LDAP: Adding support for SIGTERM signal We add support for handling SIGTERM signal. If ldap_child receives SIGTERM signal it removes temporary file. Resolves: https://fedorahosted.org/sssd/ticket/3106 Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Rename dp_backend.h to backend.h Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

sssd: incorrect checks on length values during packet decoding https://fedorahosted.org/sssd/ticket/1697 It is safer to isolate the checked (unknown/untrusted) value on the left hand side in the conditions to avoid overflows/underflows. Reviewed-by: Petr Cech <pcech@redhat.com>

LDAP: Use sss_unique_filename in ldap_child Simplifies the code. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

ldap_child: fix coverity warning In ldap_child_get_tgt_sync() variable 'ret' got overriden in done section without ever before being read. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

ldap_child: initialized ccname_file_dummy ccname_file_dummy is used in the done-block which is called before ccname_file_dummy is set to a value. This patch initializes ccname_file_dummy to NULL. Related to https://fedorahosted.org/sssd/ticket/2592 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

LDAP: unlink ccname_file_dummy if there is an error https://fedorahosted.org/sssd/ticket/2592 If there is an error after ccname_file_dummy is created but before it is renamed then the file isn't removed. This can cause a lot of files to be created and take up inodes in a filesystem. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>

sss_atomic_write_s() return value is signed Reviewed-by: Sumit Bose <sbose@redhat.com>

LDAP: Remove useless include Using a PAM include file in an LDAP child is confusing. Reviewed-by: Sumit Bose <sbose@redhat.com>

ldap_child: copy keytab into memory to drop privileges earlier Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

LDAP: Drop privileges after kinit in ldap_child After ldap_child initializes privileges using root-owned keytab, it drops privileges to the SSSD user, minimizing the amount of code that runs as root. Reviewed-by: Michal Židek <mzidek@redhat.com>

LDAP: read the correct data type from ldap_child's input buffer The back end wrote uint32_t, the ldap_child process would read int32_t. Reviewed-by: Michal Židek <mzidek@redhat.com>

LDAP: Move sss_krb5_verify_keytab_ex to ldap_child The function was called from one place only, so it makes no sense to keep it in a shared module. Moreover, the function should only be called from code that runs as root. Reviewed-by: Michal Židek <mzidek@redhat.com>

LDAP: Set umask before calling mkstemp Even though we only call mkstemp to generate a random filename, it's a good practice to set and re-set umask before and after calling mkstemp. Silences a warning from Coverity static analyzer. Reviewed-by: Sumit Bose <sbose@redhat.com>

LDAP: Use randomized ccname for storing credentials https://fedorahosted.org/sssd/ticket/2410 If two ldap_child processes attempt to prime the ccache at the same time for the same domain, the ldap_child might fail with: [ldap_child_get_tgt_sync] (0x0040): Failed to init ccache: Internal credentials cache error [main] (0x0020): ldap_child_get_tgt_sync failed. To avoid the race-condition, the ldap_child process now creates the ccache randomized and before returning to the caller, renames the randomized ccache to a permanent one. Reviewed-by: Sumit Bose <sbose@redhat.com>

LDAP: Use tmp_ctx in ldap_child for temporary data Using a global memory context for short-lived private data might lead to memory growth. Reviewed-by: Sumit Bose <sbose@redhat.com>

SSSD: Send debug to stderr when running on foreground https://fedorahosted.org/sssd/ticket/2348 When SSSD is running in interactive mode, we should print DEBUG messages directly to stderr, not journal. Reviewed-by: Michal Židek <mzidek@redhat.com>

Unify usage of function gethostname man gethostanme says: NOTES SUSv2 guarantees that "Host names are limited to 255 bytes". POSIX.1-2001 guarantees that "Host names (not including the terminating null byte) are limited to HOST_NAME_MAX bytes". On Linux, HOST_NAME_MAX is defined with the value 64, which has been the limit since Linux 1.0 (earlier kernels imposed a limit of 8 bytes). Reviewed-by: Pavel Březina <pbrezina@redhat.com>

krb5_child: Fix use after free in debug message debug_prg_name is used in debug_fn and it was allocated under talloc context "kr". The variable "kr" was removed before the last debug messages in function main. It is very little change that it will be overridden. It is possible to see this issue with exported environment variable TALLOC_FREE_FILL=255 Reviewed-by: Sumit Bose <sbose@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Fix formating of variables with type: size_t

Include talloc log in our debug facility https://fedorahosted.org/sssd/ticket/1495

KRB5: Return error when principal selection fails The ldap_child would return a NULL ccache but the error code would still indicate success. https://fedorahosted.org/sssd/ticket/1594

Only call krb5_set_trace_callback on platforms that support it

Collect krb5 trace on high debug levels If the debug level contains SSSDBG_TRACE_ALL, then the logs would also include tracing information from libkrb5. https://fedorahosted.org/sssd/ticket/1539

Two fixes to child processes There was an unused structure member in the krb5_child. Declaration of __krb5_error_msg was shadowing the same variable from sss_krb5.h which is not nice. Also we might actually use the error context directly instead of passing it as parameter.

Add more debuginfo into ldap_child https://fedorahosted.org/sssd/ticket/1225 krb5_child already updated before. Adding more debuginfo into ldap_child. Also old debug levels rewritten into new macros.

Revert commit 4c157ecedd52602f75574605ef48d0c48e9bfbe8 * This broke corner cases when used with default_tkt_types = des-cbc-crc and DES enabled on an AD domain. * This is fixed in kerberos instead, in a more correct way and in a way which we cannot replicate.

LDAP: Fix missing variable in debug message

Provide more debugging in krb5_child and ldap_child https://fedorahosted.org/sssd/ticket/1225

added DEBUG messages to krb5_child and ldap_child

Limit krb5_get_init_creds_keytab() to etypes in keytab * Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375

If canon'ing principals, write ccache with updated default principal * When calling krb5_get_init_creds_keytab() with krb5_get_init_creds_opt_set_canonicalize() the credential principal can get updated. * Create the cache file with the correct default credential. * LDAP GSSAPI SASL would fail due to the mismatched credentials before this patch. https://bugzilla.redhat.com/show_bug.cgi?id=811518

Convert read and write operations to sss_atomic_read https://fedorahosted.org/sssd/ticket/1209

Clean up log messages about keytab_name There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288

krb5_child: set debugging sooner

KRB5: Add syslog messages for Kerberos failures https://fedorahosted.org/sssd/ticket/1137

Add compatibility layer for Heimdal Kerberos implementation

Move child_common routines to util

Support to request canonicalization in LDAP/IPA provider https://fedorahosted.org/sssd/ticket/957

DEBUG timestamps offer higher precision https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf

New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0 Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);

New DEBUG facility - conversion https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)

Modify principal selection for keytab authentication Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781

Make ldap_child report kerberos return code to parent

Report Kerberos error code from ldap_child_get_tgt_sync

Validate keytab at startup In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556

Fix getting default realm in the ldap child

Add syslog messages for LDAP GSSAPI bind We will now emit a level 0 debug message on keytab errors, and also write to the syslog (LOG_DAEMON)

GSSAPI ticket expiry time is returned from ldap_child and stored in sdap_handle for future reference.

Add ldap_krb5_ticket_lifetime option

Allow arbitrary-length PAM messages The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432

Improve safe alignment buffer handling macros Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.

Rename server/ directory to src/ Also update BUILD.txt