summaryrefslogtreecommitdiff
path: root/src/util
AgeCommit message (Collapse)AuthorFilesLines
2011-01-21Fix uninitialized value errorSumit Bose1-1/+1
2011-01-20NSS obfuscation code cleanupJakub Hrozek1-38/+97
https://fedorahosted.org/sssd/ticket/752
2011-01-11Add overflow check to SAFEALIGN_COPY_*_CHECK macrosSumit Bose1-3/+6
2011-01-11Validate user supplied size of data itemsSumit Bose1-0/+5
Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
2010-12-20Introduce sss_hash_create_ex()Sumit Bose2-6/+29
2010-12-17Fix unchecked return value in sss_krb5_verify_keytab_exStephen Gallagher1-1/+8
https://fedorahosted.org/sssd/ticket/711
2010-12-16Fix invalid sizeof in pidfileStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/730
2010-12-14Add missing break statement to sss_hash_createStephen Gallagher1-0/+1
https://fedorahosted.org/sssd/ticket/720
2010-12-08Fix build issue with older Kerberos librarySumit Bose1-0/+7
2010-12-07Add support for FAST in krb5 providerSumit Bose2-0/+62
2010-12-03krb5_child returns TGT lifetimeSumit Bose1-0/+6
2010-12-02Add a special filter type to handle enumerationsSumit Bose1-0/+2
2010-12-02Make default SIGTERM and SIGINT handlers use teventStephen Gallagher1-1/+33
2010-11-18Add missing error codeSumit Bose1-0/+1
2010-11-15Add utility function to sanitize LDAP/LDB filtersStephen Gallagher2-0/+63
Also adds a unit test.
2010-11-05Handle errors during log reopening betterStephen Gallagher1-2/+28
2010-10-26Always use uint32_t for UID/GID numbersJakub Hrozek2-4/+4
2010-10-19Write log opening failures to the syslogStephen Gallagher1-0/+3
If there is a problem with reopening the logs, it can be an audit trail issue.
2010-10-18Use unsigned long for conversion to id_tJakub Hrozek1-4/+4
We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead.
2010-10-13Add a missing include fileSumit Bose1-0/+1
strcasecmp() is defined in strings.h which might not be included under certain conditions.
2010-10-08Add common hash table setupStephen Gallagher2-0/+58
sss_hash_create() produces a dhash table living in the talloc hierarchy.
2010-09-23Use new MIT krb5 API for better password expiration warningsSumit Bose2-2/+26
2010-09-15Fix parameter order when initializing decryptionJakub Hrozek1-1/+1
2010-09-08Dead assignments cleanup in various places in SSSDJan Zeleny1-1/+1
Three assignments deleted, two return code inspection added. Also found and fixed one critical bug caused by dead assignment. Ticket: #590
2010-09-08Password obfuscation utility functionsJakub Hrozek3-0/+510
Adds two utility functions to obfuscate a password and inverse to extract the cleartext password back. So far, only NSS-based implementation is provided.
2010-09-08Add safe copy/move macros for uint16_tJakub Hrozek1-1/+11
2010-09-08Move crypto functions into its own subdirJakub Hrozek5-42/+109
A refactoring patch that creates a common util/crypto subdir with per-implementation subdirectories for each underlying crypto library supported by SSSD.
2010-08-03Add dup_string_list() utility functionStephen Gallagher2-0/+37
2010-08-03Add diff_string_lists utility functionStephen Gallagher2-0/+209
Includes a unit test
2010-08-03Validate keytab at startupJakub Hrozek2-0/+162
In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556
2010-07-09Add log notifications for startup and shutdown.Stephen Gallagher1-1/+4
2010-07-09Add sss_log() functionStephen Gallagher2-0/+81
Right now, this log function writes to the syslog. In the future, it could be modified to work with ELAPI or another logging API.
2010-06-28Resend SIGINT as SIGTERM in servicesJakub Hrozek1-0/+3
Fixes: #462
2010-06-17Initialize len before looping to read the pidfileStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/544
2010-06-14Check closedir call in find_uidJakub Hrozek1-4/+9
Fixes: #503
2010-06-14get_uid_from_pid should use fstat rather than lstatJakub Hrozek1-11/+11
Fixes: #541
2010-06-10Fix misuse of errno in find_uid.cStephen Gallagher1-17/+26
2010-06-10Properly handle read() and write() throughout the SSSDStephen Gallagher3-12/+57
We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
2010-05-27Move parse_args() to utilSumit Bose2-0/+101
2010-05-16Add ldap_krb5_ticket_lifetime optionSumit Bose1-0/+5
2010-05-07Clean up kdcinfo and kpasswdinfo files when exitingStephen Gallagher2-1/+2
2010-04-30Support SRV servers in failoverJakub Hrozek1-0/+16
Adds a new failover API call fo_add_srv_server that allows the caller to specify a server that is later resolved into a list of specific servers using SRV requests. Also adds a new failover option that specifies how often should the servers resolved from SRV query considered valid until we need a refresh. The "real" servers to connect to are returned to the user as usual, using the fo_resolve_service_{send,recv} calls. Make SRV resolution work with c-ares 1.6
2010-04-16Avoid accessing half-deallocated memory when using talloc_zfree macro.eindenbom1-1/+5
The correct memory deallocation sequence is: - clear pointer to memory first - then deallocate memory
2010-04-06Protect against check-and-open race conditionsStephen Gallagher2-28/+77
There is a small window between running lstat() on a filename and opening it where it's possible for the file to have been modified. We were protecting against this by saving the stat data from the original file and verifying that it was the same file (by device and inode) when we opened it again, but this is an imperfect solution, as it is still possible for an attacker to modify the permissions during this window. It is much better to simply open the file and test on the active file descriptor. Resolves https://fedorahosted.org/sssd/ticket/425 incidentally, as without the initial lstat, we are implicitly accepting symlinks and only verifying the target file.
2010-03-25Allow arbitrary-length PAM messagesStephen Gallagher1-3/+8
The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432
2010-03-08Reopen logs when SIGHUP is caughtJakub Hrozek3-0/+33
Upon receiving SIGHUP, the monitor signals all services to reopen their debug logs. It is also possible to signal individual services to reopen their particular files. Fixes: #332
2010-03-04Fix debug_timestampsSimo Sorce1-0/+1
It was broken when the default was changed, making it impossible to silence from the config file.
2010-03-03Improve safe alignment buffer handling macrosSimo Sorce1-15/+24
Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.
2010-02-23Check and set permissions on SBUS socketsSumit Bose2-15/+89
2010-02-18Fix licensing issues in SSSDStephen Gallagher1-0/+24