summaryrefslogtreecommitdiff
path: root/server/confdb
AgeCommit message (Collapse)AuthorFilesLines
2009-09-10Remove unused event context argument from confdb_initStephen Gallagher2-2/+0
Because the confdb always operates synchronously, it maintains its own private event context internally. The event context argument passed to it is never used, so we'll remove it to avoid confusion.
2009-09-10Properly detect negative/invalid values for the minId and maxIdStephen Gallagher1-6/+53
2009-09-10Check for valid min and max IDs in confdb_get_domainsStephen Gallagher1-1/+7
2009-09-08Split database in multiple filesSimo Sorce3-15/+41
The special persistent local database retains the original name. All other backends now have their own cache-NAME.ldb file.
2009-09-01stop processing a domain if no provider is givenSumit Bose1-0/+1
2009-08-31Turn enumeration into a boolean valueSimo Sorce2-5/+18
2009-08-21Fix accidentally forcing MPGs on for all domainsStephen Gallagher1-1/+1
2009-08-20Make the LOCAL provider always use MagicPrivateGroupsStephen Gallagher1-1/+2
Also updates the manpage for sssd.conf to denote this
2009-08-18fix return value of confdb_get_domainsSumit Bose1-0/+1
If the last configured domain is broken confdb_get_domains returns the return value of confdb_get_domain even if there are valid domains available.
2009-07-20Monitor resolv.conf for changesStephen Gallagher1-2/+0
This patch updates the monitor_config_file() functions so that they can monitor any number of files and invoke a specified callback whenever they are modified. When inotify is available, we will add an additional watch descriptor to the inotify file descriptor. When inotify is not available, the polling function will simply loop to check each file in the monitor list. When changes are discovered in resolv.conf, the monitor will send a "resInit" signal to all of its known children. They are only required to handle this function if they need updated DNS information. Services that do not implement resInit should return DBUS_ERROR_UNKNOWN_METHOD (rather than timing out) with no ill effects.
2009-07-20Improvements to config file updatesStephen Gallagher1-1/+2
1) Some text editors will create a new file and move it into place on top of the existing file. When this happens, the kernel issues an IN_IGNORE inotify event and automatically removes the watch descriptor for that file. We'll handle the event and create a new watch descriptor for the new file. We will attempt to rewatch the file six times at five-second intervals. 2) Some scripts may append new data to the config file in several steps (such as calling echo "foo" >> sssd.conf several times). In order to handle these scripts safely, we'll defer processing of inotify events for one second after the first is detected. This should be ample time for the remainder of the script to complete.
2009-07-02Adding wrappers to free data in INI API.Dmitri Pal1-3/+3
See ticket #37 in sssd track.
2009-06-19Fix segfault in update_monitor_configStephen Gallagher1-0/+4
We were stealing the memory context of only the first value in the linked-list of domains (and also services). This patch adds a memory context to hold the lists so that can be stolen along with all of the entries.
2009-06-08Treat a missing provider entry as a config errorStephen Gallagher1-2/+7
2009-06-01Suppress "rootdse" error messages from the confdbStephen Gallagher1-3/+4
2009-05-28Suppress "rootdse" error messages.Stephen Gallagher1-0/+6
We will trap all LDB debug messages and pipe them into our internal DEBUG() function. LDB FATAL messages will still be printed by default, WARNING and TRACE functions will be at debug level 3 and 9, respectively.
2009-05-26Silence warningsSimo Sorce1-2/+2
2009-05-12Fix warnings in monitor.c and confdb.cStephen Gallagher1-1/+1
2009-05-11Separate confdb API from confdb setupStephen Gallagher5-371/+453
Refactoring the confdb so that the setup code can be linked separately from the access API. This is being done so that our plugins do not need to link against the collection and ini_config libraries.
2009-05-04Fixes for porting SSSD to Debian-based platformsStephen Gallagher2-1/+2
2009-04-16Avoid unnecessary reloads of config.ldbSimo Sorce1-4/+37
Add code to check if the file has changed since the last update was performed. Avoid dumping and reloading the config ldb if the modification time of the configuration file has not changed at all.
2009-04-14Add common function to retrieve comma sep. listsSimo Sorce2-45/+162
Also convert all places where we were using custom code to parse config arguments. And fix a copy&paste error in nss_get_config
2009-04-14Make reconnection to the Data Provider a global settingStephen Gallagher1-0/+2
Previously, every DP client was allowed to set its own "retries" option. This option was ambiguous, and useless. All DP clients will now use a global option set in the services config called "reconnection_retries"
2009-04-13Always pass full domain infoSimo Sorce2-73/+115
Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
2009-04-13Allow configuration of the SSSD through /etc/sssd/sssd.confStephen Gallagher3-98/+270
The SSSD now links with the ini_config and collection libraries in the common directory. The monitor will track changes to the /etc/sssd/sssd.conf file using inotify on platforms that support it, or polled every 5 seconds on platforms that do not. At startup or modification of the conf file, the monitor will purge the existing confdb and reread it completely from the conf file, to ensure that there are no lingering entries. It does this in a transaction, so there should be no race condition with the client services. A new option has been added to the startup options for the SSSD. It is now possible to specify an alternate config file with the -c <file> at the command line.
2009-04-08Remove obsolete optionSimo Sorce1-1/+0
2009-04-08Fix missing entry from first-start configStephen Gallagher1-0/+1
Since we switched to allowing domains to be configured but inactive, we need to include the default set (just LOCAL) into the first-start config.
2009-04-08Change the way we retrieve domainsSimo Sorce2-79/+75
To be able to correctly filter out duplicate names when multiple non-fully qualified domains are in use we need to be able to specify the domains order. This is now accomplished by the configuration paramets 'domains' in the config/domains entry. 'domains' is a comma separated list of domain names. This paramter allows also to have disbaled domains in the configuration without requiring to completely delete them. The domains list is now kept in a linked list of sss_domain_info objects. The first domain is also the "default" domain.
2009-03-30fixed two issues in the initial configurationSumit Bose2-2/+1
- value array is not terminated properly - infopipe service is added dynamically
2009-03-20Simplify default configurationSimo Sorce3-111/+92
Make confdb load a base ldif like sysdb to initialize the db, makes it simpler to understand at first sight what is the default configuration. Make the parameter "command" optional. Derive the default command from available information. Make the debug level a global by default so that enabling debug for all components is as easy as passing just -d X to the sssd binary.
2009-03-20Add better error reporting to confdb functionsSimo Sorce1-29/+63
2009-03-20Avoid nested events in confdbSimo Sorce1-1/+15
2009-03-18Enable MPGs and user/group enumeration on the LOCAL domain by defaultStephen Gallagher1-3/+5
2009-03-09use fixed paths to sockets to make sure clients and server are using the sameSumit Bose1-0/+4
2009-03-09Make MPG a configurable option for the domain.Simo Sorce2-0/+12
2009-03-08Use LOCAL for the default domain in confdb_init_dbStephen Gallagher1-0/+4
2009-03-06added PAM default configuration to confdb_init_dbSumit Bose1-6/+35
set default value of enumerate in LOCAL domain to 1 added checks to talloc_asprintf return values fixed InfoPipe defaults
2009-03-04Add internal min/max/next id management fucntionsSimo Sorce2-1/+46
Retrieve minID and maxID from domain configuration so that lower and upper bounds can be set per domain. Add function that keeps track of the next available id, increments and returns it on requests, avoiding collisions with existing ids.
2009-03-02Implement GetUserAttributes in the InfoPipeStephen Gallagher1-2/+2
This patch adds support for requesting user data in the sysdb via the InfoPipe. It currently has support for reading defined entries of integral, floating-point or string types. Tasks remaining: 1) Implement call to the provider when cache is out of date 2) Support byte arrays for userpic and similar I modified sysdb_search_ctx in sysdb_search.c to accept an array of attributes to pass into the LDB search. I also made one additional related fix: the btreemap now sorts in the correct order. Previously I had accidentally transposed the two values for sorting, so the map would always have been in exact reverse order.
2009-02-28Fix confdb issues.Simo Sorce2-94/+54
Avoid uninitialized memory messages in valgrind (in _btreemap_get_keys). Do not free memory we just stored in the btree (in confdb_get_domains_list). Streamline confdb_get_domains() and remove extra calls when we already have all the information handy. Do not store basedn in domain info, the base dn is always calculated out of the domain name. Remove the "provider" attribute, it was really used only to distinguish between LOCAL and other domains, directly check for LOCAL as a special case instead.
2009-02-27Refactor creation of domain_map into confdbStephen Gallagher2-21/+138
The NSS provider, the Data Provider backends and the InfoPipe all need access to the domain map provided by the confdb. Instead of reimplimenting it in multiple places, it is now provided in a pair of helper functions from the confdb. confdb_get_domains() returns a domain map by reference. Always returns the most up-to-date set of domains from the confdb. confdb_get_domains_list() returns an array of strings of all the domain names. Always returns the most up-to-date set of domains from the confdb. This patch also modifies the btreemap_get_keys() function to better handle memory and report allocation failures.
2009-02-26Rebase the code to use talloc, tdb, tevent, ldb as externalSimo Sorce2-5/+6
dependencies based on the latest samba code. Convert all references to the old events library to use the renamed tevent library.
2009-02-24Spec file patch Take 2:Stephen Gallagher1-0/+4
Adding support for generating RPMS for sssd. Fixing TDB autoconf macros to require version 1.1.3 and support for the tdb_repack symbol (required by LDB) Updating tdb.h to #include <sys/stat.h> for proper autoconf Build system modifications to simplify RPM generation Fixing RPM build system as recommended during code review Minor tweaks to Makefile and sssd.spec Make policykit and infopipe configurable Soname and symlinks
2009-02-20Add helper function to get booleans from confdbSimo Sorce2-9/+46
2009-02-20Completely rework the nss interface to be able to use 2Simo Sorce2-19/+0
types of domains: modern and legacy modern uses member/meberof, legacy uses memberUid for group memberships. Rework the proxy backend to use the legacy style as that's the format the data comes in (trying to convert would require too many transformations and increased the number of queries). Add support for fetching groups in nss. Add support for enumerating users and groups (requires to enable enumeration in config) both in nss and in the proxy provider. Remove confdb_get_domain_basedn() and substitute with generic calls in the nss init function. Store a domain structure in the btree not the basedn so that we can add enumeration flags. Also make sure NSS understand how to make multiple calls on enumerations, also make passing the domian parameter always mandatory, passing in domain=* is not valid anymore. This work fixes also a few memory, degfault, and logic bugs found while testing all nss functions (there are still some to fix that are less critical and much harder to find yet).
2009-02-13Always pass teh database path explicitly, so that test cases can useSimo Sorce2-13/+7
throw away databases Check version and init main db if empty
2009-01-27Add skeleton for PolicyKit back-endStephen Gallagher1-0/+16
2009-01-27Add skeleton for InfoPipe serviceStephen Gallagher1-3/+15
2009-01-27Automatically generate the config.ldb if it doesn't exist (i.e. First startup)Stephen Gallagher1-6/+83
2009-01-09Fix a bug in confdb_get_string where attempting to return a default string ↵Stephen Gallagher1-1/+11
of NULL would erroneously report ENOMEM.