| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Number of interfaces will grow. It is mandatory to unify names of
generated structures and methods to simplify coding and debugging.
The C name is created from D-Bus lowercased interface name using
the following rewrite rules:
org.freedesktop.sssd.infopipe -> iface_ifp
. -> _
Example:
org.freedesktop.sssd.infopipe.Domains -> iface_ifp_domains
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Number of IFP interfaces will grown up rapidly in the future. It is
not convenient to keep it inside ifpsrv.c.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Properties are single value of a small number of predefined D-Bus
types. There is no need to generate them with codegen. Actually,
the source generator for property getters is already quite mess
with branching for array, strings and object paths. Adding any
more complex type in the future (such as dictionary) would require
even more branching or creating a separate path for it.
Hard coding the getters will simplify creating new ones for more
complex types. This patch also reduces lots of code duplication
and creates a simple function for GetAll.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Related to https://fedorahosted.org/sssd/ticket/1588
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Also reformat debug strings not to exceed 80 columns long lines.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
This function assumes that the last component of the object path
is an object name. It will return the part unescaped.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
These functions are quite general thus they may be part
of sbus interface.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
We used three different names to express handler data:
- pvt
- instace_data
- handler_data
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Object path is heavily used in implementation of methods from
interfaces that are supported on whole subtrees. Although it
can be obtained from a D-Bus message, it is nice to have it
accessible directly.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use 'path/*' instead of 'path*' since it better describes what
we are actually doing i.e. registering a message handler for a
subtree.
Although D-Bus fallback will invoke a message handler for both
'path' and 'path/subtree' object paths it does not make usually
sence to support the same interfaces for both parent and it
children.
This commit also renames related functions to better describe
what are they doing.
Note: the tilda in comments is used to suppress -Wcomment warning
Preparation for:
https://fedorahosted.org/sssd/ticket/2339
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename sbus_conn_add_interface() to sbus_conn_register_iface()
and remove sbus_new_interface() calls since it is just one more
unnecessary call outside the sbus code.
The function sbus_new_interface() is made static and used
directly in sbus_conn_register_iface().
The name was chosen to better describe what the function is
doing. That it registers an interface on a given object path.
The same interface can be used with different paths so it is
not really about adding an interface.
Preparation for:
https://fedorahosted.org/sssd/ticket/2339
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
IPA HBAC evaluation relies on the original values for DN and memberOf
attributes.
Resolves https://fedorahosted.org/sssd/ticket/2560
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
The two loops in fill_orig were almost identical.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
The responder and child_common modules each had their own
implementation. Unify it instead and add a unit test.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many areas of responders performs an expiration check and refresh
of cached objects during single or multiple domain search. This code
is duplicated on many areas of the code with small or none
modifications.
This interface aims to reduce code duplication between responders,
by providing one universal API for requesting cached objects.
This API will take care of cache lookup, expiration check, cache
refresh, out of band cache request, negative cache in both single
and multi domain searches.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
sysdb_search_object_by_sid returns ENOENT if no results are found.
Part od solution for:
https://fedorahosted.org/sssd/ticket/1991
Fixes:
https://fedorahosted.org/sssd/ticket/2520
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This patch makes it more discoverable for the admin to find typos in the
various user lists. Typically, the user lists are used to add access to
some feature and printing a syslog message would make sure the admin
sees the mistake.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
| |
The pam_public_domains option and matching the domain requested by a
trusted process was done in a case-sensitive manner which is different
from how we match domain names in SSSD normally.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
| |
The IFP code wasn't honoring the case settings of the domain.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2506
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
| |
Keeping a per-request flag in a global structure is really dangerous.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2501
Moving the checks to one place has the advantage of not duplicating
security decisions. Previously, the checks were scattered all over the
responder code, making testing hard.
The disadvantage is that we actually check for the presence of the user,
which might trigger some back end lookups. But I think the benefits
overweight the disadvantage.
Also only check the requested domains from a trusted client. An untrusted
client should simply have no say in what domains he wants to talk to, it
should ignore the 'domains' option.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
src/responder/nss/nsssrv_cmd.c:688: mixed_enum_type: enumerated type mixed with
another type
"enum sss_dp_acct_type" was mixed with type "int". ANSI C is not very
strict in this.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Since the IPA clients expects that the extdom plugin delivers the
default view data for a given user this patch adds the public SSH key to
the list of returned attributes of the getorigbyname request so that it
can be send back to the clients.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With this patch the SSH public key override attribute is read from the
FreeIPA server and saved in the cache with the other override data.
Since it is possible to have multiple public SSH keys this override
value does not replace any other data but will be added to existing
values.
Fixes https://fedorahosted.org/sssd/ticket/2454
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
With the new parameter an attribute list other than the default one can
be used.
Override attributes with multiple values (e.g. SSH public keys) are now
supported as well.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
To allow IPA clients to offer special attributes of AD users form
trusted domain the extdom plugin on the IPA server must send them to the
clients. The extdom plugin already uses sss_nss_getorigbyname() to get
attributes like the SID and the user principal name. This patch adds the
attributes given by the NSS/IFP user_attributes option to the list of
attributes returned by sss_nss_getorigbyname().
Fixes https://fedorahosted.org/sssd/ticket/2464
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Disable midpoint refresh for netgroups if periodical refresh of expired
netgroups is enabled (refresh_expired_interval)
Resolves:
https://fedorahosted.org/sssd/ticket/2102
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
About case_sensitive=preserving and services.
The name of the service can be preserved in
result of 'getent service'. However we
should still lowercase the protocol and
service aliases because they serve as keys
in some queries to sysdb. The lowercasing is done
by the provider already. If we did not do that,
we would lose case insesnsitivity.
With this patch the responder preserves the
case of service name and protocol, to match
the case that is stored in the sysdb (however
the protocol is already lowercased by provider,
so it was done only for consistent use of the
case_sensitive=preserve option in the responders
and only the case of name is the same as in
ldap).
Fixes:
https://fedorahosted.org/sssd/ticket/2460
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Resolves: https://fedorahosted.org/sssd/ticket/2468
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2468
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2470
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The view/override patches introduced and issue with group enumeration
where all groups are returned with the same name. This patch should fix
it.
Fixes: https://fedorahosted.org/sssd/ticket/2475
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2219
Signed-off-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
