| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
There were two functions for parsing strings by a separator. This patch
consolidates on the one previously used in confdb. This also allows
stripping the tokens of whitespace.
Fixes: #319
|
| | |
|
| |
|
|
|
|
|
|
| |
Per the discussion on sssd-devel list, nss_sss should not return a
hardcoded value but this should rather be configurable to allow whatever
the OS or distribution thinks is the best for the particular case.
Fixes: #266
|
| | |
|
| | |
|
| |
|
|
|
| |
The providers are now responsible for determining how long a cached
entry is considered valid. The default is the same as before (600s)
|
| |
|
|
|
|
|
|
|
| |
This adds a new option (offline_credentials_expiration) to the
[PAM] section of the sssd.conf
If the user does not perform an online authentication within the
timeout (in days), they will be denied auth once the timeout
passes.
|
| |
|
|
|
|
| |
Create and populate user directories on useradd, delete them on userdel
Fixes: #212
|
| |
|
|
|
|
|
|
| |
The LOCAL provider does not have a mechanism to load alternate
auth, access or chpass backends, nor does it make sense to do so.
This will throw a configuration error if these values are
specified (unless they are explicitly also set to 'local')
|
| |
|
|
|
|
|
|
|
| |
In sssd only local is a native mpg domain, and it is forced.
All other providers will have to unroll mpg users into a user/group pair of
entries in the db. This allows the provider to automatically establish if
the remote server provides mpg users w/o possibily conflicting manual
configurations on the client trying to force an mpg behavior where none
is provided.
|
| |
|
|
|
| |
We have converted to using dhash in place of btreemap everywhere
in the code.
|
| |
|
|
|
| |
Use this new utility call to ensure that the config file is safe
to read from.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Introduces a new option --debug-to-files which makes SSSD output its
debug information to a file instead of stderr, which is still the
default.
Also introduces a new confdb option debug_to_files which does the same,
but can be specified per-service in the config file.
The logfiles are stored in /var/log/sssd by default.
Changes the initscript to log to files by default.
|
| |
|
|
|
| |
This converts a great many configuration options to the new
standard format.
|
| |
|
|
|
|
|
|
| |
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d.
Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made
use of the SYSLOG_ERROR() macro, so those portions of that code
also needed to be reverted.
|
| |
|
|
|
|
|
| |
1) Add get_entry_as_bool function
2) Make all parameters in confdb_get_domain_internal() use macro
names for the attributes. This will make it easer to convert
them to the version 2 config file.
|
| |
|
|
|
| |
This is just a band-aid until ELAPI is fully functional and ready to
use.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The code was still dependent on it for the ldap driver.
Changed the driver code to depend on the schema type.
Fix defaults for user and groups trees.
ATM if you use the rfc2307bis schema you have to put users and groups
in 2 separate trees (what people does by default anyway.
If this limitation will turn to be too hard, we will change this later.
|
| |
|
|
|
|
| |
Because the confdb always operates synchronously, it maintains its
own private event context internally. The event context argument
passed to it is never used, so we'll remove it to avoid confusion.
|
| | |
|
| | |
|
| |
|
|
|
| |
The special persistent local database retains the original name.
All other backends now have their own cache-NAME.ldb file.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also updates the manpage for sssd.conf to denote this
|
| |
|
|
|
|
| |
If the last configured domain is broken confdb_get_domains returns
the return value of confdb_get_domain even if there are valid domains
available.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates the monitor_config_file() functions so that
they can monitor any number of files and invoke a specified
callback whenever they are modified.
When inotify is available, we will add an additional watch
descriptor to the inotify file descriptor.
When inotify is not available, the polling function will simply
loop to check each file in the monitor list.
When changes are discovered in resolv.conf, the monitor will send
a "resInit" signal to all of its known children. They are only
required to handle this function if they need updated DNS
information. Services that do not implement resInit should return
DBUS_ERROR_UNKNOWN_METHOD (rather than timing out) with no ill
effects.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Some text editors will create a new file and move it into place
on top of the existing file. When this happens, the kernel issues
an IN_IGNORE inotify event and automatically removes the watch
descriptor for that file. We'll handle the event and create a new
watch descriptor for the new file. We will attempt to rewatch the
file six times at five-second intervals.
2) Some scripts may append new data to the config file in several
steps (such as calling echo "foo" >> sssd.conf several times). In
order to handle these scripts safely, we'll defer processing of
inotify events for one second after the first is detected. This
should be ample time for the remainder of the script to complete.
|
| |
|
|
| |
See ticket #37 in sssd track.
|
| |
|
|
|
|
|
| |
We were stealing the memory context of only the first value in
the linked-list of domains (and also services). This patch adds a
memory context to hold the lists so that can be stolen along with
all of the entries.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
We will trap all LDB debug messages and pipe them into our
internal DEBUG() function. LDB FATAL messages will still be
printed by default, WARNING and TRACE functions will be at debug
level 3 and 9, respectively.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Refactoring the confdb so that the setup code can be linked
separately from the access API. This is being done so that our
plugins do not need to link against the collection and ini_config
libraries.
|
| | |
|
| |
|
|
|
|
| |
Add code to check if the file has changed since the last update was performed.
Avoid dumping and reloading the config ldb if the modification time of the
configuration file has not changed at all.
|
| |
|
|
|
|
| |
Also convert all places where we were using custom code to parse
config arguments.
And fix a copy&paste error in nss_get_config
|
| |
|
|
|
|
|
| |
Previously, every DP client was allowed to set its own "retries"
option. This option was ambiguous, and useless. All DP clients
will now use a global option set in the services config called
"reconnection_retries"
|
| |
|
|
|
| |
Change sysdb to always passwd sss_domain_info, not just the domain name.
This way domain specific options can always be honored at the db level.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SSSD now links with the ini_config and collection libraries
in the common directory.
The monitor will track changes to the /etc/sssd/sssd.conf file
using inotify on platforms that support it, or polled every 5
seconds on platforms that do not.
At startup or modification of the conf file, the monitor will
purge the existing confdb and reread it completely from the conf
file, to ensure that there are no lingering entries. It does this
in a transaction, so there should be no race condition with the
client services.
A new option has been added to the startup options for the SSSD.
It is now possible to specify an alternate config file with the
-c <file> at the command line.
|
| | |
|
| |
|
|
|
|
| |
Since we switched to allowing domains to be configured but
inactive, we need to include the default set (just LOCAL) into
the first-start config.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
To be able to correctly filter out duplicate names when multiple non-fully
qualified domains are in use we need to be able to specify the domains order.
This is now accomplished by the configuration paramets 'domains' in the
config/domains entry. 'domains' is a comma separated list of domain names.
This paramter allows also to have disbaled domains in the configuration without
requiring to completely delete them.
The domains list is now kept in a linked list of sss_domain_info objects.
The first domain is also the "default" domain.
|
| |
|
|
|
| |
- value array is not terminated properly
- infopipe service is added dynamically
|
| |
|
|
|
|
|
|
|
|
| |
Make confdb load a base ldif like sysdb to initialize the db,
makes it simpler to understand at first sight what is the default
configuration.
Make the parameter "command" optional. Derive the default command
from available information.
Make the debug level a global by default so that enabling debug for
all components is as easy as passing just -d X to the sssd binary.
|
