summaryrefslogtreecommitdiffstats
path: root/src/db/sysdb.h
Commit message (Collapse)AuthorAgeFilesLines
* SYSDB: Store enumerate flag for subdomainJakub Hrozek2013-08-281-1/+2
|
* DB: remove unused realm parameter from sysdb_master_domain_add_infoJakub Hrozek2013-08-281-2/+1
| | | | The parameter was not used at all.
* ipa-server-mode: add IPA group memberships to AD usersSumit Bose2013-08-281-0/+1
| | | | | | | | | | | | | | | | When IPA trusts an AD domain the AD user or groups can be placed into IPA groups e.g. to put AD users under the control of HBAC. Since IPA group can only have members from the IPA directory tree and the AD users and groups are not stored there a special IPA object called external group was introduced. SIDs of users and groups can be added to the external group and since the external groups are in the IPA directory tree they can be member of IPA groups. To speed things up and to remove some load from the IPA servers SSSD reads all external groups and stores them in memory for some time before rereading the data. Enhances https://fedorahosted.org/sssd/ticket/1962
* sysdb_add_incomplete_group: store SID string is availableSumit Bose2013-08-191-1/+3
| | | | | | During initgroups request we read the SID of a group from the server but do not save it to the cache. This patch fixes this and might help to avoid an additional lookup of the SID later.
* fill_initgr: add original primary GID if availableSumit Bose2013-08-191-0/+1
| | | | | | | | | | | | | In some cases when MPG domains are used the information about the original primary group of a user cannot be determined by looking at the explicit group memberships. In those cases the GID related to the original primary group is stored in a special attribute of the user object. This patch adds the GID of the original primary group when available and needed. Fixes https://fedorahosted.org/sssd/ticket/2027
* sdap_save_user: save original primary GID of subdomain usersSumit Bose2013-08-191-0/+1
| | | | | | | | | | | | | | If ID mapping is enabled we use magic private groups (MPG) for subdomains, i.e. the UID and the primary GID of the user will have the same numerical value. As a consequence the information about the original primary group might get lost because neither in AD domains nor on a typical UNIX system the user is an explicit member of it's primary group. With this patch the mapped GID or the original primary group is saved in the cached user object under a new attribute. Fixes https://fedorahosted.org/sssd/ticket/2027
* Save mpg state for subdomainsSumit Bose2013-06-281-1/+3
| | | | | | The information of a subdomain will use magic private groups (mpg) or not will be stored together with other information about the domain in the cache.
* Add support for new ipaRangeType attributeSumit Bose2013-06-281-0/+2
| | | | | | | | | Recent versions of FreeIPA support a range type attribute to allow different type of ranges for sub/trusted-domains. If the attribute is available it will be used, if not the right value is determined with the help of the other idrange attributes. Fixes https://fedorahosted.org/sssd/ticket/1961
* Read SIDs of groups with sysdb_initgroups() as wellSumit Bose2013-06-061-0/+1
|
* sysdb: add sysdb_search_object_by_sid()Sumit Bose2013-05-021-0/+8
| | | | | | The patch add a new sysdb to find objects based on their SID. Currently only the basic attributes needed to map SIDs to POSIX IDs and names are requested, but this list can be extended for future use cases.
* Remove the alt_db_path parameter of sysdb_initMichal Zidek2013-03-051-1/+0
| | | | | | This parameter was never used. https://fedorahosted.org/sssd/ticket/1765
* sysdb: try dealing with binary-content attributesJan Engelhardt2013-02-261-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1818 I have here a LDAP user entry which has this attribute loginAllowedTimeMap:: AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA In the function sysdb_attrs_add_string(), called from sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is the wrong thing to do. The result of strlen is then used to populate the .v_length member of a struct ldb_val - and this will set it to zero in this case. (There is also the problem that there may not be a '\0' at all in the blob.) Subsequently, .v_length being 0 makes ldb_modify(), called from sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End result is that users do not get stored in the sysdb, and programs like `id` or `getent ...` show incomplete information. The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave fine, but that may not mean that is the absolute lower boundary of introduction of the problem.
* Change the way domains are linked.Simo Sorce2013-02-101-5/+2
| | | | | | | | | | | | | | | | | | | - Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()
* Remove sysdb_subdom completelySimo Sorce2013-02-101-11/+1
| | | | | struct sss_domain_info is always used to represent domains now. Adjust tests accordingly.
* Add sysdb_subdomain_store() functionSimo Sorce2013-02-101-0/+5
| | | | Replaces sysdb_add_subdomain_attributes and is a public sysdb interface.
* Refactor sysdb_master_domain_add_info()Simo Sorce2013-02-101-3/+3
|
* Update main domain info in placeSimo Sorce2013-02-101-4/+1
|
* Avoid sysdb_subdom in sysdb_get_subdomains()Simo Sorce2013-02-101-3/+3
|
* SYSDB: make the sss_ldb_modify_permissive function publicJakub Hrozek2013-01-231-0/+4
|
* Tidy up BASE dn macrosSimo Sorce2013-01-161-4/+4
|
* Stop creating fake sysdb contextsSimo Sorce2013-01-151-5/+0
| | | | | | Now that the sysdb context does not contain anymore domain related data we can simply stop creating faxe sysdb context and just reference the parent context.
* Add domain to some subdomain functionsSimo Sorce2013-01-151-0/+2
|
* Add domain arguemnt to sysdb_get_real_name()Simo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_idmap_ funcitonsSimo Sorce2013-01-151-3/+2
|
* Add domain argument to sysdb_remove_attrs()Simo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_has/set_enumerated()Simo Sorce2013-01-151-0/+2
|
* Add domain arg to sysdb_search/delete_netgroup()Simo Sorce2013-01-151-0/+2
|
* Add domain argument to sysdb_delete_group()Simo Sorce2013-01-151-3/+1
| | | | Also remove sysdb_delete_domgroup()
* Add domain argument to sysdb_search_groups()Simo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_delete_user()Simo Sorce2013-01-151-5/+1
| | | | Also remove sysdb_delete_domuser()
* Add domain arg to sysdb_search_users()Simo Sorce2013-01-151-0/+1
|
* Add domain to sysdb_delete_customSimo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_search_custom()Simo Sorce2013-01-151-0/+2
| | | | Also changes sysdb_search_custom_by_name()
* Add domain argument to sysdb_store_custom()Simo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_cache_auth()Simo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_cache_password()Simo Sorce2013-01-151-0/+1
|
* Add domain arg to sysdb group member functionsSimo Sorce2013-01-151-0/+3
|
* Add domain argument to sysdb_store_group()Simo Sorce2013-01-151-6/+1
| | | | Also remove sysdb_store_domgroup()
* Add domain argument to sysdb_store_user()Simo Sorce2013-01-151-11/+1
| | | | Also remove sysdb_store_domuser()
* Add domain arguments to sysdb_add_inetgroup fns.Simo Sorce2013-01-151-0/+2
|
* Add domain arguments to sysdb_add_group functions.Simo Sorce2013-01-151-0/+3
|
* Add domain argument to sysdb_add_user()Simo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_add_basic_user()Simo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_get_new_id()Simo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_set_netgroup_attr()Simo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_set_group_attr()Simo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_set_user_attr()Simo Sorce2013-01-151-0/+1
|
* Add domain arg to sysdb_search_netgroup_by_name()Simo Sorce2013-01-151-0/+1
|
* Add domain to sysdb_search_group_by_gid()Simo Sorce2013-01-151-5/+1
| | | | Also remove unused sysdb_search_domgroup_by_gid()
* Add domain to sysdb_search_group_by_name()Simo Sorce2013-01-151-5/+1
| | | | Also remove unused sysdb_search_domgroup_by_name()