sssd.git/src/responder/pac, branch subdommem System Security Services Daemon [okos' clone] PAC: do not delete originalDN or cached password if present 2013-06-24T13:17:20+00:00 Sumit Bose sbose@redhat.com 2013-06-24T10:51:53+00:00 0535ad2bee920be5c07ee207903c2196eb19c02f If the PAC responder recognizes some attribute changes between the cached user entry and the PAC data it quite crudely just removes the cached entry and recreates it. While in most cases all needed data can be recovered from the PAC data there is a case where it is not possible. E.g the IPA HBAC code use the OriginalDN attribute to improve performance when evaluating access rules. This patch makes sure this attribute is not lost when the PAC responder updates the object. 
If the PAC responder recognizes some attribute changes between the
cached user entry and the PAC data it quite crudely just removes the
cached entry and recreates it. While in most cases all needed data can
be recovered from the PAC data there is a case where it is not possible.

E.g the IPA HBAC code use the OriginalDN attribute to improve
performance when evaluating access rules. This patch makes sure this
attribute is not lost when the PAC responder updates the object.
PAC: do not expect that sysdb_search_object_by_sid() return ENOENT 2013-06-19T18:16:48+00:00 Sumit Bose sbose@redhat.com 2013-06-18T13:42:02+00:00 2f55d9738d66fa52c2d4332842b35e4174e45653 sysdb_search_object_by_sid() does not return ENOENT if no related object was found in the cache but EOK and an empty result list. Fixes https://fedorahosted.org/sssd/ticket/1989 
sysdb_search_object_by_sid() does not return ENOENT if no related object
was found in the cache but EOK and an empty result list.

Fixes https://fedorahosted.org/sssd/ticket/1989
New utility function sss_get_domain_name 2013-06-06T22:14:13+00:00 Jakub Hrozek jhrozek@redhat.com 2013-05-28T22:56:18+00:00 02d1cb8935d5c9b57cd05dfdbfe6ed38e0d61c28 Instead of copying a block of code that checks whether domain is a subdomain and uses only name of FQDN as appropriate, wrap the logic into a function. 
Instead of copying a block of code that checks whether domain is a subdomain
and uses only name of FQDN as appropriate, wrap the logic into a function.
Enhance PAC responder for AD users 2013-06-06T21:58:56+00:00 Sumit Bose sbose@redhat.com 2013-05-10T07:55:31+00:00 92af6f25864b5c389b57d0f659686801b45ca58c This patch modifies the PAC responder so that it can be used with the AD provider as well. The main difference is that the POSIX UIDs and GIDs are now lookup up with the help of the SID instead of being calculated algorithmically. This was necessary because the AD provider allows either algorithmic mapping or reading the value from attributes stored in AD. Fixes https://fedorahosted.org/sssd/ticket/1558 
This patch modifies the PAC responder so that it can be used with the AD
provider as well. The main difference is that the POSIX UIDs and GIDs
are now lookup up with the help of the SID instead of being calculated
algorithmically. This was necessary because the AD provider allows
either algorithmic mapping or reading the value from attributes stored
in AD.

Fixes https://fedorahosted.org/sssd/ticket/1558
Lookup domains at startup 2013-06-04T15:24:13+00:00 Sumit Bose sbose@redhat.com 2013-05-31T08:52:05+00:00 909a86af4eb99f5d311d7136cab78dca535ae304 To make sure that e.g. the short/NetBIOS domain name is available this patch make sure that the responders send a get_domains request to their backends at startup the collect the domain information or read it from the cache if the backend is offline. For completeness I added this to all responders even if they do not need the information at the moment. Fixes https://fedorahosted.org/sssd/ticket/1951 
To make sure that e.g. the short/NetBIOS domain name is available this
patch make sure that the responders send a get_domains request to their
backends at startup the collect the domain information or read it from
the cache if the backend is offline.

For completeness I added this to all responders even if they do not need
the information at the moment.

Fixes https://fedorahosted.org/sssd/ticket/1951
Add utility functions for formatting fully-qualified names 2013-05-30T11:44:35+00:00 Jakub Hrozek jhrozek@redhat.com 2013-05-10T16:19:12+00:00 1987bff88e01c74d647dd2db4f541ac311537e1a Instead of using printf-like functions directly, provide two wrappers that would encapsulate formatting the fully-qualified names. No functional change is present in this patch. 
Instead of using printf-like functions directly, provide two wrappers
that would encapsulate formatting the fully-qualified names. No
functional change is present in this patch.
Add missing \n to debug string 2013-05-10T14:14:34+00:00 Sumit Bose sbose@redhat.com 2013-05-10T08:46:43+00:00 20b29e62e8df861f8f6e718cb6c8dbc9e4ec43c0 






Remove unused TALLOC_CTX from responder_get_domain()
2013-05-02T17:33:56+00:00

Sumit Bose
sbose@redhat.com

2013-04-18T10:43:47+00:00

4668b4765530cf37289235e483f301100cc1ae21

Recent refactoring removed the need to copy the domain info data of
sub-domains because the related objects will not be removed from memory
anymore.





Recent refactoring removed the need to copy the domain info data of
sub-domains because the related objects will not be removed from memory
anymore.







Fix and rename get_my_domain_data()
2013-04-21T08:22:36+00:00

Sumit Bose
sbose@redhat.com

2013-04-19T15:44:26+00:00

d29d5d9e0e9ee0396a46f4375092644f29024f25

The task of get_my_domain_data() is to read some information about the
configured domain from the cache. While the sysdb interface was
redesigned some changes changed the behaviour so that the data of the
domain of the current request was read. If this domain is a sub-domain
the wrong data was read. As a result group-memberships of the configured
domain were not taken into account.

The original code didn't made it easy to see that always the parent
domain should be used here, because there was no comment indication this
and the function name get_my_domain_data() didn't made it clear either.
Additionally to fixing the issue this patch also adds a comment and
rename the function to get_parent_domain_data().

Fixes https://fedorahosted.org/sssd/ticket/1888





The task of get_my_domain_data() is to read some information about the
configured domain from the cache. While the sysdb interface was
redesigned some changes changed the behaviour so that the data of the
domain of the current request was read. If this domain is a sub-domain
the wrong data was read. As a result group-memberships of the configured
domain were not taken into account.

The original code didn't made it easy to see that always the parent
domain should be used here, because there was no comment indication this
and the function name get_my_domain_data() didn't made it clear either.
Additionally to fixing the issue this patch also adds a comment and
rename the function to get_parent_domain_data().

Fixes https://fedorahosted.org/sssd/ticket/1888







Allow using flatname for subdomain home dir template
2013-04-10T11:38:44+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-04-04T11:03:23+00:00

6fc4702a3037d9bb5b27bcb58f70edf1802b7b19

https://fedorahosted.org/sssd/ticket/1609





https://fedorahosted.org/sssd/ticket/1609