sssd.git/src/db, branch err_facility Experimental work on SSSD - Systen Security Services Daemon NOPUSH: Speed hacks 2013-03-13T18:39:49+00:00 Simo Sorce ssorce@redhat.com 2010-02-27T20:45:53+00:00 c31402f73c221d31b10b348b56e3cfe27e1d0933 






Remove the alt_db_path parameter of sysdb_init
2013-03-05T16:41:56+00:00

Michal Zidek
mzidek@redhat.com

2013-03-05T15:23:14+00:00

2ba16c5a5c4b6d3cd2a44179186ec60eda828bcd

This parameter was never used.

https://fedorahosted.org/sssd/ticket/1765





This parameter was never used.

https://fedorahosted.org/sssd/ticket/1765







Use SSSD specific errors for offline auth
2013-03-04T22:40:25+00:00

Simo Sorce
simo@redhat.com

2012-11-21T21:52:33+00:00

ab967283b710dfa05d11ee5b30c7ac916486ceec

This prevents reportin false errors when internal functions return
a generic EINVAL or EACCES that should just be treated as internal
errors.





This prevents reportin false errors when internal functions return
a generic EINVAL or EACCES that should just be treated as internal
errors.







sysdb: try dealing with binary-content attributes
2013-02-26T16:16:58+00:00

Jan Engelhardt
jengelh@inai.de

2013-02-21T12:12:25+00:00

956309e24c32cd0886736bf065a27d5bdd200a77

https://fedorahosted.org/sssd/ticket/1818

I have here a LDAP user entry which has this attribute

	loginAllowedTimeMap::
	 AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA

In the function sysdb_attrs_add_string(), called from
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
the wrong thing to do. The result of strlen is then used to populate
the .v_length member of a struct ldb_val - and this will set it to
zero in this case. (There is also the problem that there may not be
a '\0' at all in the blob.)

Subsequently, .v_length being 0 makes ldb_modify(), called from
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
result is that users do not get stored in the sysdb, and programs like
`id` or `getent ...` show incomplete information.

The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
fine, but that may not mean that is the absolute lower boundary of
introduction of the problem.





https://fedorahosted.org/sssd/ticket/1818

I have here a LDAP user entry which has this attribute

	loginAllowedTimeMap::
	 AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA

In the function sysdb_attrs_add_string(), called from
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
the wrong thing to do. The result of strlen is then used to populate
the .v_length member of a struct ldb_val - and this will set it to
zero in this case. (There is also the problem that there may not be
a '\0' at all in the blob.)

Subsequently, .v_length being 0 makes ldb_modify(), called from
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
result is that users do not get stored in the sysdb, and programs like
`id` or `getent ...` show incomplete information.

The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
fine, but that may not mean that is the absolute lower boundary of
introduction of the problem.







Introduce IS_SUBDOMAIN() macro
2013-02-10T21:08:47+00:00

Simo Sorce
simo@redhat.com

2013-01-16T03:19:36+00:00

4f118e3e6a25762f40a43e6dbefb09f44adbef32

Fixes https://fedorahosted.org/sssd/ticket/1766





Fixes https://fedorahosted.org/sssd/ticket/1766







Change the way domains are linked.
2013-02-10T21:08:47+00:00

Simo Sorce
simo@redhat.com

2013-01-15T01:30:04+00:00

bba1a5fd62cffcae076d1351df5a83fbc4a6ec17

- Use a double-linked list for domains and subdomains.
- Never remove a subdomain, simply mark it as disabled if it becomes
  unused.
- Rework the way subdomains are refreshed.
  Now sysdb_update_subdomains() actually updates the current subdomains
  and marks as disabled the ones not found in the sysdb or add new ones
  found. It never removes them.
  Removal of missing domains from sysdb is deferred to the providers,
  which will perform it at refresh time, for the ipa provider that is
  done by ipa_subdomains_write_mappings() now.
  sysdb_update_subdomains() is then used to update the memory hierarchy
  of the subdomains.

- Removes sysdb_get_subdomains()
- Removes copy_subdomain()
- Add sysdb_subdomain_delete()





- Use a double-linked list for domains and subdomains.
- Never remove a subdomain, simply mark it as disabled if it becomes
  unused.
- Rework the way subdomains are refreshed.
  Now sysdb_update_subdomains() actually updates the current subdomains
  and marks as disabled the ones not found in the sysdb or add new ones
  found. It never removes them.
  Removal of missing domains from sysdb is deferred to the providers,
  which will perform it at refresh time, for the ipa provider that is
  done by ipa_subdomains_write_mappings() now.
  sysdb_update_subdomains() is then used to update the memory hierarchy
  of the subdomains.

- Removes sysdb_get_subdomains()
- Removes copy_subdomain()
- Add sysdb_subdomain_delete()







Remove sysdb_subdom completely
2013-02-10T21:08:47+00:00

Simo Sorce
simo@redhat.com

2013-01-14T21:47:51+00:00

95e94691178297f2b8225a83d43ae388cab04b45

struct sss_domain_info is always used to represent domains now.
Adjust tests accordingly.





struct sss_domain_info is always used to represent domains now.
Adjust tests accordingly.







Add sysdb_subdomain_store() function
2013-02-10T21:08:46+00:00

Simo Sorce
simo@redhat.com

2013-01-14T19:55:05+00:00

1187a07ed4207c1c326fdf83915dddfe472b8620

Replaces sysdb_add_subdomain_attributes and is a public sysdb interface.





Replaces sysdb_add_subdomain_attributes and is a public sysdb interface.







Refactor sysdb_master_domain_add_info()
2013-02-10T21:08:46+00:00

Simo Sorce
simo@redhat.com

2013-01-14T18:43:52+00:00

3912262270a6449ebe1d3e92c27c217b4044f894












Update main domain info in place
2013-02-10T21:08:46+00:00

Simo Sorce
simo@redhat.com

2013-01-14T17:22:22+00:00

65393a294e635822c1d7a15fe5853dc457ad8a2a