bc7991db97482eb2ac77f7105ee4bb3d329acff7 |
|
25-Jul-2016 |
Lukas Slebodnik <lslebodn@redhat.com> |
Amend debug messages after failure of unlink
Some messages did not have errno or name of problematic file.
There was also improper use of negative value.
The function strerror was called with -1 instead of errno
Reviewed-by: Petr Čech <pcech@redhat.com> |
bd769a08d18c791a18e913cf92f7f1651f56d3ff |
|
07-Jul-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Qualify user and group names when saving the sudo users
If the sudoUser values we fetch from LDAP correspond to a user or a
group name per:
http://www.sudo.ws/man/1.8.14/sudoers.ldap.man.html
then we parse the usernames into (name,domain) tuples and store them
qualified.
This patch not only makes the sudo provider work with qualified names,
but also makes it possible to use qualified names on the LDAP side,
allowing for example AD users from different domains to access sudo
rules.
Reviewed-by: Sumit Bose <sbose@redhat.com> |
53ef8f81b60929a6c866efdd133627e7d7d61705 |
|
09-Jun-2016 |
Sumit Bose <sbose@redhat.com> |
p11: add OCSP default responder options
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
aa35995ef056aa8ae052a47c62c6750b7adf065e |
|
09-Jun-2016 |
Sumit Bose <sbose@redhat.com> |
p11: add no_verification option
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
3a12f5cf2ee4a76c13b4d5ed9b0be87ad1d5cb2e |
|
14-Mar-2016 |
Pavel Březina <pbrezina@redhat.com> |
utils: return const char ** from dup_string_list
This function is not used anywhere and const char ** suits better
in my use case (next patch) so I just changed the function.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
544a20de7667f05c1a406c4dea0706b0ab507430 |
|
26-Nov-2015 |
Sumit Bose <sbose@redhat.com> |
p11: enable ocsp checks
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.
Resolves https://fedorahosted.org/sssd/ticket/2812
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
56e067109659886408789c936d37c1e86fe46695 |
|
05-Nov-2015 |
Petr Cech <pcech@redhat.com> |
UTIL: More restrictive umask on sss_unique_file()
There is no need to have executable unique_file.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
d95bcfe23c574de7b6b7b44b52a0d4db5cc8529a |
|
14-Aug-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
UTIL: Provide a common interface to safely create temporary files
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
fa7921c8259539b750f7e9e7bcd82aa72020826a |
|
15-Jul-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
UTIL: Add sss_filter_sanitize_ex
Related:
https://fedorahosted.org/sssd/ticket/2553
In order to support wildcard request, we need to introduce an optionally
relaxed version of sss_filter_sanitize that allows to select which
characters are exempt from sanitizing.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
5a5c5cdeb92f4012fc75fd717bfea06598f68f12 |
|
05-Mar-2015 |
Pavel Reichl <preichl@redhat.com> |
UTIL: convert GeneralizedTime to unix time
New utility function *sss_utc_to_time_t* to convert GeneralizedTime to
unix time.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
f3d91181d4ee9da3f8bbf4ddf8782951c0ae46c1 |
|
15-Jan-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
UTIL: Unify the fd_nonblocking implementation
The responder and child_common modules each had their own
implementation. Unify it instead and add a unit test.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
9ce7a46f6578a86b72f20acd7b0e55b1b4ebea09 |
|
05-Nov-2014 |
Sumit Bose <sbose@redhat.com> |
Add add_strings_lists() utility function
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
5eda23c28c582b43b2a0a165b1750f3875c0fa84 |
|
22-Oct-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
UTIL: Add a function to convert id_t from a number or a name
We need a custom function that would convert a numeric or string input
into uid_t. The function will be used to drop privileges in servers and
also in the PAC and IFP responders.
Includes a unit test to test all code that changed as well as a fix for
a misnamed attribute in the csv_to_uid_list function synopsis.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
852722ecb5dc09fc80cd3c837edb1cf6db529210 |
|
08-Jul-2014 |
Lukas Slebodnik <lslebodn@redhat.com> |
UTIL: Fix access out of bound in parse_args
While parsing string with multiple whitespaces, it may happen variable i is
zero and we want to test end of argument "tmp[i-1] != '\0'". Side effect of
this bug is duplicite string output array.
Input string: "foo b"
Expected output: { "foo", "a", NULL }
Output: { "foo", "foo", "a", NULL }
This patch uses inverted logic. Instead of testing whether to read next char or
skip multiple whitespaces, we will test whether we have new argument which
should be stored in output array.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
ebd2db737485d334cd54316e05f848f3ccfd2fee |
|
28-May-2014 |
Pavel Březina <pbrezina@redhat.com> |
utils: add get_known_services()
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
2b8208b45feb2aab64d560d3e12e01e7b6d00d39 |
|
26-Feb-2014 |
Lukas Slebodnik <lslebodn@redhat.com> |
UTIL: Sanitize whitespaces.
Original patches submitted by: mpesari(Thanks!!)
It can cause problems if user will hit spaces before entering username.
(e.g in gdm). Spaces are ignored by LDAP; it's better to escape them.
Resolves:
https://fedorahosted.org/sssd/ticket/1955
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
83bf46f4066e3d5e838a32357c201de9bd6ecdfd |
|
12-Feb-2014 |
Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> |
Update DEBUG* invocations to use new levels
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
a3c8390d19593b1e5277d95bfb4ab206d4785150 |
|
12-Feb-2014 |
Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> |
Make DEBUG macro invocations variadic
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
19b4bb652f5cdc2797b66595eaf8811881aa9873 |
|
22-Oct-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
Include external headers with #include <foo.h>
I find it more readable to include headers from outside the sssd tree
with <foo.h>, not "foo.h". The latter should be used for in-tree headers
only. |
2e57e339798f47ad84cae9121559d19192b79146 |
|
17-Oct-2013 |
Michal Zidek <mzidek@redhat.com> |
util: Add functions to check if IP addresses is special
Added functions to check if given IP address is a special address
(broadcast, multicast...). |
abac0f3ec2baa597d8e21a8744de6f33506299ce |
|
05-Sep-2013 |
Pavel Březina <pbrezina@redhat.com> |
utils: add is_host_in_domain() |
9d54fa809d7bf1b647e50081958ef33456c591bf |
|
28-Aug-2013 |
Lukas Slebodnik <lslebodn@redhat.com> |
UTIL: Explicitly include header file sys/socket.h
We use constant AF_INET6 in util.c, but we do not explicitly include header
file sys/socket.h. This header file was indirectly incuded by another header
file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can
have other dependencies among header files. |
c51f7a064b0d7ef86110bdeb6dc09fa6c08be7d3 |
|
07-Jun-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
Move domain_to_basedn outside IPA subtree
The utility function will be reused to guess search base from the base
DN of AD trusted domains. |
c63415eabb1dc595c60760fb1df7fa7cfd1d3200 |
|
10-Jan-2013 |
Simo Sorce <simo@redhat.com> |
Add function to safely wipe memory.
This is useful for wiping passwords, as it prevents the compiler from
optimizing out a memset to zero before a free() |
04759b59e71c78ab23b84d13dd29d9c6dd680adb |
|
02-Jan-2013 |
Michal Zidek <mzidek@redhat.com> |
failover: Protect against empty host names
Added new parameter to split_on_separator that allows to skip
empty values.
The whole function was rewritten. Unit test case was added to
check the new implementation.
https://fedorahosted.org/sssd/ticket/1484 |
d95e16fd2707c0f88da0bce2b6c315711ed02bae |
|
21-Nov-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
MONITOR: Fix off-by-one error in add_string_to_list
We need to allocate num_services+2 - one extra space for the new service
and one for NULL. |
032d0980dfe5a27a5954f44f9d519e03fc7d1ced |
|
14-Nov-2012 |
Sumit Bose <sbose@redhat.com> |
Add string_in_list() and add_string_to_list() with tests
string_in_list() and add_string_to_list() are two utilities for NULL
terminated strings arrays. add_string_to_list() adds a new string to an
existing list or creates a new one with the strings as only item if
there is not list. string_in_list() checks if a given string is in the
list. It can be used case sensitive or in-sensitive. |
b096321a5a02dda0b6b71ba0f9c4d8feacd979e4 |
|
23-Aug-2012 |
Michal Zidek <mzidek@redhat.com> |
Fix: IPv6 address with square brackets doesn't work.
https://fedorahosted.org/sssd/ticket/1365 |
9959c512ac3ba36f7a0db7614f0357ce0bae748f |
|
20-Apr-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
Move atomic io function to a separate module
We'll be using it on various places of the SSSD. The function is in its
own file to allow using just the one piece without having to drag in the
whole util.c module. |
e3c99ae355408933b03357220f3db09423bd40dd |
|
20-Apr-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
sss_atomic_io: Do not fail reads with EPIPE if there is not enough data to read
Also adds a unit test for sss_atomic_io() |
915b7f47219af0cedf5ddc146ab1598b3e6ae14a |
|
27-Feb-2012 |
Jan Cholasta <jcholast@redhat.com> |
UTIL: Add function for atomic I/O |
01171ddb20034578c616d0ba07f0268ab71809da |
|
23-Jan-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
Move sized_string declaration to utils |
dbea04f585a30d001b574317c068cd03a4fa332b |
|
16-Dec-2011 |
Jakub Hrozek <jhrozek@redhat.com> |
sss_utf8_tolower utility function+unit tests |
4d4c5aa6285aa055a4ec780ba47c180106f0926b |
|
02-Nov-2011 |
Stephen Gallagher <sgallagh@redhat.com> |
Fix size return for split_on_separator()
It was returning the size of the array, rather than the number of
elements. (The array was NULL-terminated). This argument was only
used in one place that was actually working around this odd return
value. |
2e1973b90ea87b343d39fef1f6393cc201989ecd |
|
11-Jul-2011 |
Jakub Hrozek <jhrozek@redhat.com> |
Move IP adress escaping from the LDAP namespace |
977f74dc1da8325e8622be33fa2b6f105c99011a |
|
15-Jun-2011 |
Jakub Hrozek <jhrozek@redhat.com> |
Make parse_args skip extra spaces
https://fedorahosted.org/sssd/ticket/871 |
b770be929d9c786b1ac671cca59dfd3314e65fdd |
|
20-Dec-2010 |
Sumit Bose <sbose@redhat.com> |
Introduce sss_hash_create_ex() |
cde740ba683882198853aa32d4dca492f079be8b |
|
14-Dec-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Add missing break statement to sss_hash_create
https://fedorahosted.org/sssd/ticket/720 |
ca92350db6ad6ac344181f7b8ec695eda29da675 |
|
15-Nov-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Add utility function to sanitize LDAP/LDB filters
Also adds a unit test. |
3b1df539835367cb81cd5ff0f9959947d5642e55 |
|
09-Oct-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Add common hash table setup
sss_hash_create() produces a dhash table living in the talloc
hierarchy. |
dae0af263a9490c57962c2d43ede2083d618e637 |
|
03-Aug-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Add dup_string_list() utility function |
dbd09f5703d721a58210e490609cfacb7eb56fcf |
|
03-Aug-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Add diff_string_lists utility function
Includes a unit test |
8b420102e0d91edb2acbd2e8a40fc7d9995de2ba |
|
27-May-2010 |
Sumit Bose <sbose@redhat.com> |
Move parse_args() to util |
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab |
|
18-Feb-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Rename server/ directory to src/
Also update BUILD.txt |