fd25e68446ae86135489edb0823607b394f4ec40 |
|
09-Nov-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
MONITOR: Remove unused shutDown sbus method
The shutDown method has not been used or set for a long time. Trim the
internal interface by removing all references to this internal method.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
ab792150c97bd6eba1f8cd46653f41a0c64fd765 |
|
09-Nov-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
MONITOR: Remove deprecated pong sbus method
The pong method is deprecated since we started using the watchdog. Since
this is dead code, it makes sense to just remove it.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
04e870d99e72aa3160bdb6ab05d986fb4005c3ed |
|
16-Aug-2016 |
Pavel Březina <pbrezina@redhat.com> |
DP: Remove old data provider interface
Reverse data provider interface is moved to a better location in
NSS responder. All responders now can have an sbus interface
defined per data provider connection. The unused old data provider
interface is removed.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
4f3a9d837a55b49448eca3c713c85a406207e523 |
|
29-Jun-2016 |
Simo Sorce <simo@redhat.com> |
Responders: Make the client context more generic
This is useufl to allow reusing the responder code with other protocols.
Store protocol data and responder state data behind opaque pointers and
use tallog_get_type to check they are of the right type.
This also allows to store per responder state_ctx so that, for example,
the autofs responder does not have to carry useless variables used only
by the nss responder.
Resolves:
https://fedorahosted.org/sssd/ticket/2918
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
83a79d93035c2d75a1941f3b54426119174044a0 |
|
20-Jun-2016 |
Pavel Březina <pbrezina@redhat.com> |
RESPONDER: New interface for client registration
This is just a beginning of new responder interface to data provider
and it is just to make the client registration work. It needs further
improvement.
The idea is to take the existing interface and make it work better
with further extensions of data provider. The current interface has
several disadvantages such as it is originally build only for
account requests and doesn't take different set of output parameters.
It also doesn't work well with integration into tevent-made responders.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
11a87c5f091d6c092b5dadd3d67f900213e280da |
|
11-May-2016 |
Petr Cech <pcech@redhat.com> |
RESPONDER: Removing ncache from ifp_ctx
This patch switches ncache from ifp_ctx to resp_ctx.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
7910bc6c991b63fa716d77eba08b5f5d83ea6a72 |
|
11-May-2016 |
Petr Cech <pcech@redhat.com> |
RESPONDER: Removing neg_timeout from ifp repsonder
Timeout of negative cache is handled by context of negative cache
itself. This patch removes neg_timeout parameter from ifp_ctx and from
ifp_user_get_attr_state.
Resolves:
https://fedorahosted.org/sssd/ticket/2317
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
39d36216a1692eee6cc5359f6c7ccaa7789be76d |
|
11-May-2016 |
Petr Cech <pcech@redhat.com> |
NEGCACHE: Adding timeout to struct sss_nc_ctx
It adds timeout of negative cache to handling
struct sss_nc_ctx.
There is one change in API of negatice cache:
* int sss_ncache_init(TALLOC_CTX *memctx,
uint32_t timeout, <----- new
struct sss_nc_ctx **_ctx);
There is also one new function in common/responder:
* errno_t responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb,
uint32_t *ncache_timeout);
Resolves:
https://fedorahosted.org/sssd/ticket/2317
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
afdc0179af0ad8ddbedd67422193ef02dcd2bf84 |
|
26-Sep-2015 |
Lukas Slebodnik <lslebodn@redhat.com> |
IFP: Suppress warning from static analyzer
It seems that clang expected that errno can change to 0
in case of error. It might be a bug in static analyzer.
But the workaround does not change the logic and
the errno is read just once. |
bdf32fbb3c947dd1b2c54d1c21d8028a1ddc80e6 |
|
15-Jul-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Add wildcard requests
Resolves:
https://fedorahosted.org/sssd/ticket/2553
Can be used as:
dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
/org/freedesktop/sssd/infopipe/Users \
org.freedesktop.sssd.infopipe.Users.ListByName \
string:r\* uint32:10
dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
/org/freedesktop/sssd/infopipe/Groups \
org.freedesktop.sssd.infopipe.Groups.ListByName \
string:r\* uint32:10
dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
/org/freedesktop/sssd/infopipe/Users \
org.freedesktop.sssd.infopipe.Users.ListByDomainAndName \
string:ipaldap string:r\* uint32:10
dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
/org/freedesktop/sssd/infopipe/Groups \
org.freedesktop.sssd.infopipe.Groups.ListByDomainAndName \
string:ipaldap string:r\* uint32:10
By default the wildcard_limit is unset, that is, the request will return
all cached entries that match.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
2b7ef850846029641cc59560c2d8d4ab7254dda5 |
|
18-Jun-2015 |
Pavel Březina <pbrezina@redhat.com> |
IFP: Export nodes
IFP now exports cached users and groups in introspection.
After a user is cached with:
dbus-send --print-reply --system \
--dest=org.freedesktop.sssd.infopipe \
/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \
org.freedesktop.sssd.infopipe.Cache.Object.Store
And Introspection called with:
dbus-send --print-reply --system \
--dest=org.freedesktop.sssd.infopipe \
/org/freedesktop/sssd/infopipe/Users \
org.freedesktop.DBus.Introspectable.Introspect
The cached users would be visible in the Introspection XML as:
<node name="ipaldap/397400000" />
</node>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
a1e4113a5388e34c08459c5b69679c82ac2bddc9 |
|
22-May-2015 |
Pavel Březina <pbrezina@redhat.com> |
IFP: add org.freedesktop.sssd.infopipe.Users.User
Example calls:
dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/10001 org.freedesktop.DBus.Properties.Get string:org.freedesktop.sssd.infopipe.Users.User string:name
method return sender=:1.159 -> dest=:1.165 reply_serial=2
variant string "user-1"
Resolves:
https://fedorahosted.org/sssd/ticket/2150
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
0528fdec17d0031996e919fcd852459e86592c35 |
|
09-Apr-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
responders: reset ncache after domains are discovered during startup
After responders start, they add a lookup operation that discovers the
subdomains so that qualifying users works. After this operation is
finishes, we need to reset negcache to allow users to be added into the
newly discovered domains.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
beeef7f627a5ed9264de25ee4c76eb9620c1c984 |
|
17-Feb-2015 |
Pavel Březina <pbrezina@redhat.com> |
IFP: unify generated interfaces names
Number of interfaces will grow. It is mandatory to unify names of
generated structures and methods to simplify coding and debugging.
The C name is created from D-Bus lowercased interface name using
the following rewrite rules:
org.freedesktop.sssd.infopipe -> iface_ifp
. -> _
Example:
org.freedesktop.sssd.infopipe.Domains -> iface_ifp_domains
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
772199031f0ec687fa1fefd939206858c440e5a1 |
|
17-Feb-2015 |
Pavel Březina <pbrezina@redhat.com> |
IFP: move interface definitions from ifpsrv.c into separate file
Number of IFP interfaces will grown up rapidly in the future. It is
not convenient to keep it inside ifpsrv.c.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
9fa95168d80beba04b333b06edc492ecb8b085a1 |
|
23-Jan-2015 |
Pavel Březina <pbrezina@redhat.com> |
sbus: add new iface via sbus_conn_register_iface()
Rename sbus_conn_add_interface() to sbus_conn_register_iface()
and remove sbus_new_interface() calls since it is just one more
unnecessary call outside the sbus code.
The function sbus_new_interface() is made static and used
directly in sbus_conn_register_iface().
The name was chosen to better describe what the function is
doing. That it registers an interface on a given object path.
The same interface can be used with different paths so it is
not really about adding an interface.
Preparation for:
https://fedorahosted.org/sssd/ticket/2339
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
7b5a077bd162cb2340d5d4e9f5dcc0dd00709f1a |
|
30-Oct-2014 |
Sumit Bose <sbose@redhat.com> |
IFP: Fix typo in debug message
Reviewed-by: Pavel Reichl <preichl@redhat.com> |
458f5245dd5130d12666cce6faf8ef1ec7f80169 |
|
29-Oct-2014 |
Pavel Reichl <preichl@redhat.com> |
RESPONDERS: Set default value for umask
Resolves: https://fedorahosted.org/sssd/ticket/2468
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
8bccd95e275fae760a991da394235e4e70e57bbd |
|
22-Oct-2014 |
Michal Zidek <mzidek@redhat.com> |
responders: Do not initialize pipe fd if already present
Allow to skip initialization of pipe file descriptor
if the responder context already has one.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a |
|
20-Oct-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
SSSD: Add the options to specify a UID and GID to run as
Adds new command line options --uid and --gid to all SSSD servers,
making it possible to switch to another user ID if needed.
So far all code still runs as root.
Reviewed-by: Pavel Reichl <preichl@redhat.com> |
b76419cf8830440b46c20a15585562343c7b1924 |
|
08-Jul-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Provide a SBUS method to reconnect to sysbus
Introduces a new method implemented only by the IFP responder. When this
method is received, the responder attempts to reconnect to the system
bus, if not connected already.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com> |
0c1d65998907930678da2d091789446f2c344d5d |
|
08-Jul-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Return a specific value on failure connecting to the system bus
We need to treat the failure to connect to the system bus as non-fatal.
In this commit, we introduce a special error code and only print a DEBUG
message when this error code is returned from the startup function.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
1f2507e1fd089f2bf3458cfb4faeaa9669d72f98 |
|
08-Jul-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Fix DEBUG messages
The DEBUG messages in the IFP responder predated Nikolai's mass-patches
and were not converted correctly.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
8a1fd0633e85221da1fb63451516a70d66c0af31 |
|
28-May-2014 |
Pavel Březina <pbrezina@redhat.com> |
IFP: Implement SSSD components
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
d387c4608dbd3ca056e18e85313ef51aac146fd2 |
|
28-May-2014 |
Pavel Březina <pbrezina@redhat.com> |
IFP: Implement domain getters
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
590582be38cdbfde387fcc57df92903d48c5a083 |
|
28-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Add ListDomains and FindDomainByName
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
38255f8baeea7f570307c9d82d0f9b9b5c475788 |
|
23-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Support multiple interfaces on sysbus
Instead of passing just one interface with the functions, we need to
support multiple interfaces for the InfoPipe and export them all on the
sysbus.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
3fe339bcba0e211cc666bb3afe34e5c8fce85f4f |
|
14-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Add a GetGroupsList method
This patch adds a new method on the bus with the following synopsis:
<method name="GetUserGroups">
<arg name="user" type="s" direction="in" />
<arg name="values" type="as" direction="out"/>
</method>
Its purpose is to return names of groups the user is a member of as a
list of strings.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
770dc892f867639f36f84455d65be6287935a529 |
|
13-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Per-attribute ACL for users
Introduces a new option called user_attributes that allows to specify
which user attributes are allowed to be queried from the IFP responder.
By default only the default POSIX set is allowed, this option allows to
either add other attributes (+attrname) or remove them from the default
set (-attrname).
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
2fbe9b9373dcdc28558da07690e57ff7a162a11d |
|
13-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Add GetUserAttrs call
Adds a DBus method that allows the caller to retrieve attributes of a
user. The synopsis of the call is as follows:
<method name="GetUserAttr">
<arg type="s" name="user" direction="in"/>
<arg type="as" name="attr" direction="in"/>
<arg type="a{sv}" name="values" direction="out"/>
</method>
The return value is an array (one attribute per array member) of
dictionaries. The key of the dictionary is the attribute name, the value
is a variant containing the attribute values as strings.
If an attribute does not exist or is not permitted to be read, no error
is returned. If the users does not exist, the method returns an error.
In future patches this function will be marked as obsolete in favor of
object-oriented approach.
ifp_user_get_attr_unpack_msg is a separate function to allow extending
it in a later patch.
The function to check the cache validity duplicates quite a bit of code
with the NSS responder. The refactoring would be nice to get done along
with #843.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com> |
6cbb9f0d7c6be2cd3553dcb548984bb98926d5cb |
|
13-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Initialize negative cache timeout
In order to avoid hitting the back end with repetitive requests, the
InfoPipe responder needs a negative cache, too. This patch follows the
convention set by other responders, where the negative cache timeouts are
read from the [nss] section. This is not ideal, however, and ticket #2318
tracks moving the configuration to the [ifp] section primarily.
The timeout is also a separate parameter in the NSS context. We should
consider moving it to the negcache context instead (#2317).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com> |
3660f49f81e4db07be66fe0887af9d62065f1f2c |
|
13-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: use a list of allowed_uids for authentication
Similar to the PAC responder, the InfoPipe uses a list of UIDs that are
allowed to communicate with the IFP responder.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com> |
b81ad4a7c59cade13d52216f805d904392627136 |
|
13-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
SBUS: Add SBUS_CONN_TYPE_SYSBUS
We need to retrieve caller IDs for each call from the system bus. This
commit adds a new SBUS connection type that identifies system bus
connection. The connection is used in the IFP provider.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com> |
0a6fa194bad18f417dc8542d3b8f654f898375c5 |
|
04-Apr-2014 |
Pavel Březina <pbrezina@redhat.com> |
IFP: do not create client socket
There is no need for client socket in IFP responder,
since it uses D-Bus for communication with clients.
Resolves:
https://fedorahosted.org/sssd/ticket/2290
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
8214510f125879c3b1d247f2ce981ee20b5375d1 |
|
04-Apr-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Connect to the system bus
Related:
https://fedorahosted.org/sssd/ticket/2072
Adds the possibility for the InfoPipe responder to connect to the system bus.
At the moment, only a dummy method "Ping" is provided. The method only
accepts a single string parameter that has to be 'ping'. |
cb4d5b588e704114b7090678752d33512baa718e |
|
04-Apr-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Re-add the InfoPipe server
Related:
https://fedorahosted.org/sssd/ticket/2072
This commit only adds the responder and the needed plumbing. No DBus
related code is in yet. |