History log of /sssd/src/responder/ifp/ifpsrv.c
Revision Date Author Comments Expand
fd25e68446ae86135489edb0823607b394f4ec40 09-Nov-2016 Jakub Hrozek <jhrozek@redhat.com>

MONITOR: Remove unused shutDown sbus method The shutDown method has not been used or set for a long time. Trim the internal interface by removing all references to this internal method. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

ab792150c97bd6eba1f8cd46653f41a0c64fd765 09-Nov-2016 Jakub Hrozek <jhrozek@redhat.com>

MONITOR: Remove deprecated pong sbus method The pong method is deprecated since we started using the watchdog. Since this is dead code, it makes sense to just remove it. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

04e870d99e72aa3160bdb6ab05d986fb4005c3ed 16-Aug-2016 Pavel Březina <pbrezina@redhat.com>

DP: Remove old data provider interface Reverse data provider interface is moved to a better location in NSS responder. All responders now can have an sbus interface defined per data provider connection. The unused old data provider interface is removed. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

/sssd/Makefile.am /sssd/src/providers/data_provider.h /sssd/src/providers/data_provider/dp_target_id.c /sssd/src/providers/data_provider_iface.xml /sssd/src/providers/data_provider_iface_generated.c /sssd/src/providers/data_provider_iface_generated.h /sssd/src/responder/autofs/autofssrv.c /sssd/src/responder/common/responder.h /sssd/src/responder/common/responder_common.c /sssd/src/responder/common/responder_get_domains.c ifpsrv.c /sssd/src/responder/nss/nss_iface.c /sssd/src/responder/nss/nss_iface.h /sssd/src/responder/nss/nss_iface.xml /sssd/src/responder/nss/nss_iface_generated.c /sssd/src/responder/nss/nss_iface_generated.h /sssd/src/responder/nss/nsssrv.c /sssd/src/responder/nss/nsssrv.h /sssd/src/responder/pac/pacsrv.c /sssd/src/responder/pam/pamsrv.c /sssd/src/responder/pam/pamsrv_dp.c /sssd/src/responder/ssh/sshsrv.c /sssd/src/responder/sudo/sudosrv.c /sssd/src/tests/cwrap/Makefile.am
4f3a9d837a55b49448eca3c713c85a406207e523 29-Jun-2016 Simo Sorce <simo@redhat.com>

Responders: Make the client context more generic This is useufl to allow reusing the responder code with other protocols. Store protocol data and responder state data behind opaque pointers and use tallog_get_type to check they are of the right type. This also allows to store per responder state_ctx so that, for example, the autofs responder does not have to carry useless variables used only by the nss responder. Resolves: https://fedorahosted.org/sssd/ticket/2918 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

/sssd/src/responder/autofs/autofs_private.h /sssd/src/responder/autofs/autofssrv.c /sssd/src/responder/autofs/autofssrv_cmd.c /sssd/src/responder/common/responder.h /sssd/src/responder/common/responder_cmd.c /sssd/src/responder/common/responder_common.c ifpsrv.c /sssd/src/responder/nss/nsssrv.c /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/nss/nsssrv_netgroup.c /sssd/src/responder/nss/nsssrv_private.h /sssd/src/responder/nss/nsssrv_services.c /sssd/src/responder/pac/pacsrv.c /sssd/src/responder/pac/pacsrv_cmd.c /sssd/src/responder/pam/pamsrv.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/responder/ssh/sshsrv.c /sssd/src/responder/ssh/sshsrv_cmd.c /sssd/src/responder/sudo/sudosrv.c /sssd/src/responder/sudo/sudosrv_cmd.c /sssd/src/tests/cmocka/common_mock_resp.c /sssd/src/tests/cmocka/common_mock_resp.h /sssd/src/tests/cmocka/test_nss_srv.c /sssd/src/tests/cmocka/test_pam_srv.c
83a79d93035c2d75a1941f3b54426119174044a0 20-Jun-2016 Pavel Březina <pbrezina@redhat.com>

RESPONDER: New interface for client registration This is just a beginning of new responder interface to data provider and it is just to make the client registration work. It needs further improvement. The idea is to take the existing interface and make it work better with further extensions of data provider. The current interface has several disadvantages such as it is originally build only for account requests and doesn't take different set of output parameters. It also doesn't work well with integration into tevent-made responders. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

11a87c5f091d6c092b5dadd3d67f900213e280da 11-May-2016 Petr Cech <pcech@redhat.com>

RESPONDER: Removing ncache from ifp_ctx This patch switches ncache from ifp_ctx to resp_ctx. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

7910bc6c991b63fa716d77eba08b5f5d83ea6a72 11-May-2016 Petr Cech <pcech@redhat.com>

RESPONDER: Removing neg_timeout from ifp repsonder Timeout of negative cache is handled by context of negative cache itself. This patch removes neg_timeout parameter from ifp_ctx and from ifp_user_get_attr_state. Resolves: https://fedorahosted.org/sssd/ticket/2317 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

39d36216a1692eee6cc5359f6c7ccaa7789be76d 11-May-2016 Petr Cech <pcech@redhat.com>

NEGCACHE: Adding timeout to struct sss_nc_ctx It adds timeout of negative cache to handling struct sss_nc_ctx. There is one change in API of negatice cache: * int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout, <----- new struct sss_nc_ctx **_ctx); There is also one new function in common/responder: * errno_t responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb, uint32_t *ncache_timeout); Resolves: https://fedorahosted.org/sssd/ticket/2317 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

afdc0179af0ad8ddbedd67422193ef02dcd2bf84 26-Sep-2015 Lukas Slebodnik <lslebodn@redhat.com>

IFP: Suppress warning from static analyzer It seems that clang expected that errno can change to 0 in case of error. It might be a bug in static analyzer. But the workaround does not change the logic and the errno is read just once.

bdf32fbb3c947dd1b2c54d1c21d8028a1ddc80e6 15-Jul-2015 Jakub Hrozek <jhrozek@redhat.com>

IFP: Add wildcard requests Resolves: https://fedorahosted.org/sssd/ticket/2553 Can be used as: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.ListByName \ string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Groups \ org.freedesktop.sssd.infopipe.Groups.ListByName \ string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.ListByDomainAndName \ string:ipaldap string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Groups \ org.freedesktop.sssd.infopipe.Groups.ListByDomainAndName \ string:ipaldap string:r\* uint32:10 By default the wildcard_limit is unset, that is, the request will return all cached entries that match. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

2b7ef850846029641cc59560c2d8d4ab7254dda5 18-Jun-2015 Pavel Březina <pbrezina@redhat.com>

IFP: Export nodes IFP now exports cached users and groups in introspection. After a user is cached with: dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Store And Introspection called with: dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.DBus.Introspectable.Introspect The cached users would be visible in the Introspection XML as: <node name="ipaldap/397400000" /> </node> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

a1e4113a5388e34c08459c5b69679c82ac2bddc9 22-May-2015 Pavel Březina <pbrezina@redhat.com>

IFP: add org.freedesktop.sssd.infopipe.Users.User Example calls: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/10001 org.freedesktop.DBus.Properties.Get string:org.freedesktop.sssd.infopipe.Users.User string:name method return sender=:1.159 -> dest=:1.165 reply_serial=2 variant string "user-1" Resolves: https://fedorahosted.org/sssd/ticket/2150 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

0528fdec17d0031996e919fcd852459e86592c35 09-Apr-2015 Jakub Hrozek <jhrozek@redhat.com>

responders: reset ncache after domains are discovered during startup After responders start, they add a lookup operation that discovers the subdomains so that qualifying users works. After this operation is finishes, we need to reset negcache to allow users to be added into the newly discovered domains. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

beeef7f627a5ed9264de25ee4c76eb9620c1c984 17-Feb-2015 Pavel Březina <pbrezina@redhat.com>

IFP: unify generated interfaces names Number of interfaces will grow. It is mandatory to unify names of generated structures and methods to simplify coding and debugging. The C name is created from D-Bus lowercased interface name using the following rewrite rules: org.freedesktop.sssd.infopipe -> iface_ifp . -> _ Example: org.freedesktop.sssd.infopipe.Domains -> iface_ifp_domains Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

772199031f0ec687fa1fefd939206858c440e5a1 17-Feb-2015 Pavel Březina <pbrezina@redhat.com>

IFP: move interface definitions from ifpsrv.c into separate file Number of IFP interfaces will grown up rapidly in the future. It is not convenient to keep it inside ifpsrv.c. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

9fa95168d80beba04b333b06edc492ecb8b085a1 23-Jan-2015 Pavel Březina <pbrezina@redhat.com>

sbus: add new iface via sbus_conn_register_iface() Rename sbus_conn_add_interface() to sbus_conn_register_iface() and remove sbus_new_interface() calls since it is just one more unnecessary call outside the sbus code. The function sbus_new_interface() is made static and used directly in sbus_conn_register_iface(). The name was chosen to better describe what the function is doing. That it registers an interface on a given object path. The same interface can be used with different paths so it is not really about adding an interface. Preparation for: https://fedorahosted.org/sssd/ticket/2339 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

7b5a077bd162cb2340d5d4e9f5dcc0dd00709f1a 30-Oct-2014 Sumit Bose <sbose@redhat.com>

IFP: Fix typo in debug message Reviewed-by: Pavel Reichl <preichl@redhat.com>

458f5245dd5130d12666cce6faf8ef1ec7f80169 29-Oct-2014 Pavel Reichl <preichl@redhat.com>

RESPONDERS: Set default value for umask Resolves: https://fedorahosted.org/sssd/ticket/2468 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

8bccd95e275fae760a991da394235e4e70e57bbd 22-Oct-2014 Michal Zidek <mzidek@redhat.com>

responders: Do not initialize pipe fd if already present Allow to skip initialization of pipe file descriptor if the responder context already has one. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a 20-Oct-2014 Jakub Hrozek <jhrozek@redhat.com>

SSSD: Add the options to specify a UID and GID to run as Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl <preichl@redhat.com>

b76419cf8830440b46c20a15585562343c7b1924 08-Jul-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: Provide a SBUS method to reconnect to sysbus Introduces a new method implemented only by the IFP responder. When this method is received, the responder attempts to reconnect to the system bus, if not connected already. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>

0c1d65998907930678da2d091789446f2c344d5d 08-Jul-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: Return a specific value on failure connecting to the system bus We need to treat the failure to connect to the system bus as non-fatal. In this commit, we introduce a special error code and only print a DEBUG message when this error code is returned from the startup function. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

1f2507e1fd089f2bf3458cfb4faeaa9669d72f98 08-Jul-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: Fix DEBUG messages The DEBUG messages in the IFP responder predated Nikolai's mass-patches and were not converted correctly. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

8a1fd0633e85221da1fb63451516a70d66c0af31 28-May-2014 Pavel Březina <pbrezina@redhat.com>

IFP: Implement SSSD components Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

d387c4608dbd3ca056e18e85313ef51aac146fd2 28-May-2014 Pavel Březina <pbrezina@redhat.com>

IFP: Implement domain getters Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

590582be38cdbfde387fcc57df92903d48c5a083 28-May-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: Add ListDomains and FindDomainByName Reviewed-by: Pavel Březina <pbrezina@redhat.com>

38255f8baeea7f570307c9d82d0f9b9b5c475788 23-May-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: Support multiple interfaces on sysbus Instead of passing just one interface with the functions, we need to support multiple interfaces for the InfoPipe and export them all on the sysbus. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

3fe339bcba0e211cc666bb3afe34e5c8fce85f4f 14-May-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: Add a GetGroupsList method This patch adds a new method on the bus with the following synopsis: <method name="GetUserGroups"> <arg name="user" type="s" direction="in" /> <arg name="values" type="as" direction="out"/> </method> Its purpose is to return names of groups the user is a member of as a list of strings. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

770dc892f867639f36f84455d65be6287935a529 13-May-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: Per-attribute ACL for users Introduces a new option called user_attributes that allows to specify which user attributes are allowed to be queried from the IFP responder. By default only the default POSIX set is allowed, this option allows to either add other attributes (+attrname) or remove them from the default set (-attrname). Reviewed-by: Pavel Březina <pbrezina@redhat.com>

2fbe9b9373dcdc28558da07690e57ff7a162a11d 13-May-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: Add GetUserAttrs call Adds a DBus method that allows the caller to retrieve attributes of a user. The synopsis of the call is as follows: <method name="GetUserAttr"> <arg type="s" name="user" direction="in"/> <arg type="as" name="attr" direction="in"/> <arg type="a{sv}" name="values" direction="out"/> </method> The return value is an array (one attribute per array member) of dictionaries. The key of the dictionary is the attribute name, the value is a variant containing the attribute values as strings. If an attribute does not exist or is not permitted to be read, no error is returned. If the users does not exist, the method returns an error. In future patches this function will be marked as obsolete in favor of object-oriented approach. ifp_user_get_attr_unpack_msg is a separate function to allow extending it in a later patch. The function to check the cache validity duplicates quite a bit of code with the NSS responder. The refactoring would be nice to get done along with #843. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com>

6cbb9f0d7c6be2cd3553dcb548984bb98926d5cb 13-May-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: Initialize negative cache timeout In order to avoid hitting the back end with repetitive requests, the InfoPipe responder needs a negative cache, too. This patch follows the convention set by other responders, where the negative cache timeouts are read from the [nss] section. This is not ideal, however, and ticket #2318 tracks moving the configuration to the [ifp] section primarily. The timeout is also a separate parameter in the NSS context. We should consider moving it to the negcache context instead (#2317). Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com>

3660f49f81e4db07be66fe0887af9d62065f1f2c 13-May-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: use a list of allowed_uids for authentication Similar to the PAC responder, the InfoPipe uses a list of UIDs that are allowed to communicate with the IFP responder. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com>

b81ad4a7c59cade13d52216f805d904392627136 13-May-2014 Jakub Hrozek <jhrozek@redhat.com>

SBUS: Add SBUS_CONN_TYPE_SYSBUS We need to retrieve caller IDs for each call from the system bus. This commit adds a new SBUS connection type that identifies system bus connection. The connection is used in the IFP provider. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com>

0a6fa194bad18f417dc8542d3b8f654f898375c5 04-Apr-2014 Pavel Březina <pbrezina@redhat.com>

IFP: do not create client socket There is no need for client socket in IFP responder, since it uses D-Bus for communication with clients. Resolves: https://fedorahosted.org/sssd/ticket/2290 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

8214510f125879c3b1d247f2ce981ee20b5375d1 04-Apr-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: Connect to the system bus Related: https://fedorahosted.org/sssd/ticket/2072 Adds the possibility for the InfoPipe responder to connect to the system bus. At the moment, only a dummy method "Ping" is provided. The method only accepts a single string parameter that has to be 'ping'.

cb4d5b588e704114b7090678752d33512baa718e 04-Apr-2014 Jakub Hrozek <jhrozek@redhat.com>

IFP: Re-add the InfoPipe server Related: https://fedorahosted.org/sssd/ticket/2072 This commit only adds the responder and the needed plumbing. No DBus related code is in yet.