| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Call it everywhere instead of directly dereferencing be_req->fn
This is in preparation of making be_req opaque.
|
| | |
|
| | |
|
| |
|
|
| |
The sysdb context is already available through the 'domain' context.
|
| |
|
|
| |
The sysdb context is already available through the 'domain' structure.
|
| |
|
|
|
|
| |
It was confusing to see the ldap provider own handler mixed with the generic
ldap access code used also by the ipa and ad providers.
So move the ldap provider handler code in its own file.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1758
The autofs entries do not have the key as an unique identifier, but
rather the full (key, value) tuple as some keys have a special meaning,
such as the direct mount key (/-) and may be present in a single map
multiple times.
Comparing the full DN that contains both the key and the value will
allow for working updates if either key or value changes.
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1761
The function tried to be smart and realloc only when needed, but that
only lead to hard-to find bugs where the logic would not allocate the
proper space. Remove the reallocation and prefer readability over speed
in this case.
|
| | |
|
| |
|
|
| |
also fix sysdb_svc_add declarations
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also remove sysdb_delete_domgroup()
|
| | |
|
| |
|
|
| |
Also remove sysdb_delete_domuser()
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also remove sysdb_store_domgroup()
|
| |
|
|
| |
Also remove sysdb_store_domuser()
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also remove unused sysdb_search_domgroup_by_gid()
|
| |
|
|
| |
Also remove unused sysdb_search_domgroup_by_name()
|
| |
|
|
| |
Also remove unused sysdb_search_domuser_by_name()
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1760
|
| |
|
|
|
|
| |
sss_authtok_get_password() already returns length without terminating
zero. This broke authentication over LDAP because we removed the
last password character.
|
| |
|
|
| |
Use the new authtok abstraction and interfaces throught the code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This set of functions had a few important issues:
1. the base_dn was always NULL, as the base array was never actually used
to construct any DN. This means each function searched the whole database
multiple times.
It would try to remove SYSDB_USN from all database entries 3 times.
Then it would try to find non updated entries another 3 times and delete
them, arguably find empty results the last 2 times.
2. Remove use of sysdb_private.h, that header is *PRIVATE* which means it
should not be used anywhere but within sysdb. Do this by using existing
functions instead of using ldb calls directly. This is important to keep
sysdb as conistent and self-contained as possible.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the AD case, deployments sometimes add groups as parents of the
primary GID group. These groups are then returned during initgroups
in the tokenGroups attribute and member/memberof links are established
between the user and the group. However, any update of these groups
would remove the links, so a sequence of calls: id -G user; id user; id
-G user would return different group memberships.
The downside of this approach is that the user is returned as a group
member during getgrgid call as well.
|
| |
|
|
|
|
|
| |
The code would call sysdb_attrs_add_uint32 which added another UID or GID
to the ID=0 we already downloaded from LDAP (0 is the default value) when
ID-mapping an entry. This led to funky behaviour later on when we wanted
to process the ID.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1736
When there are no rules during first refresh, we don't have valid
USN value. We use 0 in this case, but it turned out that OpenLDAP
takes it as invalid time format (if modifyTimestamp is used instead
of USN) and thus returns no records.
Now we don't include USN/modifyTimestamp attribute in the filter
if such situasion occurs.
|
| |
|
|
|
|
| |
Use correct name for _done() function from the caller.
Remove unneded initializzations to NULL for a lot of variables hat are going to
be assigned as the first thing done in the functions.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Added new parameter to split_on_separator that allows to skip
empty values.
The whole function was rewritten. Unit test case was added to
check the new implementation.
https://fedorahosted.org/sssd/ticket/1484
|
| |
|
|
|
|
|
|
|
|
| |
If we are unable to delete some rule from cache we print a debug
message and ignore the error. Thus we should set ret to EOK after
the for loop otherwise we return whether the last rule was deleted
successfully or not.
This also removes compilation warning that ret may be used
uninitialized (when we don't go inside the loop at all).
|
| |
|
|
|
|
| |
switch statements should always have a default section. In this
particular case gcc gave a "'send_fn' may be used uninitialized in this
function" warning.
|
| |
|
|
|
|
| |
If the Data Provider receives a request for the auto.master map, it
passes on a flag to let the actual provider let know he should
invalidate the existing maps
|
| |
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1689
Add a online callback if the first full refresh fails due to the
provider beeing offline so we can perform the refresh as soon as
possible.
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1689
If the first full refresh of sudo rules fails because the data provider
is offline, we will schedule another one in 2, 4, ... minutes.
|
