| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Mirrors what we have done with the monitor.
|
| |
|
|
|
|
| |
Previously, we had hardcoded the paths for the NSS, PAM and
private PAM sockets to /var/lib/sss/pipes. With this patch, we
will specify the sockets with --with-pipe-path.
|
| |
|
|
|
|
|
| |
Make as much as possible static, and remove use of talloc_reference and
allocation/deallocation of memory when not necessary.
Fix also responder use of rctx->conn, was mistakenly used for both
monitor and dp connections.
|
| |
|
|
|
|
|
|
|
|
|
| |
Force a user lookup against the users domain provider.
If a user domain is not specified search though all non fully qualifying
domains.
Perform authentication against the corrent domain auth backend, based on the
user's domain found in the lookup if one was not
specified.
Also move the NSS-DP functions in COMMON-DP as they are reused by the PAM
responder too now.
|
| |
|
|
|
|
| |
Use common sss_parse_name function in all responders
Simplify responder headers by combining common,cmd,dp in one header and
add name parse structure as part of the common responder context.
|
| |
|
|
|
|
|
|
|
|
| |
A new nss_parse_name function uses pcre to parse names, this makes
it possible, in future, to make the filter user configurable.
Add a new filter mechanism to filter out users that uses the negative cache by
setting a permanet negative entry.
Rework the entry points where the negative cache is checked for.
|
| |
|
|
|
| |
Make nss_ctx a private pointer of the common resp_ctx
Use sss_process_init and remove all duplicate functions from nsssrv.c
|
| |
|
|
| |
forgot to commit a few changes
|
| |
|
|
| |
This fixes some old 'Fixme's :)
|
| |
|
|
|
|
|
| |
Now it can load from scratch default configuration that is valid for all
daemons.
First thing, make it possible for each daemon/provider to set its own debug
level in its configuration entry.
|
| |
|
|
|
|
|
| |
As for positive caches, negative caches are implement for all queries
except enumerations.
Also set the correct requires in sssd.spec as we now depend directly on tdb as
well.
|
| | |
|
| |
|
|
|
| |
We need to add the domain when users are not part of the default
domain, otherwise name conflicts may happen.
|
| |
|
|
|
|
|
|
|
| |
If an enumeration has been requested recently enough, force the
nss responder to read from the cache and not go out to each backend
and do slow network operations. This greatly improves performances
if enumerations are used often.
Currently the balcout period is harcoded to 2 min, we will need to make
it a configurable option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The NSS provider, the Data Provider backends and the InfoPipe all
need access to the domain map provided by the confdb. Instead of
reimplimenting it in multiple places, it is now provided in a pair
of helper functions from the confdb.
confdb_get_domains() returns a domain map by reference. Always
returns the most up-to-date set of domains from the confdb.
confdb_get_domains_list() returns an array of strings of all the
domain names. Always returns the most up-to-date set of domains
from the confdb.
This patch also modifies the btreemap_get_keys() function to
better handle memory and report allocation failures.
|
| |
|
|
|
|
| |
dependencies based on the latest samba code.
Convert all references to the old events library to use the
renamed tevent library.
|
|
|
Also move responders under server/responder with shared code
in server/responder/common
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
