Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
We were talloc_free()-ing the cdb_file string too early.
|
|
We will now parse the config file and validate the confdb contents
before processing the rest of the monitor startup. This will allow
us to return an appropriate error code to the shell if the
configuration is invalid.
|
|
Because the confdb always operates synchronously, it maintains its
own private event context internally. The event context argument
passed to it is never used, so we'll remove it to avoid confusion.
|
|
The special persistent local database retains the original name.
All other backends now have their own cache-NAME.ldb file.
|
|
The data provider backends stored a name value besides the domain
name to identify themselves to the data provider. This was the name
of the id provider. Currently the backends can have different
providers for id, authentication etc. So the name may be missleading.
Also when there are more domains with the same id provider the name
is not enough to identify the backend but the domain name is. As a
consequence the backend name is removed completely and only the
domain name is used for identification.
|
|
|
|
Remove redundant reconnection code that was interfeering with the sbus
reconnection code.
Consolidate include files for sbus relates operations.
Make pamsrv code similar to nsssrv code.
|
|
Simply delay anything other service by 1 second only at startup.
|
|
Let services identify themselves voiluntarily as the first operation
instead of polling from the monitor.
Also consolidate some common functions and make them available as monitor
helpers.
|
|
Our configuration specifies the monitor config timeout as seconds,
but we were passing it directly to dbus commands that require
milliseconds. Fixing this in get_monitor_config(). Also, the
default value of -1 for the timeout resulted in a timeout much too
short to be useful, so I'm making it 10s instead.
This fix solves the problem where a busy backend (for example, one
that is enumerating a large number of LDAP entries) would fail to
respond to the ping in time.
|
|
Make as much as possible static, and remove use of talloc_reference and
allocation/deallocation of memory when not necessary.
Fix also responder use of rctx->conn, was mistakenly used for both
monitor and dp connections.
|
|
This reduce code duplication as it allows to use one set of watch and timeout
functions, and at the same time also allow not to use a secondary structure just
to unify these functions.
|
|
Rationalize and rename connection names in preparatoin for merging of server and
connection structures.
|
|
Simplify code by removing stuff that is never used or redundant.
|
|
1) Forgot to check for successful allocation
2) Used the wrong mem_ctx when allocating a timer event.
|
|
use '--debug-timestamps' at the command line
or set 'debug-timestamps = TRUE' in the configuration file.
|
|
|
|
This patch updates the monitor_config_file() functions so that
they can monitor any number of files and invoke a specified
callback whenever they are modified.
When inotify is available, we will add an additional watch
descriptor to the inotify file descriptor.
When inotify is not available, the polling function will simply
loop to check each file in the monitor list.
When changes are discovered in resolv.conf, the monitor will send
a "resInit" signal to all of its known children. They are only
required to handle this function if they need updated DNS
information. Services that do not implement resInit should return
DBUS_ERROR_UNKNOWN_METHOD (rather than timing out) with no ill
effects.
|
|
1) Some text editors will create a new file and move it into place
on top of the existing file. When this happens, the kernel issues
an IN_IGNORE inotify event and automatically removes the watch
descriptor for that file. We'll handle the event and create a new
watch descriptor for the new file. We will attempt to rewatch the
file six times at five-second intervals.
2) Some scripts may append new data to the config file in several
steps (such as calling echo "foo" >> sssd.conf several times). In
order to handle these scripts safely, we'll defer processing of
inotify events for one second after the first is detected. This
should be ample time for the remainder of the script to complete.
|
|
See ticket #37 in sssd track.
|
|
|
|
There was a typo in the confdb setup portion of the
monitor_process_init that was attempting to use the wrong cdb
object to initialize.
This patch also adds some missing talloc_free() calls on error.
|
|
There is a potential race condition where the monitor may attempt
to signal a reload of a child process before the communication
sbus channel is available. If this happens, we will just exit this
function and let the monitor kill and restart the child process.
|
|
We were stealing the memory context of only the first value in
the linked-list of domains (and also services). This patch adds a
memory context to hold the lists so that can be stolen along with
all of the entries.
|
|
|
|
Actually use the buffer not it's location on the stack.
|
|
|
|
The local provider needs no backend, so we'll create a special
provider entry for it called "local" that will not attempt to
retrieve provider configuration but will remain in the service
list so it can be updated when the config file changes.
|
|
|
|
|
|
Refactoring the confdb so that the setup code can be linked
separately from the access API. This is being done so that our
plugins do not need to link against the collection and ini_config
libraries.
|
|
Use tevent signal handling facilities for handlong SIGTERM and SIGINT in the monitor.
Remove pidfile on SIGTERM and SIGINT.
Make sssd single-instance by checking if we suceeded in signaling the process in the pidfile.
|
|
In the event that the configuration was corrupt the first time the
SSSD is started, it would write in the special data for attributes
and indexes, but it would fail before writing the version.
Subsequent reloads (even with correct configuration files) would
fail, since they would try again to write the attributes and
indexes and fail since they were already present.
|
|
Also convert all places where we were using custom code to parse
config arguments.
And fix a copy&paste error in nss_get_config
|
|
Previously, every DP client was allowed to set its own "retries"
option. This option was ambiguous, and useless. All DP clients
will now use a global option set in the services config called
"reconnection_retries"
|
|
|
|
The SSSD now links with the ini_config and collection libraries
in the common directory.
The monitor will track changes to the /etc/sssd/sssd.conf file
using inotify on platforms that support it, or polled every 5
seconds on platforms that do not.
At startup or modification of the conf file, the monitor will
purge the existing confdb and reread it completely from the conf
file, to ensure that there are no lingering entries. It does this
in a transaction, so there should be no race condition with the
client services.
A new option has been added to the startup options for the SSSD.
It is now possible to specify an alternate config file with the
-c <file> at the command line.
|
|
Fixes requested during code review
|
|
Previously it was runtime-selectable in the confdb, but this is
not a sensible approach, as if it were to change during runtime,
it would cause problems communicating with the child services.
|
|
To be able to correctly filter out duplicate names when multiple non-fully
qualified domains are in use we need to be able to specify the domains order.
This is now accomplished by the configuration paramets 'domains' in the
config/domains entry. 'domains' is a comma separated list of domain names.
This paramter allows also to have disbaled domains in the configuration without
requiring to completely delete them.
The domains list is now kept in a linked list of sss_domain_info objects.
The first domain is also the "default" domain.
|
|
once per cycle
|
|
Now it can load from scratch default configuration that is valid for all
daemons.
First thing, make it possible for each daemon/provider to set its own debug
level in its configuration entry.
|
|
Make confdb load a base ldif like sysdb to initialize the db,
makes it simpler to understand at first sight what is the default
configuration.
Make the parameter "command" optional. Derive the default command
from available information.
Make the debug level a global by default so that enabling debug for
all components is as easy as passing just -d X to the sssd binary.
|
|
Per discussion with the desktop team, using the org.freedesktop
interface name will simplify adoption, as potential users won't
feel like they're pulling in a FreeIPA dependency.
|
|
When the sysdb LDB file does not exist on the system, the first
attempt to connect to it will invoke a creation routine. However,
both the NSS and the InfoPipe are started in parallel by the
monitor, resulting in a race condition as they both try to
initialize the sysdb. The easiest fix for this is to simply have
the monitor create the sysdb before it launches NSS and InfoPipe.
|
|
Changed the order of the arguments to CreateUser in the
Introspection XML to match the other functions (domain belongs
second on the list)
A few other minor fixes as well:
Fixed a typo in SYSDB_GETCACHED_FILTER and sysdb_transaction_end().
Added missing error handling in infp_do_user_set_uid().
|
|
Avoid uninitialized memory messages in valgrind (in _btreemap_get_keys).
Do not free memory we just stored in the btree (in confdb_get_domains_list).
Streamline confdb_get_domains() and remove extra calls when we already have
all the information handy.
Do not store basedn in domain info, the base dn is always calculated out of
the domain name.
Remove the "provider" attribute, it was really used only to distinguish between
LOCAL and other domains, directly check for LOCAL as a special case instead.
|
|
The NSS provider, the Data Provider backends and the InfoPipe all
need access to the domain map provided by the confdb. Instead of
reimplimenting it in multiple places, it is now provided in a pair
of helper functions from the confdb.
confdb_get_domains() returns a domain map by reference. Always
returns the most up-to-date set of domains from the confdb.
confdb_get_domains_list() returns an array of strings of all the
domain names. Always returns the most up-to-date set of domains
from the confdb.
This patch also modifies the btreemap_get_keys() function to
better handle memory and report allocation failures.
|
|
dependencies based on the latest samba code.
Convert all references to the old events library to use the
renamed tevent library.
|