summaryrefslogtreecommitdiffstats
path: root/src/providers/data_provider_be.c
Commit message (Collapse)AuthorAgeFilesLines
* be_spy_create: free be_req and not the long living dataSumit Bose2013-10-301-1/+1
|
* dp: add function to terminate request of specific domainPavel Březina2013-10-251-0/+20
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/1968
* dp: set request domainPavel Březina2013-10-251-0/+43
| | | | | | | | Every request is attached to be_ctx->domain by default. We will change the domain to a subdomain if it is relevant. Resolves: https://fedorahosted.org/sssd/ticket/1968
* dp: store list of ongoing requestsPavel Březina2013-10-251-0/+15
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/1968
* Add unconditional online callbacksSumit Bose2013-10-221-0/+2
| | | | | | | | | Currently online callbacks are only executed if the backend was offline before. This patch add a new class of callback which are always called if the backend gets a request to go online. They can be used e.g. to reset timeouts until a more sophisticated method (OpenLMI, sssctl) is available.
* DP: Notify propperly when removing PAC responderOndrej Kos2013-08-241-1/+4
| | | | | Adds pac_cli be_client structure pointer, to indetify and log the PAC responder termination correctly.
* Remove unused be_ctx->sigchld_ctxJakub Hrozek2013-07-181-8/+0
|
* back end: add refresh expired records periodic taskPavel Březina2013-06-101-0/+23
| | | | | | https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
* Use queue for get_subdomainsSumit Bose2013-06-041-3/+7
| | | | | | | | | | | It does not make much sense to run multiple get_subdomains request in parallel because all requests will load the same information from the server. The IPA and AD provider already implement a short timeout to avoid the multiple requests are running to fast after each other. But if the timeout is over chances are that if two or more request come in fast the first request cannot update the timeout and request will run in parallel. To avoid this the requests are queued and send one after the other to the provider.
* Add be request queueSumit Bose2013-06-041-0/+119
| | | | | | | For some backend targets it might be not desirable to run requests in parallel but to serialize them. To avoid that each provider has to implement a queue for this target this patch implements a generic queue which collects incoming requests before they are send to the target.
* Add secid filter to responder-dp protocolSumit Bose2013-05-021-0/+5
| | | | | This patch add a new filter type to the data-provider interface which can be used for SID-based lookups.
* Centralize resolv_init, remove resolv context listJakub Hrozek2013-04-031-1/+1
|
* Do not compile main() in DP if UNIT_TESTING is definedJakub Hrozek2013-03-191-0/+2
| | | | | | | | | | | The simple access provider unit tests now need to link against the Data Provider when they start using the be_file_account_request() function. But then we would start having conflicts as at least the main() functions would clash. If UNIT_TESTING is defined, then the data_provider_be.c module does not contain the main() function and can be linked against directly from another module that contains its own main() function
* Provide a be_get_account_info_send functionJakub Hrozek2013-03-191-19/+130
| | | | | | | | | | | | | | In order to resolve group names in the simple access provider we need to contact the Data Provider in a generic fashion from the access provider. We can't call any particular implementation (like sdap_generic_send()) because we have no idea what kind of provider is configured as the id_provider. This patch splits introduces the be_file_account_request() function into the data_provider_be module and makes it public. A future patch should make the be_get_account_info function use the be_get_account_info_send function.
* Use the correct memory context in be_req_createJakub Hrozek2013-03-041-1/+1
|
* dp: check whether hostid backend is configured before filing be requestPavel Březina2013-02-011-0/+8
|
* Make struct be_req opaqueSimo Sorce2013-01-211-0/+18
|
* Add be_req_get_data() helper funciton.Simo Sorce2013-01-211-4/+11
| | | | In preparation for making struct be_req opaque.
* Add be_req_get_be_ctx() helper.Simo Sorce2013-01-211-0/+5
| | | | In preparation for making be_req opaque
* Add be_req_create() helperSimo Sorce2013-01-211-37/+33
|
* Introduce be_req_terminate() helperSimo Sorce2013-01-211-2/+9
| | | | | Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
* Remove domain from be_req structureSimo Sorce2013-01-211-1/+0
|
* Remove sysdb as a be request structure memberSimo Sorce2013-01-211-1/+0
| | | | The sysdb context is already available through the 'domain' context.
* Remove sysdb as a be context structure memberSimo Sorce2013-01-211-3/+2
| | | | The sysdb context is already available through the 'domain' structure.
* set struct bet_info->bet_typePavel Březina2013-01-191-0/+1
|
* Invalidate user entry even if there are no groupsJakub Hrozek2013-01-161-5/+7
| | | | | | | | | Related to https://fedorahosted.org/sssd/ticket/1757 Previously we would optimize the mc invalidate code for cases where the user was a member of some groups. But if the user was removed from the server while being in memory cache, we would only invalidate the mc record if he was a member of at least one supplementary group.
* Add domain argument to sysdb_initgroups()Simo Sorce2013-01-151-1/+1
|
* Refactor single domain initializationSimo Sorce2013-01-151-2/+2
| | | | | Bring it out of sysdb, which will slowly remove internal dependencies on domains and instead will always require them to be passed by callers.
* DP: invalidate all cached maps if a request for auto.master comes inJakub Hrozek2012-12-181-0/+7
| | | | | | If the Data Provider receives a request for the auto.master map, it passes on a flag to let the actual provider let know he should invalidate the existing maps
* Add backchannel NSS provider query on initgr callsSimo Sorce2012-12-051-0/+165
| | | | | | | | | This is needed in order to assure the memcache is properly and promptly cleaned up if a user memberships change on login. The list of the current groups for the user is sourced before it is updated and sent to the NSS provider to verify if it has changed after the update call has been made.
* Refactor the way subdomain accounts are savedSimo Sorce2012-11-191-0/+11
| | | | | | | | | | | | | | | | | The original sysdb code had a strong assumption that only users from one domain are saved in the databse, with the subdomain feature, we have changed reality, but have not adjusted all the code arund the sysdb calls to not rely on the original assumption. One of the side effects of this incongrunece is that currently group memberships do not return fully qualified names for subdomain users as they should. In oreder to fix this and other potential issues surrounding the violation of the original assumption, we need to fully qualify subdomain user names. By savin them fully qualified we do not risk aliasing local users and have group memberhips or other name based matching code mistake a domain user with subdomain usr or vice versa.
* Run IPA subdomain provider if IPA ID provider is configuredSumit Bose2012-11-141-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
* backend: add PAC to the list of known clientsPavel Březina2012-11-121-0/+2
|
* Include talloc log in our debug facilityMichal Zidek2012-10-291-2/+1
| | | | https://fedorahosted.org/sssd/ticket/1495
* Make subdomain discovery less noisySumit Bose2012-09-241-15/+16
| | | | Fixes https://fedorahosted.org/sssd/ticket/1517
* backend: initialize sudo only when it is enabled in servicesPavel Březina2012-09-121-3/+63
| | | | | | | https://fedorahosted.org/sssd/ticket/1458 When the responder is disabled and sudo_provider is set explicitly, a warning is print and the module will be initialized.
* be_process_init(): free ctx on errorPavel Březina2012-09-121-15/+21
|
* Abort PAM access phase if HBAC does not return PAM_SUCCESSJakub Hrozek2012-08-091-0/+1
|
* Subdomains: Send the DP reply in the correct formatJakub Hrozek2012-08-071-14/+41
| | | | | The DP was sending the reply in a format the responder did not expect, so the responder always failed to parse the message.
* Change refreshing of subdomainsSimo Sorce2012-08-011-1/+0
| | | | | | | | | This patch keeps a local copy of the subdomains in the ipa subdomains plugin context. This has 2 advantages: 1. allows to check if anything changed w/o always hitting the sysdb. 2. later will allows us to dump this information w/o having to retrieve it again. The timestamp also allows to avoid refreshing too often.
* Use a more tractable name for subdomain requestSimo Sorce2012-08-011-2/+2
| | | | | I am all for readable names, but there is a tradeof between expressing purpose and compactness.
* Move SELinux processing from session to account PAM stackJan Zeleny2012-07-271-0/+25
| | | | | | | | | | | | | | The idea is to rename session provider to selinux provider. Processing of SELinux rules has to be performed in account stack in order to ensure that pam_selinux (which is the first module in PAM session stack) will get the correct input from SSSD. Processing of account PAM stack is bound to access provider. That means we need to have two providers executed when SSS_PAM_ACCT_MGMT message is received from PAM responder. Change in data_provider_be.c ensures just that - after access provider finishes its actions, the control is given to selinux provider and only after this provider finishes is the result returned to PAM responder.
* Renamed session provider to selinux providerJan Zeleny2012-07-271-8/+6
|
* Always free request in data provider PAM callbackJan Zeleny2012-07-271-2/+3
| | | | In case of error the request wasn't freed and the callback just ended.
* sudo backend - add support for on demand refresh of specific rulesPavel Březina2012-06-291-7/+61
|
* sudo backend - support only on demand full refreshPavel Březina2012-06-291-28/+4
|
* Move some debug lines to new debug log levelsStef Walter2012-06-201-1/+1
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* subdomains: Fix error handling in Data ProviderJakub Hrozek2012-05-101-19/+37
| | | | | The subdomains back end request was sending replies in a format the responder did not understand in case the request failed.
* SSH: Add dp_get_host_send to common responder codeJakub Hrozek2012-05-031-21/+11
| | | | | | | | Instead of using account_info request, creates a new ssh specific request. This improves code readability and will make the code more flexible in the future. https://fedorahosted.org/sssd/ticket/1176
* Rename split_service_name_filterJakub Hrozek2012-05-031-16/+16
| | | | | The function was used outside services code which was confusing due to its name. This patch renames it to sound more netrual.
generated by cgit (git 2.34.1) at 2024-05-01 06:18:50 +0000