| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
last argument of function sss_strnlen "size_t *len" is output variable.
We need to increment value of size_t being pointed to by pointer instead of
incrementing pointer.
|
|
|
|
* Protect the fd with a mutex when closing
* Set it to a safe value after closing
|
|
https://fedorahosted.org/sssd/ticket/1569
|
|
This cause troubles when we send data to a pipe and close the
file descriptor before data is read. The pipe is still readable,
but POLLHUP is detected and we fail to read them.
For example, this may cause a user beeing unable to log in.
Now if POLLHUP appears, we read the pipe and then close it on
the client side too.
|
|
https://fedorahosted.org/sssd/ticket/1460
|
|
https://fedorahosted.org/sssd/ticket/1379
|
|
|
|
Note we set MSG_NOSIGNAL to avoid
having to fiddle with signal masks
but also do not want to die in case
SIGPIPE gets raised and the application
does not handle it.
|
|
|
|
|
|
This is the library the autofs client is using. automounter dlopen()s
the library so there is no header file, no pkgconfig file and the
library is in the libsss_autofs package, not in -devel.
The library provides the following interface:
* _sss_setautomntent() - select the map for processing
* _sss_getautomntent_r() - iterates through key/value pairs in the
selected map. The key is usually the mount
point, the value is mount information
(server:/export)
* _sss_getautomntbyname_r() - returns value for a specific key.
* _sss_endautomntent() deselect a map, clean up
|
|
There were many places in the client code where we were
duplicating a loop to copy data in from the response buffer. This
patch turns those loops into a function for easier maintenance and
easier-to-read *readrep() routines.
|
|
|
|
|
|
If a pam or nss module is dlcolse()d and unloaded we were leaking
the file descriptor used to communicate to sssd in the process.
Make sure the fucntion used to close the socket file descriptor is
called on dlclose()
Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
|
|
|
|
select is limited to fd numbers up to 1024, we need to use poll() here
to avoid causing memory corruption in the calling process.
Fixes: https://fedorahosted.org/sssd/ticket/861
|
|
|
|
Fixes: https://fedorahosted.org/sssd/ticket/790
|
|
https://fedorahosted.org/sssd/ticket/723
|
|
https://fedorahosted.org/sssd/ticket/723
|
|
Add mutexes around nss operations and serialize them.
This is necessary because nss operations may have global state.
For pam it is sufficient to protect socket operations instead.
As pam functions use only the provided pam handler.
Fixes: https://fedorahosted.org/sssd/ticket/640
|
|
https://fedorahosted.org/sssd/ticket/657
|
|
This is useful for guaranteeing the size of an input buffer.
|
|
Currently the PAM and NSS client just return an error if there are
problems on an open socket. This will lead to problems in long running
programs like gdm if sssd is restarted, e.g. during an update. With this
patch the socket is closed and reopened.
|
|
We need to guarantee at all times that reads and writes complete
successfully. This means that they must be checked for returning
EINTR and EAGAIN, and all writes must be wrapped in a loop to
ensure that they do not truncate their output.
|
|
This is the second attempt to let the PAM client and the PAM responder
exchange their credentials, i.e. uid, gid and pid. Because this approach
does not require any message interchange between the client and the
server the protocol version number is not changed.
On the client side the connection is terminated it the responder is not
run by root. On the server side the effective uid and gid and the pid of
the client are available for future use.
The following additional changes are made by this patch:
- the checks of the ownership and the permissions on the PAM sockets are
enhanced
- internal error codes are introduced on the client side to generate
more specific log messages if an error occurs
|
|
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
|
|
buf needs to be 32 bit aligned on ARM. Also made the fix on the server side.
Signed-off-by: George McCollister <George.McCollister@gmail.com>
|
|
- check if the public socket belongs to root and has 0666 permissions
- use a SCM_CREDENTIALS message if available
|
|
Also update BUILD.txt
|
