summaryrefslogtreecommitdiffstats
path: root/src/providers
Commit message (Collapse)AuthorAgeFilesLines
* fooJakub Hrozek2016-01-131-24/+3
|
* sysdb: Unify name format for groups and usersMichal Zidek2016-01-1314-62/+203
| | | | | | | | | | | | | | | | | | This is WIP patch to unify format of usernames and groupnames in sssd internals. In current form it breaks just about everything. The sysdb update function is just placeholder and it's contents are irelevant. Currently I am working on fqname attribute removal because it seems to just add confusion. If you decide to look into the code, please use sunglasses or other other protective gear and play some calm music in your backgroun to prevent eye or brain injury.
* DP: Print warning when the handler is not configuredJakub Hrozek2016-01-121-1/+3
| | | | | | | | We would previously only print the generic warning, not the user-supplied error message. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Petr Cech <pcech@redhat.com>
* ldap: remove originalMeberOf if there is no memberOfSumit Bose2016-01-122-2/+18
| | | | | | | | | | | | Since originalMemerberOf is not mapped directly to an original attribute and is handled specially it is not automatically removed if there is no memberOf in the original object anymore. This patch put originalMemerberOf on the list of attribute which should be removed in that case. Resolves https://fedorahosted.org/sssd/ticket/2917 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD SRV: prefer site-local DCs in LDAP pingPavel Březina2016-01-111-10/+30
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2765 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD: Log SID in debug messageLukas Slebodnik2016-01-081-1/+1
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sdap_save_grpmem: determine domain by SID if possibleSumit Bose2016-01-061-13/+35
| | | | | | Resolves https://fedorahosted.org/sssd/ticket/2910 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Use right domain for user lookupsSumit Bose2016-01-061-1/+1
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2910 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* ipa_s2n_save_objects(): use configured user and group timeoutSumit Bose2016-01-061-5/+5
| | | | | | Resolves https://fedorahosted.org/sssd/ticket/2899 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: get srv_opts after we are connectedPavel Březina2015-12-151-1/+3
| | | | | | It may be NULL in _send if SSSD has not been connected to LDAP so far. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: use size_t instead of int in for cyclesPavel Březina2015-12-151-2/+2
| | | | | | | So we compare proper data types. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: make sdap_sudo_handler staticPavel Březina2015-12-152-2/+4
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: remove finalizerPavel Březina2015-12-151-7/+1
| | | | | | | It is not used anywhere anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: obtain host information when going onlinePavel Březina2015-12-153-55/+101
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix potential memory leak in sdap_sudo_initPavel Březina2015-12-151-2/+9
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: do not imitate full refresh if usn is unknown in smart refreshPavel Březina2015-12-152-20/+23
| | | | | | | | USN value should be always known now if at least one full refresh was successful. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: built host filter inside sdap_sudo_refresh requestPavel Březina2015-12-153-245/+215
| | | | | | | | Preparation for: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: set USN inside sdap_sudo_refresh requestPavel Březina2015-12-153-60/+49
| | | | | | | Reduce code duplication. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: sdap_sudo_load_sudoers improve iteratorPavel Březina2015-12-151-69/+55
| | | | | | | | The old search base iterator was difficult to read since its logic spread through all functions. This patch also shorten names. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix sdap_sudo_smart_refresh_recv()Pavel Březina2015-12-151-7/+7
| | | | | | | This fix huge violation of tevent coding style. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix tevent stylePavel Březina2015-12-154-300/+265
| | | | | | | | Rearrage and rename functions in sdap_async_sudo.c to obey tevent style and improve readability. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix sdap_id_op logicPavel Březina2015-12-151-16/+18
| | | | | | | Adds missing sdap_id_op_done call and retry logic. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: simplify error handlingPavel Březina2015-12-154-70/+41
| | | | | | | | This patch removes state->error and uses only ret instead since state->error was only duplication anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: move offline check to handlerPavel Březina2015-12-152-6/+5
| | | | | | | | | | | We let sdap_id_op decide if we are offline or not here but we should not get to this code since ptask is disabled and we will not get through sudo handler if offline. This simplyfies the code and make it more similar to other providers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: move refreshes from sdap_sudo.c to sdap_sudo_refresh.cPavel Březina2015-12-153-642/+639
| | | | | | | sdap_sudo.c will contain only initialization and handlers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: convert periodical refreshes to be_ptaskPavel Březina2015-12-154-657/+185
| | | | | | | | | | | | | | | This removes old sudo timer and simplyfies code a lot. It also allows to manage offline/online state. - Full and smart refresh are disabled when offline. - Full refresh is run immediately when sssd is back online. - Smart refresh is scheduled normally when sssd is back online. Resolves: https://fedorahosted.org/sssd/ticket/1943 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* KRB5_CHILD: Debug logs for PAC timeoutPetr Cech2015-12-141-0/+3
| | | | | | | | | | | | This patch adds debug message that inform user when KRB5_CHILD calls PAC responder. This action might take a bit of time in case the cache is not populated or up to date. Resolves: https://fedorahosted.org/sssd/ticket/2846 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* KRB5: Mark globals in krb5_opts.h as externPavel Březina2015-12-142-23/+48
| | | | | | To avoid collisions when we want to work with them elsewhere in the code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: Mark globals in ipa_opts.h as externPavel Březina2015-12-142-297/+353
| | | | | | To avoid collisions when we want to work with them elsewhere in the code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD: Mark globals in ad_opts.h as externPavel Březina2015-12-142-242/+288
| | | | | | To avoid collisions when we want to work with them elsewhere in the code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Mark globals in ldap_opts.h as externPavel Březina2015-12-142-330/+388
| | | | | | To avoid collisions when we want to work with them elsewhere in the code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DEBUG: Add missing new linesLukas Slebodnik2015-12-144-7/+7
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* IPA_PROVIDER: Explicit no handle of servicesPetr Cech2015-12-111-1/+29
| | | | | | | | | | | Function get_object_from_cache() does not handle services. This patch adds quick shortcut to avoid sending an LDAP query to cache. Resolves: https://fedorahosted.org/sssd/ticket/2747 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: check early for missing SID in mapping checkSumit Bose2015-12-101-0/+6
| | | | | | Resolves https://fedorahosted.org/sssd/ticket/2830 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DP: Reduce code duplication in Data Provider handlersJakub Hrozek2015-12-101-167/+102
| | | | | | | | | | | | | Instead of setting the three same variables over again, add a structure be_sbus_reply_data with a default initializer BE_SBUS_REPLY_DATA_INIT. The handlers can then set the structure to BE_SBUS_REPLY_DATA_INIT on declaration or set a particular value with be_sbus_reply_data_set. The handler can also reply to the message (typically on failure state) with be_sbus_req_reply_data() Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* DP: Reduce code duplication in the callback handlersJakub Hrozek2015-12-104-232/+137
| | | | | | | Instead of calling sbus_request_return_and_finish() directly with the same checks copied over, add a be_sbus_reply() helper instead. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IPA: Use search timeout, not enum timeout for searching overridesJakub Hrozek2015-12-091-1/+1
| | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2866 If the LDAP connection is still established when the client moves offline, we rely on the search timeout to find out the client is offline. The override search used the enum timeout defaults to 60 seconds. That caused too long delays in going offline. Reviewed-by: Sumit Bose <sbose@redhat.com>
* FO: Use tevent_req_defer_callback() when notifying callersJakub Hrozek2015-12-071-2/+13
| | | | | | | | | | | | | | If a fo_resolve_service callback would modify the server->common member in any way, for example by dereferencing the server and lowering the refcount to 0, which would free the common structure, then the next iteration of fo_resolve_service_done would access memory that was already gone. Please see https://tevent.samba.org/group__tevent__request.html#ga09373077d0b39e321a196a86bfebf280 for more details. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* KRB5: Handle KRB5_REALM_UNKNOWN as ERR_NETWORK_IOJakub Hrozek2015-12-071-0/+1
| | | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2866 This would help users who authenticate to AD trust servers while offline and see error messages such as: [get_and_save_tgt] (0x0020): 996: [-1765328230][Cannot find KDC for realm "AD.EXAMPLE.COM"] in the krb5_child.log Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* KRB5: Handle preauth request timeout more gracefullyJakub Hrozek2015-12-071-0/+5
| | | | | | | | The error itself doesn't matter that much, because pam_sss.so handles all preauth errors gracefully already, but the issue triggered a loud and confusing debug message in the logs. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* initgr: only search for primary group if it is not already cachedSumit Bose2015-11-271-21/+36
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2868 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* ldap: skip sdap_save_grpmem() if ignore_group_members is setSumit Bose2015-11-271-0/+8
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2868 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* AD: Add autofs providerJakub Hrozek2015-11-264-0/+114
| | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1632 Adds the possibility to configure: autofs_provider = ad The AD autofs provider uses the rfc2307 (nis*) attribute maps. This is different (at the moment) from using autofs_provider=ldap with ldap_schema=ad. Reviewed-by: Ondrej Valousek <ondrejv2@fedoraproject.org> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Changes to allow SSSD to be used for access control with a machine account ↵Mathieu Deaudelin-Lemay2015-11-261-1/+6
| | | | | | | | | belonging to a domain controller. Resolves: https://fedorahosted.org/sssd/ticket/2870 Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: fix override with the same nameSumit Bose2015-11-201-6/+7
| | | | | | | | | | | | | If the user name of a AD user is overridden with the name itself in an IPA override object SSSD adds this name twice to the alias list causing an ldb error when trying to write the user object to the cache. As a result the user is not available. This patch makes sure that there are no duplicated alias names. Resolves https://fedorahosted.org/sssd/ticket/2874 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DP: Do not confuse static analysers with dead codeJakub Hrozek2015-11-201-1/+2
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* DP: Check callback messages for valid UTF-8Jakub Hrozek2015-11-141-16/+30
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2861 Messages passed from Data Provider to responder must be valid UTF-8 strings. Because providers might not be completely under our control, we need to check if the messages we receive are valid UTF-8 and if they are not, use a fallback. Reviewed-by: Sumit Bose <sbose@redhat.com>
* DP: Drop dp_pam_err_to_stringJakub Hrozek2015-11-141-52/+23
| | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2861 All back end requests were using pam_strerror() to print additional info about why request failed. Since pam_strerror() returns localized message and we don't know the locale beforehand, this message failed to be transferred through D-Bus, resulting in a crash. Reviewed-by: Sumit Bose <sbose@redhat.com>
* AD: remove annoying debug messagePavel Březina2015-11-121-4/+0
| | | | | | | This debug message is mostly a left over from development and doesn't give us any useful information. It is just annoying in the logs. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DP_PTASK: Fix warning may be used uninitializedLukas Slebodnik2015-11-111-1/+1
| | | | | | | | | | It could be unitialized only in case if we add new enum be_ptask_schedule Currently, we have only BE_PTASK_SCHEDULE_FROM_NOW and BE_PTASK_SCHEDULE_FROM_LAST which are properly covered in switch case. src/providers/dp_ptask.c:200: warning: ‘tv’ may be used uninitialized in this function Reviewed-by: Pavel Březina <pbrezina@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-25 04:20:29 +0000