summaryrefslogtreecommitdiffstats
path: root/server/responder/nss/nsssrv_cmd.c
Commit message (Collapse)AuthorAgeFilesLines
* Rename server/ directory to src/Stephen Gallagher2010-02-181-3182/+0
| | | | Also update BUILD.txt
* Add DEBUG messages to getpwnam_callback and getpwuid_callbackStephen Gallagher2009-12-171-0/+4
| | | | This matches the DEBUG logging available for groups.
* Fix potential uninitialized value errors in nsssrv_cmd.cStephen Gallagher2009-12-081-1/+2
|
* Use the custom password field in groups too.Simo Sorce2009-12-031-3/+5
| | | | Groups also need to honor the settable password field and use * by default.
* Use memberuid and not member in group enumerationsSimo Sorce2009-12-031-53/+8
| | | | | | This allows for correctly reporting nested group members, while at the same time not paying a too high price for caluclating nested groups at runtime e very time a search is made.
* Fix ticket #289Simo Sorce2009-11-231-0/+18
| | | | | When I converted fill_grent to speed up enumerations I left out this check by mistake.
* Speed up user requests while offlineStephen Gallagher2009-11-231-10/+12
| | | | | | | | | This adds a new boolean option to sss_dp_send_acct_req() called fast_reply. If we make a request to the backends and we are currently offline, this option will determine whether we should immediately return from the cache (acceptable for NSS requests) or potentially wait for an online check to complete (required for PAM requests).
* Filter by id range before actually storing entries.Simo Sorce2009-11-201-16/+0
| | | | This way we do not need to check for id ranges on every search.
* Optimize sysdb_enumgrentSimo Sorce2009-11-201-172/+178
| | | | | This brings down the time needed to enumerate my group database from 2.4 seconds to 0.15 seconds.
* Make the password field configurable in NSSJakub Hrozek2009-11-181-4/+5
| | | | | | | | Per the discussion on sssd-devel list, nss_sss should not return a hardcoded value but this should rather be configurable to allow whatever the OS or distribution thinks is the best for the particular case. Fixes: #266
* Change initgroups code to use and check the cacheSimo Sorce2009-11-181-196/+98
| | | | | | | We were previously always ending up contacting the backend because we had no way to know if an initgroups call for the same user had ever been called. Add attribute to hold this information and rely on backends to update it. If they don't we fallback to the previous behvior of asking the backend.
* Fix check_cache bug in dealing with the callbackSimo Sorce2009-11-121-97/+104
| | | | | | | | Also rework check_cache so that the operations it makes are more explicit. Also add comments about why we are doing something. Should make the code easier to understand in future (took quite some time and discussion on IRC to understand exactly how this function was behaving and to find the callback passing bug).
* Update midpoint refresh logic to be relative to cache timeoutStephen Gallagher2009-11-051-3/+17
|
* Move responsibility for entry expiration timeoutSimo Sorce2009-10-271-8/+8
| | | | | The providers are now responsible for determining how long a cached entry is considered valid. The default is the same as before (600s)
* Fix infinite loop with empty group enumerationStephen Gallagher2009-09-291-13/+15
| | | | | | Loop control variable was not being incremented. I also converted a goto loop into a do...while loop to make it easier to follow the logic.
* Revert "Use syslog for logging error conditions in SSSD"Stephen Gallagher2009-09-231-26/+26
| | | | | | | | This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d. Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made use of the SYSLOG_ERROR() macro, so those portions of that code also needed to be reverted.
* Use syslog for logging error conditions in SSSDJakub Hrozek2009-09-211-26/+26
| | | | | This is just a band-aid until ELAPI is fully functional and ready to use.
* Fix getgrnam and getgrgid callsSimo Sorce2009-09-111-7/+9
| | | | | The patch that added check_cache() broke them, no results returned for any group with actual members ...
* Add support for the EntryCacheNoWaitRefreshTimeoutStephen Gallagher2009-09-091-1/+34
| | | | | | | | This timeout specifies the lifetime of a cache entry before it is updated out-of-band. When this timeout is hit, the request will still complete from cache, but the SSSD will also go and update the cached entry in the background to extend the life of the cache entry and reduce the wait time of a future request.
* Consolidate cache lookups in the NSSStephen Gallagher2009-09-091-177/+93
| | | | | | getpwnam, getpwuid, getgrnam and getgrgid will now use a common function, check_cache, for determining whether to return a cached value or to go to the provider.
* Split database in multiple filesSimo Sorce2009-09-081-22/+183
| | | | | The special persistent local database retains the original name. All other backends now have their own cache-NAME.ldb file.
* Fix two possible uninitialized valuesSimo Sorce2009-09-081-3/+4
| | | | Make counter for used messages explicit.
* Turn enumeration into a boolean valueSimo Sorce2009-08-311-4/+4
|
* Fix group replies when using member/memberofSimo Sorce2009-08-271-191/+139
| | | | Also remove legacy memberuid support
* fix handling of filtersUsers in groupsSumit Bose2009-08-211-14/+20
| | | | | | | | - with the boolean option filterUsersInGroups it can be controlled wether filtered users appear in groups or not. - fixed an error which prevented the display of groups with filtered members - removed some tab indents
* Refactor responder_dp.cStephen Gallagher2009-08-141-20/+20
| | | | | | Many of the functions in responder_dp.c were originally NSS- specific and were moved there from the NSS responder code. Since they are now generic to any responder, rename them to sss_dp_*
* Fix user enumeration bugSimo Sorce2009-05-281-4/+0
| | | | | | The previous patch to fix an enumeration bug found with group enumeration inadvertently introduced a bug with user enumeration. Yeah, almost funny!
* Fix enumerations (bug #42)Simo Sorce2009-05-271-12/+76
| | | | | | | | | | If a backend had all its results filtered in fill_pwent or fill_grent then we would return an empty result, which means "end of results" to the client. Now we return ENOENT and let callers decide what to do. Also make sure we do not grow packets unless we are going to fill them as that's a recipe for killing the client as the size passed to sss_packet_grow is used to determine the size of the final packet.
* Silence warningsSimo Sorce2009-05-261-0/+4
|
* Do not fire up backend search when the data provider is localJakub Hrozek2009-05-261-14/+14
|
* added more flexible handling of client protocolSumit Bose2009-05-151-0/+10
| | | | | - allow different protocol versions for PAM and NSS - support more than one protocol version in the responder
* Fix some more return paths using uninitalized retSimo Sorce2009-05-061-3/+3
|
* Fix use of uninitialized return variableSimo Sorce2009-04-291-5/+5
|
* Fix by_id enumeration with multiple domainsSimo Sorce2009-04-161-0/+10
| | | | | | We need to stop parsing domains as soon as a caaandidate is found and let the callback search additional domains if the id is not found. Should fix ticket #21
* Fix a couple of segfaults and timeout checksSimo Sorce2009-04-131-30/+13
|
* Fix segfaults when passing an unknown domainSimo Sorce2009-04-131-9/+20
| | | | | Also setting dctx->domain to NULL is a recipe for segfaults :-) Assign dctx->domain only when dom actually holds a domain pointer.
* Serialize requests vs backends.Simo Sorce2009-04-091-544/+702
| | | | | | | This way we do not waste resources starting searching for users/groups in multiple backends when the first one has the answer. Also prevents possible race conditions where a user named the same way is found in multiple backends and the wrong one is returned.
* Change the way we retrieve domainsSimo Sorce2009-04-081-153/+79
| | | | | | | | | | | | | To be able to correctly filter out duplicate names when multiple non-fully qualified domains are in use we need to be able to specify the domains order. This is now accomplished by the configuration paramets 'domains' in the config/domains entry. 'domains' is a comma separated list of domain names. This paramter allows also to have disbaled domains in the configuration without requiring to completely delete them. The domains list is now kept in a linked list of sss_domain_info objects. The first domain is also the "default" domain.
* Clean up warnings in SSSDStephen Gallagher2009-04-071-8/+8
|
* Unify name parsing and reposnder headersSimo Sorce2009-04-071-117/+140
| | | | | | Use common sss_parse_name function in all responders Simplify responder headers by combining common,cmd,dp in one header and add name parse structure as part of the common responder context.
* Add way to use files as a proxy backend fro LOCALSimo Sorce2009-04-011-28/+91
| | | | | | | | | | | | Makes LOCAL a normal backend removing some special handling. Fix/Add id range filtering and name filtering Filters uid=0 and gid=0 in the proxy backend as 0 is invalid within sysdb and was causing getxxent calls to fail completely. Fix nss_ncache_check_xxx calls to avoid dirtying the 'ret' variable and causing some unwanted failures. Change sysdb to always return the uid number when searching member entries so that id range filtering can be perfomed also in group searhes (does not work with legacy backends)
* Add a more flexible way to parse and filter names.Simo Sorce2009-04-011-253/+670
| | | | | | | | | | A new nss_parse_name function uses pcre to parse names, this makes it possible, in future, to make the filter user configurable. Add a new filter mechanism to filter out users that uses the negative cache by setting a permanet negative entry. Rework the entry points where the negative cache is checked for.
* Make nsssrv use the common responder functionsSimo Sorce2009-03-271-175/+167
| | | | | Make nss_ctx a private pointer of the common resp_ctx Use sss_process_init and remove all duplicate functions from nsssrv.c
* Fix uninitailized pointer and cut&paste errorSimo Sorce2009-03-271-1/+5
| | | | | | | The structure we copy the domain pointerr on is not zero when allocated. We need to zero it ourselves or we get segfaults later on. A cut&paste error caused us to call the wrong getpw function.
* Retrieve some options from confdbSimo Sorce2009-03-201-4/+6
| | | | This fixes some old 'Fixme's :)
* Fix getgrent and getpwent callsSimo Sorce2009-03-181-2/+6
| | | | | | When I converted from using just the domain name to passing down the info structure I goofed how to test if we were willing to attach the local domain to the user/group names or not.
* Implement Negative cache for NSSSimo Sorce2009-03-131-3/+256
| | | | | | | As for positive caches, negative caches are implement for all queries except enumerations. Also set the correct requires in sssd.spec as we now depend directly on tdb as well.
* Fix returning user with missing optional attributes.Simo Sorce2009-03-101-5/+8
| | | | | | | | | Gecos, homedir and shell are optional, fix the responder not to refuse to return the user completely if they are missing, replace an empty homedir with "/". Also fix fullname vs gecos, and always return gecos for NSS data. On user creation set gecos to the same value as the user Full Name, to help populate the gecos field with data that makes sense.
* Treat uids and gids as 32 bit numbers not 64Simo Sorce2009-03-101-23/+21
| | | | | | In the nss communication protocol we were treating uids and gids as 64 bit values, but uids and gids are really u32 values, change the protocol to reflect the real size.
* Always pass sss_domain_info to sysdb functions.Simo Sorce2009-03-091-27/+15
|
generated by cgit (git 2.34.1) at 2024-05-19 17:14:02 +0000