sssd.git/src/responder/ssh, branch mdbtest sssd with jhrozek's patches responders: reset ncache after domains are discovered during startup 2015-04-09T06:35:23+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-29T14:31:19+00:00 0528fdec17d0031996e919fcd852459e86592c35 After responders start, they add a lookup operation that discovers the subdomains so that qualifying users works. After this operation is finishes, we need to reset negcache to allow users to be added into the newly discovered domains. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
After responders start, they add a lookup operation that discovers the
subdomains so that qualifying users works. After this operation is
finishes, we need to reset negcache to allow users to be added into the
newly discovered domains.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SSH: Ignore the default_domain_suffix 2015-04-01T11:50:21+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-24T20:19:03+00:00 eeecc48d22a28bb69da56f6ffd8824163fc9bf00 https://fedorahosted.org/sssd/ticket/2609 In a trust setup, hosts are normally only stored on the IPA server. The default_domain_suffix option is only recommended for the IPA-AD trust scenario as well. Therefore we should ignore this option in the SSH provider. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jan Cholasta <jcholast@redhat.com> 
https://fedorahosted.org/sssd/ticket/2609

In a trust setup, hosts are normally only stored on the IPA server. The
default_domain_suffix option is only recommended for the IPA-AD trust
scenario as well. Therefore we should ignore this option in the SSH
provider.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jan Cholasta <jcholast@redhat.com>
Fix: always check return value of unlink() 2014-11-28T15:16:37+00:00 Pavel Reichl preichl@redhat.com 2014-11-28T13:17:44+00:00 aff8b0e3b41644c70704b78e15501779d52b6ff4 Resolves: https://fedorahosted.org/sssd/ticket/2506 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2506

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Views: apply user SSH public key override 2014-11-05T14:26:36+00:00 Sumit Bose sbose@redhat.com 2014-10-16T11:17:37+00:00 ab355eced46b5f488ed62a79a7f2e5ac2b6a574c With this patch the SSH public key override attribute is read from the FreeIPA server and saved in the cache with the other override data. Since it is possible to have multiple public SSH keys this override value does not replace any other data but will be added to existing values. Fixes https://fedorahosted.org/sssd/ticket/2454 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
With this patch the SSH public key override attribute is read from the
FreeIPA server and saved in the cache with the other override data.

Since it is possible to have multiple public SSH keys this override
value does not replace any other data but will be added to existing
values.

Fixes https://fedorahosted.org/sssd/ticket/2454

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
RESPONDERS: Set default value for umask 2014-10-29T09:41:06+00:00 Pavel Reichl preichl@redhat.com 2014-10-24T11:42:50+00:00 458f5245dd5130d12666cce6faf8ef1ec7f80169 Resolves: https://fedorahosted.org/sssd/ticket/2468 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves: https://fedorahosted.org/sssd/ticket/2468

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SSH: Run the ssh responder as the SSSD user 2014-10-22T13:44:53+00:00 Jakub Hrozek jhrozek@redhat.com 2014-10-17T16:14:53+00:00 76c8dafad2a18cf1514635aa766062085c23a5c8 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
responders: Do not initialize pipe fd if already present 2014-10-22T13:44:39+00:00 Michal Zidek mzidek@redhat.com 2014-10-15T16:01:55+00:00 8bccd95e275fae760a991da394235e4e70e57bbd Allow to skip initialization of pipe file descriptor if the responder context already has one. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Allow to skip initialization of pipe file descriptor
if the responder context already has one.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
SSSD: Add the options to specify a UID and GID to run as 2014-10-20T19:43:40+00:00 Jakub Hrozek jhrozek@redhat.com 2014-10-06T14:28:13+00:00 ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Adds new command line options --uid and --gid to all SSSD servers,
making it possible to switch to another user ID if needed.

So far all code still runs as root.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
IFP: Provide a SBUS method to reconnect to sysbus 2014-07-08T18:38:16+00:00 Jakub Hrozek jhrozek@redhat.com 2014-06-25T10:33:03+00:00 b76419cf8830440b46c20a15585562343c7b1924 Introduces a new method implemented only by the IFP responder. When this method is received, the responder attempts to reconnect to the system bus, if not connected already. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Introduces a new method implemented only by the IFP responder. When this
method is received, the responder attempts to reconnect to the system
bus, if not connected already.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
sbus: Refactor how we export DBus interfaces 2014-03-14T12:42:20+00:00 Stef Walter stefw@redhat.com 2014-02-18T13:32:54+00:00 07e941c1bbdc752142bbd3b838c540bc7ecd0ed7 Most importantly, stop using per connection private data. This doesn't scale when you have more than one thing exporting or exported on a connection. Remove struct sbus_interface and expand sbus_conn_add_interface() function. Remove various struct sbus_interface args to connection initialization functions and make callers use sbus_conn_add_interface() directly. The old method was optimized for exporting one interface on a connection. We'll have connections that export zero, one or more interfaces. To export an interface on a DBus server, call sbus_conn_add_interface() from within the sbus_server_conn_init_fn. To export an interface on a DBus client, call sbus_conn_add_interface() after sbus_new_connection() returns. As before struct sbus_interface represents an object exported via DBus. However it is now talloc allocated. One can set instance data on the struct sbus_interface. This instance data is passed to the various handlers and used in their implementation. However, we now have type safe interface exporting in the various high level sss_process_init() sss_monitor_init() and so on. Introspection support was not in use, and is now gone until we implement it using the metadata (future patch). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Most importantly, stop using per connection private data. This doesn't
scale when you have more than one thing exporting or exported on a
connection.

Remove struct sbus_interface and expand sbus_conn_add_interface()
function. Remove various struct sbus_interface args to connection
initialization functions and make callers use sbus_conn_add_interface()
directly. The old method was optimized for exporting one interface
on a connection. We'll have connections that export zero, one or more
interfaces.

To export an interface on a DBus server, call sbus_conn_add_interface()
from within the sbus_server_conn_init_fn. To export an interface on
a DBus client, call sbus_conn_add_interface() after sbus_new_connection()
returns.

As before struct sbus_interface represents an object exported via DBus.
However it is now talloc allocated. One can set instance data on the
struct sbus_interface. This instance data is passed to the various
handlers and used in their implementation.

However, we now have type safe interface exporting in the various
high level sss_process_init() sss_monitor_init() and so on.

Introspection support was not in use, and is now gone until we
implement it using the metadata (future patch).

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>