summaryrefslogtreecommitdiff
path: root/src/responder
AgeCommit message (Collapse)AuthorFilesLines
2012-01-26PAM: Do not overwrite retJakub Hrozek1-3/+1
2012-01-23Move sized_string declaration to utilsStephen Gallagher2-19/+0
2012-01-23DP: Fix bugs in sss_dp_get_account_intStephen Gallagher4-66/+47
The conversion to the tevent_req style introduced numerous bugs related to memory management of the various client requests. In some circumstances, this could cause memory corruption and segmentation faults in the NSS responder. This patch makes the following changes: 1) Rename the internal lookup from subreq to sidereq, to indicate that it is not a sub-request of the current lookup (and therefore is not cancelled if the current request is). 2) Change the handling of the callback loops since they call tevent_req_[done|error], which results in them being freed (and therefore removed from the cb_list. This was the source of the memory corruption that would occasionally result in dereferencing an unreadable request. 3) Remove the unnecessary sss_dp_get_account_int_recv() function and change sss_dp_get_account_done() so that it only frees the sidereq. All of the waiting processes have already been signaled with the final results from sss_dp_get_account_int_done()
2012-01-21RESPONDER: Extend sss_dp_account_send() to include extra dataStephen Gallagher5-14/+32
Some NSS maps such as 'services' require more values to be passed to the data provider than just the name or ID. In these cases, we will amend an optional component to filter value to pass to the data provider backend.
2012-01-18PAM: Fix reversed logicJakub Hrozek1-1/+1
2012-01-17SUDO Integration review issuesPavel Březina2-1/+4
2012-01-17NSS: Improve DEBUG messages for netgroup cacheStephen Gallagher1-2/+2
2012-01-09nsssrv: use sized_string in fill_grentSimo Sorce1-35/+48
2012-01-09nsssrv: use sized_string in fill_pwentSimo Sorce1-41/+56
2012-01-09nsssrv: add string manipulation helperSimo Sorce2-0/+19
the sized_string structure makes it easier to keep track of string lengths and makes passing around data more compat and readable.
2012-01-04nsssrv: remove unused macroSimo Sorce1-2/+0
2011-12-21Return user and group names lowercased in case insensitive domainsJakub Hrozek1-12/+32
2011-12-21sss_get_cased_name utility functionJakub Hrozek3-11/+11
2011-12-20PAM: make initgroups timeout work across multiple clientsStephen Gallagher6-6/+241
Instead of timing out the initgroups lookup on a per-cctx basis, we will maintain a hash table of recently-seen users and use this instead. This will allow SSSD to handle user's logging into multiple services simultaneously more graciously, as well as playing nicer with SSH (which makes calls to PAM both before and after a fork). https://fedorahosted.org/sssd/ticket/1063
2011-12-19Deleted declaration of nss_get_dom()Jan Zeleny1-4/+0
This function has been renamed to responder_get_domain() but this declaration hasn't been deleted.
2011-12-19Pass client context to sss_dp_get_account_sendJakub Hrozek1-1/+1
2011-12-16DP: Remove processed callbacksJakub Hrozek1-3/+5
2011-12-16SUDO Integration - responder - get sudo rules logicJakub Hrozek1-2/+444
2011-12-16SUDO Integration - responderPavel Březina6-0/+1041
2011-12-16Use the case sensitivity flag in respondersJakub Hrozek6-46/+168
2011-12-16Canonicalize username in PAM providerJakub Hrozek1-0/+27
2011-12-16Responders: Split getting domain by name into separate functionJakub Hrozek5-22/+21
2011-12-08Ignore NULL-terminator when checking UTF8-validity for netgroupsStephen Gallagher1-1/+1
Glib fails if the NULL-terminator is included when a length is specified.
2011-12-07Pass the correct private data into Data Provider callbackJakub Hrozek1-1/+1
2011-12-05Ignore NULL-terminator when checking UTF8-validityStephen Gallagher2-4/+4
Glib fails if the NULL-terminator is included when a length is specified.
2011-12-05Allow using Glib for UTF8 supportStephen Gallagher1-9/+1
2011-11-29RESPONDER: Refactor DP requests into tevent_req styleStephen Gallagher6-427/+641
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-2/+1
2011-11-18RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher5-0/+44
2011-11-02RESPONDER: Fix segfault in sss_packet_send()Stephen Gallagher1-0/+5
There are several places (all error-handling) where sss_cmd_done() is called with no response packet created. As a short-term solution, we need to check whether the packet is NULL and simply return EINVAL. client_send() (the consumer) will then forcibly disconnect the client (which will return PAM_SYSTEM_ERR to the client).
2011-10-14Fixed timeout handling in respondersJan Zeleny1-72/+72
2011-10-13Check if dp_requests hash table exists before using itJakub Hrozek1-0/+5
2011-10-03Use explicit base 10 for converting strings to integersJakub Hrozek1-2/+2
https://fedorahosted.org/sssd/ticket/1013
2011-09-28Return users and groups based on aliasJakub Hrozek1-2/+3
https://fedorahosted.org/sssd/ticket/926
2011-09-21Enable the midpoint cache update by defaultStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/918
2011-08-25New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina2-2/+8
Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
2011-08-25New DEBUG facility - conversionPavel Březina2-0/+4
https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
2011-08-15Do not delete requests inside hash_iterate loopJakub Hrozek1-10/+12
2011-08-15sysdb refactoring: memory context deletedJan Zeleny2-9/+5
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny4-20/+13
The patch also updates code using modified functions. Tests have also been adjusted.
2011-08-08Remove unused temporary contextJakub Hrozek1-5/+0
2011-08-08Prevent segfault if vetoed_shells are specified without allowed_shellsJakub Hrozek1-16/+19
https://fedorahosted.org/sssd/ticket/954
2011-08-04Revert "Allow LDAP to decide when an expiration warning is warranted"Stephen Gallagher1-4/+3
This reverts commit b0b9c38dfce3e3ccbfaa4d00fdf2ea08a70d41a6.
2011-08-01Allow LDAP to decide when an expiration warning is warrantedStephen Gallagher1-3/+4
Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it.
2011-07-29Converge accept_fd_handler and accept_priv_fd_handlerStephen Gallagher1-85/+50
These two functions were almost identical. Better to maintain them as a single function.
2011-07-29Add vetoed_shells optionJohn Hodrien3-1/+17
There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-07-21Fix indexing of skipped groupsJakub Hrozek1-2/+4
https://fedorahosted.org/sssd/ticket/928
2011-06-27fix typosSimo Sorce1-5/+5
2011-06-02Non-posix group processing - ldap provider and nss responderJan Zeleny1-3/+11
2011-05-31Fix typo in initgroups negative cache checkStephen Gallagher1-1/+1