summaryrefslogtreecommitdiff
path: root/src/util
AgeCommit message (Collapse)AuthorFilesLines
2013-10-11INI: Disable line-wrapping functionalityJakub Hrozek1-1/+1
Supporting the latest INI release brought an incompatible change. Lines beginning with a whitespace were treated as continuation of the previous line. This patch reverts to ignoring the whitespace as we did previously so that the existing configurations keep working.
2013-09-27ipa_server_mode: write capaths to krb5 include fileSumit Bose2-2/+52
If there are member domains in a trusted forest which are DNS-wise not proper children of the forest root the IPA KDC needs some help to determine the right authentication path. In general this should be done internally by the IPA KDC but this works requires more effort than letting sssd write the needed data to the include file for krb5.conf. If this functionality is available for the IPA KDC this patch might be removed from the sssd tree. Fixes https://fedorahosted.org/sssd/ticket/2093
2013-09-27IPA: store forest name for forest member domainsSumit Bose2-2/+12
In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of the forest must be known for a member domain of the forest.
2013-09-26util: add get_domains_head()Pavel Březina2-0/+15
This function will return head of the domain list. Resolves: https://fedorahosted.org/sssd/ticket/2066
2013-09-25util: Allways fall back to old find_uid methodSimo Sorce1-4/+4
systemd-login still fails with su/sudo login shells, so always fall back for now. Resolves: https://fedorahosted.org/sssd/ticket/2094
2013-09-24Include header file in implementation module.Lukas Slebodnik7-0/+7
Declarations of public functions was in header files, but header files was not included in implementation file.
2013-09-23mmap_cache: Use two chains for hash collision.Lukas Slebodnik1-8/+12
struct sss_mc_rec had two hash members (hash1 and hash2) but only one next member. This was a big problem in case of higher probability of hash collision. structure sss_mc_rec will have two next members (next1, next2) with this patch. next1 is related to hash1 and next2 is related to hash1. Iterating over chains is changed, because we need to choose right next pointer. Right next pointer will be chosen after comparing record hashes. This behaviour is wrapped in function sss_mc_next_slot_with_hash. Adding new record to chain is also changed. The situation is very similar to iterating. We need to choose right next pointer (next1 or next2). Right next pointer will be chosen after comparing record hashes. Adding reference to next slot is wrapped in function sss_mc_chain_slot_to_record_with_hash Size of structure sss_mc_rec was increased from 32 bytes to 40 bytes. Resolves: https://fedorahosted.org/sssd/ticket/2049
2013-09-22Check return values of setenv and unsetenvJakub Hrozek1-1/+5
2013-09-18BE: Log domain name to journald if availableJakub Hrozek3-0/+14
If the SSSD is compiled with journald support, then all sss_log() statements will include a new field called "SSSD_DOMAIN" that includes the domain name. Filtering only messages from the single domain is then as easy as: # journalctl SSSD_DOMAIN=foo.example.com
2013-09-18Add journald supportJakub Hrozek1-0/+35
2013-09-17util: add find_subdomain_by_object_name()Pavel Březina2-0/+39
This function will parse object name into name and domain name part and return appropriate sss domain. Resolves: https://fedorahosted.org/sssd/ticket/2034
2013-09-17util: add find_subdomain_by_sid()Pavel Březina2-0/+35
This function takes domain SID (doesn't have the last component) or object SID (have all components) and returns subdomain. The subdomain is found by comparing domain->domainid with the SID. E.g. domain SID: S-1-5-21-3940105347-3434501867-2690409756 object SID: S-1-5-21-3940105347-3434501867-2690409756-513 Resolves: https://fedorahosted.org/sssd/ticket/2034
2013-09-17util: add sss_idmap_talloc[_free]Pavel Březina2-0/+60
Remove code duplication.
2013-09-16util: Use systemd-login to check user sessionsSimo Sorce1-0/+20
Use systemd-lgin in preference to check if the user is logged in or not. Fall back to the old method if no systemd-login support is available at compile time or if it returns a fatal error, and can't determine the status of the user on its own. This will allow to consider a user really active (in order to reuse or refresh crdentials) only if it really is logged into the system, and not just if one of the user's processes is stuck around. Resolves: https://fedorahosted.org/sssd/ticket/2084
2013-09-11Enable printf format string checkingLukas Slebodnik1-2/+8
https://fedorahosted.org/sssd/ticket/1945
2013-09-11Fix formating of variables with type: id_tLukas Slebodnik1-1/+25
2013-09-11Fix formating of variables with type: rlim_tLukas Slebodnik1-0/+7
2013-09-11Fix formating of variables with type: key_serial_tLukas Slebodnik1-0/+3
2013-09-11Adding new header for printf formating macrosLukas Slebodnik2-0/+33
2013-09-11Fix formating of variables with type: size_tLukas Slebodnik1-1/+1
2013-09-11Fix formating of variables with type: ssize_tLukas Slebodnik3-4/+5
2013-09-11Fix formating of variables with type: intLukas Slebodnik1-2/+3
2013-09-11Fix formating of variables with type: longLukas Slebodnik1-2/+2
2013-09-09krb5: Remove unused helper functionsSimo Sorce2-88/+0
these functions are not needed anymore. Related: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Remove unused functionSimo Sorce2-32/+0
Related: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Make check_for_valid_tgt() staticSimo Sorce2-76/+0
check_for_valid_tgt() is used exclusively in krb5_uitls.c so move it there. Resolves: https://fedorahosted.org/sssd/ticket/2061
2013-09-05utils: add is_host_in_domain()Pavel Březina2-0/+17
2013-09-05Rename SAFEALIGN macrosMichal Zidek1-30/+40
The new SAFEALIGN macros name turned to be inappropriate because they do not reflect what the macros really do.
2013-09-03UTIL: Use standard maximum value of type size_tLukas Slebodnik1-3/+2
It is better to use standard constant for maximum value of type size_t, instead of reinventing wheel with own defined constant SIZE_T_MAX This patch replace string "SIZE_T_MAX" -> "SIZE_MAX"
2013-08-28UTIL: Explicitly include header file sys/socket.hLukas Slebodnik1-0/+1
We use constant AF_INET6 in util.c, but we do not explicitly include header file sys/socket.h. This header file was indirectly incuded by another header file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can have other dependencies among header files.
2013-08-28UTIL: Create new wraper header file sss_endian.hLukas Slebodnik5-32/+61
Some platform have header file endian.h and anothers have sys/endian.h. We nedd to use conditional build to handle it correctly, therefore new header file sss_endian.h was created.
2013-08-28Add a new option to control subdomain enumerationJakub Hrozek2-1/+28
2013-08-28Read enumerate state for subdomains from cacheJakub Hrozek2-3/+5
The enumerate flag will be read from the cache for subdomains and the domain object will be created accordingly.
2013-08-28krb5: Fetch ccname template from krb5.confStephen Gallagher2-0/+2
In order to use the same defaults in all system daemons that needs to know how to generate or search for ccaches we introduce ode here to take advantage of the new option called default_ccache_name provided by libkrb5. If set this variable we establish the same default for all programs that surce it out of krb5.conf therefore providing a consistent experience across the system. Related: https://fedorahosted.org/sssd/ticket/2036
2013-08-27KRB5: Add support for KEYRING cache typeStephen Gallagher2-0/+16
https://fedorahosted.org/sssd/ticket/2036
2013-08-27KRB5: Add low-level debugging to sss_get_ccache_name_for_principalStephen Gallagher1-0/+6
2013-08-22Fix memory leak insss_krb5_get_error_messageLukas Slebodnik1-0/+1
warning reported by cppcheck
2013-08-22Use brackets around macros.Lukas Slebodnik1-4/+4
warnings reported by cppcheck.
2013-08-22KRB5: Add new #define for collection cache typesStephen Gallagher2-11/+11
Kerberos now supports multiple types of collection caches, not just DIR: caches. We should add a macro for generic collection behavior and use that where appropriate.
2013-08-19mmap_cache: Use better checks for corrupted mc in responderMichal Zidek1-2/+0
We introduced new way to check integrity of memcache in the client code. We should use similiar checks in the responder.
2013-08-19mmap_cache: Off by one error.Michal Zidek1-0/+3
Removes off by one error when using macro MC_SIZE_TO_SLOTS and adds new macro MC_SLOT_WITHIN_BOUNDS.
2013-08-19UTIL: Remove obsolete compat macrosJakub Hrozek1-19/+0
All supported tevent releases contain these macros.
2013-08-11mmap_cache: Check if slot and name_ptr are not invalid.Michal Zidek1-0/+3
This patch prevents jumping outside of allocated memory in case of corrupted slot or name_ptr values. It is not proper solution, just hotfix until we find out what is the root cause of ticket https://fedorahosted.org/sssd/ticket/2018
2013-07-22Fix warnings: uninitialized variableLukas Slebodnik1-1/+1
2013-07-19IPA: warn if full_name_format is customized in server modeJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/2009 If the IPA server mode is on and the SSSD is running on the IPA server, then the server's extdom plugin calls getpwnam_r to read info about trusted users from the AD server and return them to the clients that called the extended operation. The SSSD returns the subdomain users fully-qualified, ie "user@domain" by default. The format of the fully qualified name is configurable. However, the extdom plugin returns the user name without the domain component. With this patch, when ipa_server_mode is on, warn if the full_name_format is set to a non-default value. That would prompt the admin to change the format if he changed it to something exotic.
2013-07-19Add mising argument required by format stringLukas Slebodnik1-1/+1
2013-07-19Fix clang format string warning.Lukas Slebodnik1-1/+1
warning: format string is not a string literal (potentially insecure) [-Wformat-security]
2013-07-17SIGCHLD handler: do not call callback when pvt data where freedPavel Březina2-2/+30
https://fedorahosted.org/sssd/ticket/1992
2013-07-15Use conditional build for retrieving ccache.Lukas Slebodnik2-0/+56
Some krb5 functions needn't be available for retrieving ccache with principal. Therefore ifdef is used to solve this situation with older version of libkrb5. There were two functions with similar functionality in krb5_child and krb5_utils. They were merged to one universal function, which was moved to file src/util/sss_krb5.c
2013-06-28Read mpg state for subdomains from cacheSumit Bose2-3/+5
The mpg flag will be read from the cache for subdomains and the domain object will be created accordingly.