Age | Commit message (Collapse) | Author | Files | Lines |
|
This converts a great many configuration options to the new
standard format.
|
|
Allow entering parent groups for groupadd,useradd,usermod as FQDN. Since
members and parents must be from the same domain, error out if we can't
determine the domain of member.
Fixes: #121
|
|
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d.
Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made
use of the SYSLOG_ERROR() macro, so those portions of that code
also needed to be reverted.
|
|
This is just a band-aid until ELAPI is fully functional and ready to
use.
|
|
Implement a set of python bindings for the sysdb with feature set
similar to what is available in the tools. The primary
consumers would be applications like system-config-users.
Resolves: Ticket #102
|
|
Instead of working directly with async code in tools, create synchronous
wrappers that could be used by tools and python bindings.
Also resolves many issues with code duplication in tools and thus fixes
ticket #87
|
|
Move parameter parsing in tools before attempting to do anything that
might fail - so that we have debug_level set correctly for potential
error messages. That allows printing the --help and --usage messages
without being root.
Fix code duplicates in tools and refactor its code a little to lay
ground for decoupling the synchronous interfaces.
Remove some legacy tools leftovers, re-add sensible error message on
removing nonexistent users/groups which was removed by accident.
Fixes: Trac ticket #75
Fix typo in groupdel: fixes ticket #136
|
|
Fixes: #138
|
|
Because the confdb always operates synchronously, it maintains its
own private event context internally. The event context argument
passed to it is never used, so we'll remove it to avoid confusion.
|
|
Removes the ability to proxy to shadow-utils. Also remove all the
supporting functions for getting domain type, domain by id etc.
|
|
|
|
The special persistent local database retains the original name.
All other backends now have their own cache-NAME.ldb file.
|
|
One of the previous patches disallowed adding users and groups outside
known domains but it was missing disallowing modifying, deleting, etc.
Also don't error if there's no sysdb cache to delete after deleting
legacy user/domain.
Fixes: tickets #113,#114
|
|
This patch introduces provider=files as a valid provider.
Upon loading the backend, its properties in confdb are overwritten to
those that represent legacy local domain.
Also document this in sssd.conf(5) and example config
|
|
The tools did not take the special case where id_max = 0 (no limit)
into account.
Also disallow adding users when ID is specified outside any domain.
Resolves trac tickets #86 and #89
|
|
ticket #101
|
|
Allow adding users into different domains not only by specifying
ID directly but also by specifying fully qualified name. Exit when
both specifications are used in conflict.
|
|
|
|
When looking for the local domain in the tools, do so by looking
on provider value, not domain name. Also removes one redundant lookup
of local domain.
|
|
Fixes: RHBZ #513247, RHBZ #513250
|
|
Some code paths that should exit with an error used potentionally
incorrect return code.
|
|
Fixes:
* RHBZ 513282 - Error Message Incorrect when Trying to add Group with GID
already in use
* RHBZ 513284 - Error Message Incorrect when Trying to add User with
UID already in use
* RHBZ 513242 - Better error Message when modifying a user that doesn't exist
* RHBZ 513244 - Better error Message when adding a user to a group that doesn't
exist
|
|
There is a lot of duplication in user tools.
First steps to remove as much duplication as possible.
|
|
|
|
Also move setting locale to separate function to be called before
anything else to make sure the "Not root" message would be localized.
|
|
This is part of a set of patches to rewrite sysdb to a hopefully better
API, that will also let use use tevent_req async style calls to manipulate
our cache.
|
|
This sysdb_req has always really been a transaction handle and not
a request.
This is part of a set of patches to rewrite transaction support in sysdb to a
hopefully better API, that will also let use use tevent_req async style to
manipulate our cache.
|
|
|
|
|
|
|
|
Previously, sss_useradd defaults were hardcoded with no way to
change user's default shell or base for home directory. This patch moves
them into config/user_defaults
|
|
Convert auth modules to do the caching themselves
|
|
Fixes: RHBZ #498462
|
|
|
|
Make shadow-utils base path configurable
Use default values for params, allow configuring them
|
|
- added range check for supplied UIDs and GIDs
- initialize pc_gid to 0 to trigger gid generation
|
|
Change sysdb to always passwd sss_domain_info, not just the domain name.
This way domain specific options can always be honored at the db level.
|
|
To be able to correctly filter out duplicate names when multiple non-fully
qualified domains are in use we need to be able to specify the domains order.
This is now accomplished by the configuration paramets 'domains' in the
config/domains entry. 'domains' is a comma separated list of domain names.
This paramter allows also to have disbaled domains in the configuration without
requiring to completely delete them.
The domains list is now kept in a linked list of sss_domain_info objects.
The first domain is also the "default" domain.
|
|
Gecos, homedir and shell are optional, fix the responder not to refuse to return
the user completely if they are missing, replace an empty homedir with "/".
Also fix fullname vs gecos, and always return gecos for NSS data.
On user creation set gecos to the same value as the user Full Name, to help
populate the gecos field with data that makes sense.
|
|
|
|
|
|
This allows to perform checks and modifications in one transaction.
Uses configuration stored in confdb to determins if a domain uses MPGs.
|
|
|
|
Move parse_groups into tools_utils
|
|
|
|
Init tools ctx in groupadd before copying its value
|
|
Don't convert username->uid in userdel, use DN
|
|
|
|
Also install tools into /sbin, own them in specfile
|
|
The first functional command is sss_useradd
(Name is temporary, while looking for a better one)
|