sssd.git/src/lib, branch subdommem System Security Services Daemon [okos' clone] idmap: add sss_idmap_domain_has_algorithmic_mapping 2013-06-28T16:57:24+00:00 Sumit Bose sbose@redhat.com 2013-06-11T08:54:05+00:00 7f02ba09b9481f59c309fd09a88089857e7fe79f With this call it can be checked if for a given domain algorithmic mapping is available or if the ID must be read from an external source. The default if an error occurs or no matching range was found is false, i.e external mapping, to meet the requirements for simple LDAP based domains where only external mapping is available. Fixes https://fedorahosted.org/sssd/ticket/1960 
With this call it can be checked if for a given domain algorithmic
mapping is available or if the ID must be read from an external source.
The default if an error occurs or no matching range was found is false,
i.e external mapping, to meet the requirements for simple LDAP based
domains where only external mapping is available.

Fixes https://fedorahosted.org/sssd/ticket/1960
idmap: add calls to check if ID mapping conforms to ranges 2013-06-28T16:57:23+00:00 Sumit Bose sbose@redhat.com 2013-06-10T14:47:14+00:00 9869c20a4db6ce7e285a9d7ae7007718a6de207e When ID are mapped externally it must be checked if the extern ID falls into the right configured range to avoid ID conflicts. Fixes https://fedorahosted.org/sssd/ticket/1960 
When ID are mapped externally it must be checked if the extern ID falls
into the right configured range to avoid ID conflicts.

Fixes https://fedorahosted.org/sssd/ticket/1960
idmap: allow NULL domain sid for external mappings 2013-06-28T16:57:23+00:00 Sumit Bose sbose@redhat.com 2013-06-17T14:25:18+00:00 47b326af8e662b215139d55e6d52f2b6066fc6df Since it is planned that the LDAP based ID providers (LDAP, AD, IPA) will always use libsss_idmap to map ID or get information about how to map it, it must be possible to add domains to libsss_idmap which do not have a SID or where is SID is not known when external mapping is used. Algorithmic mapping always requires a domain SID. Fixes https://fedorahosted.org/sssd/ticket/1960 
Since it is planned that the LDAP based ID providers (LDAP, AD, IPA)
will always use libsss_idmap to map ID or get information about how to
map it, it must be possible to add domains to libsss_idmap which do not
have a SID or where is SID is not known when external mapping is used.
Algorithmic mapping always requires a domain SID.

Fixes https://fedorahosted.org/sssd/ticket/1960
idmap: add option to indicate external_mapping 2013-06-28T16:57:23+00:00 Sumit Bose sbose@redhat.com 2013-06-10T11:24:46+00:00 c63c8a63ab062a9c4397278a29b12bd32c4f3895 The idea is that ranges for IDs from AD can be used in libsss_idmap as well, but whenever a mapping is requested for this range a specific error code IDMAP_EXTERNAL is returned to tell SSSD to do an AD lookup. This way SSSD does not need to inspect the ranges itself but all is done inside if libsss_idmap. Fixes https://fedorahosted.org/sssd/ticket/1960 
The idea is that ranges for IDs from AD can be used in libsss_idmap as
well, but whenever a mapping is requested for this range a specific
error code IDMAP_EXTERNAL is returned to tell SSSD to do
an AD lookup. This way SSSD does not need to inspect the ranges itself
but all is done inside if libsss_idmap.

Fixes https://fedorahosted.org/sssd/ticket/1960
idmap: add optional unique range id 2013-06-28T16:57:23+00:00 Sumit Bose sbose@redhat.com 2013-06-10T10:06:27+00:00 9ef0d43b961c05f1aae2ec21eed4142ae3221bc3 To be able to detect configuration changes in idranges managed by FreeIPA an identifier should be stored on the client together with the other idrange related data. Fixes https://fedorahosted.org/sssd/ticket/1979 
To be able to detect configuration changes in idranges managed by
FreeIPA an identifier should be stored on the client together with the
other idrange related data.

Fixes https://fedorahosted.org/sssd/ticket/1979
idmap: allow first RID to be set 2013-06-28T16:57:23+00:00 Sumit Bose sbose@redhat.com 2013-06-10T09:55:16+00:00 95a08a0c02281b28bd1914e0727b40ae25b4e16a Currently libss_idmap implicitly assumes that the RID 0 is always mapped to the first ID of the given range. This is not the case anymore when multiple ranges are used e.g. for trusted domains in FreeIPA. A new call sss_idmap_add_domain_ex() was added which can take the first RID as an argument. This new call will get more options with other patches hence I didn't change the library version with this patch. Fixes https://fedorahosted.org/sssd/ticket/1938 
Currently libss_idmap implicitly assumes that the RID 0 is always mapped
to the first ID of the given range. This is not the case anymore when
multiple ranges are used e.g. for trusted domains in FreeIPA.

A new call sss_idmap_add_domain_ex() was added which can take the first
RID as an argument. This new call will get more options with other
patches hence I didn't change the library version with this patch.

Fixes https://fedorahosted.org/sssd/ticket/1938
Fix some doxygen warnings 2013-06-11T12:41:44+00:00 Sumit Bose sbose@redhat.com 2013-06-11T09:46:28+00:00 504902d12a1ea1d3774bacd9a35efd9cecd5f9c2 






IDMAP: Fix variable initialization
2013-05-03T10:21:50+00:00

Ondrej Kos
okos@redhat.com

2013-05-02T14:59:55+00:00

11fd679eb2edabd139c9016e2b7d2085ca3aac5d

Before the recent changes, the variable was set to 0 too because it used
to be part of a structure allocated with talloc_zero.





Before the recent changes, the variable was set to 0 too because it used
to be part of a structure allocated with talloc_zero.







libsss_idmap: function to calculate range
2013-04-29T15:01:38+00:00

Michal Zidek
mzidek@redhat.com

2013-04-19T16:02:32+00:00

46222e5191473f9a46aec581273eb2eef22e23be

Calculation of range for domains is moved from
sdap_idmap code to sss_idmap code. Some refactoring
have been done to allow this move.

https://fedorahosted.org/sssd/ticket/1844





Calculation of range for domains is moved from
sdap_idmap code to sss_idmap code. Some refactoring
have been done to allow this move.

https://fedorahosted.org/sssd/ticket/1844







Fix potential out-of-bounds write in sss_idmap_sid_to_dom_sid
2013-04-03T11:26:41+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-04-03T08:15:37+00:00

726e335681428614c2909b9c2987286a05afb982

https://fedorahosted.org/sssd/ticket/1861





https://fedorahosted.org/sssd/ticket/1861