summaryrefslogtreecommitdiff
path: root/src/tools
AgeCommit message (Collapse)AuthorFilesLines
2013-02-10Add function get_next_domain()Simo Sorce2-3/+8
Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
2013-01-29Unchecked return value in files.cMichal Zidek1-1/+9
Found by coverity. https://fedorahosted.org/sssd/ticket/1791
2013-01-28TOOLS: Compile on old platforms such as RHEL5Jakub Hrozek1-37/+140
Provides compatible declarations for modern file management functions such as futimens or opening with the O_CLOEXEC flag
2013-01-23TOOLS: Use file descriptor to avoid races when creating a home directoryJakub Hrozek3-351/+361
When creating a home directory, the destination tree can be modified in various ways while it is being constructed because directory permissions are set before populating the directory. This can lead to file creation and permission changes outside the target directory tree, using hard links. This security problem was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782
2013-01-23TOOLS: Use openat/unlinkat when removing the homedirJakub Hrozek1-42/+41
The removal of a home directory is sensitive to concurrent modification of the directory tree being removed and can unlink files outside the directory tree. This security issue was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782
2013-01-21TOOLS: invalidate parent groups in memory cache, tooJakub Hrozek4-8/+71
https://fedorahosted.org/sssd/ticket/1775 In addition to invalidating the group being added to when adding a member group/user, we also need to invalidate all its parent groups, otherwise this getgrnam("parent") wouldn't report the members newly added to its child groups.
2013-01-16tools: Respect use_fully_qualified_namesMichal Zidek1-0/+9
Tools for LOCAL domain should require FQDN if option 'use_fuly_quallified_names = TRUE' was configured. https://fedorahosted.org/sssd/ticket/1746
2013-01-16sss_cache: Call DEBUG_INIT soonerMichal Zidek1-2/+3
If bad parameteres were passed to sss_cache, the init function returned without calling DEBUG_INIT macro and unnecessary level 1 debug message was printed. https://fedorahosted.org/sssd/ticket/1745
2013-01-15TOOLS: Refresh memcache after changes to local users and groupsJakub Hrozek2-0/+42
2013-01-15TOOLS: Provide a convenience function to refresh a list of groupsJakub Hrozek2-0/+22
2013-01-15TOOLS: Split querying nss responder into a separate functionJakub Hrozek4-32/+68
The tools query the responder in order to sync the memcache after performing changes to the local database. The functions will be reused by other tools so I split them into a separate functions.
2013-01-15TOOLS: move memcache related functions to tools_mc_utils.cJakub Hrozek3-161/+188
The upcoming patches will link only users of this file with client libs, so it's better to have it separate. There is no functional change in this patch
2013-01-15TOOLS: set domain in check_group_namesJakub Hrozek1-0/+1
2013-01-15Add domain arguments to sysdb services functionsSimo Sorce1-2/+3
also fix sysdb_svc_add declarations
2013-01-15Add domain argument to sysdb autofs functionsSimo Sorce1-1/+1
2013-01-15Add domain arg to sysdb_search/delete_netgroup()Simo Sorce1-1/+2
2013-01-15Add domain argument to sysdb_search_groups()Simo Sorce2-2/+4
2013-01-15Add domain arg to sysdb_search_users()Simo Sorce1-1/+2
2013-01-15Add domain argument to sysdb_search_custom()Simo Sorce1-2/+5
Also changes sysdb_search_custom_by_name()
2013-01-15Add domain argument to sysdb_cache_password()Simo Sorce1-1/+1
2013-01-15Add domain arguments to sysdb_add_group functions.Simo Sorce1-1/+2
2013-01-15Add domain argument to sysdb_add_user()Simo Sorce2-2/+3
2013-01-15Add domain argument to sysdb_set_netgroup_attr()Simo Sorce1-1/+1
2013-01-15Add domain argument to sysdb_set_group_attr()Simo Sorce2-2/+3
2013-01-15Add domain argument to sysdb_set_user_attr()Simo Sorce2-7/+10
2013-01-15Add domain to sysdb_search_group_by_name()Simo Sorce1-3/+3
Also remove unused sysdb_search_domgroup_by_name()
2013-01-15Add domain to sysdb_search_user_by_name()Simo Sorce1-1/+1
Also remove unused sysdb_search_domuser_by_name()
2013-01-15Pass domain to sysdb_get<pw/gr>nam() functionsSimo Sorce2-5/+9
Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not.
2013-01-15Make sysdb_group_dn() require a domain explictly.Simo Sorce2-7/+7
2013-01-15Make sysdb_user_dn() require a domain explictly.Simo Sorce1-3/+3
2013-01-15Remove the sysdb_ctx_get_domain() function.Simo Sorce1-10/+11
We are deprecating sysdb->domain so kill the function that gives access to this member as we should stop relying on it being available (or correct).
2013-01-15Refactor single domain initializationSimo Sorce3-9/+6
Bring it out of sysdb, which will slowly remove internal dependencies on domains and instead will always require them to be passed by callers.
2013-01-15Refactor sysdb initializationSimo Sorce1-21/+10
Change the way sysdbs are initialized. Make callers responsible for providing the list of domains. Remove the returned array of sysdb contexts, it was used only by sss_cache and not really necessary there either as that tool can easily iterate the domains. Make sysdb ctx children of their respective domains. Neither sysdb context nor domains are ever freed until a program is done so there shouldn't be any memory hierarchy issue. As plus we simplify the code by removing a destructor and a setter function.
2013-01-14Use new sysdb_search_service() in sss_cacheSimo Sorce1-35/+4
Also fixes https://fedorahosted.org/sssd/ticket/1754
2013-01-09Revert "Add a default section to a switch-statement"Simo Sorce1-12/+8
This reverts commit d698499602461b98fd56f2d550f80c6cb25f12a9. And adds the correct fix. Also makes the function static,as it is used nowehere else.
2013-01-09Add a default section to a switch-statementSumit Bose1-0/+3
Besides adding the missing default this patch suppresses a compiler warning about ret being uninitialized.
2013-01-08Remove unhelpful vtable from sss_cacheSimo Sorce1-24/+30
Using a vtable like this has various drawacks, including the fact prototypes are not checked by the compiler so the code could silently break and still compile fine (in fact I found this out changing one of the prototypes). A switch statement is also better because it catches if the enum changed and won't risk allowing to access the table out of bounds.
2013-01-04sss_cache: fqdn not acceptedMichal Zidek1-14/+149
sss_cache did not accept fully quaified domain names. https://fedorahosted.org/sssd/ticket/1620
2012-12-13tools: sss_userdel and groupdel remove entries from memory cacheMichal Zidek2-0/+47
https://fedorahosted.org/sssd/ticket/1659
2012-11-28sss_cache: Small refactor.Michal Zidek3-58/+72
The logic that checks if sssd_nss is running and then sends SIGHUP to monitor or removes the caches was moved to a function sss_memcache_clear_all() and made public in tools_util.h.
2012-11-20LDAP: Only convert direct parents' ghost attribute to memberJakub Hrozek2-2/+3
https://fedorahosted.org/sssd/ticket/1612 This patch changes the handling of ghost attributes when saving the actual user entry. Instead of always linking all groups that contained the ghost attribute with the new user entry, the original member attributes are now saved in the group object and the user entry is only linked with its direct parents. As the member attribute is compared against the originalDN of the user, if either the originalDN or the originalMember attributes are missing, the user object is linked with all the groups as a fallback. The original member attributes are only saved if the LDAP schema supports nesting.
2012-11-19Display more information on DB version mismatchOndrej Kos3-0/+4
https://fedorahosted.org/sssd/ticket/1589 Added check for determining, whether database version is higher or lower than expected. To distinguish it from other errors it uses following retun values (further used for appropriate error message): EMEDIUMTYPE for lower version than expected EUCLEAN for higher version than expected When SSSD or one of it's tools fails on DB version mismatch, new error message is showed suggesting how to proceed.
2012-11-06sss_cache: Remove fastcache even if sssd is not running.Michal Zidek3-20/+152
https://fedorahosted.org/sssd/ticket/1584
2012-11-06sss_cache: Multiple domains not handled properlyMichal Zidek1-35/+37
When working with multiple domains and no matching objects for deletion were found in the first domain, the other domains were not searched at all. Also the ERROR message informing about object not found (the one printed for each domain) was changed to DEBUG message.
2012-10-29Include talloc log in our debug facilityMichal Zidek10-10/+10
https://fedorahosted.org/sssd/ticket/1495
2012-10-16sss_debuglevel: Multiple arguments are treated as error.Michal Zidek1-0/+6
https://fedorahosted.org/sssd/ticket/1327
2012-10-03sss_seed: Improved error message when the domain does not exist.Michal Zidek1-2/+5
https://fedorahosted.org/sssd/ticket/1553
2012-10-03sss_seed: Passwords longer then PASS_MAX not allowed.Michal Zidek1-1/+8
sss_seed fails if password file specified with -p or --password-file option contains password longer than PASS_MAX. Man pages inform about PASS_MAX limitation.
2012-10-03sss_seed: Make only first line of password file valid.Michal Zidek1-0/+36
When file is used to specify a password in sss_seed, then only first line of this file is used. Also empty passwords are treated as errors. https://fedorahosted.org/sssd/ticket/1548
2012-10-03sss_seed: Show error message when interactive input fails.Michal Zidek1-0/+1
https://fedorahosted.org/sssd/ticket/1549