77d63f561830c15341b2ffe915a4c86b3c0f88a3 |
|
27-Apr-2018 |
Jakub Hrozek <jhrozek@redhat.com> |
FILES: Only send the request for update if the files domain is inconsistent
Resolves:
https://pagure.io/SSSD/sssd/issue/3520
The code was probably commented out as a mistake..
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
677a31351c80453d9ce006481364399a96312052 |
|
29-Jan-2018 |
René Genz <liebundartig@freenet.de> |
Fix minor spelling mistakes in responder/*
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
2c6c3cff23a0750a5f68b52cb1a52e241aa20615 |
|
09-Nov-2017 |
Jakub Hrozek <jhrozek@redhat.com> |
RESP: Add some missing NULL checks
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> |
e98d085b529e0ae5e07a717ce3b30f3943be0ee0 |
|
09-May-2017 |
Justin Stephenson <jstephen@redhat.com> |
DP: Reduce Data Provider log level noise
Certain operations are not supported with certain providers
causing informational Data Provider log messages to be logged as
errors or failures. This patch lowers the log level to reduce overall
log noise and ensure only critical log messages are logged when
a low debug_level value is used.
Resolves:
https://pagure.io/SSSD/sssd/issue/3287
https://pagure.io/SSSD/sssd/issue/3278
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
50c740cbc2bb27cbe488fa8587e2901b8b85cf87 |
|
15-Feb-2017 |
Jakub Hrozek <jhrozek@redhat.com> |
RESPONDER: Contact inconsistent domains
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
2c61b6eee24d90b11f3d2cab7b9cd8690df29f34 |
|
15-Feb-2017 |
Jakub Hrozek <jhrozek@redhat.com> |
RESPONDER: Use the NEED_CHECK_DOMAIN macro
This is to avoid a needless round-trip between the responder and the
back end for domains that do not have a traditional back end such as
local or files.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
2e505786d6d9d537f5b6631099862f6b93e2e687 |
|
01-Feb-2017 |
Lukas Slebodnik <lslebodn@redhat.com> |
Suppres implicit-fallthrough from gcc 7
Some kind of comments are recognized by gcc7 but they are ignored with
-Wimplicit-fallthrough=5 and only attributes disable the warning.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> |
ca68b1b4ba06b1cda316ae8af470647bd7015a5a |
|
16-Jan-2017 |
Lukas Slebodnik <lslebodn@redhat.com> |
DP: Remove unused attr_type from struct dp_id_data
Structure member attr_type was set to BE_ATTR_CORE on all places
and there was a single place src/providers/ldap/ldap_id.c where
we checked to other values. It is not used anymore; it's better to
remove it.
Reviewed-by: Michal Židek <mzidek@redhat.com> |
7162dc780fe9458018c577f6f1638522d74f63b0 |
|
19-Dec-2016 |
Pavel Březina <pbrezina@redhat.com> |
responders: do not try to contact DP with LOCAL provider
We make sure in responder dp code that we do not contact
data provider if the provider is a local one. We just
return success.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
b54cd7caf6b73b36b68fcefc0cad39a626690398 |
|
29-Jun-2016 |
Lukas Slebodnik <lslebodn@redhat.com> |
Downcast to errno_t after tevent_req_is_error
Functions tevent_req_is_error and _tevent_req_error
use type uint64_t for error code.
SSSD uses errno_t which is an alias for int.
Therefore complier assumes that macro TEVENT_REQ_RETURN_ON_ERROR
can return 0 due to implicit down casting from uint64_t -> int.
This patch makes down casting explicit and returns EINVAL
if result of downcasting is 0.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
dea636af4d1902a081ee891f1b19ee2f8729d759 |
|
20-Jun-2016 |
Pavel Březina <pbrezina@redhat.com> |
DP: Switch to new interface
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
376eaf187c13c2a1eaea0ffbdd970b6b563ab74c |
|
14-Sep-2015 |
Petr Cech <pcech@redhat.com> |
DATA_PROVIDER: BE_REQ as string in log message
Add be_req2str() for translation BE_REQ to string.
So we will have
|| Got request for [0x1001][FAST BE_REQ_USER][1][name=celestian]
instead of
|| Got request for [0x1001][1][name=celestian]
Function be_req2str() is used in data provider and in responder too.
So this patch create new header file data_provider_req.h which
delivers function be_req2str() and definitions of BE_REQ_*.
Resolves:
https://fedorahosted.org/sssd/ticket/2708
Reviewed-by: Pavel Reichl <preichl@redhat.com> |
cdc44abdf944b0de541fe93ecd77df4d09c856b1 |
|
15-Jul-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
DP: Add DP_WILDCARD and SSS_DP_WILDCARD_USER/SSS_DP_WILDCARD_GROUP
Related:
https://fedorahosted.org/sssd/ticket/2553
Extends the Data Provider interface and the responder<->Data provider
interface with wildcard lookups.
The patch uses a new "wildcard" prefix rather than reusing the existing
user/group prefixes.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
827a016a07d5f911cc4195be89896a376fd71f59 |
|
19-Jun-2015 |
Sumit Bose <sbose@redhat.com> |
IFP: add FindByCertificate method for User objects
Related to https://fedorahosted.org/sssd/ticket/2596
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
87f8bee53ee1b4ca87b602ff8536bc5fd5b5b595 |
|
17-Mar-2015 |
Lukas Slebodnik <lslebodn@redhat.com> |
Add missing new lines to debug messages
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
b668c77874c6fed325471bdcf5954979a0d734e2 |
|
24-Feb-2014 |
Stef Walter <stefw@redhat.com> |
sbus: Use constants to make dbus calls
This allows us to remove duplicated information, and have the
compiler check that when an method name is changed or removed
the callers are updated.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
83bf46f4066e3d5e838a32357c201de9bd6ecdfd |
|
12-Feb-2014 |
Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> |
Update DEBUG* invocations to use new levels
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
a3c8390d19593b1e5277d95bfb4ab206d4785150 |
|
12-Feb-2014 |
Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> |
Make DEBUG macro invocations variadic
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
de3705b32718db199789580ed2e6299967753974 |
|
11-Sep-2013 |
Lukas Slebodnik <lslebodn@redhat.com> |
Fix formating of variables with type: unsigned long |
f0944fdd627bd684ff36c9670dc857ffdedc343f |
|
02-May-2013 |
Sumit Bose <sbose@redhat.com> |
Add two new request types to the data-provider interface
The patch adds two new request types for SID related requests. The first
one is used if a SID is given and the corresponding object should be
found. The second one can be used if the SID for an object is requested
but it is not clear if the object is a user or a group. |
206329d3901738036352f2ac1e8d7804f728861d |
|
02-May-2013 |
Sumit Bose <sbose@redhat.com> |
Add secid filter to responder-dp protocol
This patch add a new filter type to the data-provider interface which
can be used for SID-based lookups. |
3c6b579b14bbf24acd4e8151673fc9c17c9f8615 |
|
20-Mar-2013 |
Pavel Březina <pbrezina@redhat.com> |
coding style fix |
185dcb88690f45c7886c95076bd189877aef2289 |
|
18-Dec-2012 |
Simo Sorce <simo@redhat.com> |
responder_dp: Add timeout to side requets
This is an additional proteciont in case the provider misbheaves to avoid
having requests pending forever.
Fixes: https://fedorahosted.org/sssd/ticket/1717 |
644db36ab1111b88abca57d2438b72d618403dde |
|
29-Oct-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
Free the internal DP request |
20ae5925d2963937dfc6a66017c05bb018cedd3f |
|
11-Oct-2012 |
Pavel Březina <pbrezina@redhat.com> |
do not call dp callbacks when responder is shutting down
https://fedorahosted.org/sssd/ticket/1514
We were experiencing crash duting responder shut down. This happened
when there were some unresolved dp request during the shut down.
The memory hierarchy is main_ctx->specific_ctx->rctx, where
specific_ctx may be one of the pam, nss, sudo, etc. contexts.
If we try to call dp request callback as a result of responder
termination, the specific context is already semi freed, which may
cause crash. |
b42b5d5aaf4da165582e73ad985fdff6e34e61e4 |
|
03-May-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
SSH: Add dp_get_host_send to common responder code
Instead of using account_info request, creates a new ssh specific
request. This improves code readability and will make the code more
flexible in the future.
https://fedorahosted.org/sssd/ticket/1176 |
d1cec5a8fc58293231c72c1f967ef5421a24a33b |
|
24-Apr-2012 |
Sumit Bose <sbose@redhat.com> |
Add domain name to get_account_info request |
d3f2fd9cb21cc10dce663a2f7d0deda07074e44e |
|
24-Apr-2012 |
Jan Zeleny <jzeleny@redhat.com> |
Add conn_name to allow different names for domains and connections |
65976ea5e9767bfaced81dfb97dc87d59f50b57e |
|
08-Mar-2012 |
Simo Sorce <simo@redhat.com> |
Use the correct hash table for pending requests
The function that handled pending requests on reconnect was checking an
orphaned global variable that was never used, redenring the whole function
uselsess.
This fixes a very nasty bug that was causing requests for which we never
received an answer for (for example because the backend failed and was
restarted) to be never removed and therefore causing a black hole effect for
any other request of the same type.
Fixes: https://fedorahosted.org/sssd/ticket/1229 |
08207cb57473192c99893938fd60dc6a6ff90eb0 |
|
10-Feb-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
Fix group enumeration
Also adds some more debugging and fixes a code style issue.
https://fedorahosted.org/sssd/ticket/1182 |
bd3cf7d6414171fcd605d9f831965be107e411d7 |
|
07-Feb-2012 |
Jan Cholasta <jcholast@redhat.com> |
DP: Add support for hosts in sss_dp_get_account
Host requests are directed to the host info handler. |
990b7ebaf67b6d4cc982c805a8ec1126111bd4b4 |
|
27-Jan-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
DP: Refactor responder_dp_req so it's reusable by other responders
* the internal request is now more generic and is decoupled from
account-specific data. There is a new sss_dp_issue_request() wrapper
that issues a BE request or registers a callback
* the public requests all use struct sss_dp_req_state as the tevent_req
state data. This allows to report back data from the internal request
even if the caller is just a callback notifier
* each specific request now uses an _info structure that contains all
the data necessary to construct a DBusMessage passed to provider
* each specific request now defines a sss_dp_get_$data_msg callback that
is called from the sss_dp_issue_request() common wraper. The purpose
of the wrapper is to construct a DBusMessage and bind it to a DBus
method so the message can be just sent over to back end
The miscellanous changes include:
* change SSS_DP_ constants to an enum. This way, a switch() would error
if a value is not handled.
* rename sss_dp_get_account_int_send() to sss_dp_internal_get_send()
request because the internal request is going to handle more than just
account data
* the DBus return values were renamed from err_maj, err_min to dp_err
and dp_ret respectively |
6748486d61680426e8739bb5e7db7dd8409ef44c |
|
27-Jan-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
DP: Add support for services in dp requests |
9d1d6019a27a0ed70a665700a9f6acc55f874811 |
|
23-Jan-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
DP: Fix bugs in sss_dp_get_account_int
The conversion to the tevent_req style introduced numerous bugs
related to memory management of the various client requests. In
some circumstances, this could cause memory corruption and
segmentation faults in the NSS responder. This patch makes the
following changes:
1) Rename the internal lookup from subreq to sidereq, to indicate
that it is not a sub-request of the current lookup (and therefore
is not cancelled if the current request is).
2) Change the handling of the callback loops since they call
tevent_req_[done|error], which results in them being freed (and
therefore removed from the cb_list. This was the source of the
memory corruption that would occasionally result in dereferencing
an unreadable request.
3) Remove the unnecessary sss_dp_get_account_int_recv() function
and change sss_dp_get_account_done() so that it only frees the
sidereq. All of the waiting processes have already been signaled
with the final results from sss_dp_get_account_int_done() |
0c7aa697991ea9df960fae14fd567ebdda3b4ff4 |
|
21-Jan-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
RESPONDER: Extend sss_dp_account_send() to include extra data
Some NSS maps such as 'services' require more values to be passed
to the data provider than just the name or ID. In these cases, we
will amend an optional component to filter value to pass to the
data provider backend. |
8e84378f94a7ef289585e756e529cad5088e17b9 |
|
16-Dec-2011 |
Jakub Hrozek <jhrozek@redhat.com> |
DP: Remove processed callbacks |
069a5fe72d38f8e15b4416992453ac41a425ce9a |
|
29-Nov-2011 |
Stephen Gallagher <sgallagh@redhat.com> |
RESPONDER: Refactor DP requests into tevent_req style |
6d0fbda511f8ee2936e630110ee58d9c0d97b233 |
|
14-Oct-2011 |
Jan Zeleny <jzeleny@redhat.com> |
Fixed timeout handling in responders |
90a83f3c7b49e689d47553a5aa0eb15751846963 |
|
13-Oct-2011 |
Jakub Hrozek <jhrozek@redhat.com> |
Check if dp_requests hash table exists before using it |
0e27817133b931dcbe9d196e9ed0d737164ba613 |
|
15-Aug-2011 |
Jakub Hrozek <jhrozek@redhat.com> |
Do not delete requests inside hash_iterate loop |
d1571f8c173ca9172fa295e6aac48b8c0c367950 |
|
02-Dec-2010 |
Sumit Bose <sbose@redhat.com> |
Add a special filter type to handle enumerations |
ae3de4019070ebf9a4ce622d613d82358e3d72ef |
|
26-Oct-2010 |
Sumit Bose <sbose@redhat.com> |
Fix double free issue |
4967fe0bc52580f7e96974e30d3cf2f33fadaabe |
|
26-Oct-2010 |
Sumit Bose <sbose@redhat.com> |
Remove all nss requests after a reconnect
Currently we do not handle the open nss request after a reconnect and
wait until they timeout (which is a couple of minutes!). This patch adds
a handler that terminates all requests after a reconnect. Then responder
will return matching cache entries or nothing. |
ef39c0adcb61b16f9edc7beb4cdc8f3b0d5a8f15 |
|
13-Oct-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Add netgroup support to the NSS responder |
bb1487fef5d19a7b1536fc42e25a08f7d4c43e1b |
|
10-Jun-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Check the correct variable for NULL after creating timer
In several places, we were creating a new timer and assigning it
to the tev variable, but then we were checking for NULL from the
te variable (which, incidentally, is guaranteed never to be NULL
in this situation)
https://fedorahosted.org/sssd/ticket/523 |
f1bc4e8b9daf04a5cb4b9464021bb9e816eed3ea |
|
17-Mar-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Fix a series of memory leaks in the SBUS |
9fbf00c7802719becd633ecbc45879d5d0ddb985 |
|
15-Mar-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Properly handle dbus send attempts on a closed connection
dbus_connection_send_with_reply() will report success and return
a NULL pending_reply when the connection is not open for
communication. This patch creates a new wrapper around
dbus_connection_send_with_reply() to properly detect this
condition and report it as an error. |
8f4aaae28c88c707853f8f28d8babc4efe0c1bf6 |
|
04-Mar-2010 |
Martin Nagy <mnagy@redhat.com> |
Add forgotten \n in DEBUG statements
Logs from confdb with missing '\n' in the DEBUG statements annoyed me so
I decided to fix them. I also made a quick grep through the code and
found other places so I fixed them too. |
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab |
|
18-Feb-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Rename server/ directory to src/
Also update BUILD.txt |