summaryrefslogtreecommitdiffstats
path: root/src/responder/nss/nsssrv_cmd.c
Commit message (Collapse)AuthorAgeFilesLines
* NSS: Fix parenthesisJakub Hrozek2013-10-301-1/+1
|
* NSS: Print FQDN for groups with mixed domain membershipJakub Hrozek2013-10-291-9/+64
| | | | | | | | | | | | | | | | | This patch is a workaround until https://fedorahosted.org/sssd/ticket/2129 is fixed properly. Consider a group entry such as: cn: subgroup@subdom ghost: someuser ghost: anotheruser@subdom Currently in order to print all group members as FQDN (which is the default for AD provider), the code needs to iterate over the ghost attributes and parse them into (name,domain) and optionally re-add the domain. The proper fix would be to store always just the FQDN in the hardcoded form of user@domain
* nss: wait for initial subdomains request to finishPavel Březina2013-10-171-0/+14
| | | | | | | | | | | | AD provider downloads domain information and initalizes ID mapping during subdomains request. This information is necessary to lookup objects without POSIX attributes. We need to make sure that we postpone all responder requests until ID mapping is initialized in the provider. Resolves: https://fedorahosted.org/sssd/ticket/2092
* NSS: Failure to store entry negative cache should not be fatalJakub Hrozek2013-09-251-18/+31
| | | | | The only effect the failure to store a result to negative cache might have would be a slower lookup next time.
* NSS: Set UID and GID to negative cache after searching all domainsJakub Hrozek2013-09-251-66/+105
| | | | | | | https://fedorahosted.org/sssd/ticket/2090 Previously, when searching by UID or GID, the negative cache will only work in case the UID was searched for using fully qualified names.
* NSS: Descend into subdomains if enumerate=trueJakub Hrozek2013-08-281-12/+12
| | | | | | Since we now store the enumerate flag in sysdb for subdomains, we can always descend to all available subdomains and if they do not allow enumeration, simply skip them.
* fill_initgr: add original primary GID if availableSumit Bose2013-08-191-0/+27
| | | | | | | | | | | | | In some cases when MPG domains are used the information about the original primary group of a user cannot be determined by looking at the explicit group memberships. In those cases the GID related to the original primary group is stored in a special attribute of the user object. This patch adds the GID of the original primary group when available and needed. Fixes https://fedorahosted.org/sssd/ticket/2027
* Do not call sss_cmd_done in function check_cache.Lukas Slebodnik2013-06-271-6/+0
| | | | | | | | Function sysdb_getpwnam return more results than 1 and therefore sss_cmd_done was called. Inside of function sss_cmd_done memory was freed, but this freed memory was used in caller functions, therefore sssd crashed. https://fedorahosted.org/sssd/ticket/1980
* Remove branching to improve readabilityJakub Hrozek2013-05-301-23/+11
|
* Allow flat name in the FQname formatJakub Hrozek2013-05-301-3/+3
| | | | | | | https://fedorahosted.org/sssd/ticket/1648 Adds another expansion in the printf format that allows the user to use the domain flat name in the format.
* Add utility functions for formatting fully-qualified namesJakub Hrozek2013-05-301-30/+19
| | | | | | Instead of using printf-like functions directly, provide two wrappers that would encapsulate formatting the fully-qualified names. No functional change is present in this patch.
* Fixing critical format string issues.Lukas Slebodnik2013-05-201-5/+10
| | | | | | --missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'
* Add SID related calls to the NSS responderSumit Bose2013-05-031-3/+794
| | | | | | | | | | The patch adds 4 new calls to the NSS responder: - SSS_NSS_GETSIDBYNAME - SSS_NSS_GETSIDBYID - SSS_NSS_GETNAMEBYSID - SSS_NSS_GETIDBYSID to either return the SIDs of the requested object or map the SID to the name or the POSIX ID of the related object.
* Remove unused TALLOC_CTX from responder_get_domain()Sumit Bose2013-05-021-2/+2
| | | | | | Recent refactoring removed the need to copy the domain info data of sub-domains because the related objects will not be removed from memory anymore.
* Refactoring: remove duplicated code in nss responderSumit Bose2013-04-211-622/+239
| | | | | Different user and group lookup requests used nearly identical code, this patch unifies some of the related code paths.
* Allow using flatname for subdomain home dir templateJakub Hrozek2013-04-101-4/+6
| | | | https://fedorahosted.org/sssd/ticket/1609
* Removing unused declaration of functions and variable.Lukas Slebodnik2013-03-191-1/+0
| | | | | | Variables dir_cc and file_cc are used in three modules: krb5_common.c, krb5_utils.c, krb5_child-test.c, therefore should be declared with extern in krb5_utils.h.
* Use the same dbg level for all ncache hits.Michal Zidek2013-03-041-18/+25
| | | | | | | | | We used different debug levels for messages informing about negative cache hits (old levels 2,3,4). Now it is only SSSDBG_TRACE_FUNC (same level is used in nsssrv_services.c and proposed in the ticket bellow). https://fedorahosted.org/sssd/ticket/1771
* Remove unused functionsJakub Hrozek2013-03-041-16/+0
|
* Lower the DEBUG level if an entry cannot be deleted from memcacheJakub Hrozek2013-02-141-3/+3
|
* Introduce IS_SUBDOMAIN() macroSimo Sorce2013-02-101-3/+3
| | | | Fixes https://fedorahosted.org/sssd/ticket/1766
* Add function get_next_domain()Simo Sorce2013-02-101-58/+36
| | | | | | | Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
* NSS: Add original homedir to home directory template optionsStephen Gallagher2013-02-101-5/+6
| | | | https://fedorahosted.org/sssd/ticket/1805
* Invalidate user entry even if there are no groupsJakub Hrozek2013-01-161-6/+1
| | | | | | | | | Related to https://fedorahosted.org/sssd/ticket/1757 Previously we would optimize the mc invalidate code for cases where the user was a member of some groups. But if the user was removed from the server while being in memory cache, we would only invalidate the mc record if he was a member of at least one supplementary group.
* NSS: invalidate memcache user entry on initgr, tooJakub Hrozek2013-01-161-0/+11
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1757 When the user entry was missing completely after initgroups, we would never invalidate the user entry from cache. This led to dangling cache entried in memory cache if the user was removed from the server while still being in memory cache.
* Add domain argument to sysdb_initgroups()Simo Sorce2013-01-151-2/+2
|
* Pass domain to sysdb_enum<pw/gr>ebt() functionsSimo Sorce2013-01-151-4/+4
|
* Pass domain to sysdb_get<pwu/grg><id() functionsSimo Sorce2013-01-151-2/+2
|
* Pass domain to sysdb_get<pw/gr>nam() functionsSimo Sorce2013-01-151-9/+5
| | | | | | Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not.
* sss_userdel and sss_groupdel with use_fully_qualified_namesMichal Zidek2013-01-071-15/+50
| | | | | If use_fully_qualified_names is used, we need to pass fqdn to sss_mmap_cache_*_invalidate.
* mmap cache: invalidate cache on fatal errorSimo Sorce2012-12-201-2/+2
| | | | | | | | | | If a fatal EFAULT error is returned by the internal function that frees used memory invalidate the whole cache and reinit it. This way we avoid further corruption and insure clients see consistent data. Also insure we use the right context in init() and we use talloc_zfree() in reinit so that if the init() later fails we do not leave around a pointer to free memory in the callers.
* sssd_nss: Plug memory leaksSimo Sorce2012-12-191-2/+11
| | | | | A recent patch introduced a glaring memory leak in the routines that clean up memcache memory on initgroups calls.
* sssd_nss: Remove entries from memory cache if not found in sysdbMichal Zidek2012-12-131-0/+23
| | | | | Functions nss_cmd_getXXnam remove entries from memory cache if not found in sysdb cache of a local domain.
* Hook for mmap cache update on initgroup callsSimo Sorce2012-12-051-0/+91
| | | | | This set of functions enumerate the user's groups and invalidate them all if the list does not matches what we get from the caller.
* Hook to perform a mmap cache update from sssd_nssSimo Sorce2012-12-051-0/+100
| | | | | This set of functions enumerate each user/group from all domains and invalidate any mmap cache record that matches.
* Refactor the way subdomain accounts are savedSimo Sorce2012-11-191-3/+7
| | | | | | | | | | | | | | | | | The original sysdb code had a strong assumption that only users from one domain are saved in the databse, with the subdomain feature, we have changed reality, but have not adjusted all the code arund the sysdb calls to not rely on the original assumption. One of the side effects of this incongrunece is that currently group memberships do not return fully qualified names for subdomain users as they should. In oreder to fix this and other potential issues surrounding the violation of the original assumption, we need to fully qualify subdomain user names. By savin them fully qualified we do not risk aliasing local users and have group memberhips or other name based matching code mistake a domain user with subdomain usr or vice versa.
* Add ignore_group_members option.Paul B. Henson2012-11-151-16/+19
| | | | https://fedorahosted.org/sssd/ticket/1376
* Fix two errors in the nss responderSumit Bose2012-10-231-1/+3
| | | | | | | | | One is a copy-and-paste error which was introduce by 1774ee9a61b9d691dadd1a0538f32bcdcc84f72f. The second fixes a missing explicit setting of the return value. In the case where we want fully qualified names ret contains the number of characters from the last snprintf() which is almost ever not 0.
* Allow setting the default_shell option per-domain as wellJakub Hrozek2012-10-181-1/+3
| | | | https://fedorahosted.org/sssd/ticket/1583
* Check for subdomains if getpwuid or getgrgid are the first requestsSumit Bose2012-10-121-0/+72
| | | | Fixes https://fedorahosted.org/sssd/ticket/1561
* nss_cmd_retpwent(): do not go into infinite loop if n < 0Pavel Březina2012-10-111-0/+8
| | | | https://fedorahosted.org/sssd/ticket/1551
* Add new option default_domain_suffixSumit Bose2012-10-011-6/+12
|
* NSS: Add override_shell optionStephen Gallagher2012-07-201-2/+12
| | | | | | | | | If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
* Fix re_expression matching with subdomainsJan Zeleny2012-06-211-36/+98
| | | | | | | | | | | This patch fixes an issue which resulted in a need to initialize responder with data from local domain, otherwise it would not correctly detect requests for subdomains. Similar situation can occur if new subdomain is added at runtime. The solution is to ask for a list of subdomains in case there is a candidate domain identified in the process of matching re_expressions with given name.
* Make re_expression and full_name_format per domain optionsStef Walter2012-06-121-9/+13
| | | | | | | | | | | * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
* Ghost members - various small changesJan Zeleny2012-05-311-1/+1
|
* Ghost members - NSS responder changesJan Zeleny2012-05-311-89/+147
| | | | | | | | | Since there are two attributes storing information about user memberships of the group we have to include both of them in results. This will apply only for objects that have ghost members (i.e. they contain the SYSDB_GHOST attribute). If an object has this attribute, values of this attribute are not projected to the memberuid attribute.
* NSS: Fix segfault when mmap cache cannot be initializedStephen Gallagher2012-05-241-2/+2
|
* Use sized_string correctly in FQDN domainsJakub Hrozek2012-05-151-2/+2
|
* NSS: keep a pointer to body after body is reallocatedJakub Hrozek2012-05-151-0/+3
|