summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* foo2sysdbJakub Hrozek2016-01-135-45/+421
|
* fooJakub Hrozek2016-01-133-39/+338
|
* sysdb: Unify name format for groups and usersMichal Zidek2016-01-1335-480/+1162
| | | | | | | | | | | | | | | | | | This is WIP patch to unify format of usernames and groupnames in sssd internals. In current form it breaks just about everything. The sysdb update function is just placeholder and it's contents are irelevant. Currently I am working on fqname attribute removal because it seems to just add confusion. If you decide to look into the code, please use sunglasses or other other protective gear and play some calm music in your backgroun to prevent eye or brain injury.
* Remove misleading commentMichal Zidek2016-01-131-1/+0
| | | | | Function entry_has_objectclass is not used just for users.
* util: sss_ioname2internalMichal Židek2016-01-132-0/+38
|
* util: Add function to create internal fqnameMichal Zidek2016-01-132-0/+32
| | | | | Add function to create internal fqname in format shortname@domname where domain portion is lowercased.
* util: Add function to parse internal fqname formatMichal Zidek2016-01-132-0/+58
| | | | | | Add lightweight function to parse internal fqname format (shortname@domain). This function does not require the sss_names to be initialized.
* DP: Print warning when the handler is not configuredJakub Hrozek2016-01-121-1/+3
| | | | | | | | We would previously only print the generic warning, not the user-supplied error message. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Petr Cech <pcech@redhat.com>
* ldap: remove originalMeberOf if there is no memberOfSumit Bose2016-01-122-2/+18
| | | | | | | | | | | | Since originalMemerberOf is not mapped directly to an original attribute and is handled specially it is not automatically removed if there is no memberOf in the original object anymore. This patch put originalMemerberOf on the list of attribute which should be removed in that case. Resolves https://fedorahosted.org/sssd/ticket/2917 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD SRV: prefer site-local DCs in LDAP pingPavel Březina2016-01-111-10/+30
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2765 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SPEC: Change package ownership of %{pubconfpath}/krb5.include.dLukas Slebodnik2016-01-111-1/+1
| | | | | | | | | | | | | krb5 domain mapping files are stored to the directory %{pubconfpath}/krb5.include.d. It can be stored by ipa or ad provider. However this directory was owned by sub-package sssd-ipa. And ad provider can be installed without this package. Therefore %{pubconfpath}/krb5.include.d should be owned by common dependency. The owner of this directory was also fixed to sssd. It's already done by make install. It was changed only in spec file. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD: Log SID in debug messageLukas Slebodnik2016-01-081-1/+1
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sdap_save_grpmem: determine domain by SID if possibleSumit Bose2016-01-061-13/+35
| | | | | | Resolves https://fedorahosted.org/sssd/ticket/2910 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Use right domain for user lookupsSumit Bose2016-01-061-1/+1
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2910 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* ipa_s2n_save_objects(): use configured user and group timeoutSumit Bose2016-01-061-5/+5
| | | | | | Resolves https://fedorahosted.org/sssd/ticket/2899 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* nfs idmap: fix infinite loopSumit Bose2016-01-051-2/+2
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2909 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Noam Meltzer <tsnoam@gmail.com>
* SUDO: get srv_opts after we are connectedPavel Březina2015-12-151-1/+3
| | | | | | It may be NULL in _send if SSSD has not been connected to LDAP so far. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: use size_t instead of int in for cyclesPavel Březina2015-12-151-2/+2
| | | | | | | So we compare proper data types. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: make sdap_sudo_handler staticPavel Březina2015-12-152-2/+4
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: remove finalizerPavel Březina2015-12-151-7/+1
| | | | | | | It is not used anywhere anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: obtain host information when going onlinePavel Březina2015-12-153-55/+101
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix potential memory leak in sdap_sudo_initPavel Březina2015-12-151-2/+9
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: do not imitate full refresh if usn is unknown in smart refreshPavel Březina2015-12-152-20/+23
| | | | | | | | USN value should be always known now if at least one full refresh was successful. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: built host filter inside sdap_sudo_refresh requestPavel Březina2015-12-153-245/+215
| | | | | | | | Preparation for: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: set USN inside sdap_sudo_refresh requestPavel Březina2015-12-153-60/+49
| | | | | | | Reduce code duplication. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: sdap_sudo_load_sudoers improve iteratorPavel Březina2015-12-151-69/+55
| | | | | | | | The old search base iterator was difficult to read since its logic spread through all functions. This patch also shorten names. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix sdap_sudo_smart_refresh_recv()Pavel Březina2015-12-151-7/+7
| | | | | | | This fix huge violation of tevent coding style. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix tevent stylePavel Březina2015-12-154-300/+265
| | | | | | | | Rearrage and rename functions in sdap_async_sudo.c to obey tevent style and improve readability. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix sdap_id_op logicPavel Březina2015-12-151-16/+18
| | | | | | | Adds missing sdap_id_op_done call and retry logic. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: simplify error handlingPavel Březina2015-12-154-70/+41
| | | | | | | | This patch removes state->error and uses only ret instead since state->error was only duplication anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: move offline check to handlerPavel Březina2015-12-152-6/+5
| | | | | | | | | | | We let sdap_id_op decide if we are offline or not here but we should not get to this code since ptask is disabled and we will not get through sudo handler if offline. This simplyfies the code and make it more similar to other providers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: move refreshes from sdap_sudo.c to sdap_sudo_refresh.cPavel Březina2015-12-153-642/+639
| | | | | | | sdap_sudo.c will contain only initialization and handlers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: convert periodical refreshes to be_ptaskPavel Březina2015-12-155-658/+186
| | | | | | | | | | | | | | | This removes old sudo timer and simplyfies code a lot. It also allows to manage offline/online state. - Full and smart refresh are disabled when offline. - Full refresh is run immediately when sssd is back online. - Smart refresh is scheduled normally when sssd is back online. Resolves: https://fedorahosted.org/sssd/ticket/1943 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* KRB5_CHILD: Debug logs for PAC timeoutPetr Cech2015-12-141-0/+3
| | | | | | | | | | | | This patch adds debug message that inform user when KRB5_CHILD calls PAC responder. This action might take a bit of time in case the cache is not populated or up to date. Resolves: https://fedorahosted.org/sssd/ticket/2846 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* KRB5: Mark globals in krb5_opts.h as externPavel Březina2015-12-143-23/+53
| | | | | | To avoid collisions when we want to work with them elsewhere in the code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: Mark globals in ipa_opts.h as externPavel Březina2015-12-143-297/+357
| | | | | | To avoid collisions when we want to work with them elsewhere in the code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD: Mark globals in ad_opts.h as externPavel Březina2015-12-143-242/+293
| | | | | | To avoid collisions when we want to work with them elsewhere in the code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Mark globals in ldap_opts.h as externPavel Březina2015-12-143-330/+393
| | | | | | To avoid collisions when we want to work with them elsewhere in the code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SYSDB: Add missing include to sysdb_services.hPavel Březina2015-12-141-0/+2
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DEBUG: Add missing new linesLukas Slebodnik2015-12-147-14/+14
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* MAN: Clarify when should TGs be disabled for group nesting restrictionJakub Hrozek2015-12-111-2/+4
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2796 Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Striker Leggette <striker@redhat.com>
* IPA_PROVIDER: Explicit no handle of servicesPetr Cech2015-12-111-1/+29
| | | | | | | | | | | Function get_object_from_cache() does not handle services. This patch adds quick shortcut to avoid sending an LDAP query to cache. Resolves: https://fedorahosted.org/sssd/ticket/2747 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: sssd.conf should mention SSS_NSS_USE_MEMCACHEMichal Židek2015-12-101-1/+7
| | | | | | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2787 We already mention SSS_NSS_USE_MEMCACHE in sssd(8) but it makes sense to note it in sssd.conf(5) together with the memcache_timeout. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: check early for missing SID in mapping checkSumit Bose2015-12-101-0/+6
| | | | | | Resolves https://fedorahosted.org/sssd/ticket/2830 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DP: Reduce code duplication in Data Provider handlersJakub Hrozek2015-12-101-167/+102
| | | | | | | | | | | | | Instead of setting the three same variables over again, add a structure be_sbus_reply_data with a default initializer BE_SBUS_REPLY_DATA_INIT. The handlers can then set the structure to BE_SBUS_REPLY_DATA_INIT on declaration or set a particular value with be_sbus_reply_data_set. The handler can also reply to the message (typically on failure state) with be_sbus_req_reply_data() Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* DP: Reduce code duplication in the callback handlersJakub Hrozek2015-12-104-232/+137
| | | | | | | Instead of calling sbus_request_return_and_finish() directly with the same checks copied over, add a be_sbus_reply() helper instead. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Clarify that subdomains always use service discoveryDan Lavu2015-12-101-3/+11
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: Use search timeout, not enum timeout for searching overridesJakub Hrozek2015-12-091-1/+1
| | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2866 If the LDAP connection is still established when the client moves offline, we rely on the search timeout to find out the client is offline. The override search used the enum timeout defaults to 60 seconds. That caused too long delays in going offline. Reviewed-by: Sumit Bose <sbose@redhat.com>
* FO: Use tevent_req_defer_callback() when notifying callersJakub Hrozek2015-12-072-5/+59
| | | | | | | | | | | | | | If a fo_resolve_service callback would modify the server->common member in any way, for example by dereferencing the server and lowering the refcount to 0, which would free the common structure, then the next iteration of fo_resolve_service_done would access memory that was already gone. Please see https://tevent.samba.org/group__tevent__request.html#ga09373077d0b39e321a196a86bfebf280 for more details. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* KRB5: Handle KRB5_REALM_UNKNOWN as ERR_NETWORK_IOJakub Hrozek2015-12-071-0/+1
| | | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2866 This would help users who authenticate to AD trust servers while offline and see error messages such as: [get_and_save_tgt] (0x0020): 996: [-1765328230][Cannot find KDC for realm "AD.EXAMPLE.COM"] in the krb5_child.log Reviewed-by: Pavel Březina <pbrezina@redhat.com>
generated by cgit (git 2.34.1) at 2024-04-18 17:22:00 +0000