fix reconnection codeSimo Sorce8-209/+116
Remove redundant reconnection code that was interfeering with the sbus reconnection code. Consolidate include files for sbus relates operations. Make pamsrv code similar to nsssrv code.
2009-08-14Refactor responder_dp.cStephen Gallagher4-117/+117
Many of the functions in responder_dp.c were originally NSS- specific and were moved there from the NSS responder code. Since they are now generic to any responder, rename them to sss_dp_*
2009-08-14Don't go to the backend for identical cache entry requestsStephen Gallagher2-54/+294
Currently, if an additional request comes in for a cache entry while that same entry is already in the process of being refreshed, we start a duplicate cache update request. This patch adds allows the cache to maintain a hash table of all in-progress requests and queue up multiple callbacks for updates in progress. Once the data is returned, all of these callbacks will fire.
2009-08-12Eliminate unnecessary explicit timeout for DP account requestsStephen Gallagher1-33/+19
D-BUS handles timeouts itself and reports DBUS_ERROR_NO_REPLY if a timeout fires, so we can rely on this instead of having an explicit timeout ourselves. Furthermore, the two timeouts present a potential race condition.
2009-08-11Change the why DP clients identifySimo Sorce9-143/+69
Mirrors what we have done with the monitor.
2009-08-11Change services identification mechanismSimo Sorce4-150/+24
Let services identify themselves voiluntarily as the first operation instead of polling from the monitor. Also consolidate some common functions and make them available as monitor helpers.
2009-08-11Make child processes exit when parent diesJakub Hrozek2-0/+12
The child processes call prctl() and when their parent process is killed, they are sent SIGTERM using prctl. This is currently Linux-specific, for non-Linuxes, a similar effect is achieved by catching a set of common termination signals and sending SIGTERM to the process group.
2009-08-11Make socket paths a compile-time optionStephen Gallagher2-2/+0
Previously, we had hardcoded the paths for the NSS, PAM and private PAM sockets to /var/lib/sss/pipes. With this patch, we will specify the sockets with --with-pipe-path.
2009-08-10Simplify interfaces initializationSimo Sorce9-100/+86
Make as much as possible static, and remove use of talloc_reference and allocation/deallocation of memory when not necessary. Fix also responder use of rctx->conn, was mistakenly used for both monitor and dp connections.
2009-08-10merge server and connection structuresSimo Sorce2-4/+4
This reduce code duplication as it allows to use one set of watch and timeout functions, and at the same time also allow not to use a secondary structure just to unify these functions.
2009-08-10Cosmetic changesSimo Sorce7-51/+51
Rationalize and rename connection names in preparatoin for merging of server and connection structures.
2009-08-10Remove redundant memory contextsSimo Sorce6-30/+36
Simplify code by removing stuff that is never used or redundant.
2009-08-05Move parsing of names and domains into util/Jakub Hrozek2-120/+1
2009-07-29Address CVE-2009-2410Stephen Gallagher1-1/+1
Fix incorrect error code return in local_handler_callback
2009-07-20Raise debug level for version negotiationSimo Sorce1-2/+2
2009-07-20Implement resInit for monitor, NSS, PAM, DP and the backendsStephen Gallagher2-0/+40
2009-07-03Rework transaction code to use tevent_reqSimo Sorce1-31/+84
This is part of a set of patches to rewrite sysdb to a hopefully better API, that will also let use use tevent_req async style calls to manipulate our cache.
2009-07-03Rename sysdb_req to sysdb_handle.Simo Sorce2-12/+6
This sysdb_req has always really been a transaction handle and not a request. This is part of a set of patches to rewrite transaction support in sysdb to a hopefully better API, that will also let use use tevent_req async style to manipulate our cache.
2009-07-02check pending_return after dbus_connection_send_with_replySumit Bose2-2/+2
2009-07-02added kerberos backend with tevent_req event handlingSumit Bose1-1/+19
2009-06-08fix detection of authentication against LOCAL domainSumit Bose1-3/+9
2009-05-28Fix user enumeration bugSimo Sorce1-4/+0
The previous patch to fix an enumeration bug found with group enumeration inadvertently introduced a bug with user enumeration. Yeah, almost funny!
2009-05-28special-case NSS calls in PAM codeJakub Hrozek1-2/+2
2009-05-27Fix enumerations (bug #42)Simo Sorce1-12/+76
If a backend had all its results filtered in fill_pwent or fill_grent then we would return an empty result, which means "end of results" to the client. Now we return ENOENT and let callers decide what to do. Also make sure we do not grow packets unless we are going to fill them as that's a recipe for killing the client as the size passed to sss_packet_grow is used to determine the size of the final packet.
2009-05-26fix a wrong timeoutSumit Bose1-3/+4
The timeout of the data provider call (in ms) got overwritten by a cache timeout (in s).
2009-05-26Silence warningsSimo Sorce3-6/+10
2009-05-26Do not fire up backend search when the data provider is localJakub Hrozek2-14/+18
2009-05-18Move actual password caching into sysdbSimo Sorce4-126/+2
Convert auth modules to do the caching themselves
2009-05-18Prevent accepting blank passwordsSimo Sorce1-0/+7
2009-05-18Fix crypt functions to not use static buffers.Simo Sorce2-18/+16
Also fix style, clarify, and simplify some logic.
2009-05-15added new pam client protocolSumit Bose1-1/+132
2009-05-15added more flexible handling of client protocolSumit Bose4-2/+63
- allow different protocol versions for PAM and NSS - support more than one protocol version in the responder