Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Convert auth modules to do the caching themselves
|
|
Change sysdb to always passwd sss_domain_info, not just the domain name.
This way domain specific options can always be honored at the db level.
|
|
To be able to correctly filter out duplicate names when multiple non-fully
qualified domains are in use we need to be able to specify the domains order.
This is now accomplished by the configuration paramets 'domains' in the
config/domains entry. 'domains' is a comma separated list of domain names.
This paramter allows also to have disbaled domains in the configuration without
requiring to completely delete them.
The domains list is now kept in a linked list of sss_domain_info objects.
The first domain is also the "default" domain.
|
|
Now it can load from scratch default configuration that is valid for all
daemons.
First thing, make it possible for each daemon/provider to set its own debug
level in its configuration entry.
|
|
Per discussion with the desktop team, using the org.freedesktop
interface name will simplify adoption, as potential users won't
feel like they're pulling in a FreeIPA dependency.
|
|
Also add accidentally-omitted loginShell parameter.
|
|
|
|
Also shorten names oh other user attributes.
|
|
When detecting an internal error in the InfoPipe, make a best-
attempt at sending an error message back to the calling program,
instead of simply leaving the client to wait for the timeout.
|
|
|
|
|
|
If the user that starts InfoPipe is not permitted by the system
bus to request the InfoPipe name, the sssd_info process would
segfault, since the destructor for the connection object was
called before it was completely created. I have moved the
initialization of the destructor to later in the setup routine.
|
|
|
|
Also fixed two minor bugs in CreateUser
|
|
|
|
|
|
Changed the order of the arguments to CreateUser in the
Introspection XML to match the other functions (domain belongs
second on the list)
A few other minor fixes as well:
Fixed a typo in SYSDB_GETCACHED_FILTER and sysdb_transaction_end().
Added missing error handling in infp_do_user_set_uid().
|
|
Also unify SYSDB_PW_NAME and SYSDB_GR_NAME in SYSDB_NAME and make it "name"
|
|
This function allows a caller to retrieve a list of users who have
logged in on the system, specifying an optional minimum last login
time to trim the list.
I modified sysdb_enumpwent to accept an optional search argument.
GetCachedUsers takes advantage of this argument to limit the search
by the last login time.
I also found and fixed a few additional low-memory conditions
around D-BUS message replies.
|
|
The InfoPipe interface
Set_YouReallyDoNotWantToUseThisFunction_UserUID1 is now available.
I also fixed a memory leak in SetUserAttributes and modified the
prototype for infp_get_permissions to make it more clear that the
first argument is the caller's username, not the username being
checked for permission.
|
|
SetUserAttributes is now available for use in the Infopipe.
I also reorganized a few of the internal InfoPipe objects to
reduce code duplication.
One very simple test is included in this checkin to validate that
the parser is working.
|
|
|
|
Provide also helper functions to build struct sysdb_attrs.
Also fix sysdb_get_user_attr() to have a consistent interface
as all other functions.
|
|
Just make sure that the memory passed in is either static or allocated on the
same memory context that is parent of the btreemap.
|
|
We now have support for reading binary blobs such as userpic from
the sysdb and returning it to an InfoPipe consumer as a byte array.
I also cleaned up some code in create_getattr_result_map to make
it easier to read.
|
|
This patch adds support for requesting user data in the sysdb via
the InfoPipe. It currently has support for reading defined entries
of integral, floating-point or string types.
Tasks remaining:
1) Implement call to the provider when cache is out of date
2) Support byte arrays for userpic and similar
I modified sysdb_search_ctx in sysdb_search.c to accept an array of
attributes to pass into the LDB search.
I also made one additional related fix: the btreemap now sorts in the
correct order. Previously I had accidentally transposed the two
values for sorting, so the map would always have been in exact
reverse order.
|
|
dependencies based on the latest samba code.
Convert all references to the old events library to use the
renamed tevent library.
|
|
Also updating the .gitignore file to not ignore config.ldif
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
|
|
|
Right now, the introspection XML file is read in every time a
client service requests it. Since the XML cannot change during
process lifetime, we'll store it on the infp_ctx object so we
don't need to hit the filesystem for requests after the first.
|
|
|
|
sbus_message_handler is not responsible anymore for sending
back data in any case.
Transfer this responsibility to the handler function called.
This way both synchronous and asynchronous funstions use the
interface the same way and can properly free memory referenced
by the reply after the send buffer has been filled in and all
copies are done in sbus_conn_send_reply()
|
|
This reverts commit 13421cbe0af4343f9d110600755ffa756690b282.
Conflicts:
server/infopipe/infopipe.c
server/infopipe/infopipe.h
While this solution fixed the contingent memory problem it introduced
other problems in handling asynchronous replies.
Reverting in preparation for a different way to solve it.
Conflicts have been taken care of.
|
|
CheckPermissions will currently return unrestricted access to the
root user, and no access to any other user. Once we decide on an
ACL mechanism, this will be easy to change.
I have also added very basic tests for the Introspect and
CheckPermissions methods.
|
|
with D-BUS clients built in multiple languages. It will read in the XML file on the first request and store the returned XML as a component of the sbus_message_handler_ctx for the connection. All subsequent requests during the process' lifetime will be returned from the stored memory. This is perfectly safe, as the available methods cannot change during the process lifetime.
|
|
dbus_message_append_args() adds a reference to memory that is not
copied to the outgoing message until dbus_connection_send() is
called. Since we compile our reply messages in functions and then
return the reply, we need a mechanism for deleting allocated
memory after invoking dbus_connection_send. I have changed the
arguments to sbus_msg_handler_fn so that it takes a talloc ctx
containing the sbus_message_handler_ctx and a pointer to a reply
object. We can now allocate memory as a child of the reply context
and free it after calling dbus_connection_send.
|
|
listening for requests to org.freeipa.sssd.infopipe
I made the sbus_add_connection function public so that I could
use it for system bus connections.
Adding initial framework for the InfoPipe
Updating sysdb tests for the refactored sysdb methods.
|
|
It will connect and authenticate successfully (using the included D-BUS policy file installed in the correct /etc directory. Does not yet listen for requests.
|
|
|