4169fb26ea2ff93c19ecdad6e09382732ea5deeb |
|
20-Oct-2016 |
Pavel Březina <pbrezina@redhat.com> |
cache_req: switch to new code
This patch switch the old switch-based cache req code to
the new plugin-based.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
d0faaf01fd24a935d9779032886d228b3861fa48 |
|
07-Jul-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Amend the InfoPipe responder for fqdns
Parses the internal sysdb names and puts them on the bus using the
sss_output_name() helper. Previously, the raw sysdb names were used.
Reviewed-by: Sumit Bose <sbose@redhat.com> |
11a87c5f091d6c092b5dadd3d67f900213e280da |
|
11-May-2016 |
Petr Cech <pcech@redhat.com> |
RESPONDER: Removing ncache from ifp_ctx
This patch switches ncache from ifp_ctx to resp_ctx.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
7910bc6c991b63fa716d77eba08b5f5d83ea6a72 |
|
11-May-2016 |
Petr Cech <pcech@redhat.com> |
RESPONDER: Removing neg_timeout from ifp repsonder
Timeout of negative cache is handled by context of negative cache
itself. This patch removes neg_timeout parameter from ifp_ctx and from
ifp_user_get_attr_state.
Resolves:
https://fedorahosted.org/sssd/ticket/2317
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
beb07d2f45856d4f3135f173cce551a2aa878f57 |
|
11-May-2016 |
Petr Cech <pcech@redhat.com> |
RESPONDER: Removing neg_timeout from pam responder
It removes neg_timeout parameter from struct pam_ctx. Timeout is
handled by context of negative cache internally.
This patch additioanlly removes neg_timeout from struct cache_req_state.
Resolves:
https://fedorahosted.org/sssd/ticket/2317
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
e8474ac0be7e81c0ca54eb09e2fef42595602945 |
|
10-May-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Do not crash on invalid arguments to GetUserAttr
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
d46005e0f4b01600ddf843a956c3e1329bb6f19c |
|
14-Mar-2016 |
Pavel Březina <pbrezina@redhat.com> |
cache_req: hide input and pass parameters in struct
This way it makes it a lot easier to add new parameters.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
f4d2ad64d7d4a991f93631b8a0b3a69ff9d241bf |
|
14-Mar-2016 |
Pavel Březina <pbrezina@redhat.com> |
cache_req: add SID lookups
Resolves:
https://fedorahosted.org/sssd/ticket/2848
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
f6c337c6256879d47356cd099bb00aafba2650f0 |
|
14-Mar-2016 |
Pavel Březina <pbrezina@redhat.com> |
cache_req: improve debugging
Each debug message is matched to a specific request, this way it
will be easier to follow the request flow especially when paralel
request are running.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com> |
827a016a07d5f911cc4195be89896a376fd71f59 |
|
19-Jun-2015 |
Sumit Bose <sbose@redhat.com> |
IFP: add FindByCertificate method for User objects
Related to https://fedorahosted.org/sssd/ticket/2596
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
4b8f260c97b3164fbfccf185e14752ac17c532ac |
|
22-May-2015 |
Pavel Březina <pbrezina@redhat.com> |
IFP: deprecate GetUserAttr
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
e87b2a6e94c1066b3044fe683825ff5b4f8716c2 |
|
13-Mar-2015 |
Pavel Březina <pbrezina@redhat.com> |
cache_req: parse input name if needed
The input name is now parse automatically by cache_req if
none particullar domain is specified. The parsed named is
returned from _recv as an output parameter.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
3a5ea81007bd38ce511c37f65cc45d4b6b95ec44 |
|
13-Mar-2015 |
Pavel Březina <pbrezina@redhat.com> |
cache_req: add support for user by uid
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
665bc06b1a39c64227de74ecbba3db1c4c104ccf |
|
13-Mar-2015 |
Pavel Březina <pbrezina@redhat.com> |
cache_req: preparations for different input type
Currently cache_req takes only user name as an input parameter. However,
this is not enough since we will need also UID and GID in the future.
This patch creates a structure to hold input parameters so it can be
simply extended to support other input types.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
beeef7f627a5ed9264de25ee4c76eb9620c1c984 |
|
17-Feb-2015 |
Pavel Březina <pbrezina@redhat.com> |
IFP: unify generated interfaces names
Number of interfaces will grow. It is mandatory to unify names of
generated structures and methods to simplify coding and debugging.
The C name is created from D-Bus lowercased interface name using
the following rewrite rules:
org.freedesktop.sssd.infopipe -> iface_ifp
. -> _
Example:
org.freedesktop.sssd.infopipe.Domains -> iface_ifp_domains
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
faae3d55e5cf416f16158d3b9f8c8fd475ac6acf |
|
09-Jan-2015 |
Pavel Březina <pbrezina@redhat.com> |
IFP: use new cache interface
Reviewed-by: Michal Židek <mzidek@redhat.com> |
1b4bd7e378deda73a18d86e4b2998bff45883e7b |
|
08-Dec-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Return group names with the right case
The IFP code wasn't honoring the case settings of the domain.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
1c00b0c92189433e1fbb7154fb8df71c7788245e |
|
20-Oct-2014 |
Pavel Březina <pbrezina@redhat.com> |
IFP: support views
Reviewed-by: Sumit Bose <sbose@redhat.com> |
fcfd1cb69762c49ba56326dfc85008c1d83333b2 |
|
13-Aug-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Use the override_space option
https://fedorahosted.org/sssd/ticket/2397
The input of the InfoPipe responder substitutes the configured character
for space and the GetUserAttrs and GetUserGroups functions substitute
space for the configured character in their output.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
d8b8995ef1c3f2a6c85dc141aaff7eef3faf05c1 |
|
11-Aug-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Fix lookups with fully-qualified names
The Data Provider lookup code user the original input string as the
lookup key instead of the parsed name component. For example, for an
input joe@mydomain, the backend would have searched for:
(&(cn=joe@mydomain)(objectclass=user))
This patch fixes the lookup to use the parsed name.
https://fedorahosted.org/sssd/ticket/2402
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
4084ccd3442917c7aa88ba4d76ba1e71e67d3846 |
|
20-May-2014 |
Lukas Slebodnik <lslebodn@redhat.com> |
Remove unused parameter from ifp_user_get_groups_reply
Reviewed-by: Pavel Reichl <preichl@redhat.com> |
93a7dc1ed50a1f7a82d6e3985f16be774c84ada0 |
|
20-May-2014 |
Lukas Slebodnik <lslebodn@redhat.com> |
Remove unused parameter from ifp_user_get_attr_handle_reply
Reviewed-by: Pavel Reichl <preichl@redhat.com> |
3fe339bcba0e211cc666bb3afe34e5c8fce85f4f |
|
14-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Add a GetGroupsList method
This patch adds a new method on the bus with the following synopsis:
<method name="GetUserGroups">
<arg name="user" type="s" direction="in" />
<arg name="values" type="as" direction="out"/>
</method>
Its purpose is to return names of groups the user is a member of as a
list of strings.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
770dc892f867639f36f84455d65be6287935a529 |
|
13-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Per-attribute ACL for users
Introduces a new option called user_attributes that allows to specify
which user attributes are allowed to be queried from the IFP responder.
By default only the default POSIX set is allowed, this option allows to
either add other attributes (+attrname) or remove them from the default
set (-attrname).
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
2fbe9b9373dcdc28558da07690e57ff7a162a11d |
|
13-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Add GetUserAttrs call
Adds a DBus method that allows the caller to retrieve attributes of a
user. The synopsis of the call is as follows:
<method name="GetUserAttr">
<arg type="s" name="user" direction="in"/>
<arg type="as" name="attr" direction="in"/>
<arg type="a{sv}" name="values" direction="out"/>
</method>
The return value is an array (one attribute per array member) of
dictionaries. The key of the dictionary is the attribute name, the value
is a variant containing the attribute values as strings.
If an attribute does not exist or is not permitted to be read, no error
is returned. If the users does not exist, the method returns an error.
In future patches this function will be marked as obsolete in favor of
object-oriented approach.
ifp_user_get_attr_unpack_msg is a separate function to allow extending
it in a later patch.
The function to check the cache validity duplicates quite a bit of code
with the NSS responder. The refactoring would be nice to get done along
with #843.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com> |
3660f49f81e4db07be66fe0887af9d62065f1f2c |
|
13-May-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: use a list of allowed_uids for authentication
Similar to the PAC responder, the InfoPipe uses a list of UIDs that are
allowed to communicate with the IFP responder.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com> |
8214510f125879c3b1d247f2ce981ee20b5375d1 |
|
04-Apr-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Connect to the system bus
Related:
https://fedorahosted.org/sssd/ticket/2072
Adds the possibility for the InfoPipe responder to connect to the system bus.
At the moment, only a dummy method "Ping" is provided. The method only
accepts a single string parameter that has to be 'ping'. |
cb4d5b588e704114b7090678752d33512baa718e |
|
04-Apr-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IFP: Re-add the InfoPipe server
Related:
https://fedorahosted.org/sssd/ticket/2072
This commit only adds the responder and the needed plumbing. No DBus
related code is in yet. |