| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Use common sss_parse_name function in all responders
Simplify responder headers by combining common,cmd,dp in one header and
add name parse structure as part of the common responder context.
|
|
This way LOCAL domains backed by files works as expected too.
Tested with nss_files + pam_unix
|
|
The same module may implement both types, but initializatrion will be
nonetheless performed separately, once for the identity module and once for the
authenticator module.
Also change the proxy module to retireve the pam target name from the domain
configuration so that it is possibile to create per-domain pam stacks.
With this modification it is actually possibile to use normal nss and pam
modules to perform a successful authentication (tested only with sudo so far)
Update exmples.
|
|
This became obsolete when we moved all functions to sysdb.
|
|
The ldap_ prefix should be considered reserved namespace for ldap librraies
Renaming all ldap_* internal stuff to sdap_, in some cases also move from
ldap_be_ to sdap_ as the reason for _be_ was just clearly a name space
conflict (ldap_be_init, etc..)
|
|
Makes LOCAL a normal backend removing some special handling.
Fix/Add id range filtering and name filtering
Filters uid=0 and gid=0 in the proxy backend as 0 is invalid within
sysdb and was causing getxxent calls to fail completely.
Fix nss_ncache_check_xxx calls to avoid dirtying the 'ret' variable and
causing some unwanted failures.
Change sysdb to always return the uid number when searching member entries so
that id range filtering can be perfomed also in group searhes (does not work
with legacy backends)
|
|
A new nss_parse_name function uses pcre to parse names, this makes
it possible, in future, to make the filter user configurable.
Add a new filter mechanism to filter out users that uses the negative cache by
setting a permanet negative entry.
Rework the entry points where the negative cache is checked for.
|
|
|
|
|
|
- value array is not terminated properly
- infopipe service is added dynamically
|
|
|
|
May happen at startup if, for some reason dp is very slow to start and we
receive a request before a reconnection is rescheduled in the responder dp
reconnection code.
This shouldn't happen normally so make it clear with a debug statement.
|
|
Make nss_ctx a private pointer of the common resp_ctx
Use sss_process_init and remove all duplicate functions from nsssrv.c
|
|
The structure we copy the domain pointerr on is not zero when allocated.
We need to zero it ourselves or we get segfaults later on.
A cut&paste error caused us to call the wrong getpw function.
|
|
once per cycle
|
|
|
|
|
|
forgot to commit a few changes
|
|
This fixes some old 'Fixme's :)
|
|
Now it can load from scratch default configuration that is valid for all
daemons.
First thing, make it possible for each daemon/provider to set its own debug
level in its configuration entry.
|
|
Make confdb load a base ldif like sysdb to initialize the db,
makes it simpler to understand at first sight what is the default
configuration.
Make the parameter "command" optional. Derive the default command
from available information.
Make the debug level a global by default so that enabling debug for
all components is as easy as passing just -d X to the sssd binary.
|
|
|
|
|
|
|
|
Any client of the SBUS that wants to implement automatic
reconnection may now call sbus_reconnect_init to set it up.
The clients will need to set up a callback to handle the result
of the reconnection and (in the case of a successful reconnection)
readd the method handlers to the connection context.
|
|
|
|
Per discussion with the desktop team, using the org.freedesktop
interface name will simplify adoption, as potential users won't
feel like they're pulling in a FreeIPA dependency.
|
|
|
|
When I converted from using just the domain name to passing down the info
structure I goofed how to test if we were willing to attach the local domain to
the user/group names or not.
|
|
In delete_callback we were freeing rep after having called return_done()
This caused a double free becuse rep is already freed as child of the request
when return_done calles the callback. To avoid future errors like this convert
return_error and return_done into functions and make them always be the last
call of the function and call them as part of the function return.
|
|
|
|
|
|
This should help understanding what's going on if the server fails to create a
pid file.
|
|
As for positive caches, negative caches are implement for all queries
except enumerations.
Also set the correct requires in sssd.spec as we now depend directly on tdb as
well.
|
|
Make so that definitions in the code and install paths actually match
|
|
For some reason we were not testing for HAVE_SETSID in configure therefore the
setsid() function was never called. This failed to set the process group after
the first fork.
Remove ifdef because we depend on setsid() anyway, so if it is not available on
some platform it is better to fail rather then silently succeed but not have the
right process group set up.
|
|
|
|
Also add accidentally-omitted loginShell parameter.
|
|
Also bump up the version as this error prevented a successful build of 0.2.0
|
|
Change version after changes in protocol and MPG behavior.
|
|
Gecos, homedir and shell are optional, fix the responder not to refuse to return
the user completely if they are missing, replace an empty homedir with "/".
Also fix fullname vs gecos, and always return gecos for NSS data.
On user creation set gecos to the same value as the user Full Name, to help
populate the gecos field with data that makes sense.
|
|
|
|
Review issues in specfile
|
|
|
|
In the nss communication protocol we were treating uids and gids as 64 bit
values, but uids and gids are really u32 values, change the protocol to reflect
the real size.
|
|
Turn user entries to Magic Private Groups when groups are quesried.
|
|
Fix infinite loop within initgr functions.
Fix min length check copy&paste error, was filtering valid groups if the name
was short enough and the group had no members.
|
|
|
|
This allows to perform checks and modifications in one transaction.
Uses configuration stored in confdb to determins if a domain uses MPGs.
|
