| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
| |
Because internally, we use the same name for all users and groups
regardless of the domain they belong to, we can parse the username from
the qualified name in a simpler manner.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Use sss_create_internal_fqname for internal cache lookups. Because the
object's existence is verified using getpw* and getgr*, we keep using
sss_tc_fqname there, just to feed the NSS interface the expected
qualified or unqualified name format.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
Same as all other tools.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
instead for users and groups
All users and groups are now stored in the cache using the same format,
so we can use that one instead of creating a domain-specific name.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
No need to export functions that are only used internally.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Normally we convert the names from short to internal format on input.
For the local domain tools, we can consider the sss_sync_ops an input
interface, to avoid having to convert the name in each tool and
interface separately.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
Only user shortnames to interact with the system.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
The LDAP access control code uses shortnames to construct an LDAP
filter.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Previously, the user account was only looked by name when the LDAP
provider didn't match any entry on the server side. This patch removes
the entry from the cache with the matching function, either by name or
by UPN.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
Even incomplete groups must be stored using the internal name format
instead of whatever we receive from LDAP.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
| |
All user and group names are already qualified at this point, so let's
remove the special case that stored users from trusted domains
qualified.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
Just provides a more descriptive name of a function parameter.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
| |
Adds a utility function the LDAP provider can use. This is different
from sss_create_internal_fqname_list in the sense that the LDAP provider
passes in the attribute name that contains the name attribute value.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
before acting on them
Ghostnames must be qualified as well, same as all other name attributes
across SSSD. The ghost names are used by the NSS responder during getgr*
output and the domain name parsed from the name is used in the output.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
The username we receive from LDAP is short name. Convert it to a
qualified name before saving the user.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
When looking up users or groups by name, we need to user the plain
username in the filter. The domain is typically signified by the search
base.
When looking up by UPN, we can keep using the raw value from the DP.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
filter_value is a better name, because we don't look just by name, the
same variable is used to look up certificates etc.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
The name is converted from whatever we receive on input to the internal
format before processing the data further.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
The name is converted from whatever we receive on input to the internal
format before processing the data further.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Since sysdb_search_user_by_upn() searches the whole cache we have to set
the domain so that it matches the result.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a utility function sized_output_name() which wraps the output_name()
function and returns the sized_struct structure. This function is used
when formatting the output name for the client, but also when
saving/deleting the memory cache entries.
Its sister function sized_member_name() is very similar, but infers the
domain name from memberuid or ghost attribute.
Because all names internally are used in the same format, the logic to
append domain or format the usename for output in the fill_XXX() family
of functions is much simpler. In general, adding a domain suffix no
longer relies in the domain being a subdomain, but only the dom->fqnames
The parse_member() function was removed because it is no longer
required.
The nss test was amended to store names in the internal fqdn format on
input and checks for either shortnames or qualified names with the right
format created using sss_tc_fqname() on output.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
| |
When storing users and groups by their name in the negative cache, store
them fully qualfied so that the responder only has to track the name in
the internal format once the input is converted.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
expand_homedir_template() can be considered an outward-facing interface,
therefore the function and its input structure will accept the internal
name format and parse it internally into a username and domain
component.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When looking up entries in the responders that have not been yet
converted to the cache_req API, we need to perform some common
operations all the time. These include converting the name to the right
case, reverse-replacing whitespace and converting the name to the qualified
format for that domain.
This patch adds a function that performs these steps to avoid code
duplication.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
When looking up users or groups by name, qualify the name into the
internal format before the lookup.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
| |
Using a cmocka-based test allows us to initialize the domain using the
common helper functions which in turn allows us to set different
properties with confdb, same as sssd itself does.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a behaviour change to the simple access provider - the
simple access list is parsed on the access check itself, which is when
the name contexts of all domains have already been established and we
are already able to parse the names in the config files with
sss_parse_names. We need to support "input names" in the simple access
provider because it needs to support flat names which rely on knowing
the details about a domain.
The simple_access_obtain_filter_lists is intentionally made non-static
in order to be called from tests which initialize the name contexts on
their own.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The sysdb tests now user the qualified name to store users and groups.
To avoid the sysdb interface being tied too tightly to our specific
format, all names are constructed using a function, not hardcoded. Just
swapping the functions that create or parse the names for a different
format should not make the test fail.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
This is to be consistent with how we name groups normally. We rename the
groupnames when resolving the groups by ID anyway, but if we fail to do
so, at least be consistent.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
When saving users or groups, qualify their names. Otherwise (currently
netgroups), store a plain username.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
The names are all internally qualified already, no need to distinguish
between subdomain users and main domain users.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
case subdomain users
All user and group names use the same unified format in the cache, so
there's no need to special-case subdomains and create different names
for the main domain and a subdomain.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
All user and group names are standardized to be fully qualified, so
there's no need to provide per-domain names anymore.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
This patch infers the member domain from the FQDN to allow the function
to add group members from different domains.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
cope with qualified names in sysdb
Many tests use and rely on non-qualified usernames. To avoid huge
commits, we will fix them one-by-one. To avoid test failures in the
branch, disable all the tests first.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Adds a convenience function that will help reduce the amount of code
duplication in the responders. All responders need to parse the username
from the internal format, lower-case the name, if the domain is
case-insensitive and then replace spaces if the responder is configured
to do so.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
Adds a convenience wrapper around sss_create_fqname that qualifies a
list of names into the format used internally in sssd.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
Add function to create internal fqname in format
shortname@domname where domain portion is lowercased.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
| |
Add lightweight function to parse internal fqname format
(shortname@domain). This function does not require the
sss_names to be initialized.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|