sssd.git/src/providers/files, branch sudo Unnamed repository; edit this file 'description' to name the repository. files: refresh override attributes after re-read 2017-07-11T10:22:07+00:00 Sumit Bose sbose@redhat.com 2017-07-05T19:10:04+00:00 9cca5bff0b934e97e100be53ea08dc6919446ff0 Currently the files provider refreshes the cached user and group data by deleting all objects and adding them again. This might not be the most efficient way performance wise but helps to avoid additional code for updates. To handle overrides efficiently the override data is stored in a separate sub-tree and attributes with the DNs link the original and the override object together. During the removal of the users and groups this attribute pointing to the override is removed from the original attribute as well. To make sure overrides are still applied after a refresh the attribute is added back after the original objects are read from the source files. Resolves https://pagure.io/SSSD/sssd/issue/3391 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Currently the files provider refreshes the cached user and group data by
deleting all objects and adding them again. This might not be the most
efficient way performance wise but helps to avoid additional code for
updates.

To handle overrides efficiently the override data is stored in a
separate sub-tree and attributes with the DNs link the original and the
override object together. During the removal of the users and groups
this attribute pointing to the override is removed from the original
attribute as well. To make sure overrides are still applied after a
refresh the attribute is added back after the original objects are read
from the source files.

Resolves https://pagure.io/SSSD/sssd/issue/3391

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
FILES: Remove unnecessary check 2017-02-22T13:14:27+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-02-16T08:15:29+00:00 1f49be4429c17475b789e9089ce4d0ae48315e74 "grp_iter->gr_mem" is an array of strings and not just a string. We tried to compare first string to NULL (acctually '\0') But after that we iterated over the array to find count of members and we check for NULL one more time. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
"grp_iter->gr_mem" is an array of strings and not just a string.
We tried to compare first string to NULL (acctually '\0')
But after that we iterated over the array to find count of members
and we check for NULL one more time.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
FILES: Fix reallocation logic 2017-02-22T12:12:20+00:00 Jakub Hrozek jhrozek@redhat.com 2017-02-21T21:14:35+00:00 fc91d72f32660712f7c9e872e00deb91f188fea3 There were two bugs in the files provider reallocation logic: 1) the reallocated array was not NULL-terminated properly 2) talloc_get_size was used in place of talloc_array_length This bug could have resulted in a crash when the passwd or groups file contained more than FILES_REALLOC_CHUNK entries. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
There were two bugs in the files provider reallocation logic:
    1) the reallocated array was not NULL-terminated properly
    2) talloc_get_size was used in place of talloc_array_length

This bug could have resulted in a crash when the passwd or groups file
contained more than FILES_REALLOC_CHUNK entries.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
FILES: Add the files provider 2017-02-15T13:51:47+00:00 Jakub Hrozek jhrozek@redhat.com 2016-10-25T13:58:27+00:00 c71e0a6710418991d759a329b8dcb77c7ad3e16e Adds a new provider type "files". The provider watches the UNIX password and group databases for changes using inotify and propagates its contents to the sysdb. The files provider is only built on platforms that support the inotify interface, polling or loading the entries on-deman is not supported. During initialization, the files are loaded from the environment variables SSS_FILES_PASSWD and SSS_FILES_GROUP, defaulting to /etc/passwd and /etc/group respectively. Loading the files from environment variables is mostly implemented for tests that need to load nss_wrapped files. The files provider is a bit different from other provider types in the sense that it always enumerates full contents of the database. Therefore, the requests from Data Provider are always just replied to with success. Enumerating the contents is done in full at the moment, all users and all groups are removed and added anew. Modifying the passwd and group databses should be rare enough for this to be justified and we can optimize the code later. Since with large databases, the cache update might take a bit of time, we signal the responders to disable the files domain once we receive the inotify notification and re-enable the files domain after the update is finished. The idea is that the NSS configuration would still contain "files" after "sss" so that if the domain is disabled, libc would fall back to a direct "files" lookup. Resolves: https://fedorahosted.org/sssd/ticket/3262 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Adds a new provider type "files". The provider watches the UNIX password
and group databases for changes using inotify and propagates its
contents to the sysdb.

The files provider is only built on platforms that support the inotify
interface, polling or loading the entries on-deman is not supported.

During initialization, the files are loaded from the environment
variables SSS_FILES_PASSWD and SSS_FILES_GROUP, defaulting to
/etc/passwd and /etc/group respectively. Loading the files from
environment variables is mostly implemented for tests that need to load
nss_wrapped files.

The files provider is a bit different from other provider types in the
sense that it always enumerates full contents of the database.
Therefore, the requests from Data Provider are always just replied to
with success. Enumerating the contents is done in full at the moment,
all users and all groups are removed and added anew. Modifying the
passwd and group databses should be rare enough for this to be
justified and we can optimize the code later.

Since with large databases, the cache update might take a bit of time,
we signal the responders to disable the files domain once we receive the
inotify notification and re-enable the files domain after the update is
finished. The idea is that the NSS configuration would still contain
"files" after "sss" so that if the domain is disabled, libc would fall
back to a direct "files" lookup.

Resolves:
https://fedorahosted.org/sssd/ticket/3262

Reviewed-by: Pavel Březina <pbrezina@redhat.com>