summaryrefslogtreecommitdiffstats
path: root/src/responder/ifp/ifpsrv.c
Commit message (Collapse)AuthorAgeFilesLines
* IFP: Add a GetGroupsList methodJakub Hrozek2014-06-031-0/+1
| | | | | | | | | | | | | | This patch adds a new method on the bus with the following synopsis: <method name="GetUserGroups"> <arg name="user" type="s" direction="in" /> <arg name="values" type="as" direction="out"/> </method> Its purpose is to return names of groups the user is a member of as a list of strings. Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 3fe339bcba0e211cc666bb3afe34e5c8fce85f4f)
* IFP: Per-attribute ACL for usersJakub Hrozek2014-06-031-0/+17
| | | | | | | | | | | | Introduces a new option called user_attributes that allows to specify which user attributes are allowed to be queried from the IFP responder. By default only the default POSIX set is allowed, this option allows to either add other attributes (+attrname) or remove them from the default set (-attrname). Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 770dc892f867639f36f84455d65be6287935a529)
* IFP: Add GetUserAttrs callJakub Hrozek2014-06-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds a DBus method that allows the caller to retrieve attributes of a user. The synopsis of the call is as follows: <method name="GetUserAttr"> <arg type="s" name="user" direction="in"/> <arg type="as" name="attr" direction="in"/> <arg type="a{sv}" name="values" direction="out"/> </method> The return value is an array (one attribute per array member) of dictionaries. The key of the dictionary is the attribute name, the value is a variant containing the attribute values as strings. If an attribute does not exist or is not permitted to be read, no error is returned. If the users does not exist, the method returns an error. In future patches this function will be marked as obsolete in favor of object-oriented approach. ifp_user_get_attr_unpack_msg is a separate function to allow extending it in a later patch. The function to check the cache validity duplicates quite a bit of code with the NSS responder. The refactoring would be nice to get done along with #843. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com> (cherry picked from commit 2fbe9b9373dcdc28558da07690e57ff7a162a11d)
* IFP: Initialize negative cache timeoutJakub Hrozek2014-06-031-0/+14
| | | | | | | | | | | | | | | In order to avoid hitting the back end with repetitive requests, the InfoPipe responder needs a negative cache, too. This patch follows the convention set by other responders, where the negative cache timeouts are read from the [nss] section. This is not ideal, however, and ticket #2318 tracks moving the configuration to the [ifp] section primarily. The timeout is also a separate parameter in the NSS context. We should consider moving it to the negcache context instead (#2317). Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com> (cherry picked from commit 6cbb9f0d7c6be2cd3553dcb548984bb98926d5cb)
* IFP: use a list of allowed_uids for authenticationJakub Hrozek2014-06-031-0/+20
| | | | | | | | | Similar to the PAC responder, the InfoPipe uses a list of UIDs that are allowed to communicate with the IFP responder. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com> (cherry picked from commit 3660f49f81e4db07be66fe0887af9d62065f1f2c)
* SBUS: Add SBUS_CONN_TYPE_SYSBUSJakub Hrozek2014-06-031-1/+1
| | | | | | | | | | We need to retrieve caller IDs for each call from the system bus. This commit adds a new SBUS connection type that identifies system bus connection. The connection is used in the IFP provider. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com> (cherry picked from commit b81ad4a7c59cade13d52216f805d904392627136)
* IFP: do not create client socketPavel Březina2014-06-031-1/+1
| | | | | | | | | | | There is no need for client socket in IFP responder, since it uses D-Bus for communication with clients. Resolves: https://fedorahosted.org/sssd/ticket/2290 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 0a6fa194bad18f417dc8542d3b8f654f898375c5)
* IFP: Connect to the system busJakub Hrozek2014-06-031-1/+109
| | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2072 Adds the possibility for the InfoPipe responder to connect to the system bus. At the moment, only a dummy method "Ping" is provided. The method only accepts a single string parameter that has to be 'ping'. (cherry picked from commit 8214510f125879c3b1d247f2ce981ee20b5375d1)
* IFP: Re-add the InfoPipe serverJakub Hrozek2014-06-031-0/+227
Related: https://fedorahosted.org/sssd/ticket/2072 This commit only adds the responder and the needed plumbing. No DBus related code is in yet. (cherry picked from commit cb4d5b588e704114b7090678752d33512baa718e) Conflicts: src/conf_macros.m4 src/confdb/confdb.h
generated by cgit (git 2.34.1) at 2024-05-25 18:48:00 +0000