summaryrefslogtreecommitdiffstats
path: root/src/responder/nss/nsssrv_cmd.c
Commit message (Collapse)AuthorAgeFilesLines
* Do not call sss_cmd_done in function check_cache.sssd-1.9.2-105.el6Lukas Slebodnik2013-08-081-6/+0
| | | | | | | | Function sysdb_getpwnam return more results than 1 and therefore sss_cmd_done was called. Inside of function sss_cmd_done memory was freed, but this freed memory was used in caller functions, therefore sssd crashed. https://fedorahosted.org/sssd/ticket/1980
* Add ignore_group_members option.sssd-1.9.2-102.el6Paul B. Henson2013-08-081-16/+19
| | | | https://fedorahosted.org/sssd/ticket/1376
* NSS: Add original homedir to home directory template optionssssd-1.9.2-101.el6Stephen Gallagher2013-08-081-5/+6
| | | | https://fedorahosted.org/sssd/ticket/1805
* Invalidate user entry even if there are no groupsJakub Hrozek2013-01-161-6/+1
| | | | | | | | | Related to https://fedorahosted.org/sssd/ticket/1757 Previously we would optimize the mc invalidate code for cases where the user was a member of some groups. But if the user was removed from the server while being in memory cache, we would only invalidate the mc record if he was a member of at least one supplementary group.
* NSS: invalidate memcache user entry on initgr, tooJakub Hrozek2013-01-161-0/+11
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1757 When the user entry was missing completely after initgroups, we would never invalidate the user entry from cache. This led to dangling cache entried in memory cache if the user was removed from the server while still being in memory cache.
* sss_userdel and sss_groupdel with use_fully_qualified_namesMichal Zidek2013-01-071-15/+50
| | | | | If use_fully_qualified_names is used, we need to pass fqdn to sss_mmap_cache_*_invalidate.
* mmap cache: invalidate cache on fatal errorSimo Sorce2012-12-201-2/+2
| | | | | | | | | | If a fatal EFAULT error is returned by the internal function that frees used memory invalidate the whole cache and reinit it. This way we avoid further corruption and insure clients see consistent data. Also insure we use the right context in init() and we use talloc_zfree() in reinit so that if the init() later fails we do not leave around a pointer to free memory in the callers.
* sssd_nss: Plug memory leaks1.9.2-55Simo Sorce2012-12-201-2/+11
| | | | | A recent patch introduced a glaring memory leak in the routines that clean up memcache memory on initgroups calls.
* sssd_nss: Remove entries from memory cache if not found in sysdbMichal Zidek2012-12-141-0/+23
| | | | | Functions nss_cmd_getXXnam remove entries from memory cache if not found in sysdb cache of a local domain.
* Hook for mmap cache update on initgroup callsSimo Sorce2012-12-061-0/+91
| | | | | This set of functions enumerate the user's groups and invalidate them all if the list does not matches what we get from the caller.
* Hook to perform a mmap cache update from sssd_nssSimo Sorce2012-12-061-0/+100
| | | | | This set of functions enumerate each user/group from all domains and invalidate any mmap cache record that matches.
* Refactor the way subdomain accounts are savedSimo Sorce2012-11-191-3/+7
| | | | | | | | | | | | | | | | | The original sysdb code had a strong assumption that only users from one domain are saved in the databse, with the subdomain feature, we have changed reality, but have not adjusted all the code arund the sysdb calls to not rely on the original assumption. One of the side effects of this incongrunece is that currently group memberships do not return fully qualified names for subdomain users as they should. In oreder to fix this and other potential issues surrounding the violation of the original assumption, we need to fully qualify subdomain user names. By savin them fully qualified we do not risk aliasing local users and have group memberhips or other name based matching code mistake a domain user with subdomain usr or vice versa.
* Fix two errors in the nss responderSumit Bose2012-11-051-1/+3
| | | | | | | | | One is a copy-and-paste error which was introduce by 1774ee9a61b9d691dadd1a0538f32bcdcc84f72f. The second fixes a missing explicit setting of the return value. In the case where we want fully qualified names ret contains the number of characters from the last snprintf() which is almost ever not 0.
* Check for subdomains if getpwuid or getgrgid are the first requestsSumit Bose2012-10-121-0/+72
| | | | Fixes https://fedorahosted.org/sssd/ticket/1561
* nss_cmd_retpwent(): do not go into infinite loop if n < 0Pavel Březina2012-10-111-0/+8
| | | | https://fedorahosted.org/sssd/ticket/1551
* Add new option default_domain_suffixSumit Bose2012-10-011-6/+12
|
* NSS: Add override_shell optionStephen Gallagher2012-07-201-2/+12
| | | | | | | | | If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
* Fix re_expression matching with subdomainsJan Zeleny2012-06-211-36/+98
| | | | | | | | | | | This patch fixes an issue which resulted in a need to initialize responder with data from local domain, otherwise it would not correctly detect requests for subdomains. Similar situation can occur if new subdomain is added at runtime. The solution is to ask for a list of subdomains in case there is a candidate domain identified in the process of matching re_expressions with given name.
* Make re_expression and full_name_format per domain optionsStef Walter2012-06-121-9/+13
| | | | | | | | | | | * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
* Ghost members - various small changesJan Zeleny2012-05-311-1/+1
|
* Ghost members - NSS responder changesJan Zeleny2012-05-311-89/+147
| | | | | | | | | Since there are two attributes storing information about user memberships of the group we have to include both of them in results. This will apply only for objects that have ghost members (i.e. they contain the SYSDB_GHOST attribute). If an object has this attribute, values of this attribute are not projected to the memberuid attribute.
* NSS: Fix segfault when mmap cache cannot be initializedStephen Gallagher2012-05-241-2/+2
|
* Use sized_string correctly in FQDN domainsJakub Hrozek2012-05-151-2/+2
|
* NSS: keep a pointer to body after body is reallocatedJakub Hrozek2012-05-151-0/+3
|
* Send the correct enumeration requestJakub Hrozek2012-05-101-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1329
* NSS: Add default_shell optionStephen Gallagher2012-05-091-1/+7
| | | | | | | This option will allow administrators to set a default shell to be used if a user does not have one set in the identity provider. https://fedorahosted.org/sssd/ticket/1289
* NSS: Add fallback_homedir optionStephen Gallagher2012-05-091-2/+21
| | | | | | | | This option is similar to override_homedir, except that it will take effect only for users that do not have an explicit home directory specified in LDAP. https://fedorahosted.org/sssd/ticket/1250
* NSS: fix returning group from cacheJakub Hrozek2012-05-021-1/+1
|
* NSS: Check return code of sss_mmap_cache_gr_storeJakub Hrozek2012-05-021-0/+5
|
* NSS: Only return data from initgroups onceJakub Hrozek2012-04-241-3/+10
| | | | | | | | | Do not let nss_cmd_initgroups_search() return data itself, but let the caller return data. This is more intuitive and more consistent with the rest of the nss_cmd_*_search() functions. Also fixes a typo - nss_cmd_initgroups_cb used to call getpw_send_reply instead of initgr_send_reply.
* Lowercase group members in case-insensitive domainsJakub Hrozek2012-04-241-1/+7
| | | | https://fedorahosted.org/sssd/ticket/1312
* Moved expand_homedir_template() from NSS responder to utility codeJan Zeleny2012-04-241-108/+1
|
* Check sub-domains in nss_cmd_get{pwuid|grgid}_search()Sumit Bose2012-04-241-4/+26
|
* Ask for subdomains in responder in the first request after startupJan Zeleny2012-04-241-0/+30
|
* Retrieve subdomains if there is a request for fully qualified userJan Zeleny2012-04-241-3/+132
|
* Modified responder_get_domain()Jan Zeleny2012-04-241-3/+3
| | | | Now it checks for subdomains as well as for the domain itself
* Prevent printing NULL from DEBUG messagesJakub Hrozek2012-04-181-3/+6
|
* nsssrv: add handling of memory cache group mapSimo Sorce2012-03-191-3/+13
|
* nsssrv: add handling of memory cache passwd mapSimo Sorce2012-03-191-3/+17
|
* Remove sysdb_get_ctx_from_list()Sumit Bose2012-02-291-14/+14
|
* Avoid uninitialized value comparisonStephen Gallagher2012-02-131-0/+3
| | | | Coverity #12526
* Allocate setent structure on state, not on the client contextJakub Hrozek2012-02-131-4/+4
| | | | https://fedorahosted.org/sssd/ticket/1189
* Remove setent structure when callback is calledJakub Hrozek2012-02-131-9/+4
|
* Fix group enumerationJakub Hrozek2012-02-101-0/+2
| | | | | | Also adds some more debugging and fixes a code style issue. https://fedorahosted.org/sssd/ticket/1182
* Split the logic to check cache expiration into separate functionJakub Hrozek2012-02-051-43/+17
|
* RESPONDERS: Refactor setent_req_listJakub Hrozek2012-02-051-51/+24
| | | | | Makes the setent_add_ref() and setent_notify_*() functions more generic to be reusable by the autofs responder.
* RESPONDERS: Provide a common sss_cmd_send_error functionJakub Hrozek2012-02-021-13/+1
| | | | The common function could be reused in new responders
* Refactor nss_cmd_send_emptyJakub Hrozek2012-01-311-34/+3
|
* NSS: Add getservbyname and getservbyport support to the NSS ResponderStephen Gallagher2012-01-271-0/+6
|
* Move sized_string declaration to utilsStephen Gallagher2012-01-231-11/+0
|
generated by cgit (git 2.34.1) at 2024-05-10 10:46:57 +0000