summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-05-03LDAP: Add helper function to map IDsStephen Gallagher5-119/+81
This function will also auto-create a new ID map if the domain has not been seen previously.
2012-05-03LDAP: Do not remove uidNumber and gidNumber attributes when saving id-mapped ↵Stephen Gallagher2-0/+16
entries
2012-05-03LDAP: Add helper routine to convert LDAP blob to SID stringStephen Gallagher5-68/+195
2012-05-03LDAP: Map the user's primaryGroupIDStephen Gallagher8-12/+73
2012-05-03LDAP: Enable looking up id-mapped groups by GIDStephen Gallagher1-2/+45
2012-05-03LDAP: Allow looking up ID-mapped groups by nameStephen Gallagher2-29/+125
2012-05-03LDAP: Enable looking up id-mapped users by UIDStephen Gallagher1-6/+43
2012-05-03LDAP: Allow automatically-provisioning a domain and rangeStephen Gallagher1-3/+43
If we get a user who is a member of a domain we haven't seen before, add a domain entry (auto-assigning its slice). Since we don't know the domain's real name, we'll just save the domain SID string as the name as well.
2012-05-03LDAP: Add routine to extract domain SID from an object SIDStephen Gallagher4-2/+52
Also makes the domain prefix macros from sss_idmap public.
2012-05-03LDAP: Allow setting a default domain for id-mapping slice 0Stephen Gallagher7-0/+48
2012-05-03LDAP: Add autorid compatibility modeStephen Gallagher7-8/+20
2012-05-03LDAP: Enable looking up ID-mapped users by nameStephen Gallagher3-9/+56
2012-05-03LDAP: Initialize ID mapping when configuredStephen Gallagher2-0/+10
2012-05-03LDAP: Add ID mapping range settingsStephen Gallagher6-0/+19
2012-05-03LDAP: Add helper routines for ID-mappingStephen Gallagher3-2/+340
2012-05-03SYSDB: Add sysdb routines for ID-mappingStephen Gallagher3-0/+347
2012-05-03LDAP: Add id-mapping optionStephen Gallagher6-0/+6
2012-05-03LDAP: Add objectSID config optionStephen Gallagher8-0/+47
2012-05-03Read sysdb attribute name, not LDAP attribute map nameJakub Hrozek1-2/+2
https://fedorahosted.org/sssd/ticket/1320
2012-05-03SSH: Add dp_get_host_send to common responder codeJakub Hrozek9-52/+211
Instead of using account_info request, creates a new ssh specific request. This improves code readability and will make the code more flexible in the future. https://fedorahosted.org/sssd/ticket/1176
2012-05-03Rename split_service_name_filterJakub Hrozek1-16/+16
The function was used outside services code which was confusing due to its name. This patch renames it to sound more netrual.
2012-05-03Fix typo in spec fileSumit Bose1-1/+1
2012-05-03SYSDB: Handle upgrade script failures betterStephen Gallagher1-4/+13
There was a bug in finish_upgrade() where it would return EOK if it succeeded in canceling the transaction due to an error. We should instead be returning the original error.
2012-05-03AUTOFS: remove unused assignmentsJakub Hrozek2-5/+9
Also changes setautomntent_send so that is only return NULL in case the tevent_req creation fails.
2012-05-03IPA: Check return valuesJakub Hrozek2-2/+12
2012-05-03PROXY: return correct return codesJakub Hrozek1-7/+9
We were reporting on the value of "status" instead of "ret'. We also didn't set ret to EOK in cases group contained no members.
2012-05-03SSS_DEBUGLEVEL: silence analyzer warningsJakub Hrozek1-2/+3
Errno was returned instead of ret. The other hunk removes return code from fread - it is not needed, the NULL termination of the string is ensured by initializing the buffer.
2012-05-02NSS: fix returning group from cacheJakub Hrozek1-1/+1
2012-05-02Handle endianness issues on older systemsStephen Gallagher1-0/+17
Older versions of glibc (like that on RHEL 5) do not have the le32toh() function exposed. We need this for handling the Active Directory ID-mapping, so we'll copy these macros from endian.h on a newer glibc.
2012-05-02DP: return correct error message when subdomains back end target is not ↵Jakub Hrozek1-1/+1
configured The done handler uses the value of status, not ret.
2012-05-02HBAC: Prevent NULL dereference in hbac_evaluateJakub Hrozek1-2/+4
'info' is optional parameter and can be set to NULL
2012-05-02ipa_get_config_send: remove unused assignmentJakub Hrozek1-1/+0
2012-05-02IPA netgroups: return EOK when there are no netgroups to processJakub Hrozek1-0/+1
If the code fell through the loop, ret would have been random value.
2012-05-02NSS: Check return code of sss_mmap_cache_gr_storeJakub Hrozek1-0/+5
2012-05-02PAM_SSS: report error code if write failsJakub Hrozek1-2/+2
clang had reported this as "value of ret is never used", I think it would be nice to report a meaningful error message.
2012-05-02PYHBAC: Return NULL on failureJakub Hrozek1-0/+1
The error handler would simply fall through instead of returning NULL.
2012-05-02RESPONDER: check return value from confdb_get_intJakub Hrozek1-0/+7
sss_process_init forgot to check return value of confdb_get_int
2012-05-02LDAP: check return value of sysdb_attrs_get_elJakub Hrozek1-0/+7
2012-05-02SERVER: use the correct return code of sss_atomic_write_sJakub Hrozek1-1/+1
2012-05-02SSH: return NULL on error in ssh_host_pubkeys_format_known_host_plainJakub Hrozek1-1/+2
The 'result' pointer must be initialized tin order to always return a defined value.
2012-05-02SYSDB: check return valueJakub Hrozek1-2/+2
In addition to testing the number of elements, also check the return value of sysdb_attrs_get_el.
2012-05-02SYSDB: return EOK if empty message is passed into get_rm_msgJakub Hrozek1-0/+1
If the code never entered the loop in get_rm_message, we would return arbitrary return value.
2012-05-02SUDO: Return ret, not EOKJakub Hrozek1-1/+1
This patch fixes bad refactoring - the function used to return value directly on error and EOK as the last statement. If was then converted into using goto label, but the last statement was still returning EOK instead of the value it should.
2012-05-01Allow different SID representations in libidmapSumit Bose6-15/+929
Besides as strings it is now possible to use binary SIDs or a struct containing all SID information. Functions to convert between these formats are added as well.
2012-05-01execv, excvp and exec_child never return EOKStef Walter4-18/+11
* So don't need to handle that case
2012-04-24NSS: Only return data from initgroups onceJakub Hrozek1-3/+10
Do not let nss_cmd_initgroups_search() return data itself, but let the caller return data. This is more intuitive and more consistent with the rest of the nss_cmd_*_search() functions. Also fixes a typo - nss_cmd_initgroups_cb used to call getpw_send_reply instead of initgr_send_reply.
2012-04-24Lowercase group members in case-insensitive domainsJakub Hrozek1-1/+7
https://fedorahosted.org/sssd/ticket/1312
2012-04-24murmurhash: Relax inline requirementStephen Gallagher1-2/+2
2012-04-24Two fixes in responder subdomain codeJan Zeleny2-1/+7
2012-04-24fix copy and paste error in commentPavel Březina1-1/+1