Age | Commit message (Collapse) | Author | Files | Lines |
|
- add a hint to the man page about permissions on sssd.conf
- add a test if a symbolic link can be opened
|
|
Use this new utility call to ensure that the config file is safe
to read from.
|
|
|
|
Implement a set of python bindings for the sysdb with feature set
similar to what is available in the tools. The primary
consumers would be applications like system-config-users.
Resolves: Ticket #102
|
|
The configuration options krb5ccache_dir and krb5ccname_template
are added to the Kerberos provider to create the user's credential
caches the same way as pam_krb5 does. Due to the design of the sssd
and the supported ccache types of MIT Kerberos only files are
allowed.
|
|
The code was still dependent on it for the ldap driver.
Changed the driver code to depend on the schema type.
Fix defaults for user and groups trees.
ATM if you use the rfc2307bis schema you have to put users and groups
in 2 separate trees (what people does by default anyway.
If this limitation will turn to be too hard, we will change this later.
|
|
|
|
Because the confdb always operates synchronously, it maintains its
own private event context internally. The event context argument
passed to it is never used, so we'll remove it to avoid confusion.
|
|
The special persistent local database retains the original name.
All other backends now have their own cache-NAME.ldb file.
|
|
|
|
|
|
|
|
Also add tests
|
|
Add some basic unit tests of the async resolver module.
One of the tests resolves a name on the Internet, therefore it is
off by default and is turned on with the -n switch.
|
|
|
|
|
|
This is part of a set of patches to rewrite sysdb to a hopefully better
API, that will also let use use tevent_req async style calls to manipulate
our cache.
|
|
This sysdb_req has always really been a transaction handle and not
a request.
This is part of a set of patches to rewrite transaction support in sysdb to a
hopefully better API, that will also let use use tevent_req async style to
manipulate our cache.
|
|
|
|
|
|
|
|
|
|
|
|
Per discussion with the desktop team, using the org.freedesktop
interface name will simplify adoption, as potential users won't
feel like they're pulling in a FreeIPA dependency.
|
|
Also shorten names oh other user attributes.
|
|
Also unify SYSDB_PW_NAME and SYSDB_GR_NAME in SYSDB_NAME and make it "name"
|
|
Calulates next id automatically if uid/gid are not specified.
Fixes to sysdb_get_next_available_id.
Add tests to create users and groups through the new functions.
|
|
SetUserAttributes is now available for use in the Infopipe.
I also reorganized a few of the internal InfoPipe objects to
reduce code duplication.
One very simple test is included in this checkin to validate that
the parser is working.
|
|
This patch adds support for requesting user data in the sysdb via
the InfoPipe. It currently has support for reading defined entries
of integral, floating-point or string types.
Tasks remaining:
1) Implement call to the provider when cache is out of date
2) Support byte arrays for userpic and similar
I modified sysdb_search_ctx in sysdb_search.c to accept an array of
attributes to pass into the LDB search.
I also made one additional related fix: the btreemap now sorts in the
correct order. Previously I had accidentally transposed the two
values for sorting, so the map would always have been in exact
reverse order.
|
|
Only legacy functions are fully tested now.
TODO: add new tests for non-legacy backend operations.
|
|
dependencies based on the latest samba code.
Convert all references to the old events library to use the
renamed tevent library.
|
|
CheckPermissions will currently return unrestricted access to the
root user, and no access to any other user. Once we decide on an
ACL mechanism, this will be easy to change.
I have also added very basic tests for the Introspect and
CheckPermissions methods.
|
|
listening for requests to org.freeipa.sssd.infopipe
I made the sbus_add_connection function public so that I could
use it for system bus connections.
Adding initial framework for the InfoPipe
Updating sysdb tests for the refactored sysdb methods.
|
|
throw away databases
Check version and init main db if empty
|
|
use the same namespace (sysdb_posix_)
- no need to explicitly start a transaction if only one
operation is performed using a synchronous interface
- split _add_remove_ functions into separate functions,
don't let ldap madness creep into out interfaces
|
|
Fixed a few small bugs in sysdb_[store|remove]_account_posix. The
string "uid=" needed to be replaced with SYSDB_PW_NAME, and the
search scope in sysdb_remove_account_posix_by_uid needed to be
LDB_SCOPE_ONELEVEL, not LDB_SCOPE_BASE.
Added associated unit tests. Modified the unit test structure so
that it is called as a single suite, rather than a User and Group
suite, since there is too much overlap.
|
|
for adding/removing user accounts and POSIX groups to the groups.
Also modified the add/remove member functions to be a single
interface taking a flag for add or removal, since the code only
differs by one LDB flag.
Added associated unit tests.
|
|
to now use sysdb_add_member_to_posix_group along with sysdb_add_member_to_posix_group.
Added new unit tests to sysdb-tests.c for groups of groups.
|
|
|
|
|