History log of /sssd/src/providers/ldap/sdap_child_helpers.c
Revision Date Author Comments Expand
864cdac4c7fbe768d768da5e01b7518eb02836d9 17-Aug-2016 Petr Cech <pcech@redhat.com>

LDAP: Adding SIGCHLD callback This patch adds SIGCHLD callback for ldap_child. So if timeout is reached and ldap_child is terminated by handler we have debug message about it. Resolves: https://fedorahosted.org/sssd/ticket/3106 Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
b9a0959c274367dcf69bba6b0a942a1682c74f73 17-Aug-2016 Petr Cech <pcech@redhat.com>

LDAP: Adding SIGTERM signal before SIGKILL We add better termination of ldap_child. If ldap_child reaches the timeout for termination parent sents SIGTERM signal. Child has 2 seconds for removing temporary file and exit. If it is not sufficient there is SIGKILL send to the child. Resolves: https://fedorahosted.org/sssd/ticket/3106 Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
45e11be651dbd3855a35de4abd2922e5b9d4b963 31-May-2016 Jakub Hrozek <jhrozek@redhat.com>

Do not leak fds in case of failures setting up a child process Resolves: https://fedorahosted.org/sssd/ticket/3006 The handling of open pipes in failure cases was suboptimal. Moreover, the faulty logic was copied all over the place. This patch introduces helper macros to: - initialize the pipe endpoints to -1 - close an open pipe fd and set it to -1 afterwards - close both ends unless already closed These macros are used in the child handling code. The patch also uses child_io_destructor in the p11_child code for safer fd handling. Reviewed-by: Petr Cech <pcech@redhat.com>
de8815aba87d08b6b7ac5d502dcb1755787e0857 19-May-2016 Jakub Hrozek <jhrozek@redhat.com>

UTIL: exit() the forked process if exec()-ing a child process fails When exec() fails, we should not attempt to continue, but just kill the forked process. The patch adds this logic to the exec_child() and exec_child_ex() functions to avoid code duplication Resolves: https://fedorahosted.org/sssd/ticket/3016 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
9f0bffebd070115ab47a92eadc6890a721c7b78d 31-Aug-2015 Michal Židek <mzidek@redhat.com>

sssd: incorrect checks on length values during packet decoding https://fedorahosted.org/sssd/ticket/1697 It is safer to isolate the checked (unknown/untrusted) value on the left hand side in the conditions to avoid overflows/underflows. Reviewed-by: Petr Cech <pcech@redhat.com>
f3d91181d4ee9da3f8bbf4ddf8782951c0ae46c1 15-Jan-2015 Jakub Hrozek <jhrozek@redhat.com>

UTIL: Unify the fd_nonblocking implementation The responder and child_common modules each had their own implementation. Unify it instead and add a unit test. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
752227a75c0349089f1d7fdd3a09c8d4a77f425d 15-Jan-2015 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Use child_io_destructor instead of child_cleanup in a custom desctructor ldap_child was the only child process that used child_cleanup instead of the common child_io_destructor. Unify the implementation to use the common function instead. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
16cb0969f0a9ea71524d852077d6a480740d4f12 13-Jan-2015 Jakub Hrozek <jhrozek@redhat.com>

UTIL: Allow dup-ing child pipe to a different FD Related to: https://fedorahosted.org/sssd/ticket/2544 Adds a new function exec_child_ex and moves setting the extra_argv[] to exec_child_ex() along with specifying the input and output fds. Reviewed-by: Sumit Bose <sbose@redhat.com>
b4f87b42b18888c396e44e7359f7aafb092221bf 03-Dec-2014 Jakub Hrozek <jhrozek@redhat.com>

Add extra_args to exec_child() Related: https://fedorahosted.org/sssd/ticket/2503 Currently all child processes use the same arguments, the construction of argv[] is even hardcoded in exec_child(). Add an extra_args[] array that extends the common set of argvs so that we can have child-specific arguments. Also adds a unit test. Reviewed-by: Sumit Bose <sbose@redhat.com>
77b13371c87702aee3f858f6b2b73826cf5a01bd 05-Nov-2014 Jakub Hrozek <jhrozek@redhat.com>

UTIL: Remove more code duplication setting up child processes All our child processes duplicated the same code that set up the debugging all around. Instead of adding yet another copy for the selinux_child, add a common utility function. Reviewed-by: Michal Židek <mzidek@redhat.com>
936940720b1b0e701a2317abc4c2d05a78338f33 05-Nov-2014 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Drop privileges after kinit in ldap_child After ldap_child initializes privileges using root-owned keytab, it drops privileges to the SSSD user, minimizing the amount of code that runs as root. Reviewed-by: Michal Židek <mzidek@redhat.com>
83bf46f4066e3d5e838a32357c201de9bd6ecdfd 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd/src/confdb/confdb.c /sssd/src/confdb/confdb_setup.c /sssd/src/db/sysdb.c /sssd/src/db/sysdb_ops.c /sssd/src/db/sysdb_ranges.c /sssd/src/db/sysdb_search.c /sssd/src/db/sysdb_upgrade.c /sssd/src/monitor/monitor.c /sssd/src/monitor/monitor_netlink.c /sssd/src/monitor/monitor_sbus.c /sssd/src/providers/data_provider_be.c /sssd/src/providers/data_provider_callbacks.c /sssd/src/providers/data_provider_fo.c /sssd/src/providers/data_provider_opts.c /sssd/src/providers/dp_auth_util.c /sssd/src/providers/dp_pam_data_util.c /sssd/src/providers/fail_over.c /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_auth.c /sssd/src/providers/ipa/ipa_common.c /sssd/src/providers/ipa/ipa_hbac_common.c /sssd/src/providers/ipa/ipa_hbac_hosts.c /sssd/src/providers/ipa/ipa_hbac_rules.c /sssd/src/providers/ipa/ipa_hbac_services.c /sssd/src/providers/ipa/ipa_hbac_users.c /sssd/src/providers/ipa/ipa_id.c /sssd/src/providers/ipa/ipa_init.c /sssd/src/providers/ipa/ipa_netgroups.c /sssd/src/providers/krb5/krb5_access.c /sssd/src/providers/krb5/krb5_auth.c /sssd/src/providers/krb5/krb5_child.c /sssd/src/providers/krb5/krb5_child_handler.c /sssd/src/providers/krb5/krb5_common.c /sssd/src/providers/krb5/krb5_delayed_online_authentication.c /sssd/src/providers/krb5/krb5_init.c /sssd/src/providers/krb5/krb5_init_shared.c /sssd/src/providers/krb5/krb5_renew_tgt.c /sssd/src/providers/krb5/krb5_utils.c /sssd/src/providers/krb5/krb5_wait_queue.c ldap_auth.c ldap_child.c ldap_common.c ldap_id.c ldap_id_cleanup.c ldap_id_netgroup.c ldap_init.c sdap.c sdap_access.c sdap_async.c sdap_async_connection.c sdap_async_enum.c sdap_async_groups.c sdap_async_initgroups.c sdap_async_initgroups_ad.c sdap_async_netgroups.c sdap_async_users.c sdap_child_helpers.c sdap_fd_events.c sdap_id_op.c /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_child.c /sssd/src/providers/proxy/proxy_id.c /sssd/src/providers/proxy/proxy_init.c /sssd/src/providers/proxy/proxy_netgroup.c /sssd/src/resolv/async_resolv.c /sssd/src/responder/common/negcache.c /sssd/src/responder/common/responder_cmd.c /sssd/src/responder/common/responder_common.c /sssd/src/responder/common/responder_dp.c /sssd/src/responder/nss/nsssrv.c /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/nss/nsssrv_netgroup.c /sssd/src/responder/nss/nsssrv_private.h /sssd/src/responder/nss/nsssrv_services.c /sssd/src/responder/pam/pam_LOCAL_domain.c /sssd/src/responder/pam/pamsrv.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/responder/pam/pamsrv_dp.c /sssd/src/sbus/sbus_client.c /sssd/src/sbus/sssd_dbus_common.c /sssd/src/sbus/sssd_dbus_connection.c /sssd/src/sbus/sssd_dbus_server.c /sssd/src/tests/auth-tests.c /sssd/src/tests/files-tests.c /sssd/src/tests/resolv-tests.c /sssd/src/tests/sysdb-tests.c /sssd/src/tests/sysdb_ssh-tests.c /sssd/src/tools/selinux.c /sssd/src/tools/sss_cache.c /sssd/src/tools/sss_groupadd.c /sssd/src/tools/sss_groupdel.c /sssd/src/tools/sss_groupmod.c /sssd/src/tools/sss_groupshow.c /sssd/src/tools/sss_sync_ops.c /sssd/src/tools/sss_useradd.c /sssd/src/tools/sss_userdel.c /sssd/src/tools/sss_usermod.c /sssd/src/tools/tools_util.c /sssd/src/tools/tools_util.h /sssd/src/util/check_and_open.c /sssd/src/util/child_common.c /sssd/src/util/crypto/nss/nss_obfuscate.c /sssd/src/util/crypto/nss/nss_util.c /sssd/src/util/debug.c /sssd/src/util/find_uid.c /sssd/src/util/nscd.c /sssd/src/util/signal.c /sssd/src/util/sss_krb5.c /sssd/src/util/sss_ldap.c /sssd/src/util/user_info_msg.c /sssd/src/util/usertools.c /sssd/src/util/util.c
a3c8390d19593b1e5277d95bfb4ab206d4785150 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd/src/confdb/confdb.c /sssd/src/confdb/confdb_setup.c /sssd/src/db/sysdb.c /sssd/src/db/sysdb_autofs.c /sssd/src/db/sysdb_idmap.c /sssd/src/db/sysdb_ops.c /sssd/src/db/sysdb_ranges.c /sssd/src/db/sysdb_search.c /sssd/src/db/sysdb_selinux.c /sssd/src/db/sysdb_services.c /sssd/src/db/sysdb_ssh.c /sssd/src/db/sysdb_subdomains.c /sssd/src/db/sysdb_sudo.c /sssd/src/db/sysdb_upgrade.c /sssd/src/monitor/monitor.c /sssd/src/monitor/monitor_netlink.c /sssd/src/monitor/monitor_sbus.c /sssd/src/providers/ad/ad_access.c /sssd/src/providers/ad/ad_common.c /sssd/src/providers/ad/ad_domain_info.c /sssd/src/providers/ad/ad_dyndns.c /sssd/src/providers/ad/ad_id.c /sssd/src/providers/ad/ad_init.c /sssd/src/providers/ad/ad_srv.c /sssd/src/providers/ad/ad_subdomains.c /sssd/src/providers/data_provider_be.c /sssd/src/providers/data_provider_callbacks.c /sssd/src/providers/data_provider_fo.c /sssd/src/providers/data_provider_opts.c /sssd/src/providers/dp_auth_util.c /sssd/src/providers/dp_dyndns.c /sssd/src/providers/dp_pam_data_util.c /sssd/src/providers/dp_ptask.c /sssd/src/providers/dp_refresh.c /sssd/src/providers/fail_over.c /sssd/src/providers/fail_over_srv.c /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_auth.c /sssd/src/providers/ipa/ipa_autofs.c /sssd/src/providers/ipa/ipa_common.c /sssd/src/providers/ipa/ipa_config.c /sssd/src/providers/ipa/ipa_dyndns.c /sssd/src/providers/ipa/ipa_hbac_common.c /sssd/src/providers/ipa/ipa_hbac_hosts.c /sssd/src/providers/ipa/ipa_hbac_rules.c /sssd/src/providers/ipa/ipa_hbac_services.c /sssd/src/providers/ipa/ipa_hbac_users.c /sssd/src/providers/ipa/ipa_hostid.c /sssd/src/providers/ipa/ipa_hosts.c /sssd/src/providers/ipa/ipa_id.c /sssd/src/providers/ipa/ipa_idmap.c /sssd/src/providers/ipa/ipa_init.c /sssd/src/providers/ipa/ipa_netgroups.c /sssd/src/providers/ipa/ipa_s2n_exop.c /sssd/src/providers/ipa/ipa_selinux.c /sssd/src/providers/ipa/ipa_selinux_maps.c /sssd/src/providers/ipa/ipa_srv.c /sssd/src/providers/ipa/ipa_subdomains.c /sssd/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd/src/providers/ipa/ipa_subdomains_id.c /sssd/src/providers/ipa/ipa_sudo.c /sssd/src/providers/krb5/krb5_access.c /sssd/src/providers/krb5/krb5_auth.c /sssd/src/providers/krb5/krb5_become_user.c /sssd/src/providers/krb5/krb5_child.c /sssd/src/providers/krb5/krb5_child_handler.c /sssd/src/providers/krb5/krb5_common.c /sssd/src/providers/krb5/krb5_delayed_online_authentication.c /sssd/src/providers/krb5/krb5_init.c /sssd/src/providers/krb5/krb5_init_shared.c /sssd/src/providers/krb5/krb5_renew_tgt.c /sssd/src/providers/krb5/krb5_utils.c /sssd/src/providers/krb5/krb5_wait_queue.c ldap_access.c ldap_auth.c ldap_child.c ldap_common.c ldap_id.c ldap_id_cleanup.c ldap_id_enum.c ldap_id_netgroup.c ldap_id_services.c ldap_init.c sdap.c sdap_access.c sdap_async.c sdap_async_autofs.c sdap_async_connection.c sdap_async_enum.c sdap_async_groups.c sdap_async_groups_ad.c sdap_async_initgroups.c sdap_async_initgroups_ad.c sdap_async_nested_groups.c sdap_async_netgroups.c sdap_async_services.c sdap_async_sudo.c sdap_async_sudo_hostinfo.c sdap_async_sudo_timer.c sdap_async_users.c sdap_autofs.c sdap_child_helpers.c sdap_dyndns.c sdap_fd_events.c sdap_id_op.c sdap_idmap.c sdap_range.c sdap_refresh.c sdap_reinit.c sdap_sudo.c sdap_sudo_cache.c /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_child.c /sssd/src/providers/proxy/proxy_id.c /sssd/src/providers/proxy/proxy_init.c /sssd/src/providers/proxy/proxy_netgroup.c /sssd/src/providers/proxy/proxy_services.c /sssd/src/providers/simple/simple_access.c /sssd/src/providers/simple/simple_access_check.c /sssd/src/resolv/async_resolv.c /sssd/src/resolv/async_resolv_utils.c /sssd/src/responder/autofs/autofssrv.c /sssd/src/responder/autofs/autofssrv_cmd.c /sssd/src/responder/autofs/autofssrv_dp.c /sssd/src/responder/common/negcache.c /sssd/src/responder/common/responder_cmd.c /sssd/src/responder/common/responder_common.c /sssd/src/responder/common/responder_dp.c /sssd/src/responder/common/responder_get_domains.c /sssd/src/responder/nss/nsssrv.c /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/nss/nsssrv_mmap_cache.c /sssd/src/responder/nss/nsssrv_netgroup.c /sssd/src/responder/nss/nsssrv_private.h /sssd/src/responder/nss/nsssrv_services.c /sssd/src/responder/pac/pacsrv.c /sssd/src/responder/pac/pacsrv_cmd.c /sssd/src/responder/pac/pacsrv_utils.c /sssd/src/responder/pam/pam_LOCAL_domain.c /sssd/src/responder/pam/pam_helpers.c /sssd/src/responder/pam/pamsrv.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/responder/pam/pamsrv_dp.c /sssd/src/responder/ssh/sshsrv.c /sssd/src/responder/ssh/sshsrv_cmd.c /sssd/src/responder/ssh/sshsrv_dp.c /sssd/src/responder/sudo/sudosrv.c /sssd/src/responder/sudo/sudosrv_cmd.c /sssd/src/responder/sudo/sudosrv_dp.c /sssd/src/responder/sudo/sudosrv_get_sudorules.c /sssd/src/responder/sudo/sudosrv_query.c /sssd/src/sbus/sbus_client.c /sssd/src/sbus/sssd_dbus_common.c /sssd/src/sbus/sssd_dbus_connection.c /sssd/src/sbus/sssd_dbus_server.c /sssd/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd/src/tests/auth-tests.c /sssd/src/tests/cmocka/test_dyndns.c /sssd/src/tests/cmocka/test_fqnames.c /sssd/src/tests/cmocka/test_nss_srv.c /sssd/src/tests/cmocka/test_utils.c /sssd/src/tests/common_dom.c /sssd/src/tests/common_tev.c /sssd/src/tests/debug-tests.c /sssd/src/tests/files-tests.c /sssd/src/tests/krb5_child-test.c /sssd/src/tests/resolv-tests.c /sssd/src/tests/simple_access-tests.c /sssd/src/tests/sysdb-tests.c /sssd/src/tests/sysdb_ssh-tests.c /sssd/src/tools/files.c /sssd/src/tools/selinux.c /sssd/src/tools/sss_cache.c /sssd/src/tools/sss_debuglevel.c /sssd/src/tools/sss_groupadd.c /sssd/src/tools/sss_groupdel.c /sssd/src/tools/sss_groupmod.c /sssd/src/tools/sss_groupshow.c /sssd/src/tools/sss_seed.c /sssd/src/tools/sss_sync_ops.c /sssd/src/tools/sss_useradd.c /sssd/src/tools/sss_userdel.c /sssd/src/tools/sss_usermod.c /sssd/src/tools/tools_mc_util.c /sssd/src/tools/tools_util.c /sssd/src/tools/tools_util.h /sssd/src/util/authtok.c /sssd/src/util/backup_file.c /sssd/src/util/check_and_open.c /sssd/src/util/child_common.c /sssd/src/util/crypto/libcrypto/crypto_base64.c /sssd/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd/src/util/crypto/nss/nss_obfuscate.c /sssd/src/util/crypto/nss/nss_util.c /sssd/src/util/debug.c /sssd/src/util/domain_info_utils.c /sssd/src/util/find_uid.c /sssd/src/util/nscd.c /sssd/src/util/server.c /sssd/src/util/signal.c /sssd/src/util/sss_ini.c /sssd/src/util/sss_krb5.c /sssd/src/util/sss_krb5.h /sssd/src/util/sss_ldap.c /sssd/src/util/sss_nss.c /sssd/src/util/sss_selinux.c /sssd/src/util/sss_ssh.c /sssd/src/util/sss_tc_utf8.c /sssd/src/util/user_info_msg.c /sssd/src/util/usertools.c /sssd/src/util/util.c /sssd/src/util/util.h /sssd/src/util/util_lock.c /sssd/src/util/well_known_sids.c
0e65abe5cf2abf5d4b431cf6bd161b419f07901d 11-Sep-2013 Lukas Slebodnik <lslebodn@redhat.com>

Fix formating of variables with type: size_t

/sssd/src/db/sysdb_autofs.c /sssd/src/db/sysdb_ops.c /sssd/src/db/sysdb_search.c /sssd/src/providers/ad/ad_srv.c /sssd/src/providers/fail_over_srv.c /sssd/src/providers/ipa/ipa_config.c /sssd/src/providers/ipa/ipa_idmap.c /sssd/src/providers/ipa/ipa_netgroups.c /sssd/src/providers/ipa/ipa_selinux.c /sssd/src/providers/ipa/ipa_selinux_maps.c /sssd/src/providers/ipa/ipa_srv.c /sssd/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd/src/providers/krb5/krb5_child.c /sssd/src/providers/krb5/krb5_child_handler.c /sssd/src/providers/krb5/krb5_renew_tgt.c ldap_child.c ldap_id_cleanup.c sdap_access.c sdap_async_autofs.c sdap_async_groups.c sdap_async_groups_ad.c sdap_async_initgroups.c sdap_async_initgroups_ad.c sdap_async_nested_groups.c sdap_async_netgroups.c sdap_async_services.c sdap_async_sudo.c sdap_async_users.c sdap_child_helpers.c /sssd/src/providers/simple/simple_access_check.c /sssd/src/responder/nss/nsssrv_mmap_cache.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/util/child_common.c
711bba7e2f72a816774effa389ad13bcc46e7843 17-Jul-2013 Pavel Březina <pbrezina@redhat.com>

SIGCHLD handler: do not call callback when pvt data where freed https://fedorahosted.org/sssd/ticket/1992
eb64d3406c15dcc5cb42c94488737bdbb9a15655 20-May-2013 Jakub Hrozek <jhrozek@redhat.com>

Remove unneeded parameter of setup_child and namespace it setup_child() was accepting a parameter it didn't use. Also the function name was too generic, so I added a sdap prefix.
7800c9da75ad0dc3b4a530b15adce86d6c4f26e5 13-Mar-2013 Lukas Slebodnik <lslebodn@redhat.com>

More generalized function open_debug_file_ex() Function open_debug_file_ex() set flag FD_CLOEXEC to opened file according to the value of third parameter. Removed duplicity of unsetting FD_CLOEXEC after calling function open_debug_file_ex()
e7a24374d97e1d1c32d3e18561a20e8c5e6319ec 12-Oct-2012 Jakub Hrozek <jhrozek@redhat.com>

Collect krb5 trace on high debug levels If the debug level contains SSSDBG_TRACE_ALL, then the logs would also include tracing information from libkrb5. https://fedorahosted.org/sssd/ticket/1539
e6e0d5a663a133b16938cea263557bf67d544e9c 04-Oct-2012 Jakub Hrozek <jhrozek@redhat.com>

Remove unused variable
798a227df11f49147fa43e515910ec11e21e0caa 02-Oct-2012 Pavel Březina <pbrezina@redhat.com>

remove left over principal selection https://fedorahosted.org/sssd/ticket/1303 Domain start up was taking too long when there are many principals in a kerberos keytab. We were looking up in the keytab two times. The first time we try to select a proper principal and remember it. The second call happens almost right after the first one and it is just a check if the principal exists in the keytab, without any output information other than success/failure. It is probably a left over from https://fedorahosted.org/sssd/ticket/781. This patch removes the second call.
c8a124ac1b03d83016bda02cad5a369ce6fb1cd7 01-May-2012 Stef Walter <stefw@gnome.org>

execv, excvp and exec_child never return EOK * So don't need to handle that case
87c07559af5cfcd2752295ef7c425bd3205f426f 19-Dec-2011 Stephen Gallagher <sgallagh@redhat.com>

Move child_common routines to util
4a6a5421113ab662a665c62ed6a24b61a5a36950 28-Sep-2011 Jakub Hrozek <jhrozek@redhat.com>

Multiline macro cleanup This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
e81a816cddab4a62f263d1a0274d5d3f101e8e0f 25-Apr-2011 Jan Zeleny <jzeleny@redhat.com>

Modify principal selection for keytab authentication Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
64783bdc0aff447a356c5169c027dadc05dfb312 13-Oct-2010 Jakub Hrozek <jhrozek@redhat.com>

Make ldap_child report kerberos return code to parent
2f4e8fbdf1d4ba1e00fcab93af91fe4f4f40250d 03-Aug-2010 Jakub Hrozek <jhrozek@redhat.com>

Validate keytab at startup In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556
a2cabe1873c4d01c18ef6617b6b1f10a0ce3560e 09-Jul-2010 eindenbom <eindenbom@gmail.com>

GSSAPI ticket expiry time is returned from ldap_child and stored in sdap_handle for future reference.
711fc7d00135cb5fb202efe1a0b77c61b4f2c099 09-Jun-2010 Jakub Hrozek <jhrozek@redhat.com>

Fix realm_str dereference Fixes: #508
ebb6e30d687a4d6626c735234c85cbb5b06a26aa 16-May-2010 Sumit Bose <sbose@redhat.com>

Add ldap_krb5_ticket_lifetime option
af971fb6cf853c3a5f41aa00918013903aba1ff3 16-May-2010 Stephen Gallagher <sgallagh@redhat.com>

Properly set up SIGCHLD handlers Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
6adf5b8a078f2b37f2d3d91cd060b891c2a7efaa 03-Mar-2010 Simo Sorce <ssorce@redhat.com>

Improve safe alignment buffer handling macros Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab 18-Feb-2010 Stephen Gallagher <sgallagh@redhat.com>

Rename server/ directory to src/ Also update BUILD.txt

/sssd/BUILD.txt /sssd/Makefile.am /sssd/configure.ac /sssd/contrib/sssd.spec.in /sssd/src/Makefile.am /sssd/src/build_macros.m4 /sssd/src/conf_macros.m4 /sssd/src/confdb/confdb.c /sssd/src/confdb/confdb.h /sssd/src/confdb/confdb_private.h /sssd/src/confdb/confdb_setup.c /sssd/src/confdb/confdb_setup.h /sssd/src/config/SSSDConfig.py /sssd/src/config/SSSDConfigTest.py /sssd/src/config/etc/sssd.api.conf /sssd/src/config/etc/sssd.api.d/sssd-ipa.conf /sssd/src/config/etc/sssd.api.d/sssd-krb5.conf /sssd/src/config/etc/sssd.api.d/sssd-ldap.conf /sssd/src/config/etc/sssd.api.d/sssd-local.conf /sssd/src/config/etc/sssd.api.d/sssd-proxy.conf /sssd/src/config/ipachangeconf.py /sssd/src/config/setup.py /sssd/src/config/testconfigs/noparse.api.conf /sssd/src/config/testconfigs/sssd-badversion.conf /sssd/src/config/testconfigs/sssd-invalid-badbool.conf /sssd/src/config/testconfigs/sssd-invalid.conf /sssd/src/config/testconfigs/sssd-noversion.conf /sssd/src/config/testconfigs/sssd-valid.conf /sssd/src/config/upgrade_config.py /sssd/src/configure.ac /sssd/src/db/sysdb.c /sssd/src/db/sysdb.h /sssd/src/db/sysdb_ops.c /sssd/src/db/sysdb_private.h /sssd/src/db/sysdb_search.c /sssd/src/doxy.config.in /sssd/src/examples/sssd.conf /sssd/src/examples/sssdproxytest /sssd/src/examples/sudo /sssd/src/external/crypto.m4 /sssd/src/external/docbook.m4 /sssd/src/external/krb5.m4 /sssd/src/external/ldap.m4 /sssd/src/external/libcares.m4 /sssd/src/external/libcollection.m4 /sssd/src/external/libdhash.m4 /sssd/src/external/libini_config.m4 /sssd/src/external/libldb.m4 /sssd/src/external/libpcre.m4 /sssd/src/external/libpopt.m4 /sssd/src/external/libtalloc.m4 /sssd/src/external/libtdb.m4 /sssd/src/external/libtevent.m4 /sssd/src/external/pam.m4 /sssd/src/external/pkg.m4 /sssd/src/external/platform.m4 /sssd/src/external/python.m4 /sssd/src/external/selinux.m4 /sssd/src/external/sizes.m4 /sssd/src/krb5_plugin/sssd_krb5_locator_plugin.c /sssd/src/ldb_modules/memberof.c /sssd/src/m4/.dir /sssd/src/man/include/failover.xml /sssd/src/man/include/param_help.xml /sssd/src/man/include/upstream.xml /sssd/src/man/sss_groupadd.8.xml /sssd/src/man/sss_groupdel.8.xml /sssd/src/man/sss_groupmod.8.xml /sssd/src/man/sss_groupshow.8.xml /sssd/src/man/sss_useradd.8.xml /sssd/src/man/sss_userdel.8.xml /sssd/src/man/sss_usermod.8.xml /sssd/src/man/sssd-ipa.5.xml /sssd/src/man/sssd-krb5.5.xml /sssd/src/man/sssd-ldap.5.xml /sssd/src/man/sssd.8.xml /sssd/src/man/sssd.conf.5.xml /sssd/src/man/sssd_krb5_locator_plugin.8.xml /sssd/src/monitor/monitor.c /sssd/src/monitor/monitor.h /sssd/src/monitor/monitor_interfaces.h /sssd/src/monitor/monitor_sbus.c /sssd/src/po/LINGUAS /sssd/src/po/Makevars /sssd/src/po/POTFILES.in /sssd/src/po/de.po /sssd/src/po/es.po /sssd/src/po/fr.po /sssd/src/po/it.po /sssd/src/po/ja.po /sssd/src/po/nl.po /sssd/src/po/pl.po /sssd/src/po/pt.po /sssd/src/po/sss_daemon.pot /sssd/src/po/sv.po /sssd/src/providers/child_common.c /sssd/src/providers/child_common.h /sssd/src/providers/data_provider.h /sssd/src/providers/data_provider_be.c /sssd/src/providers/data_provider_fo.c /sssd/src/providers/data_provider_opts.c /sssd/src/providers/dp_auth_util.c /sssd/src/providers/dp_backend.h /sssd/src/providers/dp_sbus.c /sssd/src/providers/fail_over.c /sssd/src/providers/fail_over.h /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_access.h /sssd/src/providers/ipa/ipa_auth.c /sssd/src/providers/ipa/ipa_auth.h /sssd/src/providers/ipa/ipa_common.c /sssd/src/providers/ipa/ipa_common.h /sssd/src/providers/ipa/ipa_init.c /sssd/src/providers/ipa/ipa_timerules.c /sssd/src/providers/ipa/ipa_timerules.h /sssd/src/providers/krb5/krb5_auth.c /sssd/src/providers/krb5/krb5_auth.h /sssd/src/providers/krb5/krb5_become_user.c /sssd/src/providers/krb5/krb5_child.c /sssd/src/providers/krb5/krb5_common.c /sssd/src/providers/krb5/krb5_common.h /sssd/src/providers/krb5/krb5_init.c /sssd/src/providers/krb5/krb5_utils.c /sssd/src/providers/krb5/krb5_utils.h ldap_auth.c ldap_child.c ldap_common.c ldap_common.h ldap_id.c ldap_id_cleanup.c ldap_id_enum.c ldap_init.c sdap.c sdap.h sdap_async.c sdap_async.h sdap_async_accounts.c sdap_async_connection.c sdap_async_private.h sdap_child_helpers.c /sssd/src/providers/providers.h /sssd/src/providers/proxy.c /sssd/src/providers/sssd_be.exports /sssd/src/python/pysss.c /sssd/src/resolv/ares/ares_data.c /sssd/src/resolv/ares/ares_data.h /sssd/src/resolv/ares/ares_dns.h /sssd/src/resolv/ares/ares_parse_srv_reply.c /sssd/src/resolv/ares/ares_parse_srv_reply.h /sssd/src/resolv/ares/ares_parse_txt_reply.c /sssd/src/resolv/ares/ares_parse_txt_reply.h /sssd/src/resolv/async_resolv.c /sssd/src/resolv/async_resolv.h /sssd/src/responder/common/responder.h /sssd/src/responder/common/responder_cmd.c /sssd/src/responder/common/responder_common.c /sssd/src/responder/common/responder_dp.c /sssd/src/responder/common/responder_packet.c /sssd/src/responder/common/responder_packet.h /sssd/src/responder/nss/nsssrv.c /sssd/src/responder/nss/nsssrv.h /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/nss/nsssrv_nc.c /sssd/src/responder/nss/nsssrv_nc.h /sssd/src/responder/pam/pam_LOCAL_domain.c /sssd/src/responder/pam/pamsrv.c /sssd/src/responder/pam/pamsrv.h /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/responder/pam/pamsrv_dp.c /sssd/src/sbus/sbus_client.c /sssd/src/sbus/sbus_client.h /sssd/src/sbus/sssd_dbus.h /sssd/src/sbus/sssd_dbus_common.c /sssd/src/sbus/sssd_dbus_connection.c /sssd/src/sbus/sssd_dbus_private.h /sssd/src/sbus/sssd_dbus_server.c /sssd/src/sss_client/common.c /sssd/src/sss_client/group.c /sssd/src/sss_client/man/pam_sss.8.xml /sssd/src/sss_client/pam_sss.c /sssd/src/sss_client/pam_test_client.c /sssd/src/sss_client/passwd.c /sssd/src/sss_client/protos.h /sssd/src/sss_client/sss_cli.h /sssd/src/sss_client/sss_nss.exports /sssd/src/sss_client/sss_pam.exports /sssd/src/sss_client/sss_pam_macros.h /sssd/src/sysv/SUSE/sssd /sssd/src/sysv/sssd /sssd/src/tests/auth-tests.c /sssd/src/tests/check_and_open-tests.c /sssd/src/tests/common.c /sssd/src/tests/common.h /sssd/src/tests/fail_over-tests.c /sssd/src/tests/files-tests.c /sssd/src/tests/find_uid-tests.c /sssd/src/tests/ipa_ldap_opt-tests.c /sssd/src/tests/ipa_timerules-tests.c /sssd/src/tests/krb5_utils-tests.c /sssd/src/tests/python-test.py /sssd/src/tests/refcount-tests.c /sssd/src/tests/resolv-tests.c /sssd/src/tests/stress-tests.c /sssd/src/tests/strtonum-tests.c /sssd/src/tests/sysdb-tests.c /sssd/src/tools/files.c /sssd/src/tools/sss_groupadd.c /sssd/src/tools/sss_groupdel.c /sssd/src/tools/sss_groupmod.c /sssd/src/tools/sss_groupshow.c /sssd/src/tools/sss_sync_ops.c /sssd/src/tools/sss_sync_ops.h /sssd/src/tools/sss_useradd.c /sssd/src/tools/sss_userdel.c /sssd/src/tools/sss_usermod.c /sssd/src/tools/tools_util.c /sssd/src/tools/tools_util.h /sssd/src/util/backup_file.c /sssd/src/util/check_and_open.c /sssd/src/util/crypto_sha512crypt.c /sssd/src/util/debug.c /sssd/src/util/dlinklist.h /sssd/src/util/find_uid.c /sssd/src/util/find_uid.h /sssd/src/util/memory.c /sssd/src/util/nss_sha512crypt.c /sssd/src/util/refcount.c /sssd/src/util/refcount.h /sssd/src/util/server.c /sssd/src/util/sha512crypt.h /sssd/src/util/signal.c /sssd/src/util/signal.m4 /sssd/src/util/sss_krb5.c /sssd/src/util/sss_krb5.h /sssd/src/util/sss_ldap.c /sssd/src/util/sss_ldap.h /sssd/src/util/strtonum.c /sssd/src/util/strtonum.h /sssd/src/util/user_info_msg.c /sssd/src/util/user_info_msg.h /sssd/src/util/usertools.c /sssd/src/util/util.c /sssd/src/util/util.h