freeipa.git/daemons/ipa-slapi-plugins/ipa-extdom-extop, branch patternfly Unnamed repository; edit this file 'description' to name the repository. extdom: do not return results from the wrong domain 2014-03-25T13:03:05+00:00 Sumit Bose sbose@redhat.com 2014-03-25T10:29:58+00:00 c885bc3e49b41490668ed8b62989d71ec1cadf34 Resolves: https://fedorahosted.org/freeipa/ticket/4264 Reviewed-By: Tomas Babej <tbabej@redhat.com> 
Resolves: https://fedorahosted.org/freeipa/ticket/4264
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Remove CFLAGS duplication. 2013-12-06T13:44:41+00:00 Jan Cholasta jcholast@redhat.com 2013-12-06T10:47:44+00:00 5e2f7b68f0cb8e7fd6ea4f3236e84f1a8d075a13 https://fedorahosted.org/freeipa/ticket/3896 
https://fedorahosted.org/freeipa/ticket/3896
EXTDOM: Do not overwrite domain_name for INP_SID 2013-08-29T13:30:38+00:00 Jakub Hrozek jhrozek@redhat.com 2013-08-25T12:39:27+00:00 ec08458b656e09dc71f51aac55f6d268469a9b11 






Fix extdom plugin to provide unqualified name in response as sssd expects
2013-07-11T09:39:28+00:00

Alexander Bokovoy
abokovoy@redhat.com

2013-07-09T07:26:22+00:00

ad575f067c49fdc511e9139668529d46b2f5f8bf

extdom plugin handles external operation over which SSSD asks IPA server about
trusted domain users not found through normal paths but detected to belong
to the trusted domains associated with IPA realm.

SSSD expects that user or group name in the response will be unqualified
because domain name for the user or group is also included in the response.
Strip domain name from the name if getgrnam_r/getpwnam_r calls returned fully
qualified name which includes the domain name we are asked to handle.

The code already expects that fully-qualified names are following user@domain
convention so we are simply tracking whether '@' symbol is present and is followed
by the domain name.





extdom plugin handles external operation over which SSSD asks IPA server about
trusted domain users not found through normal paths but detected to belong
to the trusted domains associated with IPA realm.

SSSD expects that user or group name in the response will be unqualified
because domain name for the user or group is also included in the response.
Strip domain name from the name if getgrnam_r/getpwnam_r calls returned fully
qualified name which includes the domain name we are asked to handle.

The code already expects that fully-qualified names are following user@domain
convention so we are simply tracking whether '@' symbol is present and is followed
by the domain name.







Make sure domain_name is also set when processing INP_NAME requests
2013-07-11T09:39:27+00:00

Alexander Bokovoy
abokovoy@redhat.com

2013-07-09T07:25:51+00:00

fb62414e813bbc8bd287413ed2506c0fe7f9c589












extdom: replace winbind calls with POSIX/SSSD calls
2013-07-11T09:39:27+00:00

Sumit Bose
sbose@redhat.com

2013-07-03T12:27:14+00:00

18c5e483db719442de2965754ce912d0e4a02f61

With the new ipa_server_mode SSSD is able to read user and group data
from trusted AD domains directly and makes this data available via the
NSS responder. With this mode enabled winbind is not needed anymore to
lookup users and groups of trusted domains.

This patch removed the calls to winbind from the extdom plugin and
replaces them with standard POSIX calls like getpwnam() and calls from
libsss_nss_idmap to lookup SIDs.

Fixes https://fedorahosted.org/freeipa/ticket/3637 because now the
extdom plugin does not need to handle idranges anymore, but everything
is done inside SSSD.





With the new ipa_server_mode SSSD is able to read user and group data
from trusted AD domains directly and makes this data available via the
NSS responder. With this mode enabled winbind is not needed anymore to
lookup users and groups of trusted domains.

This patch removed the calls to winbind from the extdom plugin and
replaces them with standard POSIX calls like getpwnam() and calls from
libsss_nss_idmap to lookup SIDs.

Fixes https://fedorahosted.org/freeipa/ticket/3637 because now the
extdom plugin does not need to handle idranges anymore, but everything
is done inside SSSD.







Fix log format not a string literal.
2013-06-03T07:57:24+00:00

Diane Trout
diane@ghic.org

2013-06-02T04:44:35+00:00

517e475f611e56778112a4b361e3809844ad95d9

This was to resolve a -Werror=format-security error.

  ipa_extdom_extop.c: In function 'ipa_extdom_extop':
  ipa_extdom_extop.c:144:9: error: format not a string literal and no format
arguments [-Werror=format-security]





This was to resolve a -Werror=format-security error.

  ipa_extdom_extop.c: In function 'ipa_extdom_extop':
  ipa_extdom_extop.c:144:9: error: format not a string literal and no format
arguments [-Werror=format-security]







Allow ID-to-SID mappings in the extdom plugin
2013-05-02T20:57:12+00:00

Sumit Bose
sbose@redhat.com

2013-04-26T15:20:49+00:00

c152c9e7ff2ea49dd65dd6d59672f92602bd3d9f

https://fedorahosted.org/freeipa/ticket/3596





https://fedorahosted.org/freeipa/ticket/3596







Do not store SID string in a local buffer
2013-05-02T20:57:12+00:00

Sumit Bose
sbose@redhat.com

2013-04-26T07:21:43+00:00

0f43cd6ea0d4528638e14a544c62d53e439778e6

https://fedorahosted.org/freeipa/ticket/3596





https://fedorahosted.org/freeipa/ticket/3596







Do not lookup up the domain too early if only the SID is known
2013-05-02T20:57:12+00:00

Sumit Bose
sbose@redhat.com

2013-04-24T12:44:54+00:00

631b3cf7cd85d310773e84569bf29b37ff5cec1b

Request with a SID as input parameter do not contain the domain name,
hence is must be tried to resolve the SID first before the corresponding
domain can be looked up.

https://fedorahosted.org/freeipa/ticket/3596





Request with a SID as input parameter do not contain the domain name,
hence is must be tried to resolve the SID first before the corresponding
domain can be looked up.

https://fedorahosted.org/freeipa/ticket/3596