sssd.git/src/db, branch tlog Unnamed repository; edit this file 'description' to name the repository. SYSDB: Add sessionRecording attribute macro 2017-04-20T08:23:23+00:00 Nikolai Kondrashov Nikolai.Kondrashov@redhat.com 2017-03-17T10:35:51+00:00 e600241da76e92cdf332d52727bfcebdb58ea7e5 Add a macro for sessionRecording attribute to sysdb.h. To be used for storing a boolean attribute signifying if session recording is enabled for the user. 
Add a macro for sessionRecording attribute to sysdb.h.
To be used for storing a boolean attribute signifying if session
recording is enabled for the user.
SYSDB: Only generate new UID in local domain 2017-03-30T12:10:01+00:00 Jakub Hrozek jhrozek@redhat.com 2017-03-28T12:49:31+00:00 901396366075dc3e3fcc0894345af1b51052ac69 To avoid issues where a user with no UID but without the posix=false flag was passed to sysdb, we only allow generating the new ID in the local domain. This might prevent bugs where non-POSIX users would get a UID created by sysdb which might allow accessing resources owned by that UID. Reviewed-by: Sumit Bose <sbose@redhat.com> 
To avoid issues where a user with no UID but without the posix=false
flag was passed to sysdb, we only allow generating the new ID in the
local domain. This might prevent bugs where non-POSIX users would get a
UID created by sysdb which might allow accessing resources owned by that
UID.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Allow storing non-POSIX users 2017-03-30T12:09:57+00:00 Jakub Hrozek jhrozek@redhat.com 2017-03-22T12:00:31+00:00 5f7f249f2a8a1c7284e991aa64dbf850d482b0aa Related to: https://pagure.io/SSSD/sssd/issue/3310 We already do the same for groups. If the user does not have UID number set but does have the POSIX: false attribute set, then we save the user with zero UID and the non-POSIX flag. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Related to:
https://pagure.io/SSSD/sssd/issue/3310

We already do the same for groups. If the user does not have UID number
set but does have the POSIX: false attribute set, then we save the user
with zero UID and the non-POSIX flag.

Reviewed-by: Sumit Bose <sbose@redhat.com>
IPA: Get ipaDomainsResolutionOrder from IPA ID View 2017-03-29T12:00:17+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-03-24T16:46:04+00:00 fb81f337b68c85471c3f5140850dccf549a2d0ac ipaDomainsResolutionOrder provides a list of domains that have to be looked up firstly during cache_req searches. This commit only fetches this list from the server and stores its value at sysdb so we can make use of it later on this patch series. There are no tests for newly introduced sysdb methods are those are basically only calling sysdb_update_domain_resolution_order(), sysdb_get_domain_resolution_order() and sysdb_get_use_domain_resolution_order() which are have tests written for. Related: https://pagure.io/SSSD/sssd/issue/3001 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
ipaDomainsResolutionOrder provides a list of domains that have to be
looked up firstly during cache_req searches.

This commit only fetches this list from the server and stores its value
at sysdb so we can make use of it later on this patch series.

There are no tests for newly introduced sysdb methods are those are
basically only calling sysdb_update_domain_resolution_order(),
sysdb_get_domain_resolution_order() and
sysdb_get_use_domain_resolution_order() which are have tests written
for.

Related:
https://pagure.io/SSSD/sssd/issue/3001

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IPA: Get ipaDomainsResolutionOrder from ipaConfig 2017-03-29T12:00:17+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-03-22T12:40:20+00:00 3cbf0e7b63e8e6888917e9215bbdc5674c2fa852 ipaDomainsResolutionOrder provides a list of domains that have to be looked up firstly during cache_req searches. This commit only fetches this list from the server and stores its value at sysdb so we can make use of it later on this patch series. There are no tests for newly introduced sysdb methods are those are basically only calling sysdb_update_domain_resolution_order(), sysdb_get_domain_resolution_order() and sysdb_get_use_domain_resolution_order() which are have tests written for. Related: https://pagure.io/SSSD/sssd/issue/3001 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
ipaDomainsResolutionOrder provides a list of domains that have to be
looked up firstly during cache_req searches.

This commit only fetches this list from the server and stores its value
at sysdb so we can make use of it later on this patch series.

There are no tests for newly introduced sysdb methods are those are
basically only calling sysdb_update_domain_resolution_order(),
sysdb_get_domain_resolution_order() and
sysdb_get_use_domain_resolution_order() which are have tests written
for.

Related:
https://pagure.io/SSSD/sssd/issue/3001

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
SYSDB: Add methods to deal with the domain's resolution order 2017-03-29T12:00:17+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-03-24T14:29:23+00:00 2e85b015d8dd231094a09eab69b86e8b6fcc8b2b In the following-up patches those newly introduced methods will be used to deal with the domainResolutionOrder attribute. The sysdb_update_domain_resolution_order() method is purposely not checking whether a value has changed or not before writing to sysdb and while may not be optimal, the readability of the code has increased a lot by keeping it as simple as possible. Tests for these new methods are part of the next commit. Related: https://pagure.io/SSSD/sssd/issue/3001 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
In the following-up patches those newly introduced methods will be used
to deal with the domainResolutionOrder attribute.

The sysdb_update_domain_resolution_order() method is purposely not
checking whether a value has changed or not before writing to sysdb and
while may not be optimal, the readability of the code has increased a
lot by keeping it as simple as possible.

Tests for these new methods are part of the next commit.

Related:
https://pagure.io/SSSD/sssd/issue/3001

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
SUBDOMAINS: Allow use_fully_qualified_names for subdomains 2017-03-29T12:00:17+00:00 Michal Židek mzidek@redhat.com 2017-03-23T12:14:56+00:00 a63d74f65db2db7389cd373cb37adcdaaa2d56ea Allow option use_fully_qualified_names in subdomain section. This option was recently added to subdomain_inherit. Resolves: https://pagure.io/SSSD/sssd/issue/3337 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Allow option use_fully_qualified_names in subdomain section.
This option was recently added to subdomain_inherit.

Resolves:
https://pagure.io/SSSD/sssd/issue/3337

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
sysdb: add certmap related calls 2017-03-23T16:19:22+00:00 Sumit Bose sbose@redhat.com 2017-02-06T09:27:22+00:00 49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8a Add sysdb calls to write and read data for the certificate mapping library to the cache. Related to https://pagure.io/SSSD/sssd/issue/3050 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Add sysdb calls to write and read data for the certificate mapping
library to the cache.

Related to https://pagure.io/SSSD/sssd/issue/3050

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
sss_cert_derb64_to_ldap_filter: add sss_certmap support 2017-03-23T16:19:14+00:00 Sumit Bose sbose@redhat.com 2017-02-02T15:34:32+00:00 b341ee51cffd98b642b9c68a417f8a7504e303a1 Use certificate mapping library if available to lookup a user by certificate in LDAP. Related to https://pagure.io/SSSD/sssd/issue/3050 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Use certificate mapping library if available to lookup a user by
certificate in LDAP.

Related to https://pagure.io/SSSD/sssd/issue/3050

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
LDAP: always store the certificate from the request 2017-03-23T16:19:07+00:00 Sumit Bose sbose@redhat.com 2015-11-30T11:14:55+00:00 81c564a0692aa4b719af2219f52894e6cd4bdf9f Store the certificate used to lookup a user as mapped attribute in the cached user object. Related to https://pagure.io/SSSD/sssd/issue/3050 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Store the certificate used to lookup a user as mapped attribute in the
cached user object.

Related to https://pagure.io/SSSD/sssd/issue/3050

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>