summaryrefslogtreecommitdiff
path: root/server
AgeCommit message (Collapse)AuthorFilesLines
2009-03-06added PAM default configuration to confdb_init_dbSumit Bose2-7/+36
set default value of enumerate in LOCAL domain to 1 added checks to talloc_asprintf return values fixed InfoPipe defaults
2009-03-06Fix reporting non-default users.Simo Sorce3-301/+318
We need to add the domain when users are not part of the default domain, otherwise name conflicts may happen.
2009-03-06minor fixes for the build processSumit Bose3-1/+10
enable --without-tests
2009-03-05Remove _PW_ and _GR_ from SYSDB_ definesSimo Sorce8-82/+78
Also unify SYSDB_PW_NAME and SYSDB_GR_NAME in SYSDB_NAME and make it "name"
2009-03-05Implement GetCachedUsers in the InfoPipeStephen Gallagher4-10/+205
This function allows a caller to retrieve a list of users who have logged in on the system, specifying an optional minimum last login time to trim the list. I modified sysdb_enumpwent to accept an optional search argument. GetCachedUsers takes advantage of this argument to limit the search by the last login time. I also found and fixed a few additional low-memory conditions around D-BUS message replies.
2009-03-05Add functions to add regular users and groupsSimo Sorce3-27/+445
Calulates next id automatically if uid/gid are not specified. Fixes to sysdb_get_next_available_id. Add tests to create users and groups through the new functions.
2009-03-05Adding support for SetUserUID to the InfoPipeStephen Gallagher4-7/+159
The InfoPipe interface Set_YouReallyDoNotWantToUseThisFunction_UserUID1 is now available. I also fixed a memory leak in SetUserAttributes and modified the prototype for infp_get_permissions to make it more clear that the first argument is the caller's username, not the username being checked for permission.
2009-03-05added password reset by rootSumit Bose1-0/+5
2009-03-05added a privileged pipeSumit Bose6-8/+137
2009-03-04Add internal min/max/next id management fucntionsSimo Sorce5-15/+336
Retrieve minID and maxID from domain configuration so that lower and upper bounds can be set per domain. Add function that keeps track of the next available id, increments and returns it on requests, avoiding collisions with existing ids.
2009-03-04Add enumeration backout period.Simo Sorce3-2/+39
If an enumeration has been requested recently enough, force the nss responder to read from the cache and not go out to each backend and do slow network operations. This greatly improves performances if enumerations are used often. Currently the balcout period is harcoded to 2 min, we will need to make it a configurable option.
2009-03-04Implement SetUserAttributes in the InfoPipeStephen Gallagher7-17/+573
SetUserAttributes is now available for use in the Infopipe. I also reorganized a few of the internal InfoPipe objects to reduce code duplication. One very simple test is included in this checkin to validate that the parser is working.
2009-03-04Simplify some aspects of pam_LOCAL_domainSimo Sorce3-138/+87
Use only one context (the local request) for all functions. Use new helper function in sysdb to set numbers as sysdb_attrs values. Do not use pam_status to report internal errors, use an error variable and check it only when we finally reply. Use sysdb_error_to_errno() to convert and ldb error to errno. Do not free every single buffer allocated, they are all appended to the local request and will be automatically freed once the request is finished.
2009-03-04Improve sysdbSimo Sorce4-33/+87
Add comments in header files to better explain interfaces and intended usage. Expose function to convert from ldb errors to errnos. Add sysdb_attrs helper to add a long integer as a value.
2009-03-04Fixing memory leak in GetUserAttributesStephen Gallagher1-1/+2
2009-03-03replaced pure ldb calls with sysdb callsSumit Bose3-120/+309
2009-03-03Provide sysdb_set_user_attr() functions.Simo Sorce5-4/+157
Provide also helper functions to build struct sysdb_attrs. Also fix sysdb_get_user_attr() to have a consistent interface as all other functions.
2009-03-02Unify pwd_search and user_searchSimo Sorce1-35/+11
2009-03-02Do not steal memory in btreemaps.Simo Sorce2-43/+24
Just make sure that the memory passed in is either static or allocated on the same memory context that is parent of the btreemap.
2009-03-02Support byte arrays in InfoPipe GetUserAttributesStephen Gallagher1-27/+80
We now have support for reading binary blobs such as userpic from the sysdb and returning it to an InfoPipe consumer as a byte array. I also cleaned up some code in create_getattr_result_map to make it easier to read.
2009-03-02Make tests configurableJakub Hrozek3-3/+25
2009-03-02Implement GetUserAttributes in the InfoPipeStephen Gallagher13-58/+911
This patch adds support for requesting user data in the sysdb via the InfoPipe. It currently has support for reading defined entries of integral, floating-point or string types. Tasks remaining: 1) Implement call to the provider when cache is out of date 2) Support byte arrays for userpic and similar I modified sysdb_search_ctx in sysdb_search.c to accept an array of attributes to pass into the LDB search. I also made one additional related fix: the btreemap now sorts in the correct order. Previously I had accidentally transposed the two values for sorting, so the map would always have been in exact reverse order.
2009-03-02Create and own /var/lib/sss, memberof.so packagingJakub Hrozek1-5/+14
Own everything in /usr/libexec/sssd in specfile, no nss_client subdir Place memberof.so in /usr/lib/ldb
2009-03-02first version of LOCAL pam backendSumit Bose11-6/+789
2009-02-28Adapt test to changes to the interface.Simo Sorce1-169/+326
Only legacy functions are fully tested now. TODO: add new tests for non-legacy backend operations.
2009-02-28Expose some more functions needed by the testsSimo Sorce3-1/+114
2009-02-28Convert sync calls in sysdb to async, transaction dependent, calls.Simo Sorce9-1313/+1652
2009-02-28Fix confdb issues.Simo Sorce5-110/+67
Avoid uninitialized memory messages in valgrind (in _btreemap_get_keys). Do not free memory we just stored in the btree (in confdb_get_domains_list). Streamline confdb_get_domains() and remove extra calls when we already have all the information handy. Do not store basedn in domain info, the base dn is always calculated out of the domain name. Remove the "provider" attribute, it was really used only to distinguish between LOCAL and other domains, directly check for LOCAL as a special case instead.
2009-02-27Refactor creation of domain_map into confdbStephen Gallagher9-200/+211
The NSS provider, the Data Provider backends and the InfoPipe all need access to the domain map provided by the confdb. Instead of reimplimenting it in multiple places, it is now provided in a pair of helper functions from the confdb. confdb_get_domains() returns a domain map by reference. Always returns the most up-to-date set of domains from the confdb. confdb_get_domains_list() returns an array of strings of all the domain names. Always returns the most up-to-date set of domains from the confdb. This patch also modifies the btreemap_get_keys() function to better handle memory and report allocation failures.
2009-02-26Serialize access to sysdb and also exposes ldb transactions.Simo Sorce9-780/+1063
This is necessary because in ldb only 1 transaction per context is possible and all operations (or new transactions) are nested within it. Will revisit this later when ldb will addresses the problem.
2009-02-26Stop building replace.o until we decide if we use it again.Simo Sorce1-1/+1
2009-02-26Rebase the code to use talloc, tdb, tevent, ldb as externalSimo Sorce45-323/+213
dependencies based on the latest samba code. Convert all references to the old events library to use the renamed tevent library.
2009-02-25Adding InfoPipe entry to config.ldif exampleStephen Gallagher2-1/+7
Also updating the .gitignore file to not ignore config.ldif Signed-off-by: Simo Sorce <ssorce@redhat.com>
2009-02-25added more ldap backend options and an example configurationSumit Bose2-68/+107
Signed-off-by: Simo Sorce <ssorce@redhat.com>
2009-02-25Simplify the code to retrieve the introspection file.Simo Sorce1-31/+50
2009-02-25Store the InfoPipe introspection XML for subsequent requests.Stephen Gallagher2-13/+18
Right now, the introspection XML file is read in every time a client service requests it. Since the XML cannot change during process lifetime, we'll store it on the infp_ctx object so we don't need to hit the filesystem for requests after the first.
2009-02-25top-level Makefile, create libdir/name in server/Makefile.inJakub Hrozek1-0/+1
2009-02-24Add PAM responderSumit Bose28-176/+2991
Also move responders under server/responder with shared code in server/responder/common Signed-off-by: Simo Sorce <ssorce@redhat.com>
2009-02-24Fix SEGFAULT in CheckPermissionsStephen Gallagher1-1/+2
2009-02-24Proper fix for memory handling problem.Simo Sorce14-161/+313
sbus_message_handler is not responsible anymore for sending back data in any case. Transfer this responsibility to the handler function called. This way both synchronous and asynchronous funstions use the interface the same way and can properly free memory referenced by the reply after the send buffer has been filled in and all copies are done in sbus_conn_send_reply()
2009-02-24Revert "Fixing serious memory allocation bug in sbus_message_handler."Simo Sorce12-167/+186
This reverts commit 13421cbe0af4343f9d110600755ffa756690b282. Conflicts: server/infopipe/infopipe.c server/infopipe/infopipe.h While this solution fixed the contingent memory problem it introduced other problems in handling asynchronous replies. Reverting in preparation for a different way to solve it. Conflicts have been taken care of.
2009-02-24Adding support for CheckPermissions to InfoPipe.Stephen Gallagher10-8/+696
CheckPermissions will currently return unrestricted access to the root user, and no access to any other user. Once we decide on an ACL mechanism, this will be easy to change. I have also added very basic tests for the Introspect and CheckPermissions methods.
2009-02-24Spec file patch Take 2:Stephen Gallagher6-18/+46
Adding support for generating RPMS for sssd. Fixing TDB autoconf macros to require version 1.1.3 and support for the tdb_repack symbol (required by LDB) Updating tdb.h to #include <sys/stat.h> for proper autoconf Build system modifications to simplify RPM generation Fixing RPM build system as recommended during code review Minor tweaks to Makefile and sssd.spec Make policykit and infopipe configurable Soname and symlinks
2009-02-24Adding support for generating RPMS for sssd.Stephen Gallagher1-14/+43
Fixing TDB autoconf macros to require version 1.1.3 and support for the tdb_repack symbol (required by LDB) Updating tdb.h to #include <sys/stat.h> for proper autoconf Build system modifications to simplify RPM generation Fixing RPM build system as recommended during code review Minor tweaks to Makefile and sssd.spec Make policykit and infopipe configurable Soname and symlinks
2009-02-24Add D-BUS introspection to InfoPipe This function is necessary to play nice ↵Stephen Gallagher5-5/+90
with D-BUS clients built in multiple languages. It will read in the XML file on the first request and store the returned XML as a component of the sbus_message_handler_ctx for the connection. All subsequent requests during the process' lifetime will be returned from the stored memory. This is perfectly safe, as the available methods cannot change during the process lifetime.
2009-02-23Fixing serious memory allocation bug in sbus_message_handler.Stephen Gallagher12-169/+156
dbus_message_append_args() adds a reference to memory that is not copied to the outgoing message until dbus_connection_send() is called. Since we compile our reply messages in functions and then return the reply, we need a mechanism for deleting allocated memory after invoking dbus_connection_send. I have changed the arguments to sbus_msg_handler_fn so that it takes a talloc ctx containing the sbus_message_handler_ctx and a pointer to a reply object. We can now allocate memory as a child of the reply context and free it after calling dbus_connection_send.
2009-02-23Attach the InfoPipe to the D-BUS system bus. InfoPipe is now capable of ↵Stephen Gallagher13-51/+675
listening for requests to org.freeipa.sssd.infopipe I made the sbus_add_connection function public so that I could use it for system bus connections. Adding initial framework for the InfoPipe Updating sysdb tests for the refactored sysdb methods.
2009-02-20Change examples accordingly to changes in the codeSimo Sorce2-7/+10
2009-02-20Reorganize sysdb a bit,Simo Sorce6-980/+1096
rename _posix_ function into _legacy_ Add support for the posix legacy mode where memberships are stored in memberUId and not in member/memberof pairs. Do not build sysdb as a library
2009-02-20Add helper function to get booleans from confdbSimo Sorce2-9/+46