sssd.git/src/providers/simple, branch subdommem System Security Services Daemon [okos' clone] Convert the simple access check to new error codes 2013-04-19T16:53:41+00:00 Jakub Hrozek jhrozek@redhat.com 2013-04-17T09:33:41+00:00 18f01e63c1968c29bddb9e48c279b583c0444730 https://fedorahosted.org/sssd/ticket/453 It makes sense to keep using the boolean for access granted/denied, but when the user/group is not found, the request would now return ERR_ACCOUNT_UNKNOWN 
https://fedorahosted.org/sssd/ticket/453

It makes sense to keep using the boolean for access granted/denied, but
when the user/group is not found, the request would now return
ERR_ACCOUNT_UNKNOWN
Fix simple access group control in case-insensitive domains 2013-04-15T12:56:45+00:00 Jakub Hrozek jhrozek@redhat.com 2013-04-11T07:18:56+00:00 8e195a545d41647e591c1d06082133cbd25dc0a4 https://fedorahosted.org/sssd/ticket/1713 In the simple access provider, we need to only canonicalize user names when comparing with values in the ACL, not when searching the cache. The sysdb searches might do a base search with a DN constructed with the username which fails if the username is lower case. 
https://fedorahosted.org/sssd/ticket/1713

In the simple access provider, we need to only canonicalize user names when
comparing with values in the ACL, not when searching the cache. The sysdb
searches might do a base search with a DN constructed with the username
which fails if the username is lower case.
Resolve GIDs in the simple access provider 2013-03-19T20:47:30+00:00 Jakub Hrozek jhrozek@redhat.com 2013-02-23T09:44:54+00:00 c0bca1722d6f9dfb654ad78397be70f79ff39af1 Changes the simple access provider's interface to be asynchronous. When the simple access provider encounters a group that has gid, but no meaningful name, it attempts to resolve the name using the be_file_account_request function. Some providers (like the AD provider) might perform initgroups without resolving the group names. In order for the simple access provider to work correctly, we need to resolve the groups before performing the access check. In AD provider, the situation is even more tricky b/c the groups HAVE name, but their name attribute is set to SID and they are set as non-POSIX 
Changes the simple access provider's interface to be asynchronous. When
the simple access provider encounters a group that has gid, but no
meaningful name, it attempts to resolve the name using the
be_file_account_request function.

Some providers (like the AD provider) might perform initgroups
without resolving the group names. In order for the simple access
provider to work correctly, we need to resolve the groups before
performing the access check. In AD provider, the situation is
even more tricky b/c the groups HAVE name, but their name
attribute is set to SID and they are set as non-POSIX
Add be_req_get_data() helper funciton. 2013-01-21T21:17:34+00:00 Simo Sorce simo@redhat.com 2013-01-11T23:13:36+00:00 cbaba2f47da96c4191971bce86f03afb3f88864a In preparation for making struct be_req opaque. 
In preparation for making struct be_req opaque.
Add be_req_get_be_ctx() helper. 2013-01-21T21:17:34+00:00 Simo Sorce simo@redhat.com 2013-01-11T22:26:19+00:00 03abdaa21ecf562b714f204ca42379ff08626f75 In preparation for making be_req opaque 
In preparation for making be_req opaque
Introduce be_req_terminate() helper 2013-01-21T21:17:34+00:00 Simo Sorce simo@redhat.com 2013-01-11T17:25:53+00:00 8e5549e453558d4bebdec333a93e215d5d6ffaec Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque. 
Call it everywhere instead of directly dereferencing be_req->fn
This is in preparation of making be_req opaque.
Split simple_access_check function out 2013-01-21T21:17:34+00:00 Simo Sorce simo@redhat.com 2013-01-11T22:36:26+00:00 225d845476b6136be9b77f528ed986bba7a7f732 Need to split out the function or new additions to the handler funtion will not allow simple access tests to compile anymore. 
Need to split out the function or new additions to the handler funtion will not
allow simple access tests to compile anymore.
Remove sysdb as a be context structure member 2013-01-21T21:17:33+00:00 Simo Sorce simo@redhat.com 2013-01-09T21:23:25+00:00 df0596ec12bc5091608371e2977f3111241e8caf The sysdb context is already available through the 'domain' structure. 
The sysdb context is already available through the 'domain' structure.
Add domain to sysdb_search_group_by_gid() 2013-01-15T09:49:20+00:00 Simo Sorce simo@redhat.com 2013-01-07T21:47:59+00:00 5d72a91a37273c8c874640906fd2f7a70e606812 Also remove unused sysdb_search_domgroup_by_gid() 
Also remove unused sysdb_search_domgroup_by_gid()
Add domain to sysdb_search_user_by_name() 2013-01-15T09:49:20+00:00 Simo Sorce simo@redhat.com 2013-01-06T23:24:12+00:00 2ce00e0d3896bb42db169d1e79553a81ca837a22 Also remove unused sysdb_search_domuser_by_name() 
Also remove unused sysdb_search_domuser_by_name()