| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Resolves: https://fedorahosted.org/sssd/ticket/2468
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
Allow to skip initialization of pipe file descriptor
if the responder context already has one.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Adds new command line options --uid and --gid to all SSSD servers,
making it possible to switch to another user ID if needed.
So far all code still runs as root.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2397
With this path, a user whose name is "space user" would match a sudo
rule while using the override_default_space option. Please note that the
option is only a client-side override, so the sudoUser attribute must
contain the space in order to match the original name. In other words,
when substituting space ( ) for underscore (_), this attribute would match:
sudoUser: space user
this would not:
sudoUser: space_user
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Introduces a new method implemented only by the IFP responder. When this
method is received, the responder attempts to reconnect to the system
bus, if not connected already.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most importantly, stop using per connection private data. This doesn't
scale when you have more than one thing exporting or exported on a
connection.
Remove struct sbus_interface and expand sbus_conn_add_interface()
function. Remove various struct sbus_interface args to connection
initialization functions and make callers use sbus_conn_add_interface()
directly. The old method was optimized for exporting one interface
on a connection. We'll have connections that export zero, one or more
interfaces.
To export an interface on a DBus server, call sbus_conn_add_interface()
from within the sbus_server_conn_init_fn. To export an interface on
a DBus client, call sbus_conn_add_interface() after sbus_new_connection()
returns.
As before struct sbus_interface represents an object exported via DBus.
However it is now talloc allocated. One can set instance data on the
struct sbus_interface. This instance data is passed to the various
handlers and used in their implementation.
However, we now have type safe interface exporting in the various
high level sss_process_init() sss_monitor_init() and so on.
Introspection support was not in use, and is now gone until we
implement it using the metadata (future patch).
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous commits added support for interface metadata and
handler vtables. This commit ports sbus_dbus_connection to
use them.
Port the internal uses of dbus to use the new scheme in a
very minimal way. Further cleanup is possible here.
This commit provides basic definitions of the internal
dbus interfaces. The interfaces aren't fully defined, as the
handlers will continue to unpack manually, and often overload
DBus methods with different arguments (which is rather
unorthodox, but not the end of the world).
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
To make sure that e.g. the short/NetBIOS domain name is available this
patch make sure that the responders send a get_domains request to their
backends at startup the collect the domain information or read it from
the cache if the backend is offline.
For completeness I added this to all responders even if they do not need
the information at the moment.
Fixes https://fedorahosted.org/sssd/ticket/1951
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1575
The hierarchy is now:
main_ctx -> responder_ctx -> specific_ctx
where specific_ctx is one of sudo, pam, etc.
|
| |
|
|
|
|
|
|
|
| |
The monitor sends calls different sbus methods to different responders.
Instead of including headers of the particular responders directly in
monitor, which breaks layering a little, create a common header file
that will be included from src/responder/common/
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1495
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function that handled pending requests on reconnect was checking an
orphaned global variable that was never used, redenring the whole function
uselsess.
This fixes a very nasty bug that was causing requests for which we never
received an answer for (for example because the backend failed and was
restarted) to be never removed and therefore causing a black hole effect for
any other request of the same type.
Fixes: https://fedorahosted.org/sssd/ticket/1229
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1116
|
|
|
|
|
|
| |
New sudo responder option: cache_timeout
https://fedorahosted.org/sssd/ticket/1111
|
|
|