summaryrefslogtreecommitdiffstats
path: root/src/db/sysdb.h
Commit message (Collapse)AuthorAgeFilesLines
* SYSDB: prepare for LOCAL viewPavel Březina2015-07-271-1/+13
| | | | | | | | | | Objects doesn't have to have overrideDN specified when using LOCAL view. Since the view is not stored on the server we do not want to contact LDAP therefore we special case LOCAL view saying that it is OK that this attribute is missing. Preparation for: https://fedorahosted.org/sssd/ticket/2584
* SYSDB: Add functions to look up multiple entries including name and custom ↵Jakub Hrozek2015-07-151-0/+24
| | | | | | | | | | | | | | | | | | | filter Related: https://fedorahosted.org/sssd/ticket/2553 Adds new sysdb function: - sysdb_enumpwent_filter - sysdb_enumpwent_filter_with_views - sysdb_enumgrent_filter - sysdb_enumgrent_filter_with_views These are similar to enumeration functions, but optionally allow to specify a filter to be applied on user/group names. Also an additional custom filter can be applied. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: new attribute lastOnlineAuthWithCurrentTokenPavel Reichl2015-07-061-0/+1
| | | | | | | | | | | | | | Introduce new user attribute lastOnlineAuthWithCurrentToken. This attribute behaves similarly to lastOnlineAuth but is set to NULL after password is changed. This attribute is needed for use-case when cached authentication is used, to request online authentication after password is locally changed. Resolves: https://fedorahosted.org/sssd/ticket/1807 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* views: Add is_default_view helper functionMichal Židek2015-07-021-0/+11
| | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2641 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sysdb: add sysdb_search_user_by_cert() and sysdb_search_object_by_cert()Sumit Bose2015-06-191-0/+14
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* LDAP: add ldap_user_certificate optionSumit Bose2015-06-191-0/+1
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IFP: Implement org.freedesktop.sssd.infopipe.Cache[.Object]Pavel Březina2015-06-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2338 Example use: $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.FindByName \ string:admin object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000" $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ ] $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Store boolean true $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000" ] $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Remove boolean true $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ ] Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SYSDB: Add realm to sysdb_master_domain_add_infoJakub Hrozek2015-06-141-1/+3
| | | | | | | | | | Adding realm to both master domain and subdomain will make it easier to set and select forest roots. Even master domains can be forest members, it's preferable to avoid special-casing as much as possible. Includes a unit test. Reviewed-by: Sumit Bose <sbose@redhat.com>
* SYSDB: Store trust direction for subdomainsJakub Hrozek2015-06-141-1/+3
| | | | | | | | | | | | We need to store the subdomain trust direction in order to recover the structure after SSSD restart. The trust direction is a plain uint32_t to avoid leaking the knowledge about AD trust directions to sysdb while at the same time making it easy to compare values between sysdb and LDAP and avoid translating the values. Reviewed-by: Sumit Bose <sbose@redhat.com>
* sysdb: add sysdb_cache_password_ex()Sumit Bose2015-05-081-0/+9
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sdap: properly handle binary objectGuid attributeSumit Bose2015-03-201-0/+6
| | | | | | | | | | | | | | Although in the initial processing SSSD treats the binary value right at some point it mainly assumes that it is a string. Depending on the value this might end up with the correct binary value stored in the cache but in most cases there will be only a broken entry in the cache. This patch converts the binary value into a string representation which is described in [MS-DTYP] and stores the result in the cache. Resolves https://fedorahosted.org/sssd/ticket/2588 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* be_refresh: support groupsPavel Březina2015-03-081-0/+2
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2346 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* be_refresh: support usersPavel Březina2015-03-081-0/+2
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2346 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Add UUID when saving incomplete groupsJakub Hrozek2015-01-301-0/+1
| | | | | | | Related to: https://fedorahosted.org/sssd/ticket/2571 Reviewed-by: Sumit Bose <sbose@redhat.com>
* SYSDB: Reduce code duplication in sysdb_gpo.cJakub Hrozek2015-01-131-4/+0
| | | | | | | | | Two places in sysdb_gpo.c were searching for the GPO result object while the only difference was the attributes searched for. Remove this duplication and make the search function static as it's not used outside the module. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sysdb: fix group members with overridden namesSumit Bose2015-01-131-0/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SYSDB: sysdb_search_object_by_sid returns ENOENTPavel Reichl2014-12-171-1/+1
| | | | | | | | | | | | sysdb_search_object_by_sid returns ENOENT if no results are found. Part od solution for: https://fedorahosted.org/sssd/ticket/1991 Fixes: https://fedorahosted.org/sssd/ticket/2520 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Skip CHAUTHTOK_PRELIM when using OTPsJakub Hrozek2014-12-131-0/+2
| | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2484 When OTPs are used, we can only used each authtoken at most once. When it comes to Kerberos password changes, this was only working previously by accident, because the old authtoken was first used to verify the old password is valid and not expired and then also to acquire a chpass principal. This patch looks at the user object in LDAP to check if the user has any OTPs enabled. If he does, the CHAUTHTOK_PRELIM step is skipped completely so that the OTP can be used to acquire the chpass ticket later. Reviewed-by: Sumit Bose <sbose@redhat.com>
* LDAP: retain external membersPavel Reichl2014-12-131-0/+6
| | | | | | | | | | | | When processing group membership check sysdb for group members from extern domain and include them in newly processed group membership as extern members are curently found only when initgroups() is called. Resolves: https://fedorahosted.org/sssd/ticket/2492 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
* sysdb: add sysdb_invalidate_overrides()Sumit Bose2014-11-251-0/+2
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sysdb: add sysdb_delete_view_tree()Sumit Bose2014-11-251-0/+2
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sysdb: add sysdb_search_object_by_uuid()Sumit Bose2014-11-201-0/+7
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sysdb_add_overrides_to_object: add new parameter and multi-value supportSumit Bose2014-11-051-1/+2
| | | | | | | | | | With the new parameter an attribute list other than the default one can be used. Override attributes with multiple values (e.g. SSH public keys) are now supported as well. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SYSDB: Allow calling chown on the sysdb file from monitorMichal Zidek2014-10-221-0/+9
| | | | | | | | Sysdb must be accessible for the nonroot sssd processes. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add sysdb_get_user_attr_with_viewsPavel Březina2014-10-201-0/+6
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* Add sysdb_search_[user|group]_override_attrs_by_namePavel Březina2014-10-201-0/+14
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* sysdb: add sysdb_enumpw/grent_with_views()Sumit Bose2014-10-201-0/+8
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_getgrnam_with_views and sysdb_getgrgid_with_viewsSumit Bose2014-10-201-0/+13
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_initgroups_with_views()Sumit Bose2014-10-201-0/+6
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sss_view_ldb_msg_find_element/attr_as_string/uint64Sumit Bose2014-10-201-0/+15
| | | | | | | | Override-aware replacements for the corresponding ldb_msg_find_* calls. First it is check if an override value is available before the original value is returned. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_getpwnam/uid_with_views()Sumit Bose2014-10-201-0/+24
| | | | | | | View-aware drop-in replacements for sysdb_getpwnam() and sysdb_getpwuid(). Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add overide lookup callsSumit Bose2014-10-201-1/+23
| | | | | | | | | | | sysdb_search_user_override_by_name() and sysdb_search_group_override_by_name() search for overrides in the given view. sysdb_add_overrides_to_object() adds the data from the override object to the original object and makes them available for further processing. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: sysdb_apply_default_overrideSumit Bose2014-10-161-0/+4
| | | | | | | | | The default view is special in the sense that it is the baseline for every other view and that it always applies even if there is no view defined. To avoid useless additional processing the default view overrides are written directly to the corresponding cached object. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_attrs_add_val_safe() and sysdb_attrs_add_string_safe()Sumit Bose2014-10-161-0/+4
| | | | | | | | | | | | sysdb_attrs_add_val_safe() works like sysdb_attrs_add_val() but checks if the attribute value to add already exists. In this case the value list is not changed. This is useful if values are added from different sources at different times to avoid LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS errors from ldb_modify() later on. sysdb_attrs_add_string_safe() does the same for string arguments Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_store_overrideSumit Bose2014-10-161-0/+8
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IPA: add view support and get view nameSumit Bose2014-10-161-0/+4
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_update_view_name()Sumit Bose2014-10-161-0/+11
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* nss: add SSS_NSS_GETORIGBYNAME requestSumit Bose2014-10-141-0/+7
| | | | | | | | | | | | | | | This patch adds a new request to the nss responder which follows the same flow as a SSS_NSSGETSIDBYNAME request but returns more data than just the SID. The data is returned as pairs of \0-terminated strings where the first string is the sysdb attribute name and the second the corresponding value. The main use case is on the FreeIPA server to make additional user and group data available to the extdom plugin which then send this data to SSSD running on FreeIPA clients. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* NSS: UPN as a template expansion for homedir mappingsPavel Reichl2014-10-121-0/+2
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2340 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SYSDB: move sysdb_get_real_name() from sysdb.c to sysdb_search.cJakub Hrozek2014-10-061-1/+1
| | | | | | | | | | | The sysdb.c should be reserved for utility and setup functions. Search functions belong to sysdb_search.c Keeping functions in specialized modules helps to maintain nice dependencies and in overall makes unit testing easier. Moreover, the function was not unit tested, which needed fixing. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* AD-GPO resolve conflicting policy settings correctlyYassir Elley2014-10-021-4/+25
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2437 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* AD-GPO: delete stale GPOsYassir Elley2014-09-081-0/+5
| | | | | | https://fedorahosted.org/sssd/ticket/2431 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SYSDB: SSS_LDB_SEARCH - macro around ldb_searchPavel Reichl2014-09-051-5/+12
| | | | | | | | | | | | | This patch amends previous patch 5153e8b9793dea1e212ca08af0f77ea1d023cbb7. Macro SSS_LDB_SEARCH is used instead of using fuction sss_ldb_search as a wrapper around ldb_search which could lead to premature expansion of variadic parameters. Part of solution for: https://fedorahosted.org/sssd/ticket/1991 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* AD-GPO: sysdb_gpo changes for offline gpo supportYassir Elley2014-08-131-1/+6
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD-GPO: add ad_gpo_cache_timeout optionYassir Elley2014-07-311-5/+9
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD-GPO: add sysdb_gpo support for caching gpo versionYassir Elley2014-07-301-0/+28
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SYSDB: sss_ldb_search - wrapper around ldb_searchPavel Reichl2014-06-251-0/+5
| | | | | | | | | | | Make sure that if no results were found ENOENT is returned rather than just empty list of results. Resolves: https://fedorahosted.org/sssd/ticket/1991 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SYSDB: Modify declaration of sysdb_search_entryLukas Slebodnik2014-06-231-1/+1
| | | | | | | | | | Type of parameter scope was changed s/int/enum ldb_scope/ This patch fixes warning from static analysers: src/db/sysdb_ops.c:228: mixed_enum_type: enumerated type mixed with another type Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sysdb: add sysdb_search_user_by_upn() with testsSumit Bose2014-06-201-0/+7
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SYSDB: sysdb_search_entry fix memory leakPavel Reichl2014-06-201-2/+2
| | | | | | | Allocate res on tmp_ctx instead of on mem_ctx. Also use '_' prefix convention for output parameters. Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-14 03:49:03 +0000