| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
CheckPermissions will currently return unrestricted access to the
root user, and no access to any other user. Once we decide on an
ACL mechanism, this will be easy to change.
I have also added very basic tests for the Introspect and
CheckPermissions methods.
|
|
Adding support for generating RPMS for sssd.
Fixing TDB autoconf macros to require version 1.1.3
and support for the tdb_repack symbol (required by LDB)
Updating tdb.h to #include <sys/stat.h> for proper autoconf
Build system modifications to simplify RPM generation
Fixing RPM build system as recommended during code review
Minor tweaks to Makefile and sssd.spec
Make policykit and infopipe configurable
Soname and symlinks
|
|
Fixing TDB autoconf macros to require version 1.1.3
and support for the tdb_repack symbol (required by LDB)
Updating tdb.h to #include <sys/stat.h> for proper autoconf
Build system modifications to simplify RPM generation
Fixing RPM build system as recommended during code review
Minor tweaks to Makefile and sssd.spec
Make policykit and infopipe configurable
Soname and symlinks
|
|
with D-BUS clients built in multiple languages. It will read in the XML file on the first request and store the returned XML as a component of the sbus_message_handler_ctx for the connection. All subsequent requests during the process' lifetime will be returned from the stored memory. This is perfectly safe, as the available methods cannot change during the process lifetime.
|
|
dbus_message_append_args() adds a reference to memory that is not
copied to the outgoing message until dbus_connection_send() is
called. Since we compile our reply messages in functions and then
return the reply, we need a mechanism for deleting allocated
memory after invoking dbus_connection_send. I have changed the
arguments to sbus_msg_handler_fn so that it takes a talloc ctx
containing the sbus_message_handler_ctx and a pointer to a reply
object. We can now allocate memory as a child of the reply context
and free it after calling dbus_connection_send.
|
|
listening for requests to org.freeipa.sssd.infopipe
I made the sbus_add_connection function public so that I could
use it for system bus connections.
Adding initial framework for the InfoPipe
Updating sysdb tests for the refactored sysdb methods.
|
|
|
|
rename _posix_ function into _legacy_
Add support for the posix legacy mode where memberships
are stored in memberUId and not in member/memberof pairs.
Do not build sysdb as a library
|
|
|
|
types of domains: modern and legacy
modern uses member/meberof, legacy uses memberUid for group
memberships.
Rework the proxy backend to use the legacy style as that's the
format the data comes in (trying to convert would require too
many transformations and increased the number of queries).
Add support for fetching groups in nss.
Add support for enumerating users and groups (requires to enable enumeration
in config) both in nss and in the proxy provider.
Remove confdb_get_domain_basedn() and substitute with generic calls in
the nss init function.
Store a domain structure in the btree not the basedn so that we can add
enumeration flags.
Also make sure NSS understand how to make multiple calls on
enumerations, also make passing the domian parameter always
mandatory, passing in domain=* is not valid anymore.
This work fixes also a few memory, degfault, and logic bugs
found while testing all nss functions (there are still some to
fix that are less critical and much harder to find yet).
|
|
up users.
|
|
|
|
requested method is not registered with the message handler. Previously, we returned DBUS_HANDLER_RESULT_HANDLED with no indication that nothing had happened.
|
|
btreemap_new() 2) Fix potentially serious memory allocation error. btreemap now requires a TALLOC_CTX to be passed in for assignment to the top node of the tree. Previously it was creating a new root TALLOC_CTX 3) Add new function btreemap_get_keys that will return a sorted array (newly allocated using talloc_realloc()) of keys (const void *) 4) Change the btreemap to use (const void *) keys instead of (void *)
|
|
This was causing some functions to not cancel a transaction as they should
have, leaving it pending indefintely. It in turn meant that no other process
could see what was "stored" in the db as transactions are not fluched to the
db until "committed".
Took me quite a while and a lot of confusion to catch why I was seeing
"ghost entries" in some processes and not seeing the entry in others ..
As a defensive programming measure make sure we commit OR cancel in the same
spot and that we always go thorugh it.
|
|
|
|
|
|
|
|
services ping time.
|
|
throw away databases
Check version and init main db if empty
|
|
|
|
|
|
|
|
|
|
|
|
use the same namespace (sysdb_posix_)
- no need to explicitly start a transaction if only one
operation is performed using a synchronous interface
- split _add_remove_ functions into separate functions,
don't let ldap madness creep into out interfaces
|
|
Fixed a few small bugs in sysdb_[store|remove]_account_posix. The
string "uid=" needed to be replaced with SYSDB_PW_NAME, and the
search scope in sysdb_remove_account_posix_by_uid needed to be
LDB_SCOPE_ONELEVEL, not LDB_SCOPE_BASE.
Added associated unit tests. Modified the unit test structure so
that it is called as a single suite, rather than a User and Group
suite, since there is too much overlap.
|
|
for adding/removing user accounts and POSIX groups to the groups.
Also modified the add/remove member functions to be a single
interface taking a flag for add or removal, since the code only
differs by one LDB flag.
Added associated unit tests.
|
|
to now use sysdb_add_member_to_posix_group along with sysdb_add_member_to_posix_group.
Added new unit tests to sysdb-tests.c for groups of groups.
|
|
|
|
|
|
|
|
Thanks Nathan for the review that lead to this!
|
|
Enable memberof by default in the default db example
|
|
as in IPA if necessary.
This patch slightly modifies ldb to split out a modules header file without
exposing the private headers.
|
|
|
|
It will connect and authenticate successfully (using the included D-BUS policy file installed in the correct /etc directory. Does not yet listen for requests.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
is not available immediately or drops the dbus connection.
First step is the nss connection to the data provider.
|
|
domain when possible.
|
|
not pointers to values.
Check domain is never null (or dbus will abort).
|
|
|
|
services can no longer start before the monitor is running its mainloop. This avoids the race condition where the child services attempted to connect to the monitor SBUS before it was able to answer requests.
|
|
|
|
able to call the reloadConfig DBUS method on any or all of its children to force them to reread their configuration from the confdb.
|
