| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
We were never filling the group attrs because of an inverse return check.
Plus fix a crash bug for using a pointer that is not a memory context.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This task allows us to rebuild memberuid and memberof attributes throughout the
database. This way we can upgrade from version 0.4 databases that didn't
generate and store memberuid.
The task can be invoked by adding a speaicl named entry to the ldb file.
The entry dn to use is: @MEMBEROF-REBUILD, the entry has no attributes and any
attribute is ignored at present.
The entry will not be stored in the database but will just trigger the task to
execute a rebuild of the memberof and memberuid attributes
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Search the local db to find the local DN using the original DN as search key.
This way we do not have to rely on weak and faulty heuristicts based on DN
names.
Add a few helper functions in the process and change the way we pass members to
sysdb_store_group_send(), instead of passing users and groups list, just add
member DNs to the other sysdb attrs.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
After completing an upgrade successfully, we were still falling
into the "version not found" case. We should be exiting the
function after performing the upgrade.
|
| | |
|
| |
|
|
| |
When possible using a macro that correctly deals with tstate
|
| | |
|
| |
|
|
|
| |
sysdb_attrs has a lot of methods to add them but very little to get information
out. Start adding a way to retrieve a single valued attribute as a string.
|
| | |
|
| | |
|
| |
|
|
|
| |
If the pointer stays around, zero it when it is freed, so we do not risk
access to released memory in case of bugs.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
In sssd only local is a native mpg domain, and it is forced.
All other providers will have to unroll mpg users into a user/group pair of
entries in the db. This allows the provider to automatically establish if
the remote server provides mpg users w/o possibily conflicting manual
configurations on the client trying to force an mpg behavior where none
is provided.
|
| |
|
|
|
|
|
|
| |
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d.
Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made
use of the SYSLOG_ERROR() macro, so those portions of that code
also needed to be reverted.
|
| |
|
|
|
| |
This is just a band-aid until ELAPI is fully functional and ready to
use.
|
| |
|
|
|
|
|
|
|
| |
The code was still dependent on it for the ldap driver.
Changed the driver code to depend on the schema type.
Fix defaults for user and groups trees.
ATM if you use the rfc2307bis schema you have to put users and groups
in 2 separate trees (what people does by default anyway.
If this limitation will turn to be too hard, we will change this later.
|
| |
|
|
|
| |
The special persistent local database retains the original name.
All other backends now have their own cache-NAME.ldb file.
|
| |
|
|
| |
Provides also an upgrade function.
|
| |
|
|
|
| |
First pass to remove the legacy option and make it just a property of the
provider
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This is part of a set of patches to rewrite sysdb to a hopefully better
API, that will also let use use tevent_req async style calls to manipulate
our cache.
|
| |
|
|
|
|
|
| |
We will trap all LDB debug messages and pipe them into our
internal DEBUG() function. LDB FATAL messages will still be
printed by default, WARNING and TRACE functions will be at debug
level 3 and 9, respectively.
|
| | |
|
| |
|
|
|
| |
The first functional command is sss_useradd
(Name is temporary, while looking for a better one)
|
| |
|
|
|
|
|
|
| |
Retrieve minID and maxID from domain configuration so that lower
and upper bounds can be set per domain.
Add function that keeps track of the next available id, increments
and returns it on requests, avoiding collisions with existing ids.
|
| |
|
|
|
|
| |
Add comments in header files to better explain interfaces and intended usage.
Expose function to convert from ldb errors to errnos.
Add sysdb_attrs helper to add a long integer as a value.
|
| |
|
|
|
|
| |
Provide also helper functions to build struct sysdb_attrs.
Also fix sysdb_get_user_attr() to have a consistent interface
as all other functions.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This is necessary because in ldb only 1 transaction per context is possible
and all operations (or new transactions) are nested within it.
Will revisit this later when ldb will addresses the problem.
|
| |
|
|
|
|
| |
dependencies based on the latest samba code.
Convert all references to the old events library to use the
renamed tevent library.
|
| |
|
|
|
|
|
| |
rename _posix_ function into _legacy_
Add support for the posix legacy mode where memberships
are stored in memberUId and not in member/memberof pairs.
Do not build sysdb as a library
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
types of domains: modern and legacy
modern uses member/meberof, legacy uses memberUid for group
memberships.
Rework the proxy backend to use the legacy style as that's the
format the data comes in (trying to convert would require too
many transformations and increased the number of queries).
Add support for fetching groups in nss.
Add support for enumerating users and groups (requires to enable enumeration
in config) both in nss and in the proxy provider.
Remove confdb_get_domain_basedn() and substitute with generic calls in
the nss init function.
Store a domain structure in the btree not the basedn so that we can add
enumeration flags.
Also make sure NSS understand how to make multiple calls on
enumerations, also make passing the domian parameter always
mandatory, passing in domain=* is not valid anymore.
This work fixes also a few memory, degfault, and logic bugs
found while testing all nss functions (there are still some to
fix that are less critical and much harder to find yet).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This was causing some functions to not cancel a transaction as they should
have, leaving it pending indefintely. It in turn meant that no other process
could see what was "stored" in the db as transactions are not fluched to the
db until "committed".
Took me quite a while and a lot of confusion to catch why I was seeing
"ghost entries" in some processes and not seeing the entry in others ..
As a defensive programming measure make sure we commit OR cancel in the same
spot and that we always go thorugh it.
|
| | |
|
| |
|
|
|
| |
throw away databases
Check version and init main db if empty
|
| | |
|
| |
|
|
|
|
|
|
| |
use the same namespace (sysdb_posix_)
- no need to explicitly start a transaction if only one
operation is performed using a synchronous interface
- split _add_remove_ functions into separate functions,
don't let ldap madness creep into out interfaces
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixed a few small bugs in sysdb_[store|remove]_account_posix. The
string "uid=" needed to be replaced with SYSDB_PW_NAME, and the
search scope in sysdb_remove_account_posix_by_uid needed to be
LDB_SCOPE_ONELEVEL, not LDB_SCOPE_BASE.
Added associated unit tests. Modified the unit test structure so
that it is called as a single suite, rather than a User and Group
suite, since there is too much overlap.
|
| |
|
|
|
|
|
|
|
|
| |
for adding/removing user accounts and POSIX groups to the groups.
Also modified the add/remove member functions to be a single
interface taking a flag for add or removal, since the code only
differs by one LDB flag.
Added associated unit tests.
|
| |
|
|
|
|
| |
to now use sysdb_add_member_to_posix_group along with sysdb_add_member_to_posix_group.
Added new unit tests to sysdb-tests.c for groups of groups.
|
| | |
|
| | |
|
|
|
rename everything with the sysdb suffix.
|
