sssd.git/src/db, branch f23 sssd with jhrozek's patches Minor code improvements 2015-07-06T18:19:12+00:00 Pavel Reichl preichl@redhat.com 2015-07-02T11:24:01+00:00 6aff93510b36799c1773d368cc218cd533c43161 pam_helpers.h had to be included after util.h. Removed exara empty line. Fixed code alignment Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
pam_helpers.h had to be included after util.h.
Removed exara empty line.
Fixed code alignment

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
sysdb: new attribute lastOnlineAuthWithCurrentToken 2015-07-06T18:19:02+00:00 Pavel Reichl preichl@redhat.com 2015-07-02T11:28:05+00:00 32cc237aa0f3c70a4e0bc0491ec0cba0016aaf5a Introduce new user attribute lastOnlineAuthWithCurrentToken. This attribute behaves similarly to lastOnlineAuth but is set to NULL after password is changed. This attribute is needed for use-case when cached authentication is used, to request online authentication after password is locally changed. Resolves: https://fedorahosted.org/sssd/ticket/1807 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Introduce new user attribute lastOnlineAuthWithCurrentToken.
This attribute behaves similarly to lastOnlineAuth but is set to NULL
after password is changed.

This attribute is needed for use-case when cached authentication is used, to
request online authentication after password is locally changed.

Resolves:
https://fedorahosted.org/sssd/ticket/1807

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
views: Add is_default_view helper function 2015-07-02T11:37:38+00:00 Michal Židek mzidek@redhat.com 2015-06-24T16:03:49+00:00 9ac2a33f4cdc4941fa63118dcffe8058854f33c4 Ticket: https://fedorahosted.org/sssd/ticket/2641 Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Ticket:
https://fedorahosted.org/sssd/ticket/2641

Reviewed-by: Pavel Reichl <preichl@redhat.com>
sysdb: add sysdb_search_user_by_cert() and sysdb_search_object_by_cert() 2015-06-19T16:48:13+00:00 Sumit Bose sbose@redhat.com 2015-05-27T09:22:20+00:00 7d8b7d82f0a91ed656320577fc781f24a66db9f8 Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related to https://fedorahosted.org/sssd/ticket/2596

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
LDAP: add ldap_user_certificate option 2015-06-19T15:21:24+00:00 Sumit Bose sbose@redhat.com 2015-05-07T08:59:10+00:00 e22e04517b9f9d0c7759dc4768eedfd05908e9b6 Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related to https://fedorahosted.org/sssd/ticket/2596

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IFP: Implement org.freedesktop.sssd.infopipe.Cache[.Object] 2015-06-18T14:44:01+00:00 Pavel Březina pbrezina@redhat.com 2015-06-02T09:12:15+00:00 d3c82d0170d6d7407549afdadd08aa7e11aeb9a2 Resolves: https://fedorahosted.org/sssd/ticket/2338 Example use: $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.FindByName \ string:admin object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000" $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ ] $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Store boolean true $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000" ] $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Remove boolean true $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ ] Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2338

Example use:
 $ dbus-send --print-reply --system \
             --dest=org.freedesktop.sssd.infopipe \
             /org/freedesktop/sssd/infopipe/Users \
             org.freedesktop.sssd.infopipe.Users.FindByName \
             string:admin

   object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000"

 $ dbus-send --print-reply --system \
             --dest=org.freedesktop.sssd.infopipe \
             /org/freedesktop/sssd/infopipe/Users \
             org.freedesktop.sssd.infopipe.Cache.List

   array [
   ]

 $ dbus-send --print-reply --system \
             --dest=org.freedesktop.sssd.infopipe \
             /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \
             org.freedesktop.sssd.infopipe.Cache.Object.Store

   boolean true

 $ dbus-send --print-reply --system \
             --dest=org.freedesktop.sssd.infopipe \
             /org/freedesktop/sssd/infopipe/Users \
             org.freedesktop.sssd.infopipe.Cache.List

   array [
      object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000"
   ]

 $ dbus-send --print-reply --system \
             --dest=org.freedesktop.sssd.infopipe \
             /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \
             org.freedesktop.sssd.infopipe.Cache.Object.Remove

   boolean true

 $ dbus-send --print-reply --system \
             --dest=org.freedesktop.sssd.infopipe \
             /org/freedesktop/sssd/infopipe/Users \
             org.freedesktop.sssd.infopipe.Cache.List

   array [
   ]

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SYSDB: Add a forest root attribute to sss_domain_info 2015-06-14T19:44:39+00:00 Jakub Hrozek jhrozek@redhat.com 2015-06-01T19:58:15+00:00 b50baee36c9ba9e1dd3f6b9c1356482aecd08128 Instead of complex forest root search methods, establish forest root during subdomain list update. The subdomain code can then just use the forest_root pointer. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Instead of complex forest root search methods, establish forest root
during subdomain list update. The subdomain code can then just use the
forest_root pointer.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Add realm to sysdb_master_domain_add_info 2015-06-14T19:44:39+00:00 Jakub Hrozek jhrozek@redhat.com 2015-06-02T11:34:20+00:00 9af86b9c936d07cff9d0c2054acde908749ea522 Adding realm to both master domain and subdomain will make it easier to set and select forest roots. Even master domains can be forest members, it's preferable to avoid special-casing as much as possible. Includes a unit test. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Adding realm to both master domain and subdomain will make it easier to
set and select forest roots. Even master domains can be forest members,
it's preferable to avoid special-casing as much as possible.

Includes a unit test.

Reviewed-by: Sumit Bose <sbose@redhat.com>
UTIL/SYSDB: Move new_subdomain() to sysdb_subdomains.c and make it private 2015-06-14T19:44:39+00:00 Jakub Hrozek jhrozek@redhat.com 2015-06-01T14:53:01+00:00 50936fc7230a9b3f01e285e72c4182013542f53e In order to make updating the subdomain list a two-step process. Therefore we need to make sure that update_subdomains() is the only interface towards the SSSD that changes the subdomain list. Move the new_subdomain() function to sysdb_subdomains.c and only make it available through a private header so it's usable by unit tests. Reviewed-by: Sumit Bose <sbose@redhat.com> 
In order to make updating the subdomain list a two-step process.
Therefore we need to make sure that update_subdomains() is the only
interface towards the SSSD that changes the subdomain list.

Move the new_subdomain() function to sysdb_subdomains.c and only make it
available through a private header so it's usable by unit tests.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Store trust direction for subdomains 2015-06-14T19:44:39+00:00 Jakub Hrozek jhrozek@redhat.com 2015-05-12T12:24:00+00:00 ea224c3813a537639778f91ac762732b3c289603 We need to store the subdomain trust direction in order to recover the structure after SSSD restart. The trust direction is a plain uint32_t to avoid leaking the knowledge about AD trust directions to sysdb while at the same time making it easy to compare values between sysdb and LDAP and avoid translating the values. Reviewed-by: Sumit Bose <sbose@redhat.com> 
We need to store the subdomain trust direction in order to recover the
structure after SSSD restart.

The trust direction is a plain uint32_t to avoid leaking the knowledge
about AD trust directions to sysdb while at the same time making it easy
to compare values between sysdb and LDAP and avoid translating the
values.

Reviewed-by: Sumit Bose <sbose@redhat.com>