summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap
Commit message (Collapse)AuthorAgeFilesLines
* sysdb: Unify name format for groups and usersMichal Zidek2016-01-138-22/+37
| | | | | | | | | | | | | | | | | | This is WIP patch to unify format of usernames and groupnames in sssd internals. In current form it breaks just about everything. The sysdb update function is just placeholder and it's contents are irelevant. Currently I am working on fqname attribute removal because it seems to just add confusion. If you decide to look into the code, please use sunglasses or other other protective gear and play some calm music in your backgroun to prevent eye or brain injury.
* ldap: remove originalMeberOf if there is no memberOfSumit Bose2016-01-121-1/+7
| | | | | | | | | | | | Since originalMemerberOf is not mapped directly to an original attribute and is handled specially it is not automatically removed if there is no memberOf in the original object anymore. This patch put originalMemerberOf on the list of attribute which should be removed in that case. Resolves https://fedorahosted.org/sssd/ticket/2917 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sdap_save_grpmem: determine domain by SID if possibleSumit Bose2016-01-061-13/+35
| | | | | | Resolves https://fedorahosted.org/sssd/ticket/2910 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Use right domain for user lookupsSumit Bose2016-01-061-1/+1
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2910 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SUDO: get srv_opts after we are connectedPavel Březina2015-12-151-1/+3
| | | | | | It may be NULL in _send if SSSD has not been connected to LDAP so far. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: use size_t instead of int in for cyclesPavel Březina2015-12-151-2/+2
| | | | | | | So we compare proper data types. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: make sdap_sudo_handler staticPavel Březina2015-12-152-2/+4
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: remove finalizerPavel Březina2015-12-151-7/+1
| | | | | | | It is not used anywhere anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: obtain host information when going onlinePavel Březina2015-12-153-55/+101
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix potential memory leak in sdap_sudo_initPavel Březina2015-12-151-2/+9
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: do not imitate full refresh if usn is unknown in smart refreshPavel Březina2015-12-152-20/+23
| | | | | | | | USN value should be always known now if at least one full refresh was successful. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: built host filter inside sdap_sudo_refresh requestPavel Březina2015-12-153-245/+215
| | | | | | | | Preparation for: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: set USN inside sdap_sudo_refresh requestPavel Březina2015-12-153-60/+49
| | | | | | | Reduce code duplication. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: sdap_sudo_load_sudoers improve iteratorPavel Březina2015-12-151-69/+55
| | | | | | | | The old search base iterator was difficult to read since its logic spread through all functions. This patch also shorten names. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix sdap_sudo_smart_refresh_recv()Pavel Březina2015-12-151-7/+7
| | | | | | | This fix huge violation of tevent coding style. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix tevent stylePavel Březina2015-12-154-300/+265
| | | | | | | | Rearrage and rename functions in sdap_async_sudo.c to obey tevent style and improve readability. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix sdap_id_op logicPavel Březina2015-12-151-16/+18
| | | | | | | Adds missing sdap_id_op_done call and retry logic. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: simplify error handlingPavel Březina2015-12-154-70/+41
| | | | | | | | This patch removes state->error and uses only ret instead since state->error was only duplication anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: move offline check to handlerPavel Březina2015-12-152-6/+5
| | | | | | | | | | | We let sdap_id_op decide if we are offline or not here but we should not get to this code since ptask is disabled and we will not get through sudo handler if offline. This simplyfies the code and make it more similar to other providers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: move refreshes from sdap_sudo.c to sdap_sudo_refresh.cPavel Březina2015-12-153-642/+639
| | | | | | | sdap_sudo.c will contain only initialization and handlers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: convert periodical refreshes to be_ptaskPavel Březina2015-12-154-657/+185
| | | | | | | | | | | | | | | This removes old sudo timer and simplyfies code a lot. It also allows to manage offline/online state. - Full and smart refresh are disabled when offline. - Full refresh is run immediately when sssd is back online. - Smart refresh is scheduled normally when sssd is back online. Resolves: https://fedorahosted.org/sssd/ticket/1943 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: Mark globals in ldap_opts.h as externPavel Březina2015-12-142-330/+388
| | | | | | To avoid collisions when we want to work with them elsewhere in the code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DEBUG: Add missing new linesLukas Slebodnik2015-12-142-3/+3
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* LDAP: check early for missing SID in mapping checkSumit Bose2015-12-101-0/+6
| | | | | | Resolves https://fedorahosted.org/sssd/ticket/2830 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* initgr: only search for primary group if it is not already cachedSumit Bose2015-11-271-21/+36
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2868 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* ldap: skip sdap_save_grpmem() if ignore_group_members is setSumit Bose2015-11-271-0/+8
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2868 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sudo: remove unused param name in sdap_sudo_get_usn()Pavel Reichl2015-11-021-2/+1
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* SDAP: Remove unused sdap_id_ctx from sdap_id_conn_cache_createLukas Slebodnik2015-11-023-3/+1
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* util: Update get_next_domain's interfaceMichal Židek2015-10-231-2/+2
| | | | | | | | | | | | Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* FO: Use refcount to keep track of servers returned to callersJakub Hrozek2015-10-232-3/+3
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2829 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: pass params in sdap_get_and_parse_generic_sendPavel Reichl2015-10-221-2/+6
| | | | | | | | Previously some arguments passed to sdap_get_and_parse_generic_send() were ignored. This patch fixes that and passes 'attronly', 'serverctrls' and 'clientctrls' to sdap_get_generic_ext_send(). Reviewed-by: Sumit Bose <sbose@redhat.com>
* SDAP: change type of attrsonly in sdap_get_generic_ext_statePavel Reichl2015-10-221-9/+10
| | | | | | | | | | | | | | 'attrsonly' parameter is directly passed to ldap_search_ext() and is describe as: The attrsonly parameter should be set to a non-zero value if only attribute descriptions are wanted. It should be set to zero (0) if both attributes descriptions and attribute values are wanted. Boolean type should be fine for the 'attrsonly' parameter especially since the actual parameter was already set to false in function calls. Reviewed-by: Sumit Bose <sbose@redhat.com>
* SDAP: allow_paging in sdap_get_generic_ext_send()Pavel Reichl2015-10-221-18/+25
| | | | | | | Make allow_paging parameter a part of the flag parameter in sdap_get_generic_ext_send(). Reviewed-by: Sumit Bose <sbose@redhat.com>
* SDAP: optional warning - sizelimit exceeded in POSIX checkPavel Reichl2015-10-221-9/+22
| | | | | | | | | | Add new parameter 'flags' to sdap_get_generic_ext_send_ext() which can be set to suppress warning about 'sizelimit exceeded'. Resolves: https://fedorahosted.org/sssd/ticket/2804 Reviewed-by: Sumit Bose <sbose@redhat.com>
* LDAP: remove unused param. in sdap_fallback_local_userPavel Reichl2015-10-124-8/+4
| | | | | | Remove unused sdap_options parameter. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* autofs: remove unused params in del_autofs_entriesPavel Reichl2015-10-121-4/+1
| | | | | | Remove unused sdap_options and map parameters. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sudo: remove unused param. in ldap_get_sudo_optionsPavel Reichl2015-10-123-5/+3
| | | | | | Remove unused talloc memory context. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: Inform about small range sizeStephen Gallagher2015-10-091-0/+7
| | | | | | | | | | When a returned RID has a higher value than the ldap_idmap_range_size, it means that the administrator did not plan appropriately for the size of their network. We need to alert the admin at a severe notification level that their configuration will fail on entries with a high RID and point them at the explanation in the manual. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* DYNDNS: use realm and server commands only as fallbackPavel Reichl2015-10-052-19/+23
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: fix minor memory leakPavel Reichl2015-10-022-2/+3
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: Relax POSIX checkPavel Reichl2015-10-021-4/+6
| | | | | | | | | | | Relax the check on UID or GID just to check if at least one of them is present but do not require them to be positive numbers. Add requirement on objectclass attributes to be user or group to make check more reliable. Resolves: https://fedorahosted.org/sssd/ticket/2800
* DDNS: execute nsupdate for single update of PTR recPavel Reichl2015-09-221-6/+115
| | | | | | | | | | | nsupdate fails definitely if any of update request fails when GSSAPI is used. As tmp solution nsupdate is executed for each update. Resolves: https://fedorahosted.org/sssd/ticket/2783 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Filter out multiple entries when searching overlapping domainsJakub Hrozek2015-09-224-20/+116
| | | | | | | | | | In case domain overlap, we might download multiple objects. To avoid saving them all, we attempt to filter out the objects from foreign domains. We can only do this optimization for non-wildcard lookups. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: Move sdap_create_search_base from ldap to sdap codeJakub Hrozek2015-09-224-70/+68
| | | | | | | | The function shouldn't be placed in the LDAP tree, but in the SDAP tree to make it usable from tests without linking to libraries that are normally linked from LDAP provider (such as confdb) Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: imposing sizelimit=1 for single-entry searches breaks overlapping domainsJakub Hrozek2015-09-222-13/+0
| | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2723 In case there are overlapping sdap domains, a search for a single user might match and return multiple entries. For instance, with AD domains represented by search bases: DC=win,DC=trust,DC=test DC=child,DC=win,DC=trust,DC=test A search for user from win.trust.test would be based at: DC=win,DC=trust,DC=test but would match both search bases and return both users. Instead of performing complex filtering, just save both users. The responder would select the entry that matches the user's search. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SDAP: Do not set is_offline if ignore_mark_offline is setJakub Hrozek2015-09-211-1/+1
| | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2637 The caller of the sdap_id_op requests can set the ignore_mark_offline flag to avoid the sdap_id_op from marking the whole back end as offline. However, there was a small bug - the is_offline internal sdap_id_op flag was still being set. As a consequence, the error code from the connection was ignored and EAGAIN was always returned. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* LDAP: Sanitize group dn before using in filterLukas Slebodnik2015-09-181-2/+16
| | | | | | | | | | Each string should be sanitized(rfc4515) before using ldbsearch. A group dn was not sanitized in the function cleanup_groups. Resolves: https://fedorahosted.org/sssd/ticket/2744 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Partially revert "LDAP: sanitize group name when used in filter"Lukas Slebodnik2015-09-181-83/+5
| | | | | | | This reverts commit e2e334b2f51118cb14c7391c4e4e44ff247ef638. + temporary disable unit test Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Revert "LDAP: end on ENOMEM"Lukas Slebodnik2015-09-181-1/+0
| | | | | | | This reverts commit f31a57321fc0a2390bb0d6030053c49787e5e587. It blocked reverting commit e2e334b2f51118cb14c7391c4e4e44ff247ef638. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: Remove unused functionJakub Hrozek2015-09-113-9/+2
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
generated by cgit (git 2.34.1) at 2025-10-02 00:53:24 +0000