sssd.git/src/providers/simple, branch ccname Experimental work on SSSD - Systen Security Services Daemon simple provider: obey case sensitivity for subdomain users and groups 2013-09-17T14:02:20+00:00 Pavel Březina pbrezina@redhat.com 2013-09-12T11:15:47+00:00 a0d010f488bf15fb3e170ce04092013fa494401f When comparing username and his groups to access list, we will obey case sensitivity of object from access list. Resolves: https://fedorahosted.org/sssd/ticket/2034 
When comparing username and his groups to access list, we will
obey case sensitivity of object from access list.

Resolves:
https://fedorahosted.org/sssd/ticket/2034
simple provider: support subdomain groups 2013-09-17T14:02:20+00:00 Pavel Březina pbrezina@redhat.com 2013-08-28T09:35:27+00:00 115241b0eeedd033d34d9721a896f031140944d7 Resolves: https://fedorahosted.org/sssd/ticket/2034 
Resolves:
https://fedorahosted.org/sssd/ticket/2034
simple provider: support subdomain users 2013-09-17T14:02:20+00:00 Pavel Březina pbrezina@redhat.com 2013-08-27T12:02:42+00:00 721241198c369596c4f13445c70f227b199fdcd0 Resolves: https://fedorahosted.org/sssd/ticket/2034 
Resolves:
https://fedorahosted.org/sssd/ticket/2034
Fix formating of variables with type: gid_t 2013-09-11T17:44:56+00:00 Lukas Slebodnik lslebodn@redhat.com 2013-09-04T14:52:34+00:00 a4bf85ccc902490c3b75b44532010fbb32169801 






Fix formating of variables with type: size_t
2013-09-11T17:44:54+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-07-17T10:41:33+00:00

0e65abe5cf2abf5d4b431cf6bd161b419f07901d












simple access provider: allow fully qualified names
2013-08-07T11:18:22+00:00

Pavel Březina
pbrezina@redhat.com

2013-07-26T08:17:34+00:00

ffb83ee934f6ea1d9077ab601530436eff2d20e4

https://fedorahosted.org/sssd/ticket/2026





https://fedorahosted.org/sssd/ticket/2026







Convert the simple access check to new error codes
2013-04-19T16:53:41+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-04-17T09:33:41+00:00

18f01e63c1968c29bddb9e48c279b583c0444730

https://fedorahosted.org/sssd/ticket/453

It makes sense to keep using the boolean for access granted/denied, but
when the user/group is not found, the request would now return
ERR_ACCOUNT_UNKNOWN





https://fedorahosted.org/sssd/ticket/453

It makes sense to keep using the boolean for access granted/denied, but
when the user/group is not found, the request would now return
ERR_ACCOUNT_UNKNOWN







Fix simple access group control in case-insensitive domains
2013-04-15T12:56:45+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-04-11T07:18:56+00:00

8e195a545d41647e591c1d06082133cbd25dc0a4

https://fedorahosted.org/sssd/ticket/1713

In the simple access provider, we need to only canonicalize user names when
comparing with values in the ACL, not when searching the cache. The sysdb
searches might do a base search with a DN constructed with the username
which fails if the username is lower case.





https://fedorahosted.org/sssd/ticket/1713

In the simple access provider, we need to only canonicalize user names when
comparing with values in the ACL, not when searching the cache. The sysdb
searches might do a base search with a DN constructed with the username
which fails if the username is lower case.







Resolve GIDs in the simple access provider
2013-03-19T20:47:30+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-02-23T09:44:54+00:00

c0bca1722d6f9dfb654ad78397be70f79ff39af1

Changes the simple access provider's interface to be asynchronous. When
the simple access provider encounters a group that has gid, but no
meaningful name, it attempts to resolve the name using the
be_file_account_request function.

Some providers (like the AD provider) might perform initgroups
without resolving the group names. In order for the simple access
provider to work correctly, we need to resolve the groups before
performing the access check. In AD provider, the situation is
even more tricky b/c the groups HAVE name, but their name
attribute is set to SID and they are set as non-POSIX





Changes the simple access provider's interface to be asynchronous. When
the simple access provider encounters a group that has gid, but no
meaningful name, it attempts to resolve the name using the
be_file_account_request function.

Some providers (like the AD provider) might perform initgroups
without resolving the group names. In order for the simple access
provider to work correctly, we need to resolve the groups before
performing the access check. In AD provider, the situation is
even more tricky b/c the groups HAVE name, but their name
attribute is set to SID and they are set as non-POSIX







Add be_req_get_data() helper funciton.
2013-01-21T21:17:34+00:00

Simo Sorce
simo@redhat.com

2013-01-11T23:13:36+00:00

cbaba2f47da96c4191971bce86f03afb3f88864a

In preparation for making struct be_req opaque.





In preparation for making struct be_req opaque.