MONITOR: Do not set up watchdog for monitor It makes little sense to set up watchdog for monitor because there is no entity that would restart the monitor. Therefore we should disable the watchdog for monitor process. Resolves: https://fedorahosted.org/sssd/ticket/3232 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

UTILS: Fixing duplication of pid file declaration Resolves: https://fedorahosted.org/sssd/ticket/2978 Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

utils: add is_email_from_domain() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: make domain mapping content testable Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Remove unused functions The conversion to sysdb made several functions obsolete. Remove them. Reviewed-by: Sumit Bose <sbose@redhat.com>

LDAP: Qualify user and group names when saving the sudo users If the sudoUser values we fetch from LDAP correspond to a user or a group name per: http://www.sudo.ws/man/1.8.14/sudoers.ldap.man.html then we parse the usernames into (name,domain) tuples and store them qualified. This patch not only makes the sudo provider work with qualified names, but also makes it possible to use qualified names on the LDAP side, allowing for example AD users from different domains to access sudo rules. Reviewed-by: Sumit Bose <sbose@redhat.com>

UTIL: Add a utility function sss_output_name Adds a convenience function that will help reduce the amount of code duplication in the responders. All responders need to parse the username from the internal format, lower-case the name, if the domain is case-insensitive and then replace spaces if the responder is configured to do so. Reviewed-by: Sumit Bose <sbose@redhat.com>

UTIL: Add a utility function to create a list of qualified names Adds a convenience wrapper around sss_create_fqname that qualifies a list of names into the format used internally in sssd. Reviewed-by: Sumit Bose <sbose@redhat.com>

UTIL: Add function to create internal fqname Add function to create internal fqname in format shortname@domname where domain portion is lowercased. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Add function to parse internal fqname format Add lightweight function to parse internal fqname format (shortname@domain). This function does not require the sss_names to be initialized. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

IPA/AD: globally set krb5 canonicalization flag If Kerberos principal canonicalization is configured in SSSD, currently it is the default for the IPA provider, a configuration snippet is generated for the system-wide libkrb5 configuration so that all kerberized applications will use canonicalization by default. Resolves https://fedorahosted.org/sssd/ticket/3041 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Monitor: Add mode to generate confdb only With this mode we can add socket activated services and have systemd pre exec sssd to genrate the configuration file w/o starting the whole sssd if not necessary. https://fedorahosted.org/sssd/ticket/2243 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Util: Add watchdog helper The watchdog uses a kernel timer to issue a signal to the process. It checks if the ticker is not being reset by the main event loop, which would indicate that the process got stuck. At the same time it sets a tevent timer to clear the watchdog ticker, so that the watchdog handler is kept happy. If the watchdog detects that the timer event failed to reset the watchdog for three times in a row then the process is killed. Normally the monitor will detect the child terminated and will rescheduled it. Related: https://fedorahosted.org/sssd/ticket/2921 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

Downcast to errno_t after tevent_req_is_error Functions tevent_req_is_error and _tevent_req_error use type uint64_t for error code. SSSD uses errno_t which is an alias for int. Therefore complier assumes that macro TEVENT_REQ_RETURN_ON_ERROR can return 0 due to implicit down casting from uint64_t -> int. This patch makes down casting explicit and returns EINVAL if result of downcasting is 0. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

p11: add OCSP default responder options Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

p11: add no_verification option Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Do not leak fds in case of failures setting up a child process Resolves: https://fedorahosted.org/sssd/ticket/3006 The handling of open pipes in failure cases was suboptimal. Moreover, the faulty logic was copied all over the place. This patch introduces helper macros to: - initialize the pipe endpoints to -1 - close an open pipe fd and set it to -1 afterwards - close both ends unless already closed These macros are used in the child handling code. The patch also uses child_io_destructor in the p11_child code for safer fd handling. Reviewed-by: Petr Cech <pcech@redhat.com>

util: make concatenate_string_array() reusable Reviewed-by: Pavel Březina <pbrezina@redhat.com>

UTIL: Move debug part from util.h -> new debug.h Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

utils: return const char ** from dup_string_list This function is not used anywhere and const char ** suits better in my use case (next patch) so I just changed the function. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Provide varargs version of debug_fn Reviewed-by: Pavel Březina <pbrezina@redhat.com>

UTIL: Use prefix for debug function Reviewed-by: Pavel Březina <pbrezina@redhat.com>

p11: enable ocsp checks This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

util: Update get_next_domain's interface Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

REFACTOR: umask(077) --> umask(SSS_DFL_X_UMASK) There are many calls of umask function with 077 argument. This patch add new constant SSS_DFL_X_UMASK which stands fot 077. So all occurences of umask(077) are replaced by constant SSS_DFL_X_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

REFACTOR: umask(0177) --> umask(SSS_DFL_UMASK) There are many calls of umask function with 0177 argument. This patch add new constant SSS_DFL_UMASK which stands for 0177. So all occurences of umask(0177) (except responder code) are replaced by constant SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Convert domain->disabled into tri-state with domain states Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

NSS: Don't ignore backslash in usernames with ldap provider The regression was caused by changing default domain regex for ldap provider in ticket #2717 Resolves: https://fedorahosted.org/sssd/ticket/2772 Reviewed-by: Sumit Bose <sbose@redhat.com>

UTIL: Provide a common interface to safely create temporary files Reviewed-by: Pavel Březina <pbrezina@redhat.com>

DEBUG: Add new debug category for fail over. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

UTIL: Add sss_filter_sanitize_ex Related: https://fedorahosted.org/sssd/ticket/2553 In order to support wildcard request, we need to introduce an optionally relaxed version of sss_filter_sanitize that allows to select which characters are exempt from sanitizing. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

utils: add get_last_x_chars() Reviewed-by: Pavel Březina <pbrezina@redhat.com>

UTIL/SYSDB: Move new_subdomain() to sysdb_subdomains.c and make it private In order to make updating the subdomain list a two-step process. Therefore we need to make sure that update_subdomains() is the only interface towards the SSSD that changes the subdomain list. Move the new_subdomain() function to sysdb_subdomains.c and only make it available through a private header so it's usable by unit tests. Reviewed-by: Sumit Bose <sbose@redhat.com>

SYSDB: Store trust direction for subdomains We need to store the subdomain trust direction in order to recover the structure after SSSD restart. The trust direction is a plain uint32_t to avoid leaking the knowledge about AD trust directions to sysdb while at the same time making it easy to compare values between sysdb and LDAP and avoid translating the values. Reviewed-by: Sumit Bose <sbose@redhat.com>

selinux: Only call semanage if the context actually changes https://fedorahosted.org/sssd/ticket/2624 Add a function to query the libsemanage database for a user context and only update the database if the context differes from the one set on the server. Adds talloc dependency to libsss_semanage. Reviewed-by: Michal Židek <mzidek@redhat.com>

UTIL: Add a simple function to get the fd of debug_file Reviewed-by: Pavel Reichl <preichl@redhat.com>

sdap: properly handle binary objectGuid attribute Although in the initial processing SSSD treats the binary value right at some point it mainly assumes that it is a string. Depending on the value this might end up with the correct binary value stored in the cache but in most cases there will be only a broken entry in the cache. This patch converts the binary value into a string representation which is described in [MS-DTYP] and stores the result in the cache. Resolves https://fedorahosted.org/sssd/ticket/2588 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: convert GeneralizedTime to unix time New utility function *sss_utc_to_time_t* to convert GeneralizedTime to unix time. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SELINUX: Set and reset umask when caling set_seuser from deamon code https://fedorahosted.org/sssd/ticket/2563 Reviewed-by: Michal Židek <mzidek@redhat.com>

IPA: properly handle mixed-case trusted domains In the SSSD cache domain names are handled case-sensitive. As a result fully-qualified names in RDN contain the domain part in the original spelling. When IPA client lookup up group-memberships on the IPA server via the extdom plugin the names returned are all lower case. To make sure new DNs are generated correctly the domain part must adjusted. Related to https://fedorahosted.org/sssd/ticket/2159 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Unify the fd_nonblocking implementation The responder and child_common modules each had their own implementation. Unify it instead and add a unit test. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

AD/IPA: add krb5_confd_path configuration option With this new parameter the directory where Kerberos configuration snippets are created can be specified. Fixes https://fedorahosted.org/sssd/ticket/2473 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Enable views for all domains Currently views and overrides were only available for sub-domains, this patch enables the lookup for the configured domains as well. Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Add add_strings_lists() utility function Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Add a function to convert id_t from a number or a name We need a custom function that would convert a numeric or string input into uid_t. The function will be used to drop privileges in servers and also in the PAC and IFP responders. Includes a unit test to test all code that changed as well as a fix for a misnamed attribute in the csv_to_uid_list function synopsis. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SSSD: Chown the log files We need to chown the log files before dropping root to make sure they are usable by the SSSD user. Unfortunately, we can't just rely on passing the fd opened by root, because we need to be also able to rotate the log files. Reviewed-by: Pavel Reichl <preichl@redhat.com>

SSSD: Add the options to specify a UID and GID to run as Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl <preichl@redhat.com>

sss_semanage: Add mlsrange parameter to set_seuser mlsrange parameter will be needed in IPA provider and probably at some point in the tools as well. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

util: Move semanage related functions to src/util These functions will be reused by IPA provider. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

sysdb: add overide lookup calls sysdb_search_user_override_by_name() and sysdb_search_group_override_by_name() search for overrides in the given view. sysdb_add_overrides_to_object() adds the data from the override object to the original object and makes them available for further processing. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

UTIL: Always write capaths We used to only generate the [capaths] section on the IPA server itself, when running in a trusted setup. But we also found out that the capaths are often required to make SSO fully work, so it's better to always generate them. Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>

UTIL: Move become_user outside krb5 tree In order for several other SSSD processes to run as a non-root user, we need to move the functions to become another user to a shared space in our source tree. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

UTIL: Do not depend on monitor code Just moves code around. There should be a way to use the server.c module without linking the monitor code. Reviewed-by: Pavel Reichl <preichl@redhat.com>

PAM: new options pam_trusted_users & pam_public_domains pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

Replace space: add some checks This patch adds some additional checks if the option for replacing spaces in user and group names is used. When replacing space with the replacement character it is checked if the name already contains the replacement character. If it does the unmodified name is returned because in this case a revers operation would not be possible. For the reverse operation is it checked if the input contains both a space and the replacement character. If this is true the unmodified name is returned as well, because we have to assume that it is the original name because otherwise it wouldn't contain both characters. Additionally a shortcut if the replacement characters is a space and tests for the new checks are added. The man page is updated accordingly. Related to https://fedorahosted.org/sssd/ticket/1854 and https://fedorahosted.org/sssd/ticket/2397 . Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Only replace space with the specified substitution https://fedorahosted.org/sssd/ticket/2397 - make sss_replace_whitespaces only replace space (' ') not any whitespace - make sss_replace_whitespaces only replace a single char, not the whole string - rename CONFDB_NSS_OVERRIDE_DEFAULT_WHITESPACE to CONFDB_NSS_OVERRIDE_DEFAULT_SPACE - rename the override_default_whitespace option to override_space - rename sss_replace_whitespaces() to sss_replace_space() - rename sss_reverse_replace_whitespaces() to sss_reverse_replace_space() - rename nctx->override_default_wsp_str to nctx->override_space - make the return value of sss_replace_space non-const to avoid freeing the result without compilation warnings Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

UTIL: remove get_username_from_uid The function was unused since 2009 and moreover it was synchronous. Reviewed-by: Pavel Reichl <preichl@redhat.com>

UTIL: Add functions for replacing whitespaces. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>

UTIL: rename find_subdomain_by_object_name The function was named "find_subdomain" yet it could find both main domain and subdomain. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: rename find_subdomain_by_name The function was named "find_subdomain" yet it could find both main domain and subdomain. sed 's/find_subdomain_by_name/find_domain_by_name/' -i `find . -name "*.[ch]"` Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: rename find_subdomain_by_sid The function was named "find_subdomain" yet it could find both main domain and subdomain. sed 's/find_subdomain_by_sid/find_domain_by_sid/' -i `find . -name "*.[ch]"` Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

LDAP: tokengroups do not work with id_provider=ldap With plain LDAP provider we already have a sdap_handle, so it should be possible that in the case where sdom->pvt == NULL sdap_id_op_connect_send() can be skipped and sdap_get_ad_tokengroups_send() can be already send with the sdap_handle passed to sdap_ad_tokengroups_initgr_mapping_send(). So we should only fail if sdom->pvt == NULL and sh == NULL. if find_subdomain_by_sid() failed we can check if there is only one domain in the domain list (state->domain) and in this case continue with this domain since the LDAP provider does not know about sub-domains and hence can only have one configured domain. Resolves: https://fedorahosted.org/sssd/ticket/2345 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

TOOLS: Always debug to stderr https://fedorahosted.org/sssd/ticket/2348 Programs that are supposed to only be executed on the foreground should log to stderr automatically. Reviewed-by: Michal Židek <mzidek@redhat.com>

SSSD: Send debug to stderr when running on foreground https://fedorahosted.org/sssd/ticket/2348 When SSSD is running in interactive mode, we should print DEBUG messages directly to stderr, not journal. Reviewed-by: Michal Židek <mzidek@redhat.com>

AD-GPO: Add support for gpo permissive mode Reviewed-by: Sumit Bose <sbose@redhat.com>

UTIL: Add function sss_parse_name_const Variable with type 'const char *' can be used as output argument in function sss_parse_name, but there will be warning. warning: passing 'const char **' to parameter of type 'char **' discards qualifiers in nested pointer types [-Wincompatible-pointer-types-discards-qualifiers]

utils: add get_known_services() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Include netinet/in.h for ip adress macros The manual page in.h (man in.h) says: The <netinet/in.h> header shall define the in6_addr structure that con‐ tains at least the following member: uint8_t s6_addr[16] The <netinet/in.h> header shall define the following macros that test for special IPv6 addresses. Each macro is of type int and takes a sin‐ gle argument of type const struct in6_addr *: IN6_IS_ADDR_LINKLOCAL: Unicast link-local address. IN6_IS_ADDR_LOOPBACK: Loopback address. IN6_IS_ADDR_MULTICAST: Multicast address. The header file netinet/in.h> was not included directly in src/util/util.c and it caused few problems. ./src/util/util.h:378: warning: 'struct in6_addr' declared inside parameter list ./src/util/util.h:378: warning: its scope is only this definition or declaration, which is probably not what you want src/util/util.c: In function 'check_ipv4_addr': src/util/util.c:765: error: implicit declaration of function 'IN_MULTICAST' src/util/util.c:769: error: 'IN_LOOPBACKNET' undeclared (first use in this function) src/util/util.c:769: error: (Each undeclared identifier is reported only once src/util/util.c:769: error: for each function it appears in.) src/util/util.c:778: error: 'INADDR_BROADCAST' undeclared (first use in this function) src/util/util.c: At top level: src/util/util.c:786: warning: 'struct in6_addr' declared inside parameter list src/util/util.c:787: error: conflicting types for 'check_ipv6_addr' ./src/util/util.h:378: error: previous declaration of 'check_ipv6_addr' was here src/util/util.c: In function 'check_ipv6_addr': src/util/util.c:796: error: implicit declaration of function 'IN6_IS_ADDR_LINKLOCAL' src/util/util.c:799: error: implicit declaration of function 'IN6_IS_ADDR_LOOPBACK' src/util/util.c:802: error: implicit declaration of function 'IN6_IS_ADDR_MULTICAST' Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

util: Change file check fns to use a mode mask Instead of using a custom way to chck file type, use the system provided macros and a mode mask to decide when we want to check. Additionally a mask also allows us to selectively check permissions. Related: https://bugzilla.redhat.com/1089098 Resolves: https://fedorahosted.org/sssd/ticket/2321 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>

DEBUG: Allow debug_fn to process __FILE__ and __LINE__ In preparation for enabling journald support for the DEBUG logs, we will need to be able to pass in certain additional arguments that will be required, specifically the code file and line number. We will be able to optionally enable this in the file-based logs as well if we so choose, but for right now we will avoid breaking the log format on disk. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

DOC: Fix names of arguments in doxygen comments Reviewed-by: Pavel Březina <pbrezina@redhat.com>

Remove DEBUG macro support for old debug levels Remove support for specifying old debug levels to the DEBUG macro: * remove debug_get_level function which was used for conversion, * remove debug_get_level tests, * remove mentions of old/new levels from DEBUG and DEBUG_IS_SET macro descriptions, * rename "newlevel" argument of debug_fn to just "level". Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Fixup DEBUG macro invocations update Fix mistakes made by the update script in f87797f "Make DEBUG macro invocations variadic". Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Make DEBUG macro definition variadic Update DEBUG macro definition to accept format string and its arguments as direct variadic macro arguments, instead of expecting them as an expression in parens. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Move DEBUG macro body to debug_fn Move DEBUG macro body to the debug_fn function, adding "function" argument to the latter. Rename "debug_fn" in sssd_krb5_locator_plugin.c to "plugin_debug_fn" to remove conflict with the sssd debug_fn. Replace DEBUG_MSG macro usage with debug_fn function usage. Remove DEBUG_MSG macro along with tests. The above makes the total size of binaries drop by 20% for the standard Fedora build and by 44% for a build configured according to Debian packaging script. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

utils: handling NULL params in sss_parse_name

NSS: Don't use printf(3) on user provided strings. This also fixes several corner cases and crashers. It's not prudent to pass user input to (even admin) input as a format string to printf, and various distros now check for this. This can cause accessing memory incorrectly, and various also various libc abort()'s. In addition various assumptions were made about full_name_format that aren't necessarily the case if the user uses a more complex format. Use safe-printf.c implementation for formatting full_name_format. Adapt the NSS resolver so it doesn't barf on formatted strings that are shorter than expected given a full_name_format. Tests added and updated appropriately.

Use lower-case name for case-insensitive searches The patch makes sure that a completely lower-cased version of a fully qualified name is used for case insensitive searches. Currently there are code paths where the domain name was used as configured and was not lower-cased. To make sure this patch does not break with old entries in the cache or case sensitive domains a third template was added to the related filters templates which is either filled with a completely lower-cased version or with the old version. The other two template values are unchanged.

Add utility to handle Well-Known SIDs

Add sss_tc_fqname2() sss_tc_fqname2() is similar to sss_tc_fqname() but expects domain and flat domain name as string arguments instead of a domain struct.

Signals: Refactor termination of processes sig_term() was never used as a real signal handler, but only called by tevent signal handlers in the kerberos and ldap children. Also the same code was duplicated with separate local guard variables in other functions. Unify orderly termination handling, between all these functions.

Signals: Remove unused functions Cleanup unused signal functions

UTIL: Move sss_parse_name_for_domains declaration to util.h

util: Add functions to check if IP addresses is special Added functions to check if given IP address is a special address (broadcast, multicast...).

ipa_server_mode: write capaths to krb5 include file If there are member domains in a trusted forest which are DNS-wise not proper children of the forest root the IPA KDC needs some help to determine the right authentication path. In general this should be done internally by the IPA KDC but this works requires more effort than letting sssd write the needed data to the include file for krb5.conf. If this functionality is available for the IPA KDC this patch might be removed from the sssd tree. Fixes https://fedorahosted.org/sssd/ticket/2093

IPA: store forest name for forest member domains In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of the forest must be known for a member domain of the forest.

util: add get_domains_head() This function will return head of the domain list. Resolves: https://fedorahosted.org/sssd/ticket/2066

BE: Log domain name to journald if available If the SSSD is compiled with journald support, then all sss_log() statements will include a new field called "SSSD_DOMAIN" that includes the domain name. Filtering only messages from the single domain is then as easy as: # journalctl SSSD_DOMAIN=foo.example.com

util: add find_subdomain_by_object_name() This function will parse object name into name and domain name part and return appropriate sss domain. Resolves: https://fedorahosted.org/sssd/ticket/2034

util: add find_subdomain_by_sid() This function takes domain SID (doesn't have the last component) or object SID (have all components) and returns subdomain. The subdomain is found by comparing domain->domainid with the SID. E.g. domain SID: S-1-5-21-3940105347-3434501867-2690409756 object SID: S-1-5-21-3940105347-3434501867-2690409756-513 Resolves: https://fedorahosted.org/sssd/ticket/2034

Enable printf format string checking https://fedorahosted.org/sssd/ticket/1945

Adding new header for printf formating macros

Fix formating of variables with type: long

utils: add is_host_in_domain()

UTIL: Create new wraper header file sss_endian.h Some platform have header file endian.h and anothers have sys/endian.h. We nedd to use conditional build to handle it correctly, therefore new header file sss_endian.h was created.

Add a new option to control subdomain enumeration

Read enumerate state for subdomains from cache The enumerate flag will be read from the cache for subdomains and the domain object will be created accordingly.

UTIL: Remove obsolete compat macros All supported tevent releases contain these macros.

Read mpg state for subdomains from cache The mpg flag will be read from the cache for subdomains and the domain object will be created accordingly.

AD: Write out domain-realm mappings This patch reuses the code from IPA provider to make sure that domain-realm mappings are written even for AD sub domains.

New utility function sss_get_domain_name Instead of copying a block of code that checks whether domain is a subdomain and uses only name of FQDN as appropriate, wrap the logic into a function.

Move domain_to_basedn outside IPA subtree The utility function will be reused to guess search base from the base DN of AD trusted domains.

Allow flat name in the FQname format https://fedorahosted.org/sssd/ticket/1648 Adds another expansion in the printf format that allows the user to use the domain flat name in the format.

Add utility functions for formatting fully-qualified names Instead of using printf-like functions directly, provide two wrappers that would encapsulate formatting the fully-qualified names. No functional change is present in this patch.

Check NSCD configuration file https://fedorahosted.org/sssd/ticket/1785 nscd.conf file is now checked for the presence of caching settings for databases controlled by SSSD. Syslog warning is now written only if NSCD is running with interfering configuration or if configuration file couldn't be loaded. New configure option added to support non-standard locations --with-nscd-conf=PATH (defaultly set to /etc/nscd.conf) This is just a workaround until the following bugzilla is resolved: https://bugzilla.redhat.com/show_bug.cgi?id=963908

Move nscd.c from tools to util Preparation for the following patch which will include the nscd.c in the monitor code due to newly introduced function for checking the nscd configuration file.

Rename SAFEALIGN macros. https://fedorahosted.org/sssd/ticket/1772 SAFEALIGN macros have been renamed in this patch to make it easy to pick the right macro when data is copied from byte buffer to a variable or vice versa. The renamed macros are placed in new header file to avoid code duplication (the old ones were defined in two files, one for the client code and one for the rest of sssd).

UTIL: Add function sss_names_init_from_args This function allows initializing sss_names_ctx using a regular expression and fully qualified format string specified in its arguments.

Fix sss_client breakage. Adding missing dependencies for linker. Missing dependency was introduced by commit 22d381367c27910fe82f476a76b9f4ede555e35a in changed file src/sss_client/nss_mc_common.c All function declaration for io.c was moved from util.h to separate file io.h, https://fedorahosted.org/sssd/ticket/1838

More generalized function open_debug_file_ex() Function open_debug_file_ex() set flag FD_CLOEXEC to opened file according to the value of third parameter. Removed duplicity of unsetting FD_CLOEXEC after calling function open_debug_file_ex()

Reuse sss_open_cloexec at other places in code. Functions open_cloexec and openat_cloexec were renamed with prefix "sss_" and moved to separete file. Replacing duplicated code of function sss_open_cloexec everywhere in the source code. https://fedorahosted.org/sssd/ticket/1794

Return ERR_INTERNAL instead of EIO EIO has always been an odd match, but was used as an error to indicate that something had gone wrong internally before we had specific SSSD errors available. Use ERR_INTERNAL instead going forward.

Add SSSD specific error codes and definitions This code adds a new range of error codes specific to SSSD, It also provides helper functions to print out error defintions like you can do with system error messages and the strerror() function. The sss_strerror() function can accept both the new sssd errors and system errno_t errors falling back to the system strerror() if the error code provide is not a valid SSSD error code.

Introduce IS_SUBDOMAIN() macro Fixes https://fedorahosted.org/sssd/ticket/1766

Change the way domains are linked. - Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()

Add function get_next_domain() Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()

Add realm info to sss_domain_info

Refactor single domain initialization Bring it out of sysdb, which will slowly remove internal dependencies on domains and instead will always require them to be passed by callers.

Add function to safely wipe memory. This is useful for wiping passwords, as it prevents the compiler from optimizing out a memset to zero before a free()

failover: Protect against empty host names Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484

Avoid const warnings when deallocating memory In some case we allocate and assign data to a const pointer. When we then try to free it we would get a const warning because talloc_free accepts a void, not a const void pointer. Use discard_const to avoid the warning, it is safe in this case.

Revert "Avoid accessing half-deallocated memory when using talloc_zfree macro." This reverts commit ff57c6aeb80a52b1f52bd1dac9308a69dc7a4774. This commit doesn't really make sense, we are never accessing freed memory as all we are dealing with is a pointer which is never itsef part of the memory we are freeing (if it were, it would be an error in the caller and we shouldn't mask it in this macro).

debug: print fatal and critical errors if debug level is unresolved If global variable debug_level has value SSSDBG_UNRESOLVED, we should print at least fatal and critical errors. https://fedorahosted.org/sssd/ticket/1345

Always start PAC responder if IPA ID provider is configured Since the PAC responder is used during the authentication of users from trusted realms it is started automatically if the IPA ID provider is configured for a domain to simplify the configuration. Fixes https://fedorahosted.org/sssd/ticket/1613

Add string_in_list() and add_string_to_list() with tests string_in_list() and add_string_to_list() are two utilities for NULL terminated strings arrays. add_string_to_list() adds a new string to an existing list or creates a new one with the strings as only item if there is not list. string_in_list() checks if a given string is in the list. It can be used case sensitive or in-sensitive.

util_lock.c: sss_br_lock_file accepted invalid parameter value Return EINVAL if number of tries is <= 0. Also the parameter retries was renamed to num_tries, so it is more obvious that it also includes the first try.

util: Added new file util_lock.c

exit original process after sssd is initialized https://fedorahosted.org/sssd/ticket/1357 Neither systemd or our init script use pid file as a notification that sssd is finished initializing. They will continue starting up next service right after the original (not daemonized) sssd process is terminated. If any of the responders fail to start, we will never terminate the original process via signal and "service sssd start" will hang. Thus we take this as an error and terminate the daemon with a non-zero value. This will also terminate the original process and init script or systemd will print failure.

add SSSDBG_IMPORTANT_INFO macro We currently have only SSSDBG_FATAL_FAILURE macro that corresponds to original debug level 0. But there are several level 0 messages that are not actually failures but an important information. We should use this new macro to represent them.

Include talloc log in our debug facility https://fedorahosted.org/sssd/ticket/1495

monitor: create pid file after all responders are started https://fedorahosted.org/sssd/ticket/1357

sss_cache tool invalidates records in memory cache.

Fix: IPv6 address with square brackets doesn't work. https://fedorahosted.org/sssd/ticket/1365

Consolidation of functions that make realm upper-case

Make re_expression and full_name_format per domain options * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663

Fix endian issue in SID conversion Since the byte-order is only important when dealing with the binary SID the sub-auth values are stored in host order and are only converted while reading or writing the binary SID.

Handle endianness issues on older systems Older versions of glibc (like that on RHEL 5) do not have the le32toh() function exposed. We need this for handling the Active Directory ID-mapping, so we'll copy these macros from endian.h on a newer glibc.

Add some utility functions for subdomains

Move atomic io function to a separate module We'll be using it on various places of the SSSD. The function is in its own file to allow using just the one piece without having to drag in the whole util.c module.

Add sss_get_cased_name_list utility function

Make the string_equal() function public

UTIL: Add function for atomic I/O

Move sized_string declaration to utils

sss_get_cased_name utility function

sss_utf8_tolower utility function+unit tests

Add option to follow symlinks to check_file()

Multiline macro cleanup This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.

DEBUG timestamps offer higher precision https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf

New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0 Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);

New DEBUG facility - conversion https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)

New DEBUG facility - modified DEBUG https://fedorahosted.org/sssd/ticket/925 Modified: DEBUG() macro to work with new levels There are several new macros in util/util.h: - DEBUG_MSG(level, function, message) which will format the debug message like "(time) [prg_name] [function] (level): message\n" - DEBUG_IS_SET(level) that you should use to check if the level is allowed to be logged You can use it like: if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) {...}

New DEBUG facility - new levels https://fedorahosted.org/sssd/ticket/925 Added functions: - debug_convert_old_level() to convert levels 0-9 to appropriate bitmask debug_convert_old_level(5) returns 0x03F0 (= 0 | 1 | 2 | 3 | 4 | 5) - debug_get_level() to convert old level number to its new value debug_get_level(5) returns 0x0200 (= 5) There are several new macros in util/util.h: - SSSDBG_* to reflect a debug level (same names as in the ticket) - please, don't use magic numbers anymore

debug_timestamps fixes Fixed: could not overwrite debug_timestamps when set in sssd.conf Fixed: invalid description of debug_timestamps in sssd man page

Move IP adress escaping from the LDAP namespace

Import config.h earlier On RHEL 5 and other older platforms, failing to set _GNU_SOURCE early would cause some functions - such as strndup() - to be unavailable.

Override config file debug_level with command-line This patch also makes the following changes: 1) The [sssd] debug_level setting no longer acts as a default for all other sections. 2) We will now skip passing the debug argument to the child processes from the master unless the SSSD was run with a command-line argument for the debug level. https://fedorahosted.org/sssd/ticket/764

Add overflow check to SAFEALIGN_COPY_*_CHECK macros

Validate user supplied size of data items Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.

Introduce sss_hash_create_ex()

krb5_child returns TGT lifetime

Add a special filter type to handle enumerations

Add utility function to sanitize LDAP/LDB filters Also adds a unit test.

Add a missing include file strcasecmp() is defined in strings.h which might not be included under certain conditions.

Add common hash table setup sss_hash_create() produces a dhash table living in the talloc hierarchy.

Add safe copy/move macros for uint16_t

Add dup_string_list() utility function

Add diff_string_lists utility function Includes a unit test

Add sss_log() function Right now, this log function writes to the syslog. In the future, it could be modified to work with ELAPI or another logging API.

Move parse_args() to util

Add ldap_krb5_ticket_lifetime option

Clean up kdcinfo and kpasswdinfo files when exiting

Avoid accessing half-deallocated memory when using talloc_zfree macro. The correct memory deallocation sequence is: - clear pointer to memory first - then deallocate memory

Protect against check-and-open race conditions There is a small window between running lstat() on a filename and opening it where it's possible for the file to have been modified. We were protecting against this by saving the stat data from the original file and verifying that it was the same file (by device and inode) when we opened it again, but this is an imperfect solution, as it is still possible for an attacker to modify the permissions during this window. It is much better to simply open the file and test on the active file descriptor. Resolves https://fedorahosted.org/sssd/ticket/425 incidentally, as without the initial lstat, we are implicitly accepting symlinks and only verifying the target file.

Reopen logs when SIGHUP is caught Upon receiving SIGHUP, the monitor signals all services to reopen their debug logs. It is also possible to signal individual services to reopen their particular files. Fixes: #332

Improve safe alignment buffer handling macros Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.

Check and set permissions on SBUS sockets

Rename server/ directory to src/ Also update BUILD.txt