| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Also remove sysdb_store_domgroup()
|
|
Also remove sysdb_store_domuser()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Also remove unused sysdb_search_domgroup_by_gid()
|
|
Also remove unused sysdb_search_domgroup_by_name()
|
|
Also remove unused sysdb_search_domuser_by_uid()
|
|
Also remove unused sysdb_search_domuser_by_name()
|
|
|
|
|
|
|
|
|
|
|
|
Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore
fqnames proper value in subdomains, by testing for a parent domain being
present or not.
|
|
|
|
Storing ranges for multiple domains under any specific domain is
somewhat aritrary and unnecessary.
Put ranges under cn=ranges,cn=sysdb, without involving any specific
domain subtree.
This allows us to avoid using sysdb->domain in ranges functions.
Also storing other subdomains data under the parent domain tree felt
wrong, all other domain specific data is under their own subtree.
Moving this data in its own place seems a better solution.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We are deprecating sysdb->domain so kill the function that gives access to
this member as we should stop relying on it being available (or correct).
|
|
Bring it out of sysdb, which will slowly remove internal dependencies on
domains and instead will always require them to be passed by callers.
|
|
Change the way sysdbs are initialized. Make callers responsible for providing
the list of domains.
Remove the returned array of sysdb contexts, it was used only by sss_cache
and not really necessary there either as that tool can easily iterate the
domains.
Make sysdb ctx children of their respective domains.
Neither sysdb context nor domains are ever freed until a program is done so
there shouldn't be any memory hierarchy issue. As plus we simplify the code by
removing a destructor and a setter function.
|
|
This commit is the first of a complex work of untangling domain and sysdb.
It turns out the idea of keeping a reference to the domain within the sysdb was
a poor one so we need to split the domain out and change all functions that
needs one to get it explicitly from their callers.
|
|
Also fixes https://fedorahosted.org/sssd/ticket/1754
|
|
https://fedorahosted.org/sssd/ticket/1760
|
|
sss_authtok_get_password() already returns length without terminating
zero. This broke authentication over LDAP because we removed the
last password character.
|
|
Use the new authtok abstraction and interfaces throught the code.
|
|
These functions allow handling of auth tokens in a completely opaque way,
with clear semantics and accessor fucntions that guarantee consistency,
proper access to data and error conditions.
|
|
This is useful for wiping passwords, as it prevents the compiler from
optimizing out a memset to zero before a free()
|
|
Make it clear to the API users that we can not take arbitrary auth tokens.
We can only take a password for now so simplify and clarify the interface.
|
|
This set of functions had a few important issues:
1. the base_dn was always NULL, as the base array was never actually used
to construct any DN. This means each function searched the whole database
multiple times.
It would try to remove SYSDB_USN from all database entries 3 times.
Then it would try to find non updated entries another 3 times and delete
them, arguably find empty results the last 2 times.
2. Remove use of sysdb_private.h, that header is *PRIVATE* which means it
should not be used anywhere but within sysdb. Do this by using existing
functions instead of using ldb calls directly. This is important to keep
sysdb as conistent and self-contained as possible.
|
|
|
|
|
|
In the AD case, deployments sometimes add groups as parents of the
primary GID group. These groups are then returned during initgroups
in the tokenGroups attribute and member/memberof links are established
between the user and the group. However, any update of these groups
would remove the links, so a sequence of calls: id -G user; id user; id
-G user would return different group memberships.
The downside of this approach is that the user is returned as a group
member during getgrgid call as well.
|
|
The code would call sysdb_attrs_add_uint32 which added another UID or GID
to the ID=0 we already downloaded from LDAP (0 is the default value) when
ID-mapping an entry. This led to funky behaviour later on when we wanted
to process the ID.
|
|
This reverts commit d698499602461b98fd56f2d550f80c6cb25f12a9.
And adds the correct fix.
Also makes the function static,as it is used nowehere else.
|
|
Besides adding the missing default this patch suppresses a compiler
warning about ret being uninitialized.
|
|
|
|
Using a vtable like this has various drawacks, including the fact prototypes
are not checked by the compiler so the code could silently break and still
compile fine (in fact I found this out changing one of the prototypes).
A switch statement is also better because it catches if the enum changed and
won't risk allowing to access the table out of bounds.
|
