summaryrefslogtreecommitdiffstats
path: root/src/confdb
Commit message (Collapse)AuthorAgeFilesLines
* confdb: add has_views and view_name to sss_domain_infoSumit Bose2014-10-202-0/+6
| | | | | | | | | | | | | | To let the responders know which view is applied and to make view handling more efficiently especially when no view is applied/available two new member are added to the sss_domain_info struct. view_name is the name of the view if available. has_views is only true if the client has a specific view applied, i.e. it is false for the case when there are no views at all (e.g. plain LDAP provider) or the client has the FreeIPA default view. This allows the responders to easily bypass any view related code. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* PAM: new options pam_trusted_users & pam_public_domainsPavel Reichl2014-09-291-0/+2
| | | | | | | | | | | | | pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SSS_CACHE: Allow sss_cache tool to flush SSH hosts cacheWilliam B2014-09-052-0/+13
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2358 Signed-off-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Make the space override responder-agnosticJakub Hrozek2014-08-131-1/+1
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2397 In order to make the override_space option usable by other responders, we need to move the override_space option to the generic responder structure. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Only replace space with the specified substitutionJakub Hrozek2014-08-131-1/+1
| | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2397 - make sss_replace_whitespaces only replace space (' ') not any whitespace - make sss_replace_whitespaces only replace a single char, not the whole string - rename CONFDB_NSS_OVERRIDE_DEFAULT_WHITESPACE to CONFDB_NSS_OVERRIDE_DEFAULT_SPACE - rename the override_default_whitespace option to override_space - rename sss_replace_whitespaces() to sss_replace_space() - rename sss_reverse_replace_whitespaces() to sss_reverse_replace_space() - rename nctx->override_default_wsp_str to nctx->override_space - make the return value of sss_replace_space non-const to avoid freeing the result without compilation warnings Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Remove unused function confdb_set_boolMichal Zidek2014-07-292-80/+0
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* case_sensitivity = preservingMichal Zidek2014-07-292-6/+22
| | | | | | | | | | | If case_sensitivity is set to 'preserving', getXXnam returns name attribute in the same format as stored in LDAP. Fixes: https://fedorahosted.org/sssd/ticket/2367 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Add function confdb_set_string.Michal Zidek2014-07-292-0/+93
| | | | | | | Part of fix for: https://fedorahosted.org/sssd/ticket/2367 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* NSS: Replace spaces with specified string in names.Lukas Slebodnik2014-07-281-0/+1
| | | | | | | | | | | | This patch add possibility to replace whitespace in user and group names with a specified string. With string "-", sssd will return the same result as winbind enabled option "winbind normalize names" Resolves: https://fedorahosted.org/sssd/ticket/1854 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* NSS: Add option to expand homedir template formatLukas Slebodnik2014-06-022-0/+13
| | | | | | | | | LDAP server can contain template for home directory instead of plain string. This patch adds new expand option "%H", which will be replaced with value from configuration option homedir_substring (from sssd.conf) Resolves: https://fedorahosted.org/sssd/ticket/1853
* confdb: add confdb_list_all_domain_names()Pavel Březina2014-05-282-0/+80
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Per-attribute ACL for usersJakub Hrozek2014-05-131-0/+1
| | | | | | | | | | | Introduces a new option called user_attributes that allows to specify which user attributes are allowed to be queried from the IFP responder. By default only the default POSIX set is allowed, this option allows to either add other attributes (+attrname) or remove them from the default set (-attrname). Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IFP: Re-add the InfoPipe serverJakub Hrozek2014-04-041-0/+3
| | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2072 This commit only adds the responder and the needed plumbing. No DBus related code is in yet.
* Update DEBUG* invocations to use new levelsNikolai Kondrashov2014-02-122-34/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Make DEBUG macro invocations variadicNikolai Kondrashov2014-02-122-103/+103
| | | | | | | | | | | | | | | | | | | | | | | | Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* CONFDB: fail if there are domains with same namePavel Reichl2014-02-091-0/+18
| | | | | | | | | | Fail to start sssd if the domains given in the domains option are the same as or only differ in case. Resolves: https://fedorahosted.org/sssd/ticket/2171 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* monitor: Specific error message for missing sssd.confPavel Reichl2013-11-271-2/+7
| | | | | | | | Specific error message is logged for missing sssd.conf file. New sssd specific error value is introduced for this case. Resolves: https://fedorahosted.org/sssd/ticket/2156
* confdb: Make offline timeout configurableMichal Zidek2013-11-071-0/+1
| | | | | | | Added and documented option offline_timeout. Resolves: https://fedorahosted.org/sssd/ticket/1718
* dp: make subdomains refresh interval configurablePavel Březina2013-10-252-0/+10
| | | | | | | | | | This patch makes the refresh of available subdomains configurable. New option: subdomain_refresh_interval (undocumented) Resolves: https://fedorahosted.org/sssd/ticket/1968
* Remove unused constantsJakub Hrozek2013-10-221-3/+0
|
* Include external headers with #include <foo.h>Jakub Hrozek2013-10-221-4/+5
| | | | | | I find it more readable to include headers from outside the sssd tree with <foo.h>, not "foo.h". The latter should be used for in-tree headers only.
* IPA: store forest name for forest member domainsSumit Bose2013-09-271-0/+1
| | | | | In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of the forest must be known for a member domain of the forest.
* Add a new option to control subdomain enumerationJakub Hrozek2013-08-282-0/+16
|
* Fix the default FQDN formatJakub Hrozek2013-07-191-2/+2
| | | | | | Commit 52ae806bd17c3c00d70bd1aed437f10f5ae51a1c changed the default FQDN format by accident to the one we only ever user internally. This commit fixes the mistake.
* IPA: warn if full_name_format is customized in server modeJakub Hrozek2013-07-191-0/+2
| | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2009 If the IPA server mode is on and the SSSD is running on the IPA server, then the server's extdom plugin calls getpwnam_r to read info about trusted users from the AD server and return them to the clients that called the extended operation. The SSSD returns the subdomain users fully-qualified, ie "user@domain" by default. The format of the fully qualified name is configurable. However, the extdom plugin returns the user name without the domain component. With this patch, when ipa_server_mode is on, warn if the full_name_format is set to a non-default value. That would prompt the admin to change the format if he changed it to something exotic.
* Fix some doxygen warningsSumit Bose2013-06-111-2/+0
|
* back end: add refresh expired records periodic taskPavel Březina2013-06-102-0/+14
| | | | | | https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
* DB: Switch to new libini_config APIOndrej Kos2013-04-261-227/+120
| | | | | | | https://fedorahosted.org/sssd/ticket/1786 Since we need to support the old interface as well, the configure scritp is modified and correct ini interface is chosen.
* Init failover with be_res optionsJakub Hrozek2013-04-031-4/+0
|
* Don't treat 0 as default for pam_pwd_expiration warningJakub Hrozek2013-03-011-1/+2
|
* Fix the krb5 password expiration warningJakub Hrozek2013-02-211-1/+7
| | | | https://fedorahosted.org/sssd/ticket/1808
* Change the way domains are linked.Simo Sorce2013-02-102-10/+4
| | | | | | | | | | | | | | | | | | | - Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()
* Add ability to disable domainsSimo Sorce2013-02-101-0/+2
|
* Add function get_next_domain()Simo Sorce2013-02-101-1/+1
| | | | | | | Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
* Add realm info to sss_domain_infoSimo Sorce2013-02-101-0/+1
|
* Convert the value of pwd_exp_warning to secondsJakub Hrozek2013-01-221-5/+6
| | | | | | | | When read from the domain section, the pwd_expiration_warning was properly converted to seconds from days, but not the pam_pwd_expiration_warning set in the [pam] section. https://fedorahosted.org/sssd/ticket/1773
* Move mpg flag to the domain where it belongsSimo Sorce2013-01-152-0/+4
| | | | | A sysdb contains now multiple domains, but the mpg property is a property of a specific domain not of the underlying database.
* failover: Protect against empty host namesMichal Zidek2013-01-021-1/+1
| | | | | | | | | | Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
* Add ignore_group_members option.Paul B. Henson2012-11-152-0/+11
| | | | https://fedorahosted.org/sssd/ticket/1376
* Allow setting the default_shell option per-domain as wellJakub Hrozek2012-10-182-0/+11
| | | | https://fedorahosted.org/sssd/ticket/1583
* SSH: Expire hosts in known_hostsJan Cholasta2012-10-051-0/+2
|
* Add new option default_domain_suffixSumit Bose2012-10-011-0/+1
|
* Renamed session provider to selinux providerJan Zeleny2012-07-271-1/+1
|
* NSS: Add override_shell optionStephen Gallagher2012-07-202-0/+12
| | | | | | | | | If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
* pac responder: limit access by checking UIDsSumit Bose2012-07-101-0/+1
| | | | | | | | | | | | A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
* CONFDB: Add the ability to set a boolean value in the confdbStephen Gallagher2012-07-062-0/+80
|
* confdb: add entry_cache_sudo_timeout optionPavel Březina2012-06-292-0/+13
|
* Set default for subdomain_homedirSumit Bose2012-06-252-1/+3
|
* PAC responder: add basic infrastructureSumit Bose2012-06-211-0/+3
| | | | | This adds only the basic outline of the PAC responder, it won't support any operations, it will just start and initialize itself.
* Move some debug lines to new debug log levelsStef Walter2012-06-201-1/+1
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
generated by cgit (git 2.34.1) at 2024-11-15 14:19:47 +0000