| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
The function was named "find_subdomain" yet it could find both main
domain and subdomain.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The function was named "find_subdomain" yet it could find both main
domain and subdomain.
sed 's/find_subdomain_by_sid/find_domain_by_sid/' -i `find . -name "*.[ch]"`
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
To correctly decide if an object is a member of the main sssd domain, a flat name
is needed. However, the information may not be available when the module is
inited so it may be necessary to refresh this data later while processing a
request.
Resolves:
https://fedorahosted.org/sssd/ticket/2189
|
| |
|
|
|
|
|
| |
Use flat name to recognise users and groups belonging to main sssd domain.
Resolves:
https://fedorahosted.org/sssd/ticket/2189
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
When comparing username and his groups to access list, we will
obey case sensitivity of object from access list.
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
| | |
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/2026
|
| |
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/453
It makes sense to keep using the boolean for access granted/denied, but
when the user/group is not found, the request would now return
ERR_ACCOUNT_UNKNOWN
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1713
In the simple access provider, we need to only canonicalize user names when
comparing with values in the ACL, not when searching the cache. The sysdb
searches might do a base search with a DN constructed with the username
which fails if the username is lower case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes the simple access provider's interface to be asynchronous. When
the simple access provider encounters a group that has gid, but no
meaningful name, it attempts to resolve the name using the
be_file_account_request function.
Some providers (like the AD provider) might perform initgroups
without resolving the group names. In order for the simple access
provider to work correctly, we need to resolve the groups before
performing the access check. In AD provider, the situation is
even more tricky b/c the groups HAVE name, but their name
attribute is set to SID and they are set as non-POSIX
|
| |
|
|
| |
In preparation for making struct be_req opaque.
|
| |
|
|
| |
In preparation for making be_req opaque
|
| |
|
|
|
| |
Call it everywhere instead of directly dereferencing be_req->fn
This is in preparation of making be_req opaque.
|
| |
|
|
|
| |
Need to split out the function or new additions to the handler funtion will not
allow simple access tests to compile anymore.
|
| |
|
|
| |
The sysdb context is already available through the 'domain' structure.
|
| |
|
|
| |
Also remove unused sysdb_search_domgroup_by_gid()
|
| |
|
|
| |
Also remove unused sysdb_search_domuser_by_name()
|
| |
|
|
|
|
|
| |
* These are common lines of debug output when starting
up sssd
https://bugzilla.redhat.com/show_bug.cgi?id=811113
|
| | |
|
| | |
|
| |
|
|
|
| |
The patch also updates code using modified functions. Tests have also
been adjusted.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds simple_allow_groups and simple_deny_groups options
to the simple access provider. It makes it possible to grant or
deny access based on a user's group memberships within the domain.
This patch makes one minor change to previous functionality: now
all deny rules will supersede allow rules. Previously, if both
simple_allow_users and simple_deny_users were set with the same
value, the allow would win.
https://fedorahosted.org/sssd/ticket/440
|
| |
|
