Age | Commit message (Collapse) | Author | Files | Lines |
|
This is part of a set of patches to rewrite sysdb to a hopefully better
API, that will also let use use tevent_req async style calls to manipulate
our cache.
|
|
This sysdb_req has always really been a transaction handle and not
a request.
This is part of a set of patches to rewrite transaction support in sysdb to a
hopefully better API, that will also let use use tevent_req async style to
manipulate our cache.
|
|
We will trap all LDB debug messages and pipe them into our
internal DEBUG() function. LDB FATAL messages will still be
printed by default, WARNING and TRACE functions will be at debug
level 3 and 9, respectively.
|
|
|
|
If it's an MPG domain, set them equal. If it's a non-MPG domain, get the
next available GID and use that.
|
|
|
|
Convert auth modules to do the caching themselves
|
|
|
|
This fixes a bug with legacy backends where the cached password would be cleared
on a user update.
Using a different attribute we make sure a userPassword coming from the remote
backend does not interfere with a cachedPassword (and vice versa).
|
|
|
|
- added range check for supplied UIDs and GIDs
- initialize pc_gid to 0 to trigger gid generation
|
|
Change sysdb to always passwd sss_domain_info, not just the domain name.
This way domain specific options can always be honored at the db level.
|
|
|
|
Makes LOCAL a normal backend removing some special handling.
Fix/Add id range filtering and name filtering
Filters uid=0 and gid=0 in the proxy backend as 0 is invalid within
sysdb and was causing getxxent calls to fail completely.
Fix nss_ncache_check_xxx calls to avoid dirtying the 'ret' variable and
causing some unwanted failures.
Change sysdb to always return the uid number when searching member entries so
that id range filtering can be perfomed also in group searhes (does not work
with legacy backends)
|
|
In delete_callback we were freeing rep after having called return_done()
This caused a double free becuse rep is already freed as child of the request
when return_done calles the callback. To avoid future errors like this convert
return_error and return_done into functions and make them always be the last
call of the function and call them as part of the function return.
|
|
Gecos, homedir and shell are optional, fix the responder not to refuse to return
the user completely if they are missing, replace an empty homedir with "/".
Also fix fullname vs gecos, and always return gecos for NSS data.
On user creation set gecos to the same value as the user Full Name, to help
populate the gecos field with data that makes sense.
|
|
Turn user entries to Magic Private Groups when groups are quesried.
|
|
Fix infinite loop within initgr functions.
Fix min length check copy&paste error, was filtering valid groups if the name
was short enough and the group had no members.
|
|
|
|
This allows to perform checks and modifications in one transaction.
Uses configuration stored in confdb to determins if a domain uses MPGs.
|
|
Also shorten names oh other user attributes.
|
|
|
|
Changed the order of the arguments to CreateUser in the
Introspection XML to match the other functions (domain belongs
second on the list)
A few other minor fixes as well:
Fixed a typo in SYSDB_GETCACHED_FILTER and sysdb_transaction_end().
Added missing error handling in infp_do_user_set_uid().
|
|
|
|
The first functional command is sss_useradd
(Name is temporary, while looking for a better one)
|
|
We need to add the domain when users are not part of the default
domain, otherwise name conflicts may happen.
|
|
Also unify SYSDB_PW_NAME and SYSDB_GR_NAME in SYSDB_NAME and make it "name"
|
|
This function allows a caller to retrieve a list of users who have
logged in on the system, specifying an optional minimum last login
time to trim the list.
I modified sysdb_enumpwent to accept an optional search argument.
GetCachedUsers takes advantage of this argument to limit the search
by the last login time.
I also found and fixed a few additional low-memory conditions
around D-BUS message replies.
|
|
Calulates next id automatically if uid/gid are not specified.
Fixes to sysdb_get_next_available_id.
Add tests to create users and groups through the new functions.
|
|
Retrieve minID and maxID from domain configuration so that lower
and upper bounds can be set per domain.
Add function that keeps track of the next available id, increments
and returns it on requests, avoiding collisions with existing ids.
|
|
Add comments in header files to better explain interfaces and intended usage.
Expose function to convert from ldb errors to errnos.
Add sysdb_attrs helper to add a long integer as a value.
|
|
Provide also helper functions to build struct sysdb_attrs.
Also fix sysdb_get_user_attr() to have a consistent interface
as all other functions.
|
|
|
|
This patch adds support for requesting user data in the sysdb via
the InfoPipe. It currently has support for reading defined entries
of integral, floating-point or string types.
Tasks remaining:
1) Implement call to the provider when cache is out of date
2) Support byte arrays for userpic and similar
I modified sysdb_search_ctx in sysdb_search.c to accept an array of
attributes to pass into the LDB search.
I also made one additional related fix: the btreemap now sorts in the
correct order. Previously I had accidentally transposed the two
values for sorting, so the map would always have been in exact
reverse order.
|
|
|
|
|
|
|
|
This is necessary because in ldb only 1 transaction per context is possible
and all operations (or new transactions) are nested within it.
Will revisit this later when ldb will addresses the problem.
|
|
dependencies based on the latest samba code.
Convert all references to the old events library to use the
renamed tevent library.
|
|
rename _posix_ function into _legacy_
Add support for the posix legacy mode where memberships
are stored in memberUId and not in member/memberof pairs.
Do not build sysdb as a library
|
|
types of domains: modern and legacy
modern uses member/meberof, legacy uses memberUid for group
memberships.
Rework the proxy backend to use the legacy style as that's the
format the data comes in (trying to convert would require too
many transformations and increased the number of queries).
Add support for fetching groups in nss.
Add support for enumerating users and groups (requires to enable enumeration
in config) both in nss and in the proxy provider.
Remove confdb_get_domain_basedn() and substitute with generic calls in
the nss init function.
Store a domain structure in the btree not the basedn so that we can add
enumeration flags.
Also make sure NSS understand how to make multiple calls on
enumerations, also make passing the domian parameter always
mandatory, passing in domain=* is not valid anymore.
This work fixes also a few memory, degfault, and logic bugs
found while testing all nss functions (there are still some to
fix that are less critical and much harder to find yet).
|
|
|
|
This was causing some functions to not cancel a transaction as they should
have, leaving it pending indefintely. It in turn meant that no other process
could see what was "stored" in the db as transactions are not fluched to the
db until "committed".
Took me quite a while and a lot of confusion to catch why I was seeing
"ghost entries" in some processes and not seeing the entry in others ..
As a defensive programming measure make sure we commit OR cancel in the same
spot and that we always go thorugh it.
|
|
|
|
throw away databases
Check version and init main db if empty
|
|
|
|
use the same namespace (sysdb_posix_)
- no need to explicitly start a transaction if only one
operation is performed using a synchronous interface
- split _add_remove_ functions into separate functions,
don't let ldap madness creep into out interfaces
|
|
Fixed a few small bugs in sysdb_[store|remove]_account_posix. The
string "uid=" needed to be replaced with SYSDB_PW_NAME, and the
search scope in sysdb_remove_account_posix_by_uid needed to be
LDB_SCOPE_ONELEVEL, not LDB_SCOPE_BASE.
Added associated unit tests. Modified the unit test structure so
that it is called as a single suite, rather than a User and Group
suite, since there is too much overlap.
|
|
for adding/removing user accounts and POSIX groups to the groups.
Also modified the add/remove member functions to be a single
interface taking a flag for add or removal, since the code only
differs by one LDB flag.
Added associated unit tests.
|
|
to now use sysdb_add_member_to_posix_group along with sysdb_add_member_to_posix_group.
Added new unit tests to sysdb-tests.c for groups of groups.
|