summaryrefslogtreecommitdiff
path: root/src/providers/data_provider_be.c
AgeCommit message (Collapse)AuthorFilesLines
2013-02-01dp: check whether hostid backend is configured before filing be requestPavel Březina1-0/+8
2013-01-21Make struct be_req opaqueSimo Sorce1-0/+18
2013-01-21Add be_req_get_data() helper funciton.Simo Sorce1-4/+11
In preparation for making struct be_req opaque.
2013-01-21Add be_req_get_be_ctx() helper.Simo Sorce1-0/+5
In preparation for making be_req opaque
2013-01-21Add be_req_create() helperSimo Sorce1-37/+33
2013-01-21Introduce be_req_terminate() helperSimo Sorce1-2/+9
Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
2013-01-21Remove domain from be_req structureSimo Sorce1-1/+0
2013-01-21Remove sysdb as a be request structure memberSimo Sorce1-1/+0
The sysdb context is already available through the 'domain' context.
2013-01-21Remove sysdb as a be context structure memberSimo Sorce1-3/+2
The sysdb context is already available through the 'domain' structure.
2013-01-19set struct bet_info->bet_typePavel Březina1-0/+1
2013-01-16Invalidate user entry even if there are no groupsJakub Hrozek1-5/+7
Related to https://fedorahosted.org/sssd/ticket/1757 Previously we would optimize the mc invalidate code for cases where the user was a member of some groups. But if the user was removed from the server while being in memory cache, we would only invalidate the mc record if he was a member of at least one supplementary group.
2013-01-15Add domain argument to sysdb_initgroups()Simo Sorce1-1/+1
2013-01-15Refactor single domain initializationSimo Sorce1-2/+2
Bring it out of sysdb, which will slowly remove internal dependencies on domains and instead will always require them to be passed by callers.
2012-12-18DP: invalidate all cached maps if a request for auto.master comes inJakub Hrozek1-0/+7
If the Data Provider receives a request for the auto.master map, it passes on a flag to let the actual provider let know he should invalidate the existing maps
2012-12-05Add backchannel NSS provider query on initgr callsSimo Sorce1-0/+165
This is needed in order to assure the memcache is properly and promptly cleaned up if a user memberships change on login. The list of the current groups for the user is sourced before it is updated and sent to the NSS provider to verify if it has changed after the update call has been made.
2012-11-19Refactor the way subdomain accounts are savedSimo Sorce1-0/+11
The original sysdb code had a strong assumption that only users from one domain are saved in the databse, with the subdomain feature, we have changed reality, but have not adjusted all the code arund the sysdb calls to not rely on the original assumption. One of the side effects of this incongrunece is that currently group memberships do not return fully qualified names for subdomain users as they should. In oreder to fix this and other potential issues surrounding the violation of the original assumption, we need to fully qualify subdomain user names. By savin them fully qualified we do not risk aliasing local users and have group memberhips or other name based matching code mistake a domain user with subdomain usr or vice versa.
2012-11-14Run IPA subdomain provider if IPA ID provider is configuredSumit Bose1-1/+2
To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
2012-11-12backend: add PAC to the list of known clientsPavel Březina1-0/+2
2012-10-29Include talloc log in our debug facilityMichal Zidek1-2/+1
https://fedorahosted.org/sssd/ticket/1495
2012-09-24Make subdomain discovery less noisySumit Bose1-15/+16
Fixes https://fedorahosted.org/sssd/ticket/1517
2012-09-12backend: initialize sudo only when it is enabled in servicesPavel Březina1-3/+63
https://fedorahosted.org/sssd/ticket/1458 When the responder is disabled and sudo_provider is set explicitly, a warning is print and the module will be initialized.
2012-09-12be_process_init(): free ctx on errorPavel Březina1-15/+21
2012-08-09Abort PAM access phase if HBAC does not return PAM_SUCCESSJakub Hrozek1-0/+1
2012-08-07Subdomains: Send the DP reply in the correct formatJakub Hrozek1-14/+41
The DP was sending the reply in a format the responder did not expect, so the responder always failed to parse the message.
2012-08-01Change refreshing of subdomainsSimo Sorce1-1/+0
This patch keeps a local copy of the subdomains in the ipa subdomains plugin context. This has 2 advantages: 1. allows to check if anything changed w/o always hitting the sysdb. 2. later will allows us to dump this information w/o having to retrieve it again. The timestamp also allows to avoid refreshing too often.
2012-08-01Use a more tractable name for subdomain requestSimo Sorce1-2/+2
I am all for readable names, but there is a tradeof between expressing purpose and compactness.
2012-07-27Move SELinux processing from session to account PAM stackJan Zeleny1-0/+25
The idea is to rename session provider to selinux provider. Processing of SELinux rules has to be performed in account stack in order to ensure that pam_selinux (which is the first module in PAM session stack) will get the correct input from SSSD. Processing of account PAM stack is bound to access provider. That means we need to have two providers executed when SSS_PAM_ACCT_MGMT message is received from PAM responder. Change in data_provider_be.c ensures just that - after access provider finishes its actions, the control is given to selinux provider and only after this provider finishes is the result returned to PAM responder.
2012-07-27Renamed session provider to selinux providerJan Zeleny1-8/+6
2012-07-27Always free request in data provider PAM callbackJan Zeleny1-2/+3
In case of error the request wasn't freed and the callback just ended.
2012-06-29sudo backend - add support for on demand refresh of specific rulesPavel Březina1-7/+61
2012-06-29sudo backend - support only on demand full refreshPavel Březina1-28/+4
2012-06-20Move some debug lines to new debug log levelsStef Walter1-1/+1
* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
2012-05-10subdomains: Fix error handling in Data ProviderJakub Hrozek1-19/+37
The subdomains back end request was sending replies in a format the responder did not understand in case the request failed.
2012-05-03SSH: Add dp_get_host_send to common responder codeJakub Hrozek1-21/+11
Instead of using account_info request, creates a new ssh specific request. This improves code readability and will make the code more flexible in the future. https://fedorahosted.org/sssd/ticket/1176
2012-05-03Rename split_service_name_filterJakub Hrozek1-16/+16
The function was used outside services code which was confusing due to its name. This patch renames it to sound more netrual.
2012-05-02DP: return correct error message when subdomains back end target is not ↵Jakub Hrozek1-1/+1
configured The done handler uses the value of status, not ret.
2012-04-24Carry sysdb context and domain info in be_req structureJan Zeleny1-0/+2
2012-04-24Basic support for subdomains in auth providerJan Zeleny1-3/+5
2012-04-24Add domain name to get_account_info requestSumit Bose1-0/+9
2012-04-24data provider: added subdomainsSumit Bose1-0/+160
2012-04-16autofs: load the correct optionJakub Hrozek1-1/+1
2012-04-05Catch cases where D-Bus connection is NULLJakub Hrozek1-0/+20
https://fedorahosted.org/sssd/ticket/1270
2012-03-05DP: Reorganize memory hierarchy of requestsStephen Gallagher1-24/+108
This function alters the memory hierarchy of the be_req to ensure memory safety during shutdown. It creates a spy on the be_cli object so that it will free the be_req if the client is freed. It is generally allocated atop the private data context for the appropriate back-end against which it is being filed. https://fedorahosted.org/sssd/ticket/1226
2012-02-29Keep sysdb context in domain info structSumit Bose1-8/+2
2012-02-27PAM: Don't send PAM_SYSTEM_INFO message if module unsetStephen Gallagher1-7/+3
We now have a session module that is only available for the IPA provider. We should not be logging noisily that other providers do not have the session provider configured. https://fedorahosted.org/sssd/ticket/1211
2012-02-26SSH: Save SSH host name aliasesJan Cholasta1-1/+3
2012-02-13Fix bad failure handling in be_sudo_handler()Stephen Gallagher1-13/+13
If the dbus_message_get_args() failed, we would have been dereferencing a NULL be_req. Coverity #12490
2012-02-13Remove dead codeStephen Gallagher1-9/+0
Coverity #12529
2012-02-07AUTOFS: IPA providerJakub Hrozek1-1/+1
2012-02-07SSH: ResponderJan Cholasta1-0/+5
generated by cgit (git 2.34.1) at 2024-11-01 10:38:50 +0000