summaryrefslogtreecommitdiff
path: root/src/responder/common/responder.h
AgeCommit message (Collapse)AuthorFilesLines
2011-12-16Responders: Split getting domain by name into separate functionJakub Hrozek1-0/+2
2011-11-29RESPONDER: Refactor DP requests into tevent_req styleStephen Gallagher1-6/+32
2011-11-18RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher1-0/+2
2011-05-06Allow changing the log level without restartStephen Gallagher1-0/+3
We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
2010-12-22Update the ID cache for any PAM requestStephen Gallagher1-0/+2
Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749
2010-10-26Remove all nss requests after a reconnectSumit Bose1-0/+2
Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing.
2010-10-13Add netgroup support to the NSS responderStephen Gallagher1-0/+4
2010-09-08Handle multiple simultaneous enumeration requestsStephen Gallagher1-0/+11
Previously, if a second enumeration request arrived while one was already being processed, each process would receive only a subset of the total number of available users or groups. This is because we were maintaining the response object as a global value in the NSS responder. The second request would come in, see that the data set was already populated, and start reading from wherever the cursor was currently pointed. With this patch, we now move the cursor to the client context instead of the global NSS context. Additionally, this patch completely rewrites the approach to enumerations in the tevent_req style. This makes it much easier to follow in the code. In order to ensure that a slow or malicious client cannot hold onto a reference for the setent result object indefinitely, we set an expiration on the object. We use the enum_cache_timeout here, since that is an appropriate value. If the timeout fires during the normal operation of the get*ent() loop of a client program, we will save the current values of the read index so that we can resume as soon as the object has been refreshed by an implicit setent call. Instead of deleting the enumeration result object immediately after the last in-progress client has read it, we'll keep the object around for the lifetime of enum_cache_timeout. This way, additional clients making enumeration requests can still access the results in-memory.
2010-04-16Use SO_PEERCRED on the PAM socketSumit Bose1-0/+3
This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
2010-04-16Revert "Add better checks on PAM socket"Sumit Bose1-4/+0
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
2010-03-11Add better checks on PAM socketSumit Bose1-0/+4
- check if the public socket belongs to root and has 0666 permissions - use a SCM_CREDENTIALS message if available
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+152
Also update BUILD.txt