sssd.git/src/providers/data_provider.h, branch token3 System Security Services Daemon [okos' clone] Add two new request types to the data-provider interface 2013-05-02T17:33:56+00:00 Sumit Bose sbose@redhat.com 2013-04-22T14:29:51+00:00 f0944fdd627bd684ff36c9670dc857ffdedc343f The patch adds two new request types for SID related requests. The first one is used if a SID is given and the corresponding object should be found. The second one can be used if the SID for an object is requested but it is not clear if the object is a user or a group. 
The patch adds two new request types for SID related requests. The first
one is used if a SID is given and the corresponding object should be
found. The second one can be used if the SID for an object is requested
but it is not clear if the object is a user or a group.
Add secid filter to responder-dp protocol 2013-05-02T17:33:56+00:00 Sumit Bose sbose@redhat.com 2013-04-11T16:23:27+00:00 206329d3901738036352f2ac1e8d7804f728861d This patch add a new filter type to the data-provider interface which can be used for SID-based lookups. 
This patch add a new filter type to the data-provider interface which
can be used for SID-based lookups.
Init failover with be_res options 2013-04-03T12:42:00+00:00 Jakub Hrozek jhrozek@redhat.com 2013-03-25T21:54:48+00:00 584eda085e83a428f2c39dadf0d7adeaff5c87f4 






Making the authtok structure really opaque.
2013-04-02T15:01:08+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-03-14T08:10:39+00:00

9acfb09f7969a69f58bd45c856b01700541853ca

Definition of structure sss_auth_token was removed from header file
authtok.h and there left only declaration of this structure.
Therefore only way how to use this structure is to use accessory function from
same header file.

To creating new empty authotok can only be used newly created function
sss_authtok_new(). TALLOC context was removed from copy and setter functions,
because pointer to stuct sss_auth_token is used as a memory context.

All declaration of struct sss_auth_token variables was replaced with
pointer to this structure and related changes was made in source code.

Function copy_pam_data can copy from argument src which was dynamically
allocated with function create_pam_data() or zero initialized struct pam_data
allocated on stack.

https://fedorahosted.org/sssd/ticket/1830





Definition of structure sss_auth_token was removed from header file
authtok.h and there left only declaration of this structure.
Therefore only way how to use this structure is to use accessory function from
same header file.

To creating new empty authotok can only be used newly created function
sss_authtok_new(). TALLOC context was removed from copy and setter functions,
because pointer to stuct sss_auth_token is used as a memory context.

All declaration of struct sss_auth_token variables was replaced with
pointer to this structure and related changes was made in source code.

Function copy_pam_data can copy from argument src which was dynamically
allocated with function create_pam_data() or zero initialized struct pam_data
allocated on stack.

https://fedorahosted.org/sssd/ticket/1830







Reusing create_pam_data() on the other places.
2013-04-02T15:01:08+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-03-14T08:44:41+00:00

53b58615fbc13eddcd6e2f28066b67cb5f16b6d3

Function create_pam_data() should be only one way how to create new
struct pam_data, because it also initialize destructor to created
object.





Function create_pam_data() should be only one way how to create new
struct pam_data, because it also initialize destructor to created
object.







Change pam data auth tokens.
2013-01-10T17:24:59+00:00

Simo Sorce
simo@redhat.com

2012-10-18T22:43:56+00:00

64af76e2bef2565caa9738f675c108a4b3789237

Use the new authtok abstraction and interfaces throught the code.





Use the new authtok abstraction and interfaces throught the code.







Hook for mmap cache update on initgroup calls
2012-12-05T22:01:37+00:00

Simo Sorce
simo@redhat.com

2012-12-05T17:40:44+00:00

408914f68673f2caa1c82a1a21336fcb7ddd52ef

This set of functions enumerate the user's groups and invalidate them all
if the list does not matches what we get from the caller.





This set of functions enumerate the user's groups and invalidate them all
if the list does not matches what we get from the caller.







Hook to perform a mmap cache update from sssd_nss
2012-12-05T22:01:37+00:00

Simo Sorce
simo@redhat.com

2012-12-05T17:40:43+00:00

ebba1aa6b9783daa0d530e9f5e307f7be17d3cd3

This set of functions enumerate each user/group from all domains
and invalidate any mmap cache record that matches.





This set of functions enumerate each user/group from all domains
and invalidate any mmap cache record that matches.







Use an entry type mask macro to filter entry types
2012-12-04T11:58:22+00:00

Simo Sorce
simo@redhat.com

2012-11-28T03:24:58+00:00

e11c7dc43f4ff9897e37cc0d793f8e1fb3b8453a

Avoids hardcoding magic numbers everywhere and self documents why a
mask is being applied.





Avoids hardcoding magic numbers everywhere and self documents why a
mask is being applied.







krb5_child: send back the client principal
2012-10-26T08:32:05+00:00

Sumit Bose
sbose@redhat.com

2012-10-23T19:30:17+00:00

d3dca30d3a6feba062d0299718d1a9fcdc8b9d17

In general Kerberos is case sensitive but the KDC of Active Directory
typically handles request case in-sensitive. In the case where we guess
a user principal by combining the user name and the realm and are not
sure about the cases of the letters used in the user name we might get a
valid ticket from the AD KDC but are not able to access it with the
Kerberos client library because we assume a wrong case.

The client principal in the returned credentials will always have the
right cases. To be able to update the cache user principal name the
krb5_child will return the principal for further processing.





In general Kerberos is case sensitive but the KDC of Active Directory
typically handles request case in-sensitive. In the case where we guess
a user principal by combining the user name and the realm and are not
sure about the cases of the letters used in the user name we might get a
valid ticket from the AD KDC but are not able to access it with the
Kerberos client library because we assume a wrong case.

The client principal in the returned credentials will always have the
right cases. To be able to update the cache user principal name the
krb5_child will return the principal for further processing.