rpc.idmapd plugin
by Noam Meltzer
Hello sssd-developers,
Allow me to introduce myself and the suggested contribution to the SSSD
project. PrimaryData Inc. is a startup company in the field of distributed
NAS. As such, we would like to contribute to the SSSD project by developing
support for rpc.idmapd.
Below is our proposed design for this new feature.
Best regards,
Noam Meltzer
---
*SSS NFS Client (rpc.idmapd plugin) - Design*
We named the client "sss_nfs" (althogh "sss_idmap" or "idmap" might have
been better names, the term "idmap" is already occupied in the SSSD world).
*rpc.idmapd - background*
rpc.idmapd runs on NFSv4 servers as a userspace daemon (part of nfs-utils).
It's role is to assist knfsd by providing the following 6 mapping functions:
1. (user) name to uid
2. (group) name to gid
3. uid to (user) name
4. gid to (group) name
5. principal (user) name to ids (uid + gid)
6. principal (user) name to grouplist (groups which user are member of)
rpc.idmapd provides API for developing plugins (loaded by dlopen(3)) which
implements the actual mapping process.
* note: 5 + 6 are relevant only for kerberised NFSv4 servers. At the first
stage we only purpose a design without kerberos support.
* note2: On the kernel level, there's a caching mechanism for the responses
from the userspace daemon.
*SSSD - Responder*
The functionality required from the Responder side is a subset of the
functionality provided by existing NSS Responder's commands.
As you can see below (on the client part of the design) - no changes are
needed in the NSS Responder.
*SSSD - NFS Client*
*Responder-Facing Interactions (existing NSS Responder commands)*
SSS_NSS_GETPWNAM - map (user) name to uid requests
SSS_NSS_GETGRNAM - map (group) name to gid requests
SSS_NSS_GETPWUID - map uid to (user) name requests
SSS_NSS_GETGRGID - map gid to (group) name requests
The request & reply sent to & from the responder is "standard" in terms of
the NSS Responder.
The client only needs a portion of the reply. Only this portion will be
extracted from the packet (i.e. uid/gid/user name/group name).
*Optimisation Techniques*
The optimisation techniques used for the NSS client will be used here as
well. i.e. Fast Cache (memcache) & negative-cache.
It will be possible for the user to disable Fast Cache from the
configuration file. (see below)
*Configuration File*
The configuration of the client will be part of rpc.idmap config file
(/etc/idmapd.conf).
--
*Noam Meltzer*
*Linux Software Engineer*
*PRIMARY DATA*
P.O. Box 12650, Herzliya Pituach 4673300
9 Hamenofim St. Akerstein Towers, Tower A, 5th fl. Herzliya
Office: +972-77-8981888 | Fax: +972-3-7617140 | Mobile: +972-54-5873843
E-mail: noam(a)primarydata.com
* <Slankry(a)PrimaryData.com>*
10 years, 4 months
Fix linker errors during 'make check'
by Stef Walter
On Fedora a 20 box got the following linker errors during 'make check'.
* krb5 built from git master
* sssd git master
* Both built with --prefix=/opt/build ...
Attached is a patch which fixes the problem.
Cheers,
Stef
libtool: link: gcc -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith
-Wcast-qual -Wcast-align -Wwrite-strings
-Werror-implicit-function-declaration -fno-strict-aliasing -std=gnu99
-DUNIT_TESTING -O0 -g -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-D_LARGEFILE64_SOURCE -o .libs/ad_access_filter_tests
src/providers/ad_access_filter_tests-data_provider_be.o
src/providers/ad_access_filter_tests-data_provider_fo.o
src/providers/ad_access_filter_tests-data_provider_opts.o
src/providers/ad_access_filter_tests-data_provider_callbacks.o
src/providers/ad_access_filter_tests-dp_dyndns.o
src/providers/ad_access_filter_tests-dp_ptask.o
src/providers/ad_access_filter_tests-dp_refresh.o
src/providers/ad_access_filter_tests-fail_over.o
src/providers/ad_access_filter_tests-fail_over_srv.o
src/resolv/ad_access_filter_tests-async_resolv.o
src/resolv/ad_access_filter_tests-async_resolv_utils.o
src/util/ad_access_filter_tests-sss_ldap.o
src/util/ad_access_filter_tests-sss_krb5.o
src/util/ad_access_filter_tests-find_uid.o
src/util/ad_access_filter_tests-user_info_msg.o
src/providers/ad/ad_access_filter_tests-ad_common.o
src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.o -lpam
-lcmocka -lcares -lkrb5 -lk5crypto -lcom_err ./.libs/libsss_util.so
-lpopt -lldb -ldbus-1 -lpcre -lini_config -lcollection -ldhash -llber
-lldap -ltdb -lglib-2.0 ./.libs/libsss_crypt.so -lssl3 -lsmime3 -lnss3
-lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread ./.libs/libsss_debug.so
./.libs/libsss_child.so -lsystemd-login ./.libs/libsss_ldap_common.so
./.libs/libsss_idmap.so ./.libs/libsss_krb5_common.so
./.libs/libsss_test_common.a -ltevent -ltalloc -ldl -Wl,-rpath
-Wl,/opt/build/lib64/sssd -Wl,-rpath -Wl,/opt/build/lib64
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_buf_add_fmt@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_get_error@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_buf_len@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_buf_add@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_buf_add_len@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_labeled_open@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_buf_data@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_free_buf@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_free_error@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_buf_init_fixed@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_labeled_fopen@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_pop_fscreatecon@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_vset_error_fl@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_push_fscreatecon_for@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_set_error_info_callout_fn@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_vset_error@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_buf_init_dynamic@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_set_error@krb5support_0_MIT'
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libkrb5.so:
undefined reference to `krb5int_clear_error@krb5support_0_MIT'
10 years, 4 months
[PATCH] build: add missing Requires to pkgconfig file
by Jan Engelhardt
ini_comment.h uses simplebuffer.h, therefore must Require
basicobjects which provides that. Similarly, ini_valueobj.h uses
ref_array.h and must therefore Require ref_array.
---
ini/ini_config.pc.in | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ini/ini_config.pc.in b/ini/ini_config.pc.in
index 600d39a..66af169 100644
--- a/ini/ini_config.pc.in
+++ b/ini/ini_config.pc.in
@@ -6,6 +6,7 @@ includedir=@includedir@
Name: ini_config
Description: Library to process config files in INI format into a libcollection data structure
Version: @INI_CONFIG_VERSION@
-Libs: -L${libdir} -lini_config -lcollection
+Requires: basicobjects ref_array collection
+Libs: -L${libdir} -lini_config
Cflags: -I${includedir}
URL: http://fedorahosted.org/sssd/
--
1.8.4
10 years, 4 months
[Patch] Typo fixed in negcache.c module
by Pallavi Jha
Hi,
The typo "int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx)" is
corrected to "int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx)".
Please review the attached patch.
Thanks!
10 years, 4 months
