summaryrefslogtreecommitdiffstats
path: root/src/responder/nss
Commit message (Collapse)AuthorAgeFilesLines
* Enable the midpoint cache update by defaultStephen Gallagher2011-09-211-1/+1
| | | | https://fedorahosted.org/sssd/ticket/918
* New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina2011-08-251-1/+4
| | | | | | | | | | | | | | | | | | | | | Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
* New DEBUG facility - conversionPavel Březina2011-08-251-0/+2
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-152-9/+8
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Remove unused temporary contextJakub Hrozek2011-08-081-5/+0
|
* Prevent segfault if vetoed_shells are specified without allowed_shellsJakub Hrozek2011-08-081-16/+19
| | | | https://fedorahosted.org/sssd/ticket/954
* Add vetoed_shells optionJohn Hodrien2011-07-293-1/+17
| | | | | | | | There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Fix indexing of skipped groupsJakub Hrozek2011-07-211-2/+4
| | | | https://fedorahosted.org/sssd/ticket/928
* fix typosSimo Sorce2011-06-271-5/+5
|
* Non-posix group processing - ldap provider and nss responderJan Zeleny2011-06-021-3/+11
|
* Fix typo in initgroups negative cache checkStephen Gallagher2011-05-311-1/+1
|
* Add new options to override shell valueJakub Hrozek2011-05-203-1/+123
| | | | https://fedorahosted.org/sssd/ticket/742
* Add a new option to override home directory valueJakub Hrozek2011-05-203-1/+140
| | | | https://fedorahosted.org/sssd/ticket/551
* Add a new option to override primary GID numberJakub Hrozek2011-05-202-2/+10
| | | | https://fedorahosted.org/sssd/ticket/742
* Allow changing the log level without restartStephen Gallagher2011-05-061-1/+1
| | | | | | We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
* Do not leak netgroups hash tableJakub Hrozek2011-05-061-0/+12
|
* Don't use negative cache in netgroup lookupJan Zeleny2011-04-252-20/+20
| | | | | | | | | | | | | | In responder a negative cache is used to indicate that the record has not been found by previous lookup. This approach is however not applicable for netgroup lookup because the design of their lookup is a little different. This patch removes some pieces of code working with negative cache, because they didn't fuction well. Instead a new flag has been added to the positive cache. This flag indicates if the record in the cache is a record of existing netgroup or it's just a placeholder. https://fedorahosted.org/sssd/ticket/820
* Fix regression where nonexistent entries were never added to the negative cacheStephen Gallagher2011-04-151-21/+21
|
* Fix a regression with the negative cache in multi-domain configurationsStephen Gallagher2011-04-151-3/+18
|
* Change state of hash entry if netgroup cannot be parsedSumit Bose2011-03-091-0/+2
|
* Refactor set_netgroup_entry()Sumit Bose2011-03-071-4/+7
| | | | | | To avoid wrong or missing netgroup names in the getent_ctx destructor set_netgroup_entry() now takes the name out of the getent_ctx struct instead of using a separate argument.
* Add missing name to struct getent_ctx for missing netgroupSumit Bose2011-03-071-0/+6
| | | | https://fedorahosted.org/sssd/ticket/817
* Fix missing hash table bugStephen Gallagher2011-01-141-0/+1
| | | | | | | When the automatic cleanup happened, if the netgroup had been created with no contents (to indicate an unknown netgroup), we weren't saving the hash table address and the talloc_free() was failing.
* Remove unused enumeration cache timeout checksSumit Bose2011-01-063-33/+2
| | | | | The existence of the getent_ctx is used to track the enumeration cache timeout.
* Post enumeration tevent request if neededSumit Bose2011-01-062-8/+43
|
* Return groups and users from all domains during enumerationSumit Bose2011-01-061-3/+5
|
* Fix possible NULL-dereference in lookup_netgr_step()Sumit Bose2010-12-171-1/+1
| | | | https://fedorahosted.org/sssd/ticket/735
* Fix uninitialized value error in lookup_netgr_step()Sumit Bose2010-12-151-146/+181
|
* Always use talloc_zero() to allocate cmdctxSumit Bose2010-10-262-3/+3
|
* Remove all nss requests after a reconnectSumit Bose2010-10-261-1/+5
| | | | | | | Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing.
* sysdb interface for adding fake usersJakub Hrozek2010-10-151-1/+1
|
* sysdb interface for adding incomplete groupsJakub Hrozek2010-10-151-1/+1
| | | | Useful for optimizing the initgroups operation.
* Also return member groups to the clientSumit Bose2010-10-132-55/+85
|
* Add handling of nested netgroups to nss clientSumit Bose2010-10-131-1/+4
|
* Add missing tevent_req_done()Sumit Bose2010-10-131-0/+1
|
* Add netgroup support to the NSS responderStephen Gallagher2010-10-135-2/+915
|
* Split out some helper functions for the NSS responderStephen Gallagher2010-10-132-83/+147
| | | | | Create a new private header and make some functions available for other object files.
* Require explicit setting of callback context for check_cacheStephen Gallagher2010-10-131-7/+13
| | | | | Previously, it was implicitly using the nss_dom_ctx, but there are situations where we would want to send a different private context
* Initgroups on a non-cached user should go to the data providerStephen Gallagher2010-09-221-1/+2
| | | | | | | We were accidentally returning an error when sysdb_getpwnam() returned zero results internally in sysdb_initgroups(). The correct behavior here is to return EOK and a result object with zero entries.
* Handle multiple simultaneous enumeration requestsStephen Gallagher2010-09-081-289/+706
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, if a second enumeration request arrived while one was already being processed, each process would receive only a subset of the total number of available users or groups. This is because we were maintaining the response object as a global value in the NSS responder. The second request would come in, see that the data set was already populated, and start reading from wherever the cursor was currently pointed. With this patch, we now move the cursor to the client context instead of the global NSS context. Additionally, this patch completely rewrites the approach to enumerations in the tevent_req style. This makes it much easier to follow in the code. In order to ensure that a slow or malicious client cannot hold onto a reference for the setent result object indefinitely, we set an expiration on the object. We use the enum_cache_timeout here, since that is an appropriate value. If the timeout fires during the normal operation of the get*ent() loop of a client program, we will save the current values of the read index so that we can resume as soon as the object has been refreshed by an implicit setent call. Instead of deleting the enumeration result object immediately after the last in-progress client has read it, we'll keep the object around for the lifetime of enum_cache_timeout. This way, additional clients making enumeration requests can still access the results in-memory.
* Dead assignments cleanup in NSS responderJan Zeleny2010-09-081-5/+7
| | | | | | Various dead assignments were deleted, some return value inspections were added. Ticket: #588
* Move setup of filter_users and filter_groups to negcache.cStephen Gallagher2010-06-171-187/+5
| | | | | Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM.
* Refactor the negative cacheStephen Gallagher2010-06-175-395/+23
| | | | | Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h
* Ensure that all domains are checked for users/groupsStephen Gallagher2010-06-171-3/+15
| | | | | | | There was a bug in the negative cache checks (probably a leftover from when filter_users was global-only) that meant that if a user was filtered out of a domain, the remaining domains would not be checked for that user. (Same for groups/initgroups)
* sysdb: convert sysdb_initgroupsSimo Sorce2010-04-121-222/+117
|
* Adjust fill_pwent and fill_grentSimo Sorce2010-04-121-13/+13
| | | | | | | | | fill_pwent should return the number of users actually processed. Otherwise in case of a recoverable error we may end up skipping a large chunk of users. fill_grent doesn't need to distinguish between number of entries and number of groups to process since we started adding memberuid. Remove remnants that are not useful anymore.
* sysdb: convert sysdb_enumgrentSimo Sorce2010-04-121-161/+106
|
* sysdb: convert sysdb_enumpwentSimo Sorce2010-04-121-172/+116
|
* sysdb: convert sysdb_getgrgidSimo Sorce2010-04-121-193/+109
|
* sysdb: convert sysdb_getgrnamSimo Sorce2010-04-121-223/+134
|
generated by cgit (git 2.34.1) at 2024-06-14 09:10:49 +0000