summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Updating the translations for the 1.12.2 releasesssd-1_12_2Jakub Hrozek2014-10-2016-5290/+10380
|
* sudo: support viewsPavel Březina2014-10-201-3/+11
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* IFP: support viewsPavel Březina2014-10-201-21/+46
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* Add sysdb_get_user_attr_with_viewsPavel Březina2014-10-202-0/+118
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* Add sysdb_search_[user|group]_override_attrs_by_namePavel Březina2014-10-202-25/+51
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* nss: make enumeration requests aware of viewsSumit Bose2014-10-201-6/+8
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_enumpw/grent_with_views()Sumit Bose2014-10-202-0/+96
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* pam: make pam responder aware if viewsSumit Bose2014-10-201-1/+1
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sid2name: return name without views appliedSumit Bose2014-10-202-2/+23
| | | | | | | Make sure that the original name of an object without any overrides applied is returned by sid2name requests. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* nss: add view support for getgr* requestsSumit Bose2014-10-201-13/+50
| | | | | | | | Make group lookups view and override aware. Relates to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_getgrnam_with_views and sysdb_getgrgid_with_viewsSumit Bose2014-10-203-0/+311
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* nss: add view support to initgroups requestSumit Bose2014-10-201-14/+37
| | | | | | | | Make sysdb request view and override aware. Relates to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_initgroups_with_views()Sumit Bose2014-10-202-0/+119
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* nss: add view support for getpwnam/getpwuid requestsSumit Bose2014-10-201-16/+62
| | | | | | | | | For user lookups view and override aware calls to search the cache and read attribute values are used. Relates to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sss_view_ldb_msg_find_element/attr_as_string/uint64Sumit Bose2014-10-202-0/+131
| | | | | | | | Override-aware replacements for the corresponding ldb_msg_find_* calls. First it is check if an override value is available before the original value is returned. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_getpwnam/uid_with_views()Sumit Bose2014-10-203-0/+286
| | | | | | | View-aware drop-in replacements for sysdb_getpwnam() and sysdb_getpwuid(). Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add overide lookup callsSumit Bose2014-10-203-1/+311
| | | | | | | | | | | sysdb_search_user_override_by_name() and sysdb_search_group_override_by_name() search for overrides in the given view. sysdb_add_overrides_to_object() adds the data from the override object to the original object and makes them available for further processing. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add view data to domainsSumit Bose2014-10-202-0/+123
| | | | | | | The information about view is read from the cache and added to the domain structs accordingly. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* new_subdomain: copy view data from parentSumit Bose2014-10-201-0/+11
| | | | | | | Since a view applies to the whole domain-subdomain tree the view data is copied from the parent the new created domains. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* confdb: add has_views and view_name to sss_domain_infoSumit Bose2014-10-202-0/+6
| | | | | | | | | | | | | | To let the responders know which view is applied and to make view handling more efficiently especially when no view is applied/available two new member are added to the sss_domain_info struct. view_name is the name of the view if available. has_views is only true if the client has a specific view applied, i.e. it is false for the case when there are no views at all (e.g. plain LDAP provider) or the client has the FreeIPA default view. This allows the responders to easily bypass any view related code. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* LDAP: Change defaults for ldap_user/group_objectsidMichal Zidek2014-10-162-6/+6
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2361 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* UTIL: Always write capathsJakub Hrozek2014-10-164-42/+36
| | | | | | | | | We used to only generate the [capaths] section on the IPA server itself, when running in a trusted setup. But we also found out that the capaths are often required to make SSO fully work, so it's better to always generate them. Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
* views: search overrides for user and group requestsSumit Bose2014-10-166-101/+602
| | | | | | | | | | | | | | | | | | | | | | | | | If the name or the POSIX ID of a user or a group is overridden the search request for those objects have to check the overide objects first before looking up the original objects. This patch adds a new request for the IPA sub-domain users which checks the overrides first if - SSSD is running in ipa-server-mode and a name or a POSIX ID is searched, since we do not override the SIDs we can skip the search in the override tree here - if the responder indicates it has not found the corresponding object in the cache and the input might be an override name or ID and not the original one of an object. If an override object was found the SID is extracted from the anchor attribute and the original object is search by its SID. If no override object was found the original object is search with the original input and finally it is checked if an override object exits for the found object. Relates to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* views: get overrides during user and group lookupsSumit Bose2014-10-163-102/+522
| | | | | | | | | | | | | | With this patch the IPA provider will check if overrides exists for the given view during the lookup of users and groups from trusted domains. In ipa-server-mode the default view is automatically applied and written to the cache. On IPA clients which use the extdom plugin for user and group lookups the override data is saved separately and the original object and the override data are linked with DN attributes for faster reference. Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: sysdb_apply_default_overrideSumit Bose2014-10-162-13/+199
| | | | | | | | | The default view is special in the sense that it is the baseline for every other view and that it always applies even if there is no view defined. To avoid useless additional processing the default view overrides are written directly to the corresponding cached object. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_attrs_add_val_safe() and sysdb_attrs_add_string_safe()Sumit Bose2014-10-163-2/+145
| | | | | | | | | | | | sysdb_attrs_add_val_safe() works like sysdb_attrs_add_val() but checks if the attribute value to add already exists. In this case the value list is not changed. This is useful if values are added from different sources at different times to avoid LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS errors from ldb_modify() later on. sysdb_attrs_add_string_safe() does the same for string arguments Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_store_overrideSumit Bose2014-10-162-0/+290
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* views: add ipa_get_ad_override_send()Sumit Bose2014-10-162-0/+262
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IPA: add view support and get view nameSumit Bose2014-10-1610-28/+488
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IPA: make IPA ID context available to extdom client codeSumit Bose2014-10-164-5/+16
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Add sdap_deref_search_with_filter_send()Sumit Bose2014-10-162-5/+88
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_update_view_name()Sumit Bose2014-10-162-0/+192
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sss_nss_idmap: add sss_nss_getorigbyname()Sumit Bose2014-10-144-1/+177
| | | | | | | | | | | | | This patch adds an interface to the new SSS_NSS_GETORIGBYNAME request of the nss responder to libsss_nss_idmap. The main use case for this new call is to replace sss_nss_getsidbyname() in the extdom plugin on the FreeIPA server to get more information about the given object than just the SID which is not available with the default POSIX interfaces. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* nss: add SSS_NSS_GETORIGBYNAME requestSumit Bose2014-10-145-4/+191
| | | | | | | | | | | | | | | This patch adds a new request to the nss responder which follows the same flow as a SSS_NSSGETSIDBYNAME request but returns more data than just the SID. The data is returned as pairs of \0-terminated strings where the first string is the sysdb attribute name and the second the corresponding value. The main use case is on the FreeIPA server to make additional user and group data available to the extdom plugin which then send this data to SSSD running on FreeIPA clients. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* add_v1_group_data: fix for empty members listSumit Bose2014-10-141-16/+25
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* tests: add test for sss_get_domain_namePavel Březina2014-10-141-0/+27
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss_get_domain_name: check for fq name firstPavel Březina2014-10-141-1/+13
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* GPO: Do not use output argument if function failedLukas Slebodnik2014-10-131-4/+4
| | | | | | | | | deny_size and allow_size were initialized in function parse_policy_setting_value (output argument). If function parse_policy_setting_value fails then output arguments will not initialized and will be used uninitialized in debug macro. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* GPO: Fail if we cannot retrieve gpo from cache.Lukas Slebodnik2014-10-131-0/+6
| | | | | | The variable value could be used uninitialized. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* GPO: fail if there is problem with storing gpo into sysdbLukas Slebodnik2014-10-131-0/+14
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* NSS: UPN as a template expansion for homedir mappingsPavel Reichl2014-10-125-0/+21
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2340 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: check that connection is open before bindPavel Reichl2014-10-121-10/+103
| | | | | | | | | | | | | | | | Tivoli server does not return an empty response when being asked for the rootDSE data but an error. In this case the rootDSE lookup in SSSD will terminate the connection to the server and return a error. But since errors except timeouts are ignored SSSD will try to continue with the bind, but since the connection is already terminated this will fail as well. And this will terminate the whole operation. Make sure the connection is open before performing bind operation. Resolves: https://fedorahosted.org/sssd/ticket/2435 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: move deciding of tls usage into new functionPavel Reichl2014-10-121-20/+37
| | | | | | | Separate code for deciding tls usage from sdap_cli_connect_send() to new function decide_tls_usage(). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: Fix error handling after talloc_ber_flattenLukas Slebodnik2014-10-121-2/+1
| | | | | | | The function talloc_ber_flatten can return EFAULT, ENOMEM, EOK. But it was tested for -1. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAC: Check return value of function hash_entriesLukas Slebodnik2014-10-121-0/+8
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: test return value of sysdb_search_servicesLukas Slebodnik2014-10-121-0/+6
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: Fix warning Value stored to is never readLukas Slebodnik2014-10-121-1/+0
| | | | | | | | | | If function sdap_idmap_sid_to_unix return error code ENOTSUP then error message will be printed: "Skipping buit-in object" Processing of sids will continue an variable ret will be overridden with return code from function sdap_idmap_sid_to_unix, therefore storing EOK to variable is useless. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TOOLS: Fix warning Value stored to is never readLukas Slebodnik2014-10-121-2/+0
| | | | | | | dinfo->sysdb was stored to variable sysdb two times. The first time on line 132 and second time after testing for subdomain on line 143. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TESTS: Add a test to change user IDsJakub Hrozek2014-10-105-0/+222
| | | | | | | Adds a unit test using the nss_wrapper and uid_wrapper libraries that exercises the ability to become another user. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* BUILD: Detect nss_wrapper and uid_wrapper during configureJakub Hrozek2014-10-101-0/+31
| | | | | | | | Unit testing the utilities to become another user requires the use of the cwrap libraries. This patch augments our build system with macros to detect the nss_wrapper and and uid_wrapper libraries. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-04 19:15:17 +0000