summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_subdomains.c
Commit message (Collapse)AuthorAgeFilesLines
* IPA: Create and remove AD id_ctx for subdomains discovered in server modeJakub Hrozek2013-06-281-0/+182
| | | | | | | | | When IPA server mode is on, then this patch will create an ad_id_ctx for each subdomain discovered in IPA provider. The ID context is needed to perform direct lookups using the AD provider. Subtask of: https://fedorahosted.org/sssd/ticket/1962
* IPA: Initialize server mode ctx if server mode is onJakub Hrozek2013-06-281-0/+33
| | | | | | | | | | This patch introduces a new structure that holds information about a subdomain and its ad_id_ctx. This structure will be used only in server mode to make it possible to search subdomains with a particular ad_id_ctx. Subtask of: https://fedorahosted.org/sssd/ticket/1962
* Save mpg state for subdomainsSumit Bose2013-06-281-3/+10
| | | | | | The information of a subdomain will use magic private groups (mpg) or not will be stored together with other information about the domain in the cache.
* IPA: read ranges before subdomainsSumit Bose2013-06-281-29/+27
| | | | | | | Since FreIPA will start to support external mapping for trusted domains as well the range type for the domain must be know before the domain object is created. The reason is that external mapping will not use magic private groups (mpg) while algorithmic mapping will use them.
* Add support for new ipaRangeType attributeSumit Bose2013-06-281-2/+31
| | | | | | | | | Recent versions of FreeIPA support a range type attribute to allow different type of ranges for sub/trusted-domains. If the attribute is available it will be used, if not the right value is determined with the help of the other idrange attributes. Fixes https://fedorahosted.org/sssd/ticket/1961
* AD: Write out domain-realm mappingsJakub Hrozek2013-06-271-164/+3
| | | | | This patch reuses the code from IPA provider to make sure that domain-realm mappings are written even for AD sub domains.
* subdomains: touch krb5.conf when creating new domain-realm mappingsPavel Březina2013-06-161-0/+8
| | | | https://fedorahosted.org/sssd/ticket/1815
* LDAP: sdap_id_ctx might contain several connectionsJakub Hrozek2013-06-071-1/+1
| | | | | | | | | | | | | | | | | | | With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
* IPA: Check for ENOMEMJakub Hrozek2013-05-281-0/+3
|
* Make IPA SELinux provider aware of subdomain usersSumit Bose2013-04-291-0/+14
| | | | Fixes https://fedorahosted.org/sssd/ticket/1892
* Return error code from ipa_subdom_storeJakub Hrozek2013-03-201-5/+13
|
* subdomains: replace invalid characters with underscore in krb5 mapping file namePavel Březina2013-02-141-1/+26
| | | | | | | https://fedorahosted.org/sssd/ticket/1795 Only alpha-numeric chars, dashes and underscores are allowed in krb5 include directory.
* Introduce IS_SUBDOMAIN() macroSimo Sorce2013-02-101-2/+2
| | | | Fixes https://fedorahosted.org/sssd/ticket/1766
* Change the way domains are linked.Simo Sorce2013-02-101-107/+45
| | | | | | | | | | | | | | | | | | | - Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()
* Remove sysdb_subdom completelySimo Sorce2013-02-101-52/+58
| | | | | struct sss_domain_info is always used to represent domains now. Adjust tests accordingly.
* Refactor sysdb_master_domain_add_info()Simo Sorce2013-02-101-24/+6
|
* Update main domain info in placeSimo Sorce2013-02-101-5/+4
|
* Avoid sysdb_subdom in sysdb_get_subdomains()Simo Sorce2013-02-101-3/+1
|
* Possible null derefence in ipa_subdomains.c.Michal Zidek2013-01-251-0/+4
| | | | | Found by coverity. https://fedorahosted.org/sssd/ticket/1790
* Add be_req_get_be_ctx() helper.Simo Sorce2013-01-211-1/+2
| | | | In preparation for making be_req opaque
* Add be_req_create() helperSimo Sorce2013-01-211-3/+2
|
* Introduce be_req_terminate() helperSimo Sorce2013-01-211-13/+8
| | | | | Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
* Remove domain from be_req structureSimo Sorce2013-01-211-19/+4
|
* Do not pass NULL to ipa_subdomain_retrieve()Simo Sorce2013-01-211-18/+20
|
* Remove sysdb as a be request structure memberSimo Sorce2013-01-211-4/+4
| | | | The sysdb context is already available through the 'domain' context.
* Remove sysdb as a be context structure memberSimo Sorce2013-01-211-3/+3
| | | | The sysdb context is already available through the 'domain' structure.
* Add domain to some subdomain functionsSimo Sorce2013-01-151-2/+7
|
* Remove the sysdb_ctx_get_domain() function.Simo Sorce2013-01-151-1/+4
| | | | | We are deprecating sysdb->domain so kill the function that gives access to this member as we should stop relying on it being available (or correct).
* Run IPA subdomain provider if IPA ID provider is configuredSumit Bose2012-11-141-1/+67
| | | | | | | | | | | | | | | | | | | | | | | | To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
* Allow extdom exop to return flat domain name as wellSumit Bose2012-10-121-0/+24
| | | | | | | | There are case where the extdom extended operation will return the flat or NetBIOS name of a domain instead of the DNS domain name. If this name is available for the current domain we accept it as well. Related to https://fedorahosted.org/sssd/ticket/1561
* Consolidation of functions that make realm upper-caseOndrej Kos2012-08-231-17/+1
|
* IPA: Securely set umask for mkstemp in subdomain providerStephen Gallagher2012-08-061-0/+3
| | | | https://fedorahosted.org/sssd/ticket/1457
* IPA: Do not attempt to close the same file twiceStephen Gallagher2012-08-061-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1456
* Create a domain-realm mapping for krb5.conf to be includedJakub Hrozek2012-08-011-0/+135
| | | | | | | | When new subdomains are discovered, the SSSD creates a file that includes the domain-realm mappings. This file can in turn be included in the krb5.conf using the includedir directive, such as: includedir /var/lib/sss/pubconf/realm_mappings
* Add automatic periodic retrieval of subdomainsSimo Sorce2012-08-011-1/+44
|
* Add online callback to enumerate subdomainsSimo Sorce2012-08-011-24/+49
|
* Limit refreshes keeping track of last refresh timeSimo Sorce2012-08-011-26/+46
|
* Change refreshing of subdomainsSimo Sorce2012-08-011-65/+156
| | | | | | | | | This patch keeps a local copy of the subdomains in the ipa subdomains plugin context. This has 2 advantages: 1. allows to check if anything changed w/o always hitting the sysdb. 2. later will allows us to dump this information w/o having to retrieve it again. The timestamp also allows to avoid refreshing too often.
* Expose an initializer function from subdomainSimo Sorce2012-08-011-0/+35
| | | | | | Instead of exporting internal structures, expose an initilizer function like the autofs code and initialize everything inside the ipa_subdomains.c file.
* Add realm paramter to subdomain listSimo Sorce2012-08-011-0/+27
| | | | This will be used later for setting domain_realm mappings in krb5.conf
* Use a more tractable name for subdomain requestSimo Sorce2012-08-011-7/+5
| | | | | I am all for readable names, but there is a tradeof between expressing purpose and compactness.
* 80 col and style fixesSimo Sorce2012-08-011-20/+48
| | | | | | | Something like this: sysdb = (be_req->sysdb)?be_req->sysdb:be_req->be_ctx->sysdb; really is not readable, and we always discourage using obfuscated C, please refrain in future.
* Make structure initializer more readableSimo Sorce2012-08-011-7/+15
|
* Fix wrong elements used in comparisonSimo Sorce2012-08-011-1/+1
|
* Change subdomain_infoSimo Sorce2012-08-011-6/+6
| | | | | Rename the structure to use a standard name prefix so it is properly name-spaced, in preparation for changing the structure itself.
* Remove dead code in ipa_subdomains_handler_done()Sumit Bose2012-07-101-1/+1
| | | | Fixes https://fedorahosted.org/sssd/ticket/1410
* Add support for ID rangesSumit Bose2012-06-211-10/+166
|
* IPA subdomains - ask for information about master domainJan Zeleny2012-06-101-15/+132
| | | | | | | The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
* IPA: Add get-domains targetSumit Bose2012-04-241-0/+319
generated by cgit (git 2.34.1) at 2024-06-09 06:10:36 +0000