RESPONDER: Make use of sss_client_fd_handler() Let's make use of the sss_client_fd_handler() on client_fd_handler(). Resolves: https://pagure.io/SSSD/sssd/issue/3633 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

RESPONDER: Add sss_client_fd_handler() Currently we have 3 functions to handle client fds: - sec_fd_handler(): for secrets responder - kcm_fd_handler(): for kcm responder - client_fd_handler(): for all the others reponders As those functions only differ by the functions used to handle sending and receiving data to the fds, let's create a generic function that receives the specific send_fn() and recv_fn() functions. With this newly introduced function we'll be able to simply remove duplicated code from those 3 handlers and just call sss_client_fd_handler() from all of those. Resolves: https://pagure.io/SSSD/sssd/issue/3633 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Fix minor spelling mistakes in responder/* Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

responder: Fix talloc hierarchy in sized_output_name sized_output_name was a called with NULL context in memcache_delete_entry but returned data from sized_output_name didn't have proper talloc hierarchy and we could not release all all returned data. ==00:01:01:29.871 10088== 934,414 bytes in 8,731 blocks are definitely lost in loss record 121 of 121 ==00:01:01:29.871 10088== at 0x4C29BE3: malloc (vg_replace_malloc.c:299) ==00:01:01:29.871 10088== by 0x8FF4EAB: talloc_strdup (in /usr/lib64/libtalloc.so.2.1.9) ==00:01:01:29.871 10088== by 0x52933B9: sss_output_name (usertools.c:808) ==00:01:01:29.871 10088== by 0x5293550: sss_output_fqname (usertools.c:863) ==00:01:01:29.871 10088== by 0x1211F9: sized_output_name (responder_common.c:1708) ==00:01:01:29.871 10088== by 0x1137E6: memcache_delete_entry (nss_get_object.c:112) ==00:01:01:29.871 10088== by 0x113BB6: nss_get_object_done (nss_get_object.c:245) ==00:01:01:29.871 10088== by 0x8DE5291: _tevent_req_error (in /usr/lib64/libtevent.so.0.9.31) ==00:01:01:29.871 10088== by 0x1276CE: cache_req_done (cache_req.c:1047) ==00:01:01:29.871 10088== by 0x8DE5291: _tevent_req_error (in /usr/lib64/libtevent.so.0.9.31) ==00:01:01:29.871 10088== by 0x126AF6: cache_req_search_domains_done (cache_req.c:607) ==00:01:01:29.871 10088== by 0x8DE4AB9: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.31) ==00:01:01:29.871 10088== by 0x8DE9C9C: ??? (in /usr/lib64/libtevent.so.0.9.31) ==00:01:01:29.871 10088== by 0x8DE82A6: ??? (in /usr/lib64/libtevent.so.0.9.31) ==00:01:01:29.871 10088== by 0x8DE40CC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.31) ==00:01:01:29.871 10088== by 0x8DE42FA: tevent_common_loop_wait (in /usr/lib64/libtevent.so.0.9.31) ==00:01:01:29.871 10088== by 0x8DE8246: ??? (in /usr/lib64/libtevent.so.0.9.31) ==00:01:01:29.871 10088== by 0x5291B32: server_loop (server.c:718) ==00:01:01:29.871 10088== by 0x11004C: main (nsssrv.c:560) Resolves: https://pagure.io/SSSD/sssd/issue/3588 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

RESPONDER: Add session recording conf loading Add session recording configuration loading to the common responder initialization. To be used for substituting the user shell when session recording is enabled. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

NSS: Move shell options to common responder Move all the shell-related options from the NSS responder context to the common responder context, so they can be used by other responders for retrieving original user shell, when it is overrided for session recording. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESPONDERS: Fix terminating idle connections The client_idle_handler() function tried to schedule another tevent timer to check for idle client connections in case the current connection was still valid, but in doing so, it also stored the current time into the last_request_time field of the client context. This kept the connection always alive, because the last_request_time could then never be older than the timeout. This patch changes the setup_client_idle_timer() function to only do what the synopsis says and set the idle timer. The caller (usually the function that accepts the connection) is supposed to store the request time itself. Resolves: https://pagure.io/SSSD/sssd/issue/3448 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

UTIL: Remove fcntl.h from util/util.h fcntl.h is not used directly by util/util.h. The header file fcntl.h must be included in 49 files and after removing it from util.h it had to be added only to 7 missing file which were using either directly syscall fcntl or syscall open. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

NSS: Move output name formatting to utils Move NSS nss_get_name_from_msg and the core of sized_output_name to the utils to make them available to provider and other responders. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESPONDER_COMMON: Improve domaiN_resolution_order debug messages Indicate whether a domain_resolution_order has been used and where it came from. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESPONDER: Fallback to global domain resolution order in case the view doesn't have this option set The current code has been ignoring the domain resolution order set globally on IPA in case there's a view but this doesn't have any domain resolution order set. It happens because we haven't been checking whether the view attribute didn't exist and then we ended up populating the list cache_req domains' list assuming that no order has been set instead of falling back to the next preferred method. Related: https://pagure.io/SSSD/sssd/issue/3001 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

Move sized_output_name() and sized_domain_name() into responder common code These functions are used to format a name into a format that the user configured for output, including case sensitiveness, replacing whitespace and qualified format. They were used only in the NSS responder, which typically returns strings to the NSS client library and then the user. But it makes sense to just reuse the same code in the IFP responder as well, since it does essentially the same job. The patch also renames sized_member_name to sized_domain_name. Previously, the function was only used to format a group member, the IFP responder would use the same function to format a group the user is a member of. Related to: https://pagure.io/SSSD/sssd/issue/3268 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

responders: do not leak selinux context on clients destruction The SELinux context created in get_client_cred is not talloc bound and we were leaking it if available with each client's destruction. Resolves: https://pagure.io/SSSD/sssd/issue/3360 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

Add domain_resolution_order config option This is the local equivalent of option of ipaDomainResolutionOrder and has precedence over the ones set on IPA side making the precedence order to be like: Local > View > Globally. As done for the IPA side configurations, the domains which were not explicitly set up will be apennded to the final of the domain_resolution_order list in the very same order they're presented in the "domains" option of [sssd] section in the config file. There's no guarantee of order for the subdomains though. It's also important to mention that no expansion magic is performed on our side. It means that if 'example.com' is set it does *not* stand for all its subdomains DNS wise (like 'foo.example.com', 'bar.example.com', etc). Related: https://pagure.io/SSSD/sssd/issue/3001 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

CACHE_REQ: Make use of domainResolutionOrder domainResolutionOrder has been introduced in the previous commits and allows the admin to set up a specific order which the domains will be resolved during a lookup and with this patch we can take advantage of this. In order to have it working a new structure has been added (struct domain_resolution_order) to the responder context and will be used by the cache_req to perform the lookups based on this list. As the ipaDomainResolutionOrder may be set globally on IPA or per View, SSSD does respect the following precedence order: View > Globally. The way the list is built is quite simple, basically having the domains present on ipaDomainResolutionOrder as the first domains (in that specific order) and then appending the remaining domains to this list. The final result is a completely flat list with all the domains respecting the specified order (it's important to remember that the domains not specified won't follow any specific order, they're just "random" based on the domains list present in the responder context. Related: https://pagure.io/SSSD/sssd/issue/3001 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

CACHE_REQ: Check the caches first This patch introduces a new configurable option to define whether the responder should query all domains' caches before querying the Data Providers. This new option is called cache_first and, by default, it's disabled, meaning that, for each provider, the responder may contact the cache and the data provider in the same iteration. Co-Author: Pavel Březina <pbrezina@redhat.com> Related: https://pagure.io/SSSD/sssd/issue/3001 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESPONDER: Wrap up the code to setup the idle timeout As secrets responder will make use of this very same code in the future, let's wrap it up into a new function in order to avoid code duplication. Related: https://pagure.io/SSSD/sssd/issue/3316 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

RESPONDER: Add a responder sbus interface to set domain state Adds a generic responder s-bus interface that all responders implement. The interface currently contains methods that make it possible for a sssd domain to be marked as active or inconsistent by a back end. In the future, this commit will be superseded by sbus signals. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESPONDER: Change how client timeout is calculated Taking Pavel Březina's suggestion, let's avoid always re-creating the idle timer and go for a simpler and not so precise approach where we store the time of the last operation done and then have a simple periodic timer that fires each "client_idle_time/2" and there it checks whether the "current time - last request time > client_idle_time". As said, it won't be as precise as the way done currently but it will save us lots of memory operations. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

RESPONDER: Shutdown {dbus,socket}-activated responders in case they're idle This commit introduces a new option for the responders called responder_idle_timeout, which specifies the number of seconds that the responder process can be up without being used. The default value is 300 seconds (5 minutes) and can be configured per responder, being 60 seconds the minimum acceptable value. Is important to note that setting "responder_idle_timeout = 0" disables the responder timeout, which makes sense for the responders that always will be running. The shutdown timeout is activated per responder in case the responder has been {dbus,socket}-activated. In case of any commnunication with the responder the timeout is reset thereby ensuring we won't shutdown a responder that is not idle. Setting the responder's last request time is done slightly differently for socket-activated and dbus-activated responders. In both cases it's updated in any internal communication in sbus_message_handler(), but for the socket-activated responders it's also updated when the responder's socket is used. Currently it works properly with all responders but the secrets one, which has a different logic and must be treated separately in case some change is required there. Is worth to mention that this commit does not affect the responders explicitly configured in the "services" line of sssd.conf. Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

RESPONDER: Don't expose client_idle_handler() It's been only used by reset_client_idle_handler(). So, no need to expose this function. Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

RESPONDER: Make clear {reset_,}idle_timer() are related to client Those public functions dealing with idle_timer are related to the client's timeout. Let's make it explicit as we will introduce more timeout handlers (this time, related to the responder itself). Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

SBUS: Add a time_t pointer to the sbus_connection The idea of this commit is to provide a way to update the time of the last request coming from/going to the responders through sbus. For now it's not used anywhere as all the functions that will pass their time_t to the sbus_connection are currently passing NULL. It will be used by follow-up patches. Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

RESPONDER: Make responders' common code ready for socket activation Instead of simply setting the unix socket during the process initialization, let's make it socket-activatable. It's the first step in order to have socket-activated responders and doesn't introduce any kind of regression with the current code. Also, we must avoid setting the responders fds to -1 in all cases as it may have cause the socket to be unreachable in case the administrator decides to move back from socket-activation to using the services line in sssd.conf. With this change, the responders will have to activelly set their sockets fd to -1 before calling activate_unix_sockets(), which is already done everyone but in Secrets and in one piece of PAM responder. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

UTIL: Introduce --dbus-activated cmd option for responders Similarly to the --socket-activated cmd option, --dbus-activated cmd option is going to be used for dbus-activated responders in order to easily setup a timeout to shutdown the idle responder in case it has been socket activated and is idle. This option has been encapsulated on is_dbus_activated() function, which will always return "false" when called on platforms where systemd is not supported. For now any of the services are taking advantage of this newly introduced option/function, but later on in this series it's going to be used. In order to use it, just add SSSD_RESPONDER_OPTS to the poptOption structure. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

UTIL: Introduce --socket-activated cmdline option for responders This option is going to be used for socket-activated responders as they are special in some ways. So, by knowing this option we can: - skip owning the debug files as it will be done by the responders' unit files; - skip "become_user()", as the process will already be started by the proper user bu the responders' unit files; - setup a timeout to shutdown the responder in case it has been socket-activated and is idle. This option has been encapsulated on is_socket_activated() function, which will always return "false" when called on platforms where systemd is not supported. For any of the services are taking advantage of this newly introduced option/function, but later on in this series it's going to be used. In order to use it, just add SSSD_RESPONDER_OPTS to the poptOption structure. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

MONITOR: Pass the service type to the RegisterService method Passing the service type to the RegisterService method will help us in the future, for socket-activation, as we will need to differentiate cases where the service being registered is still not in the services' list but is a valid case and has to be added there as it was socket-activated. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

nss: move nss_ctx->global_names to rctx Global names context is used to parse AD well known SIDs and names into its opposite. This patch moves definition of this parameter from nss responder into common responder context so it can be used also by other responders. This change will be use to enable looking up well known SIDs and names directly in cache_req. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

RESPONDER: Remove dead assignment to the variable ret Reviewed-by: Michal Židek <mzidek@redhat.com>

DP: Remove old data provider interface Reverse data provider interface is moved to a better location in NSS responder. All responders now can have an sbus interface defined per data provider connection. The unused old data provider interface is removed. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

RESPONDERS: Pass errno to strerror() when SELINUX_getpeercon() fails Currently ret, which is -1, is passed to strerror() instead of errno. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Related: https://fedorahosted.org/sssd/ticket/3094 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

RESPONDERS: Show a bit more info in case of SELINUX_getpeercon() failure Be explicit that it may happen when SELinux is disabled and also suggest to enable SELinux. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Related: https://fedorahosted.org/sssd/ticket/3094 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

RESPONDERS: Decrease debug level for failures in SELINUX_getpeercon() As this is not FATAL and may happen when SELinux is disabled, let's just decrease the debug level to MINOR_FAILURE Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Related: https://fedorahosted.org/sssd/ticket/3094 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Amend debug messages after failure of unlink Some messages did not have errno or name of problematic file. There was also improper use of negative value. The function strerror was called with -1 instead of errno Reviewed-by: Petr Čech <pcech@redhat.com>

SYSDB: Remove useless parameter from sysdb_init() The function sysdb_init() is never used to allow upgrade, so the allow_upgrade parameter was pointless. Reviewed-by: Sumit Bose <sbose@redhat.com>

Secrets: Add initial responder code for secrets service Start implementing the Secrets Service Reponder core. This commit implements stratup and basic conenction handling and HTTP parsing (using the http-parser library). Signed-off-by: Simo Sorce <simo@redhat.com> Related: https://fedorahosted.org/sssd/ticket/2913 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Responders: Add support for socket activation Add helper that uses systemd socket activation if available to accept a pre-listining socket at startup. Related: https://fedorahosted.org/sssd/ticket/2913 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Responders: Make the client context more generic This is useufl to allow reusing the responder code with other protocols. Store protocol data and responder state data behind opaque pointers and use tallog_get_type to check they are of the right type. This also allows to store per responder state_ctx so that, for example, the autofs responder does not have to carry useless variables used only by the nss responder. Resolves: https://fedorahosted.org/sssd/ticket/2918 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Open a timestamps cache for caching domains For all domain types, except the local domain, open a connection to a new ldb file located at /var/lib/sss/db names timestamps_$domain.ldb. Constructs the ldb file path manually in sysdb_check_upgrade_02() but that should be acceptable because nobody should be running such an old cache these days anyway. Reviewed-by: Sumit Bose <sbose@redhat.com>

RESPONDER: New interface for client registration This is just a beginning of new responder interface to data provider and it is just to make the client registration work. It needs further improvement. The idea is to take the existing interface and make it work better with further extensions of data provider. The current interface has several disadvantages such as it is originally build only for account requests and doesn't take different set of output parameters. It also doesn't work well with integration into tevent-made responders. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

RESPONDERS: Negative caching of local users This patch adds new option 'neg_cache_locals_timeout' into section of NSS responder. It allows negative caching of local groups and users. Default value is 0 which means no caching. Resolves: https://fedorahosted.org/sssd/ticket/2928 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESPONDER: Removing of redudant function There is redudant function responder_get_neg_timeout_from_confdb(). This patch removes it. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESPONDERS: Negcache in resp_ctx preparing Preparation for initialization of negative cache in common responder. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

NEGCACHE: Adding timeout to struct sss_nc_ctx It adds timeout of negative cache to handling struct sss_nc_ctx. There is one change in API of negatice cache: * int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout, <----- new struct sss_nc_ctx **_ctx); There is also one new function in common/responder: * errno_t responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb, uint32_t *ncache_timeout); Resolves: https://fedorahosted.org/sssd/ticket/2317 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

Responders: Fix client destructor To close a socket associated to an fd event we must set the close function of the event and not associate a destructor to a parent context. Otherwise the destructor will close() the socket before the fd event is freed, and this may cause invalid calls on a closed file descriptor to poll/epoll/etc. Discovered by looking at strace output. Resolves: https://fedorahosted.org/sssd/ticket/2973 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

Util: Improve code to get connection credentials Adds support to get SELINUX context and make code more abstract so that struct ucred (if availale) can be used w/o redefining uid,gid,pid to int32. Also gives a layer of indirection that may come handy if we want to improve the code further in the future. Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>

util: Update get_next_domain's interface Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

REFACTOR: SCKT_RSP_UMASK constant in responder code This patch adds new SCKT_RSP_UMASK constant which stands for 0111. And it replaces all occurances in responder code. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

REFACTOR: DFL_RSP_UMASK constant in responder code There is DFL_RSP_UMASK constant for very secure umask in responder code. This patch replaces occurances of value 0177 with this constant. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Convert domain->disabled into tri-state with domain states Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

sbus: add new iface via sbus_conn_register_iface() Rename sbus_conn_add_interface() to sbus_conn_register_iface() and remove sbus_new_interface() calls since it is just one more unnecessary call outside the sbus code. The function sbus_new_interface() is made static and used directly in sbus_conn_register_iface(). The name was chosen to better describe what the function is doing. That it registers an interface on a given object path. The same interface can be used with different paths so it is not really about adding an interface. Preparation for: https://fedorahosted.org/sssd/ticket/2339 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Unify the fd_nonblocking implementation The responder and child_common modules each had their own implementation. Unify it instead and add a unit test. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESPONDER: Log failures to resolve user names in csv_string_to_uid_array This patch makes it more discoverable for the admin to find typos in the various user lists. Typically, the user lists are used to add access to some feature and printing a syslog message would make sure the admin sees the mistake. Reviewed-by: Pavel Reichl <preichl@redhat.com>

RESPONDERS: Don't hard-code umask value in utility function Resolves: https://fedorahosted.org/sssd/ticket/2468 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

RESPONDERS: refactor create_pipe_fd() Resolves: https://fedorahosted.org/sssd/ticket/2470 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

responders: Do not initialize pipe fd if already present Allow to skip initialization of pipe file descriptor if the responder context already has one. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

responder_common: Create fd for pipe in helper Move creating of file descriptor for pipes into helper function and make this function public. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

UTIL: Add a function to convert id_t from a number or a name We need a custom function that would convert a numeric or string input into uid_t. The function will be used to drop privileges in servers and also in the PAC and IFP responders. Includes a unit test to test all code that changed as well as a fix for a misnamed attribute in the csv_to_uid_list function synopsis. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

UTIL: Do not depend on monitor code Just moves code around. There should be a way to use the server.c module without linking the monitor code. Reviewed-by: Pavel Reichl <preichl@redhat.com>

Make the space override responder-agnostic https://fedorahosted.org/sssd/ticket/2397 In order to make the override_space option usable by other responders, we need to move the override_space option to the generic responder structure. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

RESPONDER: Fix a wrong DEBUG message Another function decides whether the responder is updating the subdomains or just returning an error code. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

sbus: Refactor how we export DBus interfaces Most importantly, stop using per connection private data. This doesn't scale when you have more than one thing exporting or exported on a connection. Remove struct sbus_interface and expand sbus_conn_add_interface() function. Remove various struct sbus_interface args to connection initialization functions and make callers use sbus_conn_add_interface() directly. The old method was optimized for exporting one interface on a connection. We'll have connections that export zero, one or more interfaces. To export an interface on a DBus server, call sbus_conn_add_interface() from within the sbus_server_conn_init_fn. To export an interface on a DBus client, call sbus_conn_add_interface() after sbus_new_connection() returns. As before struct sbus_interface represents an object exported via DBus. However it is now talloc allocated. One can set instance data on the struct sbus_interface. This instance data is passed to the various handlers and used in their implementation. However, we now have type safe interface exporting in the various high level sss_process_init() sss_monitor_init() and so on. Introspection support was not in use, and is now gone until we implement it using the metadata (future patch). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

sbus: Add struct sbus_request to represent a DBus invocation struct sbus_request represents a request from a dbus client being handled by a dbus server implementation. The struct contains the message, connection and method (and in the future teh property) which is being requested. In the future it will contain caller information as well. sbus_request is a talloc memory context, and is a good place to attach any allocations and memory specific to the request. Each handler accepts an sbus_request. If a handler returns EOK, it is assumed that the handler will finish the request. Any of the sbus_request_*finish() methods can be used to complete the request and send back a reply. sbus_request_return_and_finish() uses the same argument varargs syntax as dbus_message_append_args(), which isn't a great syntax. Document it a bit, but don't try to redesign: The marshalling work (will follow this patch set) will remove the need to use varargs for most DBus implementation code. This patch migrates the monitor and data provider dbus code to use sbus_request, but does not try to rework the talloc context's to use it. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Include external headers with #include <foo.h> I find it more readable to include headers from outside the sssd tree with <foo.h>, not "foo.h". The latter should be used for in-tree headers only.

Fix formating of variables with type: rlim_t

Missing space in debug message

Fixing critical format string issues. --missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'

Add responder_get_domain_by_id() This new call is similar to responder_get_domain() but uses the domain SID as search parameter. Since the length of the stored domain SID is used in the comparison, SIDs of users and groups and be used directly without stripping the RID component. The functionality is not merged into responder_get_domain() to allow to calculate the timeout correctly and return a specific error code if the entry is expired.

responder_get_domain(): remove timeout calculation The current timout calculation code in responder_get_domain() is flawed and I think it always was. I removed the related code because - it currently has no effect, a match is returned even if it is expired - that callers do not have any code to handle expired domains.

responder_get_domain: do not return disabled domains Recent refactoring introduced to concept of disabled domains, i.e. domains which does not exists anymore. responder_get_domain() should not return disabled domains.

Remove unused TALLOC_CTX from responder_get_domain() Recent refactoring removed the need to copy the domain info data of sub-domains because the related objects will not be removed from memory anymore.

do not leak memory on failure in *_process_init()

Move sss_cmd_execute from client to responder code. I think it logically belongs there and allows to better exercise the responder commands from unit tests.

Remove the alt_db_path parameter of sysdb_init This parameter was never used. https://fedorahosted.org/sssd/ticket/1765

Fix uninitialized time_t var in responder https://fedorahosted.org/sssd/ticket/1810

Introduce IS_SUBDOMAIN() macro Fixes https://fedorahosted.org/sssd/ticket/1766

Change the way domains are linked. - Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()

Add function get_next_domain() Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()

Refactor sysdb initialization Change the way sysdbs are initialized. Make callers responsible for providing the list of domains. Remove the returned array of sysdb contexts, it was used only by sss_cache and not really necessary there either as that tool can easily iterate the domains. Make sysdb ctx children of their respective domains. Neither sysdb context nor domains are ever freed until a program is done so there shouldn't be any memory hierarchy issue. As plus we simplify the code by removing a destructor and a setter function.

failover: Protect against empty host names Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484

Always append rctx as private data This is used for the new calls back from the data provider.

Display more information on DB version mismatch https://fedorahosted.org/sssd/ticket/1589 Added check for determining, whether database version is higher or lower than expected. To distinguish it from other errors it uses following retun values (further used for appropriate error message): EMEDIUMTYPE for lower version than expected EUCLEAN for higher version than expected When SSSD or one of it's tools fails on DB version mismatch, new error message is showed suggesting how to proceed.

do not call dp callbacks when responder is shutting down https://fedorahosted.org/sssd/ticket/1514 We were experiencing crash duting responder shut down. This happened when there were some unresolved dp request during the shut down. The memory hierarchy is main_ctx->specific_ctx->rctx, where specific_ctx may be one of the pam, nss, sudo, etc. contexts. If we try to call dp request callback as a result of responder termination, the specific context is already semi freed, which may cause crash.

Use flat name for master domain as well

Add new option default_domain_suffix

accept_fd_handler: add missing return

Fix segfault when using local provider The name context was not being initialized for local provider domains because it was handled after skipping over the back-end initialization routine. This patch moves the name context init routine to occur earlier. https://fedorahosted.org/sssd/ticket/1412

pac responder: limit access by checking UIDs A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382

Move some debug lines to new debug log levels * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113

Make the client idle timeout configurable

Add support for terminating idle connections

Log message if close() fails in destructor.

Make re_expression and full_name_format per domain options * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663

RESPONDER: check return value from confdb_get_int sss_process_init forgot to check return value of confdb_get_int

Modified responder_get_domain() Now it checks for subdomains as well as for the domain itself

Responder part of the subdomain retrieval work

Use the correct hash table for pending requests The function that handled pending requests on reconnect was checking an orphaned global variable that was never used, redenring the whole function uselsess. This fixes a very nasty bug that was causing requests for which we never received an answer for (for example because the backend failed and was restarted) to be never removed and therefore causing a black hole effect for any other request of the same type. Fixes: https://fedorahosted.org/sssd/ticket/1229

RESPONDERS: Make the fd_limit setting configurable This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197

RESPONDERS: Allow increasing the file-descriptor limit This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197

Use the case sensitivity flag in responders

Responders: Split getting domain by name into separate function

Allow using Glib for UTF8 support

RESPONDER: Refactor DP requests into tevent_req style

RESPONDER: Ensure that all input strings are valid UTF-8

Converge accept_fd_handler and accept_priv_fd_handler These two functions were almost identical. Better to maintain them as a single function.

Set _GNU_SOURCE globally

Allow changing the log level without restart We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.

Create common sss_monitor_init() This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use.

Fix unchecked return value in set_nonblocking Also fixes the same problem with set_close_on_exec https://fedorahosted.org/sssd/ticket/713

Properly null-terminate socket path https://fedorahosted.org/sssd/ticket/540

Use SO_PEERCRED on the PAM socket This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs

Revert "Add better checks on PAM socket" This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.

sysydb: Finally stop using a common event context This commit completes the migration to a synchronous sysdb

Fixes for client communication - catch all errors of send() and recv(), not only EAGAIN - check if send() or recv() return EWOULDBLOCK or EINTR - remove unused parameter from client_send() and client_recv() - fix a debugging message

Fixed buffer alignment in exchange_credentials(). buf needs to be 32 bit aligned on ARM. Also made the fix on the server side. Signed-off-by: George McCollister <George.McCollister@gmail.com>

Add better checks on PAM socket - check if the public socket belongs to root and has 0666 permissions - use a SCM_CREDENTIALS message if available

Add forgotten \n in DEBUG statements Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.

Remove unnecessary "domain" parameter from DP registration This was a holdover from when the DP and the providers were unique processes. The NSS and PAM registrations do not need to send the domain, as it is not ambiguous which one they are talking to.

Rename server/ directory to src/ Also update BUILD.txt