summaryrefslogtreecommitdiff
path: root/src/sss_client
AgeCommit message (Collapse)AuthorFilesLines
2013-08-28CLIENT: Fix non gnu sss_strnlen implementationLukas Slebodnik1-1/+1
last argument of function sss_strnlen "size_t *len" is output variable. We need to increment value of size_t being pointed to by pointer instead of incrementing pointer.
2013-08-19mmap_cache: Off by one error.Michal Zidek2-8/+8
Removes off by one error when using macro MC_SIZE_TO_SLOTS and adds new macro MC_SLOT_WITHIN_BOUNDS.
2013-08-19mmap_cache: Remove triple checks in client code.Michal Zidek2-40/+20
We had pattern in client code with 3 conditions that can be replaced with one.
2013-08-19mmap_cache: Check data->name value in client codeMichal Zidek2-0/+37
data->name value must be checked to prevent segfaults in case of corrupted memory cache. resolves: https://fedorahosted.org/sssd/ticket/2018
2013-08-11mmap_cache: Check if slot and name_ptr are not invalid.Michal Zidek2-0/+16
This patch prevents jumping outside of allocated memory in case of corrupted slot or name_ptr values. It is not proper solution, just hotfix until we find out what is the root cause of ticket https://fedorahosted.org/sssd/ticket/2018
2013-07-22Fix warnings: uninitialized variableLukas Slebodnik1-1/+1
2013-06-06Enhance PAC responder for AD usersSumit Bose1-15/+47
This patch modifies the PAC responder so that it can be used with the AD provider as well. The main difference is that the POSIX UIDs and GIDs are now lookup up with the help of the SID instead of being calculated algorithmically. This was necessary because the AD provider allows either algorithmic mapping or reading the value from attributes stored in AD. Fixes https://fedorahosted.org/sssd/ticket/1558
2013-05-14Rename SAFEALIGN macros.Michal Zidek1-34/+2
https://fedorahosted.org/sssd/ticket/1772 SAFEALIGN macros have been renamed in this patch to make it easy to pick the right macro when data is copied from byte buffer to a variable or vice versa. The renamed macros are placed in new header file to avoid code duplication (the old ones were defined in two files, one for the client code and one for the rest of sssd).
2013-05-07SSH: Use separate field for domain name in client requestsJan Cholasta4-37/+29
Instead of appending @domain to names when the --domain option of sss_ssh_* is used, put domain name in a separate field in client requests.
2013-05-03Add client library for SID related lookupsSumit Bose5-0/+1925
This patch add a library for client side lookups for a SID or with a SID through the calls: - sss_nss_getsidbyname - sss_nss_getsidbyid - sss_nss_getnamebysid - sss_nss_getidbysid The library is called libsss_nss_idmap and the contributed spec file will create two new packages libsss_nss_idmap and libsss_nss_idmap-devel.
2013-04-24sudo client: remove dead codePavel Březina1-8/+0
https://fedorahosted.org/sssd/ticket/1889 Fixes two minor coverity issues.
2013-03-18Fix sss_client breakage.Lukas Slebodnik1-1/+1
Adding missing dependencies for linker. Missing dependency was introduced by commit 22d381367c27910fe82f476a76b9f4ede555e35a in changed file src/sss_client/nss_mc_common.c All function declaration for io.c was moved from util.h to separate file io.h, https://fedorahosted.org/sssd/ticket/1838
2013-03-13Removing unused header file providers.hLukas Slebodnik1-151/+0
Header file "providers.h" is not included in any other file and function "dp_process_init" declared in this header file has no implementation. Header file protos.h is not also included in any other file and even hole content is commented out.
2013-03-13Reuse sss_open_cloexec at other places in code.Lukas Slebodnik1-17/+2
Functions open_cloexec and openat_cloexec were renamed with prefix "sss_" and moved to separete file. Replacing duplicated code of function sss_open_cloexec everywhere in the source code. https://fedorahosted.org/sssd/ticket/1794
2013-03-08Add support for krb5 1.11's responder callback.Nathaniel McCallum1-0/+3
krb5 1.11 adds support for a new method for responding to structured data queries. This method, called the responder, provides an alternative to the prompter interface. This patch adds support for this method. It takes the password and provides it via a responder instead of the prompter. In the case of OTP authentication, it also disables the caching of credentials (since the credentials are one-time only).
2013-03-06Updated Doxygen configuration to 1.8.1Thorsten Scherf1-134/+478
https://fedorahosted.org/sssd/ticket/1819
2013-03-01Revert "Add debug message to autofs client"Jakub Hrozek1-3/+0
This reverts commit 30c76633788c498b7d34e7e5944a3d36f26ec2db.
2013-03-01Add debug message to autofs clientPavel Březina1-0/+3
2013-01-16autofs: Use SAFEALIGN_SET_UINT32 instead of SAFEALIGN_COPY_UINT32Jakub Hrozek1-10/+5
2013-01-08Potential resource leak in sss_nss_mc_get_recordJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1748
2013-01-07explicit null dereferenced in sss_nss_mc_get_record()Pavel Březina1-0/+5
https://fedorahosted.org/sssd/ticket/1724
2012-12-13Add a macro to copy with barriersSimo Sorce1-17/+30
We have 2 places where we memcpy memory and need barriers protection. Use a macro so we can consolidate code in one place. Second fix for: https://fedorahosted.org/sssd/ticket/1694
2012-12-05Add memory barrier to mmap cache client code loopSimo Sorce1-0/+3
Fixes https://fedorahosted.org/sssd/ticket/1694
2012-11-22Fix errors reported by rpmlintJan Cholasta7-21/+14
2012-11-15SUDO: Remove unused variableStephen Gallagher1-1/+0
Eliminates a compiler warning
2012-11-14sudo: do not send domain name with usernamePavel Březina2-16/+6
This caused troubles with subdomain users and it is not really necessary. This patch does not change the protocol itself, that should be done on the earliest possible occasion. Part of https://fedorahosted.org/sssd/ticket/1616
2012-10-29Include talloc log in our debug facilityMichal Zidek2-2/+2
https://fedorahosted.org/sssd/ticket/1495
2012-10-12PAM: fix handling the client fd in pam destructorJakub Hrozek3-18/+18
* Protect the fd with a mutex when closing * Set it to a safe value after closing
2012-10-12Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudoJakub Hrozek1-12/+0
2012-10-11PAM: close socket fd with pam_set_dataJakub Hrozek3-0/+33
https://fedorahosted.org/sssd/ticket/1569
2012-10-10do not fail if POLLHUP occurs while reading dataPavel Březina1-1/+9
This cause troubles when we send data to a pipe and close the file descriptor before data is read. The pipe is still readable, but POLLHUP is detected and we fail to read them. For example, this may cause a user beeing unable to log in. Now if POLLHUP appears, we read the pipe and then close it on the client side too.
2012-09-04SSH: Simplify public key formatting functionJan Cholasta1-2/+1
2012-09-04SSH: Return error code in SSH utility functionsJan Cholasta1-6/+7
2012-08-27Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the clientJakub Hrozek1-6/+90
https://fedorahosted.org/sssd/ticket/1460
2012-08-13sss_client: Group lookups should work even when fastcache cannot be initializedJakub Hrozek1-8/+2
https://fedorahosted.org/sssd/ticket/1415
2012-07-27Write SELinux config files in responder instead of PAM moduleJan Zeleny2-99/+0
2012-07-27Move SELinux processing from session to account PAM stackJan Zeleny1-55/+55
The idea is to rename session provider to selinux provider. Processing of SELinux rules has to be performed in account stack in order to ensure that pam_selinux (which is the first module in PAM session stack) will get the correct input from SSSD. Processing of account PAM stack is bound to access provider. That means we need to have two providers executed when SSS_PAM_ACCT_MGMT message is received from PAM responder. Change in data_provider_be.c ensures just that - after access provider finishes its actions, the control is given to selinux provider and only after this provider finishes is the result returned to PAM responder.
2012-07-18Fix uninitialized valuesNick Guay1-1/+1
https://fedorahosted.org/sssd/ticket/1379
2012-07-16sudo test client: avoid SIGSEGV when run without argumentsPavel Březina1-1/+1
SIGSEGV occured when sss_sudo_cli was run without any arguments.
2012-07-10Remove resource leak in sssdpac_import_authdataSumit Bose1-3/+1
Fixes https://fedorahosted.org/sssd/ticket/1409
2012-07-09Fix use-after-freeStephen Gallagher1-0/+1
Coverity #12803
2012-06-29sudo responder: change protocol version to 1Pavel Březina1-1/+1
2012-06-29sudo api: send uid, username and domainnamePavel Březina5-66/+158
https://fedorahosted.org/sssd/ticket/1239 Test client was changed accordingly. The new usage is: sss_sudo_cli username [uid] If uid is not set, getpwnam(username) is called. It will retrieve both default options and rules.
2012-06-29sudo api: remove EOKPavel Březina2-13/+10
2012-06-21PAC client: add krb5 authdata pluginSumit Bose2-0/+467
2012-06-21PAC client: add basic support in common client codeSumit Bose2-0/+38
2012-06-21PAC responder: add the core functionalitySumit Bose1-0/+4
This adds support for parsing PAC and storing information contained within. In particular the user and all his memberships are stored. In case it is necessary, getgrgid() requests are sent to provider for group resolution.
2012-06-21Add close on exec support for old platformsSimo Sorce1-1/+16
Older platfroms like RHEL5 do not have support for O_CLOEXC and need an explicit fcntl after the fd is created. Add it conditionally so it can be clearly removed once we declared those platfroms obsolete and unsupported.
2012-06-21Do not leak file descriptors in client libs.Simo Sorce1-1/+1
We need to make sure the mc socket is not leaked otherwise child processes will pile up leaked file descriptors. Add O_CLOEXEC when opening the cache.
2012-06-18Do not send SIGPIPE on disconnectionShantanu Goel1-6/+21
Note we set MSG_NOSIGNAL to avoid having to fiddle with signal masks but also do not want to die in case SIGPIPE gets raised and the application does not handle it.