Age | Commit message (Collapse) | Author | Files | Lines |
|
Retrieve minID and maxID from domain configuration so that lower
and upper bounds can be set per domain.
Add function that keeps track of the next available id, increments
and returns it on requests, avoiding collisions with existing ids.
|
|
If an enumeration has been requested recently enough, force the
nss responder to read from the cache and not go out to each backend
and do slow network operations. This greatly improves performances
if enumerations are used often.
Currently the balcout period is harcoded to 2 min, we will need to make
it a configurable option.
|
|
SetUserAttributes is now available for use in the Infopipe.
I also reorganized a few of the internal InfoPipe objects to
reduce code duplication.
One very simple test is included in this checkin to validate that
the parser is working.
|
|
Use only one context (the local request) for all functions.
Use new helper function in sysdb to set numbers as sysdb_attrs values.
Do not use pam_status to report internal errors, use an error variable
and check it only when we finally reply.
Use sysdb_error_to_errno() to convert and ldb error to errno.
Do not free every single buffer allocated, they are all appended to the
local request and will be automatically freed once the request is finished.
|
|
Add comments in header files to better explain interfaces and intended usage.
Expose function to convert from ldb errors to errnos.
Add sysdb_attrs helper to add a long integer as a value.
|
|
|
|
|
|
Provide also helper functions to build struct sysdb_attrs.
Also fix sysdb_get_user_attr() to have a consistent interface
as all other functions.
|
|
|
|
Just make sure that the memory passed in is either static or allocated on the
same memory context that is parent of the btreemap.
|
|
We now have support for reading binary blobs such as userpic from
the sysdb and returning it to an InfoPipe consumer as a byte array.
I also cleaned up some code in create_getattr_result_map to make
it easier to read.
|
|
|
|
This patch adds support for requesting user data in the sysdb via
the InfoPipe. It currently has support for reading defined entries
of integral, floating-point or string types.
Tasks remaining:
1) Implement call to the provider when cache is out of date
2) Support byte arrays for userpic and similar
I modified sysdb_search_ctx in sysdb_search.c to accept an array of
attributes to pass into the LDB search.
I also made one additional related fix: the btreemap now sorts in the
correct order. Previously I had accidentally transposed the two
values for sorting, so the map would always have been in exact
reverse order.
|
|
Own everything in /usr/libexec/sssd in specfile, no nss_client subdir
Place memberof.so in /usr/lib/ldb
|
|
|
|
Only legacy functions are fully tested now.
TODO: add new tests for non-legacy backend operations.
|
|
|
|
|
|
Avoid uninitialized memory messages in valgrind (in _btreemap_get_keys).
Do not free memory we just stored in the btree (in confdb_get_domains_list).
Streamline confdb_get_domains() and remove extra calls when we already have
all the information handy.
Do not store basedn in domain info, the base dn is always calculated out of
the domain name.
Remove the "provider" attribute, it was really used only to distinguish between
LOCAL and other domains, directly check for LOCAL as a special case instead.
|
|
The NSS provider, the Data Provider backends and the InfoPipe all
need access to the domain map provided by the confdb. Instead of
reimplimenting it in multiple places, it is now provided in a pair
of helper functions from the confdb.
confdb_get_domains() returns a domain map by reference. Always
returns the most up-to-date set of domains from the confdb.
confdb_get_domains_list() returns an array of strings of all the
domain names. Always returns the most up-to-date set of domains
from the confdb.
This patch also modifies the btreemap_get_keys() function to
better handle memory and report allocation failures.
|
|
This is necessary because in ldb only 1 transaction per context is possible
and all operations (or new transactions) are nested within it.
Will revisit this later when ldb will addresses the problem.
|
|
|
|
dependencies based on the latest samba code.
Convert all references to the old events library to use the
renamed tevent library.
|
|
Also updating the .gitignore file to not ignore config.ldif
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
|
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
|
|
|
Right now, the introspection XML file is read in every time a
client service requests it. Since the XML cannot change during
process lifetime, we'll store it on the infp_ctx object so we
don't need to hit the filesystem for requests after the first.
|
|
|
|
Also move responders under server/responder with shared code
in server/responder/common
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
|
|
|
sbus_message_handler is not responsible anymore for sending
back data in any case.
Transfer this responsibility to the handler function called.
This way both synchronous and asynchronous funstions use the
interface the same way and can properly free memory referenced
by the reply after the send buffer has been filled in and all
copies are done in sbus_conn_send_reply()
|
|
This reverts commit 13421cbe0af4343f9d110600755ffa756690b282.
Conflicts:
server/infopipe/infopipe.c
server/infopipe/infopipe.h
While this solution fixed the contingent memory problem it introduced
other problems in handling asynchronous replies.
Reverting in preparation for a different way to solve it.
Conflicts have been taken care of.
|
|
CheckPermissions will currently return unrestricted access to the
root user, and no access to any other user. Once we decide on an
ACL mechanism, this will be easy to change.
I have also added very basic tests for the Introspect and
CheckPermissions methods.
|
|
Adding support for generating RPMS for sssd.
Fixing TDB autoconf macros to require version 1.1.3
and support for the tdb_repack symbol (required by LDB)
Updating tdb.h to #include <sys/stat.h> for proper autoconf
Build system modifications to simplify RPM generation
Fixing RPM build system as recommended during code review
Minor tweaks to Makefile and sssd.spec
Make policykit and infopipe configurable
Soname and symlinks
|
|
Fixing TDB autoconf macros to require version 1.1.3
and support for the tdb_repack symbol (required by LDB)
Updating tdb.h to #include <sys/stat.h> for proper autoconf
Build system modifications to simplify RPM generation
Fixing RPM build system as recommended during code review
Minor tweaks to Makefile and sssd.spec
Make policykit and infopipe configurable
Soname and symlinks
|
|
with D-BUS clients built in multiple languages. It will read in the XML file on the first request and store the returned XML as a component of the sbus_message_handler_ctx for the connection. All subsequent requests during the process' lifetime will be returned from the stored memory. This is perfectly safe, as the available methods cannot change during the process lifetime.
|
|
dbus_message_append_args() adds a reference to memory that is not
copied to the outgoing message until dbus_connection_send() is
called. Since we compile our reply messages in functions and then
return the reply, we need a mechanism for deleting allocated
memory after invoking dbus_connection_send. I have changed the
arguments to sbus_msg_handler_fn so that it takes a talloc ctx
containing the sbus_message_handler_ctx and a pointer to a reply
object. We can now allocate memory as a child of the reply context
and free it after calling dbus_connection_send.
|
|
listening for requests to org.freeipa.sssd.infopipe
I made the sbus_add_connection function public so that I could
use it for system bus connections.
Adding initial framework for the InfoPipe
Updating sysdb tests for the refactored sysdb methods.
|
|
|
|
rename _posix_ function into _legacy_
Add support for the posix legacy mode where memberships
are stored in memberUId and not in member/memberof pairs.
Do not build sysdb as a library
|
|
|
|
types of domains: modern and legacy
modern uses member/meberof, legacy uses memberUid for group
memberships.
Rework the proxy backend to use the legacy style as that's the
format the data comes in (trying to convert would require too
many transformations and increased the number of queries).
Add support for fetching groups in nss.
Add support for enumerating users and groups (requires to enable enumeration
in config) both in nss and in the proxy provider.
Remove confdb_get_domain_basedn() and substitute with generic calls in
the nss init function.
Store a domain structure in the btree not the basedn so that we can add
enumeration flags.
Also make sure NSS understand how to make multiple calls on
enumerations, also make passing the domian parameter always
mandatory, passing in domain=* is not valid anymore.
This work fixes also a few memory, degfault, and logic bugs
found while testing all nss functions (there are still some to
fix that are less critical and much harder to find yet).
|
|
|
|
requested method is not registered with the message handler. Previously, we returned DBUS_HANDLER_RESULT_HANDLED with no indication that nothing had happened.
|
|
btreemap_new() 2) Fix potentially serious memory allocation error. btreemap now requires a TALLOC_CTX to be passed in for assignment to the top node of the tree. Previously it was creating a new root TALLOC_CTX 3) Add new function btreemap_get_keys that will return a sorted array (newly allocated using talloc_realloc()) of keys (const void *) 4) Change the btreemap to use (const void *) keys instead of (void *)
|
|
This was causing some functions to not cancel a transaction as they should
have, leaving it pending indefintely. It in turn meant that no other process
could see what was "stored" in the db as transactions are not fluched to the
db until "committed".
Took me quite a while and a lot of confusion to catch why I was seeing
"ghost entries" in some processes and not seeing the entry in others ..
As a defensive programming measure make sure we commit OR cancel in the same
spot and that we always go thorugh it.
|
|
|
|
|
|
|
|
services ping time.
|