summaryrefslogtreecommitdiff
path: root/src/responder/common
AgeCommit message (Collapse)AuthorFilesLines
2011-12-20PAM: make initgroups timeout work across multiple clientsStephen Gallagher1-2/+0
Instead of timing out the initgroups lookup on a per-cctx basis, we will maintain a hash table of recently-seen users and use this instead. This will allow SSSD to handle user's logging into multiple services simultaneously more graciously, as well as playing nicer with SSH (which makes calls to PAM both before and after a fork). https://fedorahosted.org/sssd/ticket/1063
2011-12-16DP: Remove processed callbacksJakub Hrozek1-3/+5
2011-12-16Use the case sensitivity flag in respondersJakub Hrozek3-24/+122
2011-12-16Responders: Split getting domain by name into separate functionJakub Hrozek2-0/+15
2011-12-05Allow using Glib for UTF8 supportStephen Gallagher1-9/+1
2011-11-29RESPONDER: Refactor DP requests into tevent_req styleStephen Gallagher3-366/+481
2011-11-18RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher2-0/+11
2011-11-02RESPONDER: Fix segfault in sss_packet_send()Stephen Gallagher1-0/+5
There are several places (all error-handling) where sss_cmd_done() is called with no response packet created. As a short-term solution, we need to check whether the packet is NULL and simply return EINVAL. client_send() (the consumer) will then forcibly disconnect the client (which will return PAM_SYSTEM_ERR to the client).
2011-10-14Fixed timeout handling in respondersJan Zeleny1-72/+72
2011-10-13Check if dp_requests hash table exists before using itJakub Hrozek1-0/+5
2011-10-03Use explicit base 10 for converting strings to integersJakub Hrozek1-2/+2
https://fedorahosted.org/sssd/ticket/1013
2011-08-15Do not delete requests inside hash_iterate loopJakub Hrozek1-10/+12
2011-07-29Converge accept_fd_handler and accept_priv_fd_handlerStephen Gallagher1-85/+50
These two functions were almost identical. Better to maintain them as a single function.
2011-05-23Set _GNU_SOURCE globallySumit Bose1-3/+1
2011-05-06Allow changing the log level without restartStephen Gallagher2-0/+15
We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
2011-05-06Create common sss_monitor_init()Stephen Gallagher1-34/+3
This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use.
2011-04-15Add debug logging to the negative cacheStephen Gallagher1-0/+5
2010-12-22Update the ID cache for any PAM requestStephen Gallagher1-0/+2
Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749
2010-12-17Fix unchecked return value in set_nonblockingStephen Gallagher1-10/+53
Also fixes the same problem with set_close_on_exec https://fedorahosted.org/sssd/ticket/713
2010-12-02Add a special filter type to handle enumerationsSumit Bose1-1/+1
2010-10-26Fix double free issueSumit Bose1-2/+2
2010-10-26Remove all nss requests after a reconnectSumit Bose2-0/+21
Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing.
2010-10-13Add netgroup support to the NSS responderStephen Gallagher2-0/+7
2010-10-13Add negative cache features for netgroupsStephen Gallagher2-0/+39
2010-09-08Handle multiple simultaneous enumeration requestsStephen Gallagher1-0/+11
Previously, if a second enumeration request arrived while one was already being processed, each process would receive only a subset of the total number of available users or groups. This is because we were maintaining the response object as a global value in the NSS responder. The second request would come in, see that the data set was already populated, and start reading from wherever the cursor was currently pointed. With this patch, we now move the cursor to the client context instead of the global NSS context. Additionally, this patch completely rewrites the approach to enumerations in the tevent_req style. This makes it much easier to follow in the code. In order to ensure that a slow or malicious client cannot hold onto a reference for the setent result object indefinitely, we set an expiration on the object. We use the enum_cache_timeout here, since that is an appropriate value. If the timeout fires during the normal operation of the get*ent() loop of a client program, we will save the current values of the read index so that we can resume as soon as the object has been refreshed by an implicit setent call. Instead of deleting the enumeration result object immediately after the last in-progress client has read it, we'll keep the object around for the lifetime of enum_cache_timeout. This way, additional clients making enumeration requests can still access the results in-memory.
2010-09-08Dead assignments cleanup in NSS responderJan Zeleny1-2/+0
Various dead assignments were deleted, some return value inspections were added. Ticket: #588
2010-06-17Move setup of filter_users and filter_groups to negcache.cStephen Gallagher2-0/+215
Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM.
2010-06-17Refactor the negative cacheStephen Gallagher2-0/+372
Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h
2010-06-14Properly null-terminate socket pathStephen Gallagher1-2/+4
https://fedorahosted.org/sssd/ticket/540
2010-06-10Check the correct variable for NULL after creating timerStephen Gallagher1-1/+1
In several places, we were creating a new timer and assigning it to the tev variable, but then we were checking for NULL from the te variable (which, incidentally, is guaranteed never to be NULL in this situation) https://fedorahosted.org/sssd/ticket/523
2010-04-16Use SO_PEERCRED on the PAM socketSumit Bose2-1/+55
This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
2010-04-16Revert "Add better checks on PAM socket"Sumit Bose2-140/+1
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
2010-04-12sysydb: Finally stop using a common event contextSimo Sorce1-1/+1
This commit completes the migration to a synchronous sysdb
2010-03-17Fix a series of memory leaks in the SBUSStephen Gallagher1-4/+1
2010-03-17Fixes for client communicationSumit Bose2-9/+17
- catch all errors of send() and recv(), not only EAGAIN - check if send() or recv() return EWOULDBLOCK or EINTR - remove unused parameter from client_send() and client_recv() - fix a debugging message
2010-03-15Fixed buffer alignment in exchange_credentials().George McCollister1-3/+7
buf needs to be 32 bit aligned on ARM. Also made the fix on the server side. Signed-off-by: George McCollister <George.McCollister@gmail.com>
2010-03-15Properly handle dbus send attempts on a closed connectionStephen Gallagher1-22/+10
dbus_connection_send_with_reply() will report success and return a NULL pending_reply when the connection is not open for communication. This patch creates a new wrapper around dbus_connection_send_with_reply() to properly detect this condition and report it as an error.
2010-03-11Add better checks on PAM socketSumit Bose2-1/+136
- check if the public socket belongs to root and has 0666 permissions - use a SCM_CREDENTIALS message if available
2010-03-04Add forgotten \n in DEBUG statementsMartin Nagy2-5/+5
Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.
2010-02-22Remove unnecessary "domain" parameter from DP registrationStephen Gallagher1-1/+1
This was a holdover from when the DP and the providers were unique processes. The NSS and PAM registrations do not need to send the domain, as it is not ambiguous which one they are talking to.
2010-02-18Rename server/ directory to src/Stephen Gallagher6-0/+1730
Also update BUILD.txt