summaryrefslogtreecommitdiff
path: root/src/responder/common/responder_common.c
AgeCommit message (Collapse)AuthorFilesLines
2013-09-11Fix formating of variables with type: rlim_tLukas Slebodnik1-5/+5
2013-07-15Missing space in debug messageMichal Zidek1-2/+2
2013-05-20Fixing critical format string issues.Lukas Slebodnik1-2/+3
--missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'
2013-05-02Add responder_get_domain_by_id()Sumit Bose1-0/+49
This new call is similar to responder_get_domain() but uses the domain SID as search parameter. Since the length of the stored domain SID is used in the comparison, SIDs of users and groups and be used directly without stripping the RID component. The functionality is not merged into responder_get_domain() to allow to calculate the timeout correctly and return a specific error code if the entry is expired.
2013-05-02responder_get_domain(): remove timeout calculationSumit Bose1-10/+1
The current timout calculation code in responder_get_domain() is flawed and I think it always was. I removed the related code because - it currently has no effect, a match is returned even if it is expired - that callers do not have any code to handle expired domains.
2013-05-02responder_get_domain: do not return disabled domainsSumit Bose1-0/+4
Recent refactoring introduced to concept of disabled domains, i.e. domains which does not exists anymore. responder_get_domain() should not return disabled domains.
2013-05-02Remove unused TALLOC_CTX from responder_get_domain()Sumit Bose1-2/+1
Recent refactoring removed the need to copy the domain info data of sub-domains because the related objects will not be removed from memory anymore.
2013-03-20do not leak memory on failure in *_process_init()Pavel Březina1-10/+14
2013-03-08Move sss_cmd_execute from client to responder code.Jakub Hrozek1-1/+9
I think it logically belongs there and allows to better exercise the responder commands from unit tests.
2013-03-05Remove the alt_db_path parameter of sysdb_initMichal Zidek1-1/+1
This parameter was never used. https://fedorahosted.org/sssd/ticket/1765
2013-02-21Fix uninitialized time_t var in responderOndrej Kos1-1/+1
https://fedorahosted.org/sssd/ticket/1810
2013-02-10Introduce IS_SUBDOMAIN() macroSimo Sorce1-3/+3
Fixes https://fedorahosted.org/sssd/ticket/1766
2013-02-10Change the way domains are linked.Simo Sorce1-20/+11
- Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()
2013-02-10Add function get_next_domain()Simo Sorce1-2/+2
Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
2013-01-15Refactor sysdb initializationSimo Sorce1-1/+1
Change the way sysdbs are initialized. Make callers responsible for providing the list of domains. Remove the returned array of sysdb contexts, it was used only by sss_cache and not really necessary there either as that tool can easily iterate the domains. Make sysdb ctx children of their respective domains. Neither sysdb context nor domains are ever freed until a program is done so there shouldn't be any memory hierarchy issue. As plus we simplify the code by removing a destructor and a setter function.
2013-01-02failover: Protect against empty host namesMichal Zidek1-1/+2
Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
2012-12-05Always append rctx as private dataSimo Sorce1-1/+1
This is used for the new calls back from the data provider.
2012-11-19Display more information on DB version mismatchOndrej Kos1-0/+1
https://fedorahosted.org/sssd/ticket/1589 Added check for determining, whether database version is higher or lower than expected. To distinguish it from other errors it uses following retun values (further used for appropriate error message): EMEDIUMTYPE for lower version than expected EUCLEAN for higher version than expected When SSSD or one of it's tools fails on DB version mismatch, new error message is showed suggesting how to proceed.
2012-10-11do not call dp callbacks when responder is shutting downPavel Březina1-0/+15
https://fedorahosted.org/sssd/ticket/1514 We were experiencing crash duting responder shut down. This happened when there were some unresolved dp request during the shut down. The memory hierarchy is main_ctx->specific_ctx->rctx, where specific_ctx may be one of the pam, nss, sudo, etc. contexts. If we try to call dp request callback as a result of responder termination, the specific context is already semi freed, which may cause crash.
2012-10-01Use flat name for master domain as wellSumit Bose1-1/+3
2012-10-01Add new option default_domain_suffixSumit Bose1-0/+10
2012-08-21accept_fd_handler: add missing returnSumit Bose1-0/+1
2012-07-10Fix segfault when using local providerStephen Gallagher1-6/+5
The name context was not being initialized for local provider domains because it was handled after skipping over the back-end initialization routine. This patch moves the name context init routine to occur earlier. https://fedorahosted.org/sssd/ticket/1412
2012-07-10pac responder: limit access by checking UIDsSumit Bose1-4/+132
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
2012-06-20Move some debug lines to new debug log levelsStef Walter1-1/+1
* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
2012-06-18Make the client idle timeout configurableStephen Gallagher1-4/+18
2012-06-18Add support for terminating idle connectionsShantanu Goel1-2/+65
2012-06-18Log message if close() fails in destructor.Shantanu Goel1-1/+12
2012-06-12Make re_expression and full_name_format per domain optionsStef Walter1-6/+8
* Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
2012-05-02RESPONDER: check return value from confdb_get_intJakub Hrozek1-0/+7
sss_process_init forgot to check return value of confdb_get_int
2012-04-24Modified responder_get_domain()Jan Zeleny1-5/+32
Now it checks for subdomains as well as for the domain itself
2012-04-24Responder part of the subdomain retrieval workJan Zeleny1-0/+8
2012-03-08Use the correct hash table for pending requestsSimo Sorce1-0/+1
The function that handled pending requests on reconnect was checking an orphaned global variable that was never used, redenring the whole function uselsess. This fixes a very nasty bug that was causing requests for which we never received an answer for (for example because the backend failed and was restarted) to be never removed and therefore causing a black hole effect for any other request of the same type. Fixes: https://fedorahosted.org/sssd/ticket/1229
2012-02-17RESPONDERS: Make the fd_limit setting configurableStephen Gallagher1-1/+18
This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197
2012-02-17RESPONDERS: Allow increasing the file-descriptor limitStephen Gallagher1-0/+36
This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197
2011-12-16Use the case sensitivity flag in respondersJakub Hrozek1-1/+0
2011-12-16Responders: Split getting domain by name into separate functionJakub Hrozek1-0/+13
2011-12-05Allow using Glib for UTF8 supportStephen Gallagher1-9/+1
2011-11-29RESPONDER: Refactor DP requests into tevent_req styleStephen Gallagher1-0/+8
2011-11-18RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher1-0/+9
2011-07-29Converge accept_fd_handler and accept_priv_fd_handlerStephen Gallagher1-85/+50
These two functions were almost identical. Better to maintain them as a single function.
2011-05-23Set _GNU_SOURCE globallySumit Bose1-3/+1
2011-05-06Allow changing the log level without restartStephen Gallagher1-0/+12
We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
2011-05-06Create common sss_monitor_init()Stephen Gallagher1-34/+3
This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use.
2010-12-17Fix unchecked return value in set_nonblockingStephen Gallagher1-10/+53
Also fixes the same problem with set_close_on_exec https://fedorahosted.org/sssd/ticket/713
2010-06-14Properly null-terminate socket pathStephen Gallagher1-2/+4
https://fedorahosted.org/sssd/ticket/540
2010-04-16Use SO_PEERCRED on the PAM socketSumit Bose1-1/+52
This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
2010-04-16Revert "Add better checks on PAM socket"Sumit Bose1-136/+1
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
2010-04-12sysydb: Finally stop using a common event contextSimo Sorce1-1/+1
This commit completes the migration to a synchronous sysdb
2010-03-17Fixes for client communicationSumit Bose1-5/+5
- catch all errors of send() and recv(), not only EAGAIN - check if send() or recv() return EWOULDBLOCK or EINTR - remove unused parameter from client_send() and client_recv() - fix a debugging message