summaryrefslogtreecommitdiffstats
path: root/src/tools
Commit message (Collapse)AuthorAgeFilesLines
* TOOLS: Use openat/unlinkat when removing the homedirJakub Hrozek2013-01-231-42/+41
| | | | | | | | | | The removal of a home directory is sensitive to concurrent modification of the directory tree being removed and can unlink files outside the directory tree. This security issue was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782
* TOOLS: invalidate parent groups in memory cache, tooJakub Hrozek2013-01-214-8/+71
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1775 In addition to invalidating the group being added to when adding a member group/user, we also need to invalidate all its parent groups, otherwise this getgrnam("parent") wouldn't report the members newly added to its child groups.
* tools: Respect use_fully_qualified_namesMichal Zidek2013-01-161-0/+9
| | | | | | | Tools for LOCAL domain should require FQDN if option 'use_fuly_quallified_names = TRUE' was configured. https://fedorahosted.org/sssd/ticket/1746
* sss_cache: Call DEBUG_INIT soonerMichal Zidek2013-01-161-2/+3
| | | | | | | | If bad parameteres were passed to sss_cache, the init function returned without calling DEBUG_INIT macro and unnecessary level 1 debug message was printed. https://fedorahosted.org/sssd/ticket/1745
* TOOLS: Refresh memcache after changes to local users and groupsJakub Hrozek2013-01-152-0/+42
|
* TOOLS: Provide a convenience function to refresh a list of groupsJakub Hrozek2013-01-152-0/+22
|
* TOOLS: Split querying nss responder into a separate functionJakub Hrozek2013-01-154-32/+68
| | | | | | The tools query the responder in order to sync the memcache after performing changes to the local database. The functions will be reused by other tools so I split them into a separate functions.
* TOOLS: move memcache related functions to tools_mc_utils.cJakub Hrozek2013-01-153-161/+188
| | | | | | | The upcoming patches will link only users of this file with client libs, so it's better to have it separate. There is no functional change in this patch
* TOOLS: set domain in check_group_namesJakub Hrozek2013-01-151-0/+1
|
* Add domain arguments to sysdb services functionsSimo Sorce2013-01-151-2/+3
| | | | also fix sysdb_svc_add declarations
* Add domain argument to sysdb autofs functionsSimo Sorce2013-01-151-1/+1
|
* Add domain arg to sysdb_search/delete_netgroup()Simo Sorce2013-01-151-1/+2
|
* Add domain argument to sysdb_search_groups()Simo Sorce2013-01-152-2/+4
|
* Add domain arg to sysdb_search_users()Simo Sorce2013-01-151-1/+2
|
* Add domain argument to sysdb_search_custom()Simo Sorce2013-01-151-2/+5
| | | | Also changes sysdb_search_custom_by_name()
* Add domain argument to sysdb_cache_password()Simo Sorce2013-01-151-1/+1
|
* Add domain arguments to sysdb_add_group functions.Simo Sorce2013-01-151-1/+2
|
* Add domain argument to sysdb_add_user()Simo Sorce2013-01-152-2/+3
|
* Add domain argument to sysdb_set_netgroup_attr()Simo Sorce2013-01-151-1/+1
|
* Add domain argument to sysdb_set_group_attr()Simo Sorce2013-01-152-2/+3
|
* Add domain argument to sysdb_set_user_attr()Simo Sorce2013-01-152-7/+10
|
* Add domain to sysdb_search_group_by_name()Simo Sorce2013-01-151-3/+3
| | | | Also remove unused sysdb_search_domgroup_by_name()
* Add domain to sysdb_search_user_by_name()Simo Sorce2013-01-151-1/+1
| | | | Also remove unused sysdb_search_domuser_by_name()
* Pass domain to sysdb_get<pw/gr>nam() functionsSimo Sorce2013-01-152-5/+9
| | | | | | Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not.
* Make sysdb_group_dn() require a domain explictly.Simo Sorce2013-01-152-7/+7
|
* Make sysdb_user_dn() require a domain explictly.Simo Sorce2013-01-151-3/+3
|
* Remove the sysdb_ctx_get_domain() function.Simo Sorce2013-01-151-10/+11
| | | | | We are deprecating sysdb->domain so kill the function that gives access to this member as we should stop relying on it being available (or correct).
* Refactor single domain initializationSimo Sorce2013-01-153-9/+6
| | | | | Bring it out of sysdb, which will slowly remove internal dependencies on domains and instead will always require them to be passed by callers.
* Refactor sysdb initializationSimo Sorce2013-01-151-21/+10
| | | | | | | | | | | | Change the way sysdbs are initialized. Make callers responsible for providing the list of domains. Remove the returned array of sysdb contexts, it was used only by sss_cache and not really necessary there either as that tool can easily iterate the domains. Make sysdb ctx children of their respective domains. Neither sysdb context nor domains are ever freed until a program is done so there shouldn't be any memory hierarchy issue. As plus we simplify the code by removing a destructor and a setter function.
* Use new sysdb_search_service() in sss_cacheSimo Sorce2013-01-141-35/+4
| | | | Also fixes https://fedorahosted.org/sssd/ticket/1754
* Revert "Add a default section to a switch-statement"Simo Sorce2013-01-091-12/+8
| | | | | | | This reverts commit d698499602461b98fd56f2d550f80c6cb25f12a9. And adds the correct fix. Also makes the function static,as it is used nowehere else.
* Add a default section to a switch-statementSumit Bose2013-01-091-0/+3
| | | | | Besides adding the missing default this patch suppresses a compiler warning about ret being uninitialized.
* Remove unhelpful vtable from sss_cacheSimo Sorce2013-01-081-24/+30
| | | | | | | | | Using a vtable like this has various drawacks, including the fact prototypes are not checked by the compiler so the code could silently break and still compile fine (in fact I found this out changing one of the prototypes). A switch statement is also better because it catches if the enum changed and won't risk allowing to access the table out of bounds.
* sss_cache: fqdn not acceptedMichal Zidek2013-01-041-14/+149
| | | | | | sss_cache did not accept fully quaified domain names. https://fedorahosted.org/sssd/ticket/1620
* tools: sss_userdel and groupdel remove entries from memory cacheMichal Zidek2012-12-132-0/+47
| | | | https://fedorahosted.org/sssd/ticket/1659
* sss_cache: Small refactor.Michal Zidek2012-11-283-58/+72
| | | | | | | The logic that checks if sssd_nss is running and then sends SIGHUP to monitor or removes the caches was moved to a function sss_memcache_clear_all() and made public in tools_util.h.
* LDAP: Only convert direct parents' ghost attribute to memberJakub Hrozek2012-11-202-2/+3
| | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1612 This patch changes the handling of ghost attributes when saving the actual user entry. Instead of always linking all groups that contained the ghost attribute with the new user entry, the original member attributes are now saved in the group object and the user entry is only linked with its direct parents. As the member attribute is compared against the originalDN of the user, if either the originalDN or the originalMember attributes are missing, the user object is linked with all the groups as a fallback. The original member attributes are only saved if the LDAP schema supports nesting.
* Display more information on DB version mismatchOndrej Kos2012-11-193-0/+4
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1589 Added check for determining, whether database version is higher or lower than expected. To distinguish it from other errors it uses following retun values (further used for appropriate error message): EMEDIUMTYPE for lower version than expected EUCLEAN for higher version than expected When SSSD or one of it's tools fails on DB version mismatch, new error message is showed suggesting how to proceed.
* sss_cache: Remove fastcache even if sssd is not running.Michal Zidek2012-11-063-20/+152
| | | | https://fedorahosted.org/sssd/ticket/1584
* sss_cache: Multiple domains not handled properlyMichal Zidek2012-11-061-35/+37
| | | | | | | | | | When working with multiple domains and no matching objects for deletion were found in the first domain, the other domains were not searched at all. Also the ERROR message informing about object not found (the one printed for each domain) was changed to DEBUG message.
* Include talloc log in our debug facilityMichal Zidek2012-10-2910-10/+10
| | | | https://fedorahosted.org/sssd/ticket/1495
* sss_debuglevel: Multiple arguments are treated as error.Michal Zidek2012-10-161-0/+6
| | | | https://fedorahosted.org/sssd/ticket/1327
* sss_seed: Improved error message when the domain does not exist.Michal Zidek2012-10-031-2/+5
| | | | https://fedorahosted.org/sssd/ticket/1553
* sss_seed: Passwords longer then PASS_MAX not allowed.Michal Zidek2012-10-031-1/+8
| | | | | | | | sss_seed fails if password file specified with -p or --password-file option contains password longer than PASS_MAX. Man pages inform about PASS_MAX limitation.
* sss_seed: Make only first line of password file valid.Michal Zidek2012-10-031-0/+36
| | | | | | | | When file is used to specify a password in sss_seed, then only first line of this file is used. Also empty passwords are treated as errors. https://fedorahosted.org/sssd/ticket/1548
* sss_seed: Show error message when interactive input fails.Michal Zidek2012-10-031-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1549
* sss_seed: Option --debug did not work in sss_seed tool.Michal Zidek2012-10-031-4/+4
| | | | | | | debug_level was set before the parameters were parsed, so the default debug_level value was always used. Also CHECK_ROOT macro was used on bad place, so only root was able to run sss_seed --help/-?.
* SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek2012-09-242-13/+6
| | | | | The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
* sss_cache tool invalidates records in memory cache.Michal Zidek2012-09-241-0/+26
|
* tools_util.h provides signal_sssd function.Michal Zidek2012-09-243-99/+99
|