ba847347cade817ee927397d82c952b51b0dcb2b |
|
05-Aug-2015 |
Lukas Slebodnik <lslebodn@redhat.com> |
sss_client: Update integrity check of records in mmap cache
The function sss_nss_mc_get_record return copy of record from memory
cache in last argument. Because we should not access data directly
to avoid problems with consistency of record.
The function sss_nss_mc_get_record also check whether length of record
is within data area (with macro MC_CHECK_RECORD_LENGTH)
However we also tried to do the same check in functions sss_nss_mc_get{gr, pw}*
Pointer to end of strings in record was compared to pointer to the end
of data table. But these two pointers are not within the same allocated area
and does not make sense to compare them. Sometimes record can be allocated
before mmaped area and sometime after. Sometimes it will return cached data
and other time will fall back to responder.
Resolves:
https://fedorahosted.org/sssd/ticket/2743
Reviewed-by: Michal Židek <mzidek@redhat.com> |
225dc6914cdc8920b02a129b98ece1ed97b99c03 |
|
05-Aug-2015 |
Lukas Slebodnik <lslebodn@redhat.com> |
mmap_cache: "Override" functions for initgr mmap cache
Functions sss_mc_get_strs_offset and sss_mc_get_strs_len provides
data about strings for individual memory caches (passwd, ...)
Their are used in generic responder mmap cache code to find a record
in mmap cache (sss_mc_find_record). Data provided from functions sss_mc_get_*
are used for checking the validity of record. So in case of corrupted record
the whole mmap cache can be invalidated.
Functions sss_mc_get_strs_offset and sss_mc_get_strs_len did not provide
data for initgroups mmap cache and therefore particular record could not be
invalidated.
Resolves:
https://fedorahosted.org/sssd/ticket/2716
Reviewed-by: Michal Židek <mzidek@redhat.com> |
39b31427e2d11ca318df11fd48db33a7cc610aa7 |
|
05-Aug-2015 |
Lukas Slebodnik <lslebodn@redhat.com> |
mmap_cache: Rename variables
Reviewed-by: Michal Židek <mzidek@redhat.com> |
88e68607e474ab2ce46c562753ef2e988516d1e9 |
|
03-Jul-2015 |
Lukas Slebodnik <lslebodn@redhat.com> |
sss_client: Use initgr mmap cache in client code
Resolves:
https://fedorahosted.org/sssd/ticket/2485
Reviewed-by: Michal Židek <mzidek@redhat.com> |