| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1805
|
|
|
|
|
|
| |
Instead of using a single array of gid-domain_pointer pairs, Simo
suggested to use a gid array for each domain an store it with a pointer
to the domain.
|
|
|
|
|
|
| |
If some of the Posix attributes of an user existing in the cache differ
from the data given in the current PAC the old user entry is drop and a
new one is created with the data from the PAC.
|
|
|
|
|
|
|
| |
To avoid duplicated entries in the group list all gids are added to a
hash table first.
Fixes: https://fedorahosted.org/sssd/ticket/1672
|
|
|
|
|
|
|
| |
Read the group membership of the remote domain the user belongs to from
the PAC and add them to the cache.
Fixes: https://fedorahosted.org/sssd/ticket/1666
|
|
|
|
|
|
|
|
|
|
| |
Currently users from subdomains can only be members of groups from the
configured domain and to access those groups a pointer to the domain
struct of the configured domain is used. This patch sets the dom_grp
member of struct pac_grp to point to the domain struct of the configured
for groups from this domain. This is a first step to allow group
membership for groups from subdomains as well. For those groups a
pointer to the related subdomain structure will be saved.
|
|
|
|
|
|
|
| |
Currently domains can only be searched by name in the global domain
list. To make it easier to find the domain for a given SID
find_domain_by_id() which returns a pointer to the domain or subdomain
entry in the global domain list if a matching id was found.
|
|
|
|
|
| |
To be able to handle groupmemberships from other domains more data than
just the gid must be kept for groups given in the PAC.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.
One of the side effects of this incongrunece is that currently group
memberships do not return fully qualified names for subdomain users as they
should.
In oreder to fix this and other potential issues surrounding the violation
of the original assumption, we need to fully qualify subdomain user names.
By savin them fully qualified we do not risk aliasing local users and have
group memberhips or other name based matching code mistake a domain user
with subdomain usr or vice versa.
|
|
|
|
|
|
|
|
| |
This patch adds a new call which compares a list of current GIDs with a
list of new GIDs and return a list of GIDs which are currently missing
and must be added and another list of GIDs which are not used anymore
and must be deleted. The method is the same as used by
diff_string_lists().
|
|
|
|
|
|
|
| |
The principal name for the user is generated with the user name and the
domain from the PAC. It is stored in the cache so that if e.g. can be
used by password authentication. Additionally the name alias is stored
to allow case-insensitive searches.
|
|
|
|
|
| |
Since winbind can only return lower-cased user name the pac responder
must do the same to avoid inconsistent behaviour.
|
|
|
|
| |
This error prevent proper id-mapping in the PAC responder.
|
|
|
|
|
| |
The domain can be read from the sysdb object. Removing the domain string
makes the API more self-contained.
|
| |
|
|
|