freeipa.git/daemons/ipa-slapi-plugins, branch ad-work

Remove unused variable

2013-07-15T13:40:43+00:00

Fix extdom plugin to provide unqualified name in response as sssd expects

2013-07-11T09:39:28+00:00

extdom plugin handles external operation over which SSSD asks IPA server about
trusted domain users not found through normal paths but detected to belong
to the trusted domains associated with IPA realm.

SSSD expects that user or group name in the response will be unqualified
because domain name for the user or group is also included in the response.
Strip domain name from the name if getgrnam_r/getpwnam_r calls returned fully
qualified name which includes the domain name we are asked to handle.

The code already expects that fully-qualified names are following user@domain
convention so we are simply tracking whether '@' symbol is present and is followed
by the domain name.

Make sure domain_name is also set when processing INP_NAME requests

2013-07-11T09:39:27+00:00

extdom: replace winbind calls with POSIX/SSSD calls

2013-07-11T09:39:27+00:00

With the new ipa_server_mode SSSD is able to read user and group data
from trusted AD domains directly and makes this data available via the
NSS responder. With this mode enabled winbind is not needed anymore to
lookup users and groups of trusted domains.

This patch removed the calls to winbind from the extdom plugin and
replaces them with standard POSIX calls like getpwnam() and calls from
libsss_nss_idmap to lookup SIDs.

Fixes https://fedorahosted.org/freeipa/ticket/3637 because now the
extdom plugin does not need to handle idranges anymore, but everything
is done inside SSSD.

Fix type of printf argument

2013-06-10T08:56:59+00:00

Fix format string typo

2013-06-03T13:41:24+00:00

Fix log format not a string literal.

2013-06-03T07:57:24+00:00

This was to resolve a -Werror=format-security error.

  ipa_extdom_extop.c: In function 'ipa_extdom_extop':
  ipa_extdom_extop.c:144:9: error: format not a string literal and no format
arguments [-Werror=format-security]

Fix cldap parser to work with a single equality filter (NtVer=...)

2013-05-30T10:39:45+00:00

https://fedorahosted.org/freeipa/ticket/3639

CLDAP: Return empty reply on non-fatal errors

2013-05-28T14:01:52+00:00

Windows DCs return an empty reply when a legal request cannot satisfied.
If we get EINVAL or ENOENT it means the information requested could not be
found or input parameters were bogus.
Always return an empty reply in these cases.

On any other internal error just return, the request may have been legit but we
can't really handle it right now, pretend we never saw it and hope the next
attempt will succeed.

Fixes: https://fedorahosted.org/freeipa/ticket/3639

Signed-off-by: Simo Sorce

CLDAP: Fix domain handling in netlogon requests

2013-05-28T14:01:52+00:00

1. Stop using getdomainname() as it is often not properly initialized
2. The code using getdomainname() was not working anyway it was trying to
look at the function call output in hostname which is always empty at that
point.
3. Always check the requested domain matches our own, we cannot reply to
anything else anyway.

Pre-requisite to fix: https://fedorahosted.org/freeipa/ticket/3639

Signed-off-by: Simo Sorce