summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-01-15Add domain argument to sysdb_store_group()Simo Sorce7-39/+26
Also remove sysdb_store_domgroup()
2013-01-15Add domain argument to sysdb_store_user()Simo Sorce8-61/+38
Also remove sysdb_store_domuser()
2013-01-15Add domain arguments to sysdb_add_inetgroup fns.Simo Sorce6-9/+15
2013-01-15Add domain arguments to sysdb_add_group functions.Simo Sorce6-20/+31
2013-01-15Add domain argument to sysdb_add_user()Simo Sorce5-11/+14
2013-01-15Add domain argument to sysdb_add_basic_user()Simo Sorce3-2/+6
2013-01-15Add domain argument to sysdb_get_new_id()Simo Sorce2-5/+5
2013-01-15Add domain argument to sysdb_set_netgroup_attr()Simo Sorce4-4/+6
2013-01-15Add domain argument to sysdb_set_group_attr()Simo Sorce5-18/+21
2013-01-15Add domain argument to sysdb_set_user_attr()Simo Sorce10-36/+51
2013-01-15Add domain arg to sysdb_search_netgroup_by_name()Simo Sorce3-2/+5
2013-01-15Add domain to sysdb_search_group_by_gid()Simo Sorce8-24/+33
Also remove unused sysdb_search_domgroup_by_gid()
2013-01-15Add domain to sysdb_search_group_by_name()Simo Sorce8-34/+29
Also remove unused sysdb_search_domgroup_by_name()
2013-01-15Add domain to sysdb_search_user_by_uid()Simo Sorce5-21/+9
Also remove unused sysdb_search_domuser_by_uid()
2013-01-15Add domain to sysdb_search_user_by_name()Simo Sorce19-52/+70
Also remove unused sysdb_search_domuser_by_name()
2013-01-15Add domain argument to sysdb_get_user_attr()Simo Sorce11-21/+26
2013-01-15Add domain argument to sysdb_initgroups()Simo Sorce5-5/+8
2013-01-15Add domain option to sysdb_get/netgr/attrs() fnsSimo Sorce4-7/+11
2013-01-15Pass domain to sysdb_enum<pw/gr>ebt() functionsSimo Sorce4-7/+13
2013-01-15Pass domain to sysdb_get<pwu/grg><id() functionsSimo Sorce5-8/+14
2013-01-15Pass domain to sysdb_get<pw/gr>nam() functionsSimo Sorce11-85/+78
Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not.
2013-01-15Upgrade DB and move ranges into top level objectSimo Sorce3-1/+124
2013-01-15Move range objects into their own top-level tree.Simo Sorce2-10/+6
Storing ranges for multiple domains under any specific domain is somewhat aritrary and unnecessary. Put ranges under cn=ranges,cn=sysdb, without involving any specific domain subtree. This allows us to avoid using sysdb->domain in ranges functions. Also storing other subdomains data under the parent domain tree felt wrong, all other domain specific data is under their own subtree. Moving this data in its own place seems a better solution.
2013-01-15Make sysdb_custom_subtree_dn() require a domain.Simo Sorce8-12/+19
2013-01-15Make sysdb_custom_dn() require a domain.Simo Sorce6-10/+20
2013-01-15Make sysdb_domain_dn() require a domain.Simo Sorce6-7/+10
2013-01-15Make sysdb_netgroup_base_dn() require a domain.Simo Sorce3-5/+9
2013-01-15Make sysdb_netgroup_dn() require a domain explictly.Simo Sorce4-9/+11
2013-01-15Make sysdb_group_dn() require a domain explictly.Simo Sorce6-18/+20
2013-01-15Make sysdb_user_dn() require a domain explictly.Simo Sorce6-15/+17
2013-01-15Remove the sysdb_ctx_get_domain() function.Simo Sorce5-19/+16
We are deprecating sysdb->domain so kill the function that gives access to this member as we should stop relying on it being available (or correct).
2013-01-15Refactor single domain initializationSimo Sorce12-60/+60
Bring it out of sysdb, which will slowly remove internal dependencies on domains and instead will always require them to be passed by callers.
2013-01-15Refactor sysdb initializationSimo Sorce6-170/+25
Change the way sysdbs are initialized. Make callers responsible for providing the list of domains. Remove the returned array of sysdb contexts, it was used only by sss_cache and not really necessary there either as that tool can easily iterate the domains. Make sysdb ctx children of their respective domains. Neither sysdb context nor domains are ever freed until a program is done so there shouldn't be any memory hierarchy issue. As plus we simplify the code by removing a destructor and a setter function.
2013-01-15The Big sysdb/domain split-up!Simo Sorce1-1/+1
This commit is the first of a complex work of untangling domain and sysdb. It turns out the idea of keeping a reference to the domain within the sysdb was a poor one so we need to split the domain out and change all functions that needs one to get it explicitly from their callers.
2013-01-14Use new sysdb_search_service() in sss_cacheSimo Sorce1-35/+4
Also fixes https://fedorahosted.org/sssd/ticket/1754
2013-01-14let ldap_backup_chpass_uri workPavel Březina1-2/+4
https://fedorahosted.org/sssd/ticket/1760
2013-01-14Fix LDAP authentication - invalid password lengthPavel Březina1-1/+1
sss_authtok_get_password() already returns length without terminating zero. This broke authentication over LDAP because we removed the last password character.
2013-01-10Change pam data auth tokens.Simo Sorce21-473/+533
Use the new authtok abstraction and interfaces throught the code.
2013-01-10Add authtok utility functions.Simo Sorce3-0/+384
These functions allow handling of auth tokens in a completely opaque way, with clear semantics and accessor fucntions that guarantee consistency, proper access to data and error conditions.
2013-01-10Add function to safely wipe memory.Simo Sorce2-0/+18
This is useful for wiping passwords, as it prevents the compiler from optimizing out a memset to zero before a free()
2013-01-10Code can only check for cached passwordsSimo Sorce5-36/+45
Make it clear to the API users that we can not take arbitrary auth tokens. We can only take a password for now so simplify and clarify the interface.
2013-01-10Fix sdap reinit.Simo Sorce1-82/+89
This set of functions had a few important issues: 1. the base_dn was always NULL, as the base array was never actually used to construct any DN. This means each function searched the whole database multiple times. It would try to remove SYSDB_USN from all database entries 3 times. Then it would try to find non updated entries another 3 times and delete them, arguably find empty results the last 2 times. 2. Remove use of sysdb_private.h, that header is *PRIVATE* which means it should not be used anywhere but within sysdb. Do this by using existing functions instead of using ldb calls directly. This is important to keep sysdb as conistent and self-contained as possible.
2013-01-10Use sysdb_search_service() for all svc queriesSimo Sorce2-78/+56
2013-01-10Add sysdb_search_service() helper functionSimo Sorce2-0/+63
2013-01-09AD: Add user as a direct member of his primary groupJakub Hrozek1-8/+109
In the AD case, deployments sometimes add groups as parents of the primary GID group. These groups are then returned during initgroups in the tokenGroups attribute and member/memberof links are established between the user and the group. However, any update of these groups would remove the links, so a sequence of calls: id -G user; id user; id -G user would return different group memberships. The downside of this approach is that the user is returned as a group member during getgrgid call as well.
2013-01-09AD: replace GID/UID, do not add another oneJakub Hrozek4-7/+41
The code would call sysdb_attrs_add_uint32 which added another UID or GID to the ID=0 we already downloaded from LDAP (0 is the default value) when ID-mapping an entry. This led to funky behaviour later on when we wanted to process the ID.
2013-01-09Revert "Add a default section to a switch-statement"Simo Sorce1-12/+8
This reverts commit d698499602461b98fd56f2d550f80c6cb25f12a9. And adds the correct fix. Also makes the function static,as it is used nowehere else.
2013-01-09Add a default section to a switch-statementSumit Bose1-0/+3
Besides adding the missing default this patch suppresses a compiler warning about ret being uninitialized.
2013-01-08Remove dead netgroup functionsSimo Sorce3-419/+0
2013-01-08Remove unhelpful vtable from sss_cacheSimo Sorce1-24/+30
Using a vtable like this has various drawacks, including the fact prototypes are not checked by the compiler so the code could silently break and still compile fine (in fact I found this out changing one of the prototypes). A switch statement is also better because it catches if the enum changed and won't risk allowing to access the table out of bounds.