MONITOR: Do not set up watchdog for monitor It makes little sense to set up watchdog for monitor because there is no entity that would restart the monitor. Therefore we should disable the watchdog for monitor process. Resolves: https://fedorahosted.org/sssd/ticket/3232 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

MONITOR: Add disable_netlink option Adding a new monitor boolean option to disable netlink support. This will give users more control over sssd state changes without having to modify systemd unit files. Resolves: https://fedorahosted.org/sssd/ticket/3142 Reviewed-by: Petr Cech <pcech@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

MONITOR: Remove --disable-netlink command-line option Removing monitor command-line option, to be superceded by sssd.conf option Reviewed-by: Petr Cech <pcech@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

MONITOR: Remove the no longer used kill_service command After introducing the watchdog, the force_timeout option is no longer used. Resolves: https://fedorahosted.org/sssd/ticket/3052 Reviewed-by: Petr Čech <pcech@redhat.com>

MONITOR: Remove the no longer used diag_cmd command After introducing the watchdog, the diag_cmd is longer used and makes no sense trying to make it usable by watchdog as the result of "pstack %p" seems next to useless in this context. Related: https://fedorahosted.org/sssd/ticket/3051 Reviewed-by: Petr Čech <pcech@redhat.com>

Monitor: Add support for disabling netlink Resolves: https://fedorahosted.org/sssd/ticket/2860 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>

UTILS: Fixing duplication of pid file declaration Resolves: https://fedorahosted.org/sssd/ticket/2978 Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Upgrade sysdb to use qualified names for users and groups, sudo rules and override objects Runs a sysdb upgrade that changes objects that represent users, groups, sudo rules and overrides to the new schema, which uses the fully qualified names. Reviewed-by: Sumit Bose <sbose@redhat.com>

SYSDB: Allow passing a context to sysdb upgrade functions We decide on whether to upgrade or not based on a pointer value, not a boolean. This pointer points to a structure that the upgrade invoker (typically the monitor) can use to fill auxilary data the sysdb upgrade has no means of instantiating. Reviewed-by: Sumit Bose <sbose@redhat.com>

Monitor: Add mode to generate confdb only With this mode we can add socket activated services and have systemd pre exec sssd to genrate the configuration file w/o starting the whole sssd if not necessary. https://fedorahosted.org/sssd/ticket/2243 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Monitor: Remove ping infrastructure Now thast services use an internal watchdog we do not need pings anymore, this will cut down the chatter and allow more flexible process management, for example socket activation and exit-on-idle. Resolves: https://fedorahosted.org/sssd/ticket/2921 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

confdb: Make it possible to use config snippets Resolves: https://fedorahosted.org/sssd/ticket/2247 Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

sss_tools: create confdb if not exist So tools (especially sssctl) may be run even when databases where removed. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Internal: Rename CONFDB_DEFAULT_CONFIG_FILE New name is SSSD_CONFIG_FILE. This is done because we will start to ship a static default configuration in addition to the runtime configuration. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SSSD: Add a new option diag_cmd This option is an optional one that is run when a sbus ping times out and before a SIGKILL signal is sent. It is undocumented by default. diag_cmd (string): A command that should be run for diagnostic purpose when an sbus timeout fails. The option value may contain %p which would be expanded for the process ID of the process that timed out Example: pstack %p This setting would print the stackstrace of the service whose ping timed out. Default: not set. Reviewed-by: Petr Cech <pcech@redhat.com>

Monitor: Show service pings at debug level 8 SSSDBG_CONF_SETTINGS is reserved for configuration information. These pings are generally just noise (when they fail, this is logged at SSDBG_FATAL_FAILURE). We should only log these at SSSDBG_TRACE_INTERNAL. Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Petr Cech <pcech@redhat.com>

util: Update get_next_domain's interface Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

MONITOR: Do not report missing file as fatal in monitor_config_file resolv.conf can be missing during boot. This is not fatal and we will check for its existence later. Reviewed-by: Pavel Reichl <preichl@redhat.com>

MONITOR: Poll for resolv.conf if not available during boot If resolv.conf is not available when SSSD is starting, check for its existence later. Ticket: https://fedorahosted.org/sssd/ticket/2590 Reviewed-by: Pavel Reichl <preichl@redhat.com>

Fix a few typos in comments Reviewed-by: Pavel Březina <pbrezina@redhat.com>

Add missing new lines to debug messages Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

MONITOR: Fix double free If kill timer was successfully executed then it will be released by libtevent. So we should not released it in mt_svc_exit_handler for the second time. [sssd] [mt_svc_exit_handler] (0x0040): Child [ifp] terminated with signal [9] [sssd] [talloc_log_fn] (0x0010): talloc: access after free error - first free may be at ../tevent_timed.c:351 [sssd] [talloc_log_fn] (0x0010): Bad talloc magic value - access after free ==19129== Invalid read of size 4 ==19129== at 0x50470CD: talloc_chunk_from_ptr (talloc.c:372) ==19129== by 0x50470CD: _talloc_free (talloc.c:1559) ==19129== by 0x11086C: mt_svc_exit_handler (monitor.c:2754) ==19129== by 0x8AF9B2F: sss_child_invoke_cb (child_common.c:181) ==19129== by 0x4E39823: tevent_common_loop_immediate (tevent_immediate.c:135) ==19129== by 0x4E3AF4D: poll_event_loop_once (tevent_poll.c:649) ==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530) ==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677) ==19129== by 0x84C4B02: server_loop (server.c:668) ==19129== by 0x10D9A6: main (monitor.c:3028) ==19129== Address 0xb8a06c0 is 64 bytes inside a block of size 176 free'd ==19129== at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==19129== by 0x50472F2: _talloc_free_internal (talloc.c:1057) ==19129== by 0x50472F2: _talloc_free (talloc.c:1581) ==19129== by 0x4E3D0A3: tevent_common_loop_timer_delay (tevent_timed.c:351) ==19129== by 0x4E3AF59: poll_event_loop_once (tevent_poll.c:653) ==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530) ==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677) ==19129== by 0x84C4B02: server_loop (server.c:668) ==19129== by 0x10D9A6: main (monitor.c:3028) Resolves: https://fedorahosted.org/sssd/ticket/2572 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>

sbus: add new iface via sbus_conn_register_iface() Rename sbus_conn_add_interface() to sbus_conn_register_iface() and remove sbus_new_interface() calls since it is just one more unnecessary call outside the sbus code. The function sbus_new_interface() is made static and used directly in sbus_conn_register_iface(). The name was chosen to better describe what the function is doing. That it registers an interface on a given object path. The same interface can be used with different paths so it is not really about adding an interface. Preparation for: https://fedorahosted.org/sssd/ticket/2339 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

monitor: Service restart fixes There are actually two bugs here: 1) When either the kill(SIGTERM) or kill(SIGKILL) commands returned failure (for any reason), we would talloc_free(svc) which removed it from being eligible for restart, resulting in the service never starting again without an SSSD service restart. 2) There is a fairly wide race condition where it's possible for a SIGKILL timer to "catch up" to the child exit handler between us noticing the termination and actually restarting it. The race happens because we re-enter the mainloop and add a restart timeout to avoid a quick failure if we keep restarting due to a transitory issue (the mt_svc object, and therefore the SIGKILL timer, were never freed until we got to the actual service restart). We can minimize this race by recording the timer_event for the SIGKILL timeout in the mt_svc object. This way, if the process exits via SIGTERM, we will immediately remove the timer for the SIGKILL. Additionally, we'll catch the special-case of an ESRCH response from the kill(SIGKILL) and assume that it means that the process has exited. The only other two possible errors are * EINVAL: (an invalid signal was specified) - This should be impossible, obviously. * EPERM: This process doesn't have permission to send signals to this PID. If this happens, it's either an SELinux bug or else the process has terminated and a new process that SSSD doesn't control has taken the ID over. So in the incredibly unlikely case that one of those occurs, we'll just go ahead and try to start a new process. This patch also removes the incorrect talloc_free(svc) calls on the kill() failures and replaces them with an attempt to just start up the service again and hope for the best. Resolves: https://fedorahosted.org/sssd/ticket/2525 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

MONITOR: Disable inlining of function load_configuration This reverts commit cff89439b21f8573c6896b09cb1a8d5f9de3144c. The previous fix was not sufficient and similar warning appears after different change in function load_configuration. src/monitor/monitor.c: In function ‘main’: src/monitor/monitor.c:2962:24: error: ‘monitor’ may be used uninitialized in this function [-Werror=maybe-uninitialized] monitor->is_daemon = !opt_interactive; ^ cc1: all warnings being treated as errors It's better to disable optimisation of function load_configuration after fail in chown(unlink) instead of checking errno for 0 and overriding it with EINVAL. Reviewed-by: Michal Židek <mzidek@redhat.com>

Fix: always check return value of unlink() Resolves: https://fedorahosted.org/sssd/ticket/2506 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

MONITOR: Fix warning may be used uninitialized This warning is caused be change 579e5d4b7a3ca161ea7518b2996905fa22c15995 "MONITOR: Allow confdb to be accessed by nonroot user" src/monitor/monitor.c: In function ‘main’: src/monitor/monitor.c:2953:24: error: ‘monitor’ may be used uninitialized in this function [-Werror=maybe-uninitialized] monitor->is_daemon = !opt_interactive; ^ cc1: all warnings being treated as errors Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

SSH: Run the ssh responder as the SSSD user Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SUDO: Run the sudo responder as the SSSD user Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

PAC: Run the pac responder as the SSSD user Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

AUTOFS: Run the autofs responder as the SSSD user Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

PAM: Run pam responder as nonroot Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

NSS: Run as a user specified by monitor Adds the NSS responder to the list of services known to work as a non-root user and becomes the specified user after starting the NSS responder. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SYSDB: Allow calling chown on the sysdb file from monitor Sysdb must be accessible for the nonroot sssd processes. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

MONITOR: Allow confdb to be accessed by nonroot user Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

BE: Own the sbus socket as the SSSD user In some cases, the back end might still be running as root, but the responder would be running unprivileged. In this case, we need to allow connecting from the SSSD user ID. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SBUS: Allow connections from other UIDs Unless dbus_connection_set_unix_user_function() is used, D-Bus only allows connections from UID 0. This patch adds a custom checker function that allows either UID 0 or the pre-configured SSSD user ID. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SBUS: Chown the sbus socket if needed When setting up the sbus server, we might need to chown the sbus socket to make sure non-root peers, running as the SSSD user are able to access the file. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SSSD: Load a user to run a service as from configuration Related: https://fedorahosted.org/sssd/ticket/2370 Adds a option, user to run as, that is specified in the [sssd] section. When this option is specified, SSSD will run as this user and his private group. When these are not specified, SSSD will run as the configure-time user and group (usually root). Currently all services and providers are started as root. There is a temporary svc_supported_as_nonroot() function that returns true for a service if that service runs and was tested as nonroot and false otherwise. Currently this function always returns false, but will be amended in future patches. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SSSD: Add the options to specify a UID and GID to run as Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl <preichl@redhat.com>

MONITOR: Remove useless memory contexts Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

MONITOR: Make internal functions static Several functions in the monitor.c file were not marked as static even though they were only used inside monitor.c Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

SSSD: Send debug to stderr when running on foreground https://fedorahosted.org/sssd/ticket/2348 When SSSD is running in interactive mode, we should print DEBUG messages directly to stderr, not journal. Reviewed-by: Michal Židek <mzidek@redhat.com>

MONITOR: Signal InfoPipe to reconnect on SIGUSR2 When the monitor receives SIGUSR2, it also signals the IFP responder to attempt to reconnect to the system bus using the sysbusReconnect SBUS method. No action is taken by other responders. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

utils: add get_known_services() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

MONITOR: Fix start up with empty standard input The monitor process does not read data from standard input in. We can close file descriptor from stdin. [sssd] [server_stdin_handler] (0x0020): sssd: EOF on stdin - terminating Resolves: https://fedorahosted.org/sssd/ticket/2312 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Monitor: fix message wrong perm. mode on config file Change description of supported access modes. Add missing new line in message. Reviewed-by: Simo Sorce <simo@redhat.com>

util: Change file check fns to use a mode mask Instead of using a custom way to chck file type, use the system provided macros and a mode mask to decide when we want to check. Additionally a mask also allows us to selectively check permissions. Related: https://bugzilla.redhat.com/1089098 Resolves: https://fedorahosted.org/sssd/ticket/2321 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>

IFP: Re-add the InfoPipe server Related: https://fedorahosted.org/sssd/ticket/2072 This commit only adds the responder and the needed plumbing. No DBus related code is in yet.

Remove --with-distro-version Remove support for "--with-distro-version" configure option as unused. The option was added in August 2011 (d3da1c1). As of now nothing seems to use it. Packaging checked: rpm, deb, pacman, ebuilds, FreeBSD ports. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

sbus: Refactor how we export DBus interfaces Most importantly, stop using per connection private data. This doesn't scale when you have more than one thing exporting or exported on a connection. Remove struct sbus_interface and expand sbus_conn_add_interface() function. Remove various struct sbus_interface args to connection initialization functions and make callers use sbus_conn_add_interface() directly. The old method was optimized for exporting one interface on a connection. We'll have connections that export zero, one or more interfaces. To export an interface on a DBus server, call sbus_conn_add_interface() from within the sbus_server_conn_init_fn. To export an interface on a DBus client, call sbus_conn_add_interface() after sbus_new_connection() returns. As before struct sbus_interface represents an object exported via DBus. However it is now talloc allocated. One can set instance data on the struct sbus_interface. This instance data is passed to the various handlers and used in their implementation. However, we now have type safe interface exporting in the various high level sss_process_init() sss_monitor_init() and so on. Introspection support was not in use, and is now gone until we implement it using the metadata (future patch). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

sbus: Add struct sbus_request to represent a DBus invocation struct sbus_request represents a request from a dbus client being handled by a dbus server implementation. The struct contains the message, connection and method (and in the future teh property) which is being requested. In the future it will contain caller information as well. sbus_request is a talloc memory context, and is a good place to attach any allocations and memory specific to the request. Each handler accepts an sbus_request. If a handler returns EOK, it is assumed that the handler will finish the request. Any of the sbus_request_*finish() methods can be used to complete the request and send back a reply. sbus_request_return_and_finish() uses the same argument varargs syntax as dbus_message_append_args(), which isn't a great syntax. Document it a bit, but don't try to redesign: The marshalling work (will follow this patch set) will remove the need to use varargs for most DBus implementation code. This patch migrates the monitor and data provider dbus code to use sbus_request, but does not try to rework the talloc context's to use it. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

sbus: Use constants to make dbus calls This allows us to remove duplicated information, and have the compiler check that when an method name is changed or removed the callers are updated. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

sbus: Rework sbus to use interface metadata and vtables Previous commits added support for interface metadata and handler vtables. This commit ports sbus_dbus_connection to use them. Port the internal uses of dbus to use the new scheme in a very minimal way. Further cleanup is possible here. This commit provides basic definitions of the internal dbus interfaces. The interfaces aren't fully defined, as the handlers will continue to unpack manually, and often overload DBus methods with different arguments (which is rather unorthodox, but not the end of the world). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

MONITOR: Incorrect permissions on sssd.conf Print user friendly warning when permissions on sssd.conf are incorrect and provide hint. Resolves: https://fedorahosted.org/sssd/ticket/2208 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>

monitor: syslog when process killed by monitor https://fedorahosted.org/sssd/ticket/2162

monitor: memory-leak bug In case *mt_svc_restart* event can't be created free *svc* directly.

monitor: monitor_kill_service - refactor After freeing *svc* return immediately instead of creating event operating on *svc* (use-after-free). Also check tevent_add_timer failure and remove unused sigkill_ev variable.

monitor: use-after-free bugfix *monitor_kill_service* may create timed event which operates on *svc* and therefore *svc* should not be freed right after call of *monitor_kill_sercice*. *svc* is supposed to be freed by *mt_svc_restart*.

monitor: Specific error message for missing sssd.conf Specific error message is logged for missing sssd.conf file. New sssd specific error value is introduced for this case. Resolves: https://fedorahosted.org/sssd/ticket/2156

monitor: Stop using unnecessary helper pointer. We allocate memory using helper pointer 'buf' only to assign the address to another pointer. We should use the second pointer only. resolves: https://fedorahosted.org/sssd/ticket/1359

monitor: return right error code If talloc_zero fails ENOMEM should be returned and no EIO

Include external headers with #include <foo.h> I find it more readable to include headers from outside the sssd tree with <foo.h>, not "foo.h". The latter should be used for in-tree headers only.

Fix formating of variables with type: uid_t

AUTOTOOLS: More robust detection of inotify. We checked only header file "sys/inotify" for detection whether inotify works. Some platforms do not have built in inotify, but contain library, which provides inotify-compatible interface. This patch adds more robust detection of inotify in configuration time and appends linker flags to Makefile if inotify is provided by library.

MONITOR: Move function declaration out of conditional build Function monitor_config_file_fallback was defined inside of conditional block "#ifdef HAVE_SYS_INOTIFY_H", but it was also used out of this block. This patch move declaration of function before start of conditional build section.

Use brackets around macros. warnings reported by cppcheck.

NSS: Clear cached netgroups if a request comes in from the sss_cache In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759

Revert "Implicitly activate the PAC responder for AD provider" This reverts commit 7527ec8ab2b79ec576ace2da9e2c158b849adfa6.

Implicitly activate the PAC responder for AD provider

Check NSCD configuration file https://fedorahosted.org/sssd/ticket/1785 nscd.conf file is now checked for the presence of caching settings for databases controlled by SSSD. Syslog warning is now written only if NSCD is running with interfering configuration or if configuration file couldn't be loaded. New configure option added to support non-standard locations --with-nscd-conf=PATH (defaultly set to /etc/nscd.conf) This is just a workaround until the following bugzilla is resolved: https://bugzilla.redhat.com/show_bug.cgi?id=963908

DB: Switch to new libini_config API https://fedorahosted.org/sssd/ticket/1786 Since we need to support the old interface as well, the configure scritp is modified and correct ini interface is chosen.

Confusing error messages for invalid sssd.conf https://fedorahosted.org/sssd/ticket/1625 Amending errors messages and add other error codes to be more specific and avoid confusion.

Improve syslog message when configuration cannot be loaded https://fedorahosted.org/sssd/ticket/1414 Error code was added and strerror(errno) to show cause in sss_log

Remove the alt_db_path parameter of sysdb_init This parameter was never used. https://fedorahosted.org/sssd/ticket/1765

Add function get_next_domain() Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()

Refactor sysdb initialization Change the way sysdbs are initialized. Make callers responsible for providing the list of domains. Remove the returned array of sysdb contexts, it was used only by sss_cache and not really necessary there either as that tool can easily iterate the domains. Make sysdb ctx children of their respective domains. Neither sysdb context nor domains are ever freed until a program is done so there shouldn't be any memory hierarchy issue. As plus we simplify the code by removing a destructor and a setter function.

AUTOFS: Clear enum cache if a request comes in from the sss_cache In order for sss_cache to work correctly, we must also signal the autofs responder to invalidate the hash table requests.

RESPONDERS: Create a common file with service names and versions The monitor sends calls different sbus methods to different responders. Instead of including headers of the particular responders directly in monitor, which breaks layering a little, create a common header file that will be included from src/responder/common/

do not crash when id_provider is not set https://fedorahosted.org/sssd/ticket/1686

Monitor quit when not exists no process no stops https://fedorahosted.org/sssd/ticket/1669

debug: print fatal and critical errors if debug level is unresolved If global variable debug_level has value SSSDBG_UNRESOLVED, we should print at least fatal and critical errors. https://fedorahosted.org/sssd/ticket/1345

Restart services with a delay in case they are restarted too often In case a service is restarted while the DP is not ready yet, it gets restarted again immediatelly, which means the DP might still not be ready. The allowed number of restarts is then depleted quickly. This patch changes the restart mechanism such that the first restart happens immediatelly, the second is scheduled after 2 second, then 4 etc.. https://fedorahosted.org/sssd/ticket/1528

Display more information on DB version mismatch https://fedorahosted.org/sssd/ticket/1589 Added check for determining, whether database version is higher or lower than expected. To distinguish it from other errors it uses following retun values (further used for appropriate error message): EMEDIUMTYPE for lower version than expected EUCLEAN for higher version than expected When SSSD or one of it's tools fails on DB version mismatch, new error message is showed suggesting how to proceed.

Always start PAC responder if IPA ID provider is configured Since the PAC responder is used during the authentication of users from trusted realms it is started automatically if the IPA ID provider is configured for a domain to simplify the configuration. Fixes https://fedorahosted.org/sssd/ticket/1613

Monitor: Better debugging for ping timeouts

create pid file immediately after fork again Related to https://fedorahosted.org/sssd/ticket/1357 We realized that sysv and systemd does not use pid file existence as a notification of finished initialization. Therefore, we create the pid file in server_setup() again. We are removing check_file() from monitor main(), it is handled by server_setup() during pid file creation. This check was previously included in e7dd2a5102ba6cfd28be6eccdd62768e9758d9f4.

exit original process after sssd is initialized https://fedorahosted.org/sssd/ticket/1357 Neither systemd or our init script use pid file as a notification that sssd is finished initializing. They will continue starting up next service right after the original (not daemonized) sssd process is terminated. If any of the responders fail to start, we will never terminate the original process via signal and "service sssd start" will hang. Thus we take this as an error and terminate the daemon with a non-zero value. This will also terminate the original process and init script or systemd will print failure.

make monitor_quit() usable outside signal handler

Monitor: read the correct SIGKILL timeout for providers, too https://fedorahosted.org/sssd/ticket/1602

Include talloc log in our debug facility https://fedorahosted.org/sssd/ticket/1495

do not create pid file twice If a provider is terminated and the monitor tries to restart it, it goes again through mark_service_as_started() which will try to create pid file again because number of running services didn't change. Because the pid file cannot be created twice, it will not return EOK and the whole SSSD is terminated.

Check for existing pidfile before starting the providers After we switched to writing pidfile after the responders started, we forgot that starting a second SSSD instance would first overwrite the pipes and sockets and only then the SSSD would find out there already is a pidfile. This patch checks for existing pidfile before proceeding with startup.

Change the log level of two DEBUG messages in check_domain_ranges https://fedorahosted.org/sssd/ticket/1562

monitor: create pid file after all responders are started https://fedorahosted.org/sssd/ticket/1357

Fix few coding style issues

sss_cache tool invalidates records in memory cache.

Missing resolv.conf should be non-fatal https://fedorahosted.org/sssd/ticket/1371

Remove obsolete comment Made obsolete by commit e2d17ea806d273784b621583dd0490c2f69f237d

SIGUSR2 should force SSSD to reread resolv.conf as well

monitor: set debug level when unable to load configuration https://fedorahosted.org/sssd/ticket/1345 When the monitor is unable to load configuration and non debug level is set (e.g. when sssd is started via 'service'), none message was saved into logs. This patch forces debug messages to be written in this scenario.

Add end of line to debug message

PAC responder: add basic infrastructure This adds only the basic outline of the PAC responder, it won't support any operations, it will just start and initialize itself.

Move some debug lines to new debug log levels * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113

Convert read and write operations to sss_atomic_read https://fedorahosted.org/sssd/ticket/1209

Make the monitor SIGKILL time configurable https://fedorahosted.org/sssd/ticket/1119

Don't give memory context in confdb where not needed

remove unused function

SSH: Responder

AUTOFS: responder

MONITOR: use sigchld handler for monitoring SSSD services

SUDO Integration - responder

Cancel ping_check if service goes away https://fedorahosted.org/sssd/ticket/1090

Added sssd --version option https://fedorahosted.org/sssd/ticket/953

Set more strict permissions on keyring We want to confine access to the keyring to the current process and not let root easily peek into the keyring contents.

MONITOR: fix timeout conversion

Append PID to sbus server socket name, let clients use a symlink https://fedorahosted.org/sssd/ticket/1034

Add option to follow symlinks to check_file()

Multiline macro cleanup This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.

MONITOR: Correctly detect lack of response from services We were incorrectly using DBUS_ERROR_TIMEOUT here. The correct behaviour is to check for DBUS_ERROR_NO_REPLY. This way we will properly handle the three-tries in the tasks_check_handler(). Additionally, we weren't properly handling failure counts correctly, meaning we weren't restarting stuck services in a timely manner.

DEBUG timestamps offer higher precision https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf

Change libnl monitor callback to only signal going online This feature was not used and would probably never be used, because it is much safer to rely on online actions to time out. Moreover, it would make implementing the new features more complex.

Add option to specify the kerberos replay cache dir Adds a configure option to set the distribution default as well as an sssd.conf option to override it. https://fedorahosted.org/sssd/ticket/980

--debug-timestamps=1 is not passed to providers https://fedorahosted.org/sssd/ticket/972 --debug-timestamps=1 is now passed to providers

New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0 Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);

New DEBUG facility - conversion https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)

Fall back to polling when inotify fails

Import config.h earlier On RHEL 5 and other older platforms, failing to set _GNU_SOURCE early would cause some functions - such as strndup() - to be unavailable.

Set _GNU_SOURCE globally

Fixed --debug-to-files for nss and pam services This error caused that monitor didn't pass --debug-to-files option to nss and pam services when creating them.

Allow changing the log level without restart We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.

Override config file debug_level with command-line This patch also makes the following changes: 1) The [sssd] debug_level setting no longer acts as a default for all other sections. 2) We will now skip passing the debug argument to the child processes from the master unless the SSSD was run with a command-line argument for the debug level. https://fedorahosted.org/sssd/ticket/764

Clarify nscd warning Removes the level-zero DEBUG message and modifies the syslog message to explain that NSCD is safe for maps that SSSD does not (yet) support.

Prevent uninitialized value error in monitor_quit https://fedorahosted.org/sssd/ticket/724

Set up signal handlers before initializing sysdb A temporary signal handler for SIGTERM is set up in server_setup() that calls exit() from within a pure signal handler. This causes a race condition where it's possible that if the SSSD is restarted immediately while it is still initializing the sysdb caches for the first time, it can leave the cache in a corrupt and unusable state. https://bugzilla.redhat.com/show_bug.cgi?id=658444

Resend SIGTERM if child doesn't terminate There is a race condition where if we send a SIGTERM before the kernel has scheduled the child, it may be lost, and the child will not terminate and will leave the monitor hung in wait(). This patch alters this behavior so that we will send the SIGTERM again every 10ms and check the wait() in a nonblocking manner.

Daemonize by default

Add SIGUSR2 to reset offline status

Wait for all children to exit Previously, there was a race-condition where the monitor might terminate before its children.

Log startup errors to syslog

Dead assignments cleanup in various places in SSSD Three assignments deleted, two return code inspection added. Also found and fixed one critical bug caused by dead assignment. Ticket: #590

Use netlink to detect going online Integrates libnl to detect adding routes. When a route is added, the offline status of all back ends is reset. This patch adds no heuristics to detect whether back end went offline. Fixes: #456

Add try_inotify option There are some special cases where inotify cannot be used, even if the host OS claims that it is supported. In these cases, it should be possible to explicitly disable the use of inotify. https://fedorahosted.org/sssd/ticket/484

Resend SIGINT as SIGTERM in services Fixes: #462

Check the correct variable for NULL after creating timer In several places, we were creating a new timer and assigning it to the tev variable, but then we were checking for NULL from the te variable (which, incidentally, is guaranteed never to be NULL in this situation) https://fedorahosted.org/sssd/ticket/523

Properly handle read() and write() throughout the SSSD We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.

Move parse_args() to util

Fix a potential memory violation If read() returns with errno set to EINTR -1 is added to total_len.

sysydb: Finally stop using a common event context This commit completes the migration to a synchronous sysdb

Fix warnings from -Wmissing-field-initializers This patch removes some tab-indentations from pamsrv.c, too.

Add generic error message

Fix config file error message

Fix multiple errors with destructors. This commits cleans up 3 segfaults/valgrind errors due to access to freed memory. 1. The spy wasn't clearing conn_spy causing the svc_destructor to try to clear the spy destructor when the spy was already freed 2. get_config_service was not setting the svc_destrcutor on services depending on the orderof frees at exit this was causing the spy destructor to try to access freed memory because it was not neutralized when the service was freed. 3. at exit the mt_ctx could be freed before services causing the svc_destrcutor to try to access freed memory when removing the service from the service list in the monitor context.

Fix invalid read cause by premature free of tmpctx

Fix a series of memory leaks in the SBUS

Properly handle dbus send attempts on a closed connection dbus_connection_send_with_reply() will report success and return a NULL pending_reply when the connection is not open for communication. This patch creates a new wrapper around dbus_connection_send_with_reply() to properly detect this condition and report it as an error.

Flush NSCD cache after modifying local database Fixes: #221

Reopen logs when SIGHUP is caught Upon receiving SIGHUP, the monitor signals all services to reopen their debug logs. It is also possible to signal individual services to reopen their particular files. Fixes: #332

Add forgotten \n in DEBUG statements Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.

Eliminate monitor reconfig We disabled live reconfiguration a long time ago with the intent of fixing it so that it wasn't completely broken, but we've decided that live updates are too delicate to handle all cases gracefully. For the forseeable future, we will rely on process restart for updating the configuration. Furthermore, we had not completely disabled live updates. It would still attempt to run if we sent a SIGHUP. This has also been eliminated.

Rename server/ directory to src/ Also update BUILD.txt