summaryrefslogtreecommitdiff
path: root/src/responder/nss/nsssrv.c
AgeCommit message (Collapse)AuthorFilesLines
2013-09-17nss: Wrong debug message.Michal Zidek1-1/+2
2013-09-17util: add sss_idmap_talloc[_free]Pavel Březina1-11/+2
Remove code duplication.
2013-08-08NSS: Clear cached netgroups if a request comes in from the sss_cacheLukas Slebodnik1-0/+21
In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759
2013-08-08NSS: allow removing entries from netgroup hash tableLukas Slebodnik1-1/+3
There is a timed desctructor in the nss responder that, when the entry timeout passes, removes the netgroup from the hash table while the netgroup is freed. This patch adds a hash delete callback so that if the netgroup is removed from the hash table with hash_delete, its hash table pointer will be invalidated. Later, when the entry is being freed, the destructor won't attempt to remove it from the hash table.
2013-06-04Lookup domains at startupSumit Bose1-0/+6
To make sure that e.g. the short/NetBIOS domain name is available this patch make sure that the responders send a get_domains request to their backends at startup the collect the domain information or read it from the cache if the backend is offline. For completeness I added this to all responders even if they do not need the information at the moment. Fixes https://fedorahosted.org/sssd/ticket/1951
2013-05-02Add idmap context to nss contextSumit Bose1-0/+19
This allows the nss responder to use libsss_idmap to convert between different SID representations.
2013-03-20change responder contexts hierarchyPavel Březina1-15/+20
https://fedorahosted.org/sssd/ticket/1575 The hierarchy is now: main_ctx -> responder_ctx -> specific_ctx where specific_ctx is one of sudo, pam, etc.
2013-03-20do not leak memory on failure in *_process_init()Pavel Březina1-7/+12
2012-12-18RESPONDERS: Create a common file with service names and versionsJakub Hrozek1-0/+1
The monitor sends calls different sbus methods to different responders. Instead of including headers of the particular responders directly in monitor, which breaks layering a little, create a common header file that will be included from src/responder/common/
2012-12-05Hook for mmap cache update on initgroup callsSimo Sorce1-0/+53
This set of functions enumerate the user's groups and invalidate them all if the list does not matches what we get from the caller.
2012-12-05Hook to perform a mmap cache update from sssd_nssSimo Sorce1-0/+15
This set of functions enumerate each user/group from all domains and invalidate any mmap cache record that matches.
2012-10-29Include talloc log in our debug facilityMichal Zidek1-1/+1
https://fedorahosted.org/sssd/ticket/1495
2012-10-02Fix few coding style issuesPavel Březina1-1/+1
2012-09-24sss_cache tool invalidates records in memory cache.Michal Zidek1-2/+75
2012-07-20NSS: Add override_shell optionStephen Gallagher1-0/+5
If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
2012-07-12Add newline to DEBUG messagesJakub Hrozek1-2/+2
2012-06-20Move some debug lines to new debug log levelsStef Walter1-1/+1
* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
2012-06-12Make re_expression and full_name_format per domain optionsStef Walter1-2/+1
* Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
2012-06-10Allow fast memcache timeout to be configurableJan Zeleny1-2/+12
https://fedorahosted.org/sssd/ticket/1318
2012-05-09NSS: Add default_shell optionStephen Gallagher1-0/+7
This option will allow administrators to set a default shell to be used if a user does not have one set in the identity provider. https://fedorahosted.org/sssd/ticket/1289
2012-05-09NSS: Add fallback_homedir optionStephen Gallagher1-0/+5
This option is similar to override_homedir, except that it will take effect only for users that do not have an explicit home directory specified in LDAP. https://fedorahosted.org/sssd/ticket/1250
2012-04-24Modified responder_get_domain()Jan Zeleny1-1/+1
Now it checks for subdomains as well as for the domain itself
2012-03-19nsssrv: add handling of memory cache group mapSimo Sorce1-1/+8
2012-03-19nsssrv: shared memory cache server initializationSimo Sorce1-0/+10
2012-03-08Use the correct hash table for pending requestsSimo Sorce1-1/+1
The function that handled pending requests on reconnect was checking an orphaned global variable that was never used, redenring the whole function uselsess. This fixes a very nasty bug that was causing requests for which we never received an answer for (for example because the backend failed and was restarted) to be never removed and therefore causing a black hole effect for any other request of the same type. Fixes: https://fedorahosted.org/sssd/ticket/1229
2012-02-21Don't give memory context in confdb where not neededJan Zeleny1-6/+6
2012-02-17RESPONDERS: Make the fd_limit setting configurableStephen Gallagher1-1/+12
This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197
2012-02-17RESPONDERS: Allow increasing the file-descriptor limitStephen Gallagher1-0/+4
This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197
2012-02-04NSS: Use sss_hash_create instead of destructorJakub Hrozek1-13/+1
2012-01-04nsssrv: remove unused macroSimo Sorce1-2/+0
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-2/+1
2011-09-21Enable the midpoint cache update by defaultStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/918
2011-08-25New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina1-1/+4
Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
2011-08-25New DEBUG facility - conversionPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
2011-08-08Remove unused temporary contextJakub Hrozek1-5/+0
2011-07-29Add vetoed_shells optionJohn Hodrien1-0/+4
There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-05-20Add new options to override shell valueJakub Hrozek1-0/+82
https://fedorahosted.org/sssd/ticket/742
2011-05-20Add a new option to override home directory valueJakub Hrozek1-0/+5
https://fedorahosted.org/sssd/ticket/551
2011-05-20Add a new option to override primary GID numberJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/742
2011-05-06Allow changing the log level without restartStephen Gallagher1-1/+1
We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
2011-05-06Do not leak netgroups hash tableJakub Hrozek1-0/+12
2010-10-26Remove all nss requests after a reconnectSumit Bose1-1/+5
Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing.
2010-10-13Add netgroup support to the NSS responderStephen Gallagher1-0/+8
2010-06-17Move setup of filter_users and filter_groups to negcache.cStephen Gallagher1-187/+5
Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM.
2010-06-17Refactor the negative cacheStephen Gallagher1-8/+8
Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h
2010-03-25Fix warnings from -Wmissing-field-initializersSumit Bose1-1/+1
This patch removes some tab-indentations from pamsrv.c, too.
2010-03-08Make filter_users and filter_groups also per-domainJakub Hrozek1-13/+109
Fixes: #290
2010-03-08Reopen logs when SIGHUP is caughtJakub Hrozek1-0/+1
Upon receiving SIGHUP, the monitor signals all services to reopen their debug logs. It is also possible to signal individual services to reopen their particular files. Fixes: #332
2010-03-04Eliminate monitor reconfigStephen Gallagher1-14/+0
We disabled live reconfiguration a long time ago with the intent of fixing it so that it wasn't completely broken, but we've decided that live updates are too delicate to handle all cases gracefully. For the forseeable future, we will rely on process restart for updating the configuration. Furthermore, we had not completely disabled live updates. It would still attempt to run if we sent a SIGHUP. This has also been eliminated.
2010-02-22Remove unnecessary "domain" parameter from DP registrationStephen Gallagher1-1/+1
This was a holdover from when the DP and the providers were unique processes. The NSS and PAM registrations do not need to send the domain, as it is not ambiguous which one they are talking to.