summaryrefslogtreecommitdiff
path: root/src/db/sysdb.h
AgeCommit message (Collapse)AuthorFilesLines
2013-01-15Add domain argument to sysdb_get_user_attr()Simo Sorce1-0/+1
2013-01-15Add domain argument to sysdb_initgroups()Simo Sorce1-0/+1
2013-01-15Add domain option to sysdb_get/netgr/attrs() fnsSimo Sorce1-0/+2
2013-01-15Pass domain to sysdb_enum<pw/gr>ebt() functionsSimo Sorce1-0/+2
2013-01-15Pass domain to sysdb_get<pwu/grg><id() functionsSimo Sorce1-0/+2
2013-01-15Pass domain to sysdb_get<pw/gr>nam() functionsSimo Sorce1-9/+2
Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not.
2013-01-15Move range objects into their own top-level tree.Simo Sorce1-1/+1
Storing ranges for multiple domains under any specific domain is somewhat aritrary and unnecessary. Put ranges under cn=ranges,cn=sysdb, without involving any specific domain subtree. This allows us to avoid using sysdb->domain in ranges functions. Also storing other subdomains data under the parent domain tree felt wrong, all other domain specific data is under their own subtree. Moving this data in its own place seems a better solution.
2013-01-15Make sysdb_custom_subtree_dn() require a domain.Simo Sorce1-1/+3
2013-01-15Make sysdb_custom_dn() require a domain.Simo Sorce1-0/+1
2013-01-15Make sysdb_domain_dn() require a domain.Simo Sorce1-1/+2
2013-01-15Make sysdb_netgroup_base_dn() require a domain.Simo Sorce1-1/+3
2013-01-15Make sysdb_netgroup_dn() require a domain explictly.Simo Sorce1-1/+1
2013-01-15Make sysdb_group_dn() require a domain explictly.Simo Sorce1-1/+1
2013-01-15Make sysdb_user_dn() require a domain explictly.Simo Sorce1-1/+1
2013-01-15Remove the sysdb_ctx_get_domain() function.Simo Sorce1-2/+0
We are deprecating sysdb->domain so kill the function that gives access to this member as we should stop relying on it being available (or correct).
2013-01-15Refactor single domain initializationSimo Sorce1-7/+0
Bring it out of sysdb, which will slowly remove internal dependencies on domains and instead will always require them to be passed by callers.
2013-01-15Refactor sysdb initializationSimo Sorce1-17/+2
Change the way sysdbs are initialized. Make callers responsible for providing the list of domains. Remove the returned array of sysdb contexts, it was used only by sss_cache and not really necessary there either as that tool can easily iterate the domains. Make sysdb ctx children of their respective domains. Neither sysdb context nor domains are ever freed until a program is done so there shouldn't be any memory hierarchy issue. As plus we simplify the code by removing a destructor and a setter function.
2013-01-10Code can only check for cached passwordsSimo Sorce1-2/+1
Make it clear to the API users that we can not take arbitrary auth tokens. We can only take a password for now so simplify and clarify the interface.
2013-01-08Remove dead netgroup functionsSimo Sorce1-32/+0
2013-01-08SYSDB: Remove duplicate selinux definesJakub Hrozek1-5/+0
2013-01-07Remove redundant definition.Simo Sorce1-1/+0
We had 2 defines for the same class. Consolidate and remove confusion.
2012-11-20LDAP: Only convert direct parents' ghost attribute to memberJakub Hrozek1-0/+3
https://fedorahosted.org/sssd/ticket/1612 This patch changes the handling of ghost attributes when saving the actual user entry. Instead of always linking all groups that contained the ghost attribute with the new user entry, the original member attributes are now saved in the group object and the user entry is only linked with its direct parents. As the member attribute is compared against the originalDN of the user, if either the originalDN or the originalMember attributes are missing, the user object is linked with all the groups as a fallback. The original member attributes are only saved if the LDAP schema supports nesting.
2012-11-19Refactor the way subdomain accounts are savedSimo Sorce1-0/+9
The original sysdb code had a strong assumption that only users from one domain are saved in the databse, with the subdomain feature, we have changed reality, but have not adjusted all the code arund the sysdb calls to not rely on the original assumption. One of the side effects of this incongrunece is that currently group memberships do not return fully qualified names for subdomain users as they should. In oreder to fix this and other potential issues surrounding the violation of the original assumption, we need to fully qualify subdomain user names. By savin them fully qualified we do not risk aliasing local users and have group memberhips or other name based matching code mistake a domain user with subdomain usr or vice versa.
2012-11-19Display more information on DB version mismatchOndrej Kos1-0/+30
https://fedorahosted.org/sssd/ticket/1589 Added check for determining, whether database version is higher or lower than expected. To distinguish it from other errors it uses following retun values (further used for appropriate error message): EMEDIUMTYPE for lower version than expected EUCLEAN for higher version than expected When SSSD or one of it's tools fails on DB version mismatch, new error message is showed suggesting how to proceed.
2012-11-19SYSDB: Remove unused macrosJakub Hrozek1-15/+0
2012-11-10Add pac_user_get_grp_info() to read current group membershipsSumit Bose1-0/+1
To be able to efficiently store group memberships we need to know the current memberships of a user. sysdb_initgroups() is used to read the user entry together with all groups the user is a member of. Some of the group attributes are kept to avoid additional lookups and speed up further processing. Currently sysdb_initgroups() does not return the original DN of the group. Since it is needed to remove memberships later on it is added to the list of requested attributes
2012-10-26sysdb: add sysdb_base_dn()Sumit Bose1-0/+1
Add a help function which returns the ldb_dn object for the base dn of the cache.
2012-09-24DB: Use TALLOC_CTX for talloc contextJakub Hrozek1-10/+10
A couple of sysdb functions used "void *" in place of a TALLOC_CTX.
2012-09-24SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek1-10/+7
The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
2012-09-24AUTOFS: Add entry objects below map objectsJakub Hrozek1-1/+0
https://fedorahosted.org/sssd/ticket/1506 Changes how the new autofs entry objects are handled. Instead of creating the entry on the cn=autofs,cn=custom level, the entry is created below the map it belongs to.
2012-08-21SYSDB: Make sysdb_attrs_get_el_int() publicStephen Gallagher1-0/+2
Also rename it to sysdb_attrs_get_el_ext()
2012-08-07Remove redefinition of some SYSDB_* macrosPavel Březina1-10/+0
2012-08-01Change refreshing of subdomainsSimo Sorce1-1/+2
This patch keeps a local copy of the subdomains in the ipa subdomains plugin context. This has 2 advantages: 1. allows to check if anything changed w/o always hitting the sysdb. 2. later will allows us to dump this information w/o having to retrieve it again. The timestamp also allows to avoid refreshing too often.
2012-08-01Add realm paramter to subdomain listSimo Sorce1-3/+5
This will be used later for setting domain_realm mappings in krb5.conf
2012-08-01Change subdomain_infoSimo Sorce1-5/+5
Rename the structure to use a standard name prefix so it is properly name-spaced, in preparation for changing the structure itself.
2012-07-18Modify priority evaluation in SELinux user mapsJan Zeleny1-0/+1
The functionality now is following: When rule is being matched, its priority is determined as a combination of user and host specificity (host taking preference). After the rule is matched in provider, only its host priority is stored in sysdb for later usage. When rules are matched in the responder, their user priority is determined. After that their host priority is retrieved directly from sysdb and sum of both priorities is user to determine whether to use that rule or not. If more rules have the same priority, the order given in IPA config is used. https://fedorahosted.org/sssd/ticket/1360 https://fedorahosted.org/sssd/ticket/1395
2012-07-18Add function sysdb_attrs_copy_values()Jan Zeleny1-0/+3
This function copies all values from one sysdb_attrs structure to another
2012-06-21Add support for ID rangesSumit Bose1-0/+39
2012-06-10IPA subdomains - ask for information about master domainJan Zeleny1-0/+7
The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
2012-05-31Ghost members - modifications in sysdbJan Zeleny1-5/+0
Deleted sysdb_add_fake_user(): This function is no longer used. Modified sysdb_add_user(): When user object is added to sysdb, it is important to iterate over all groups that might have its name or any of its aliases as ghost member and replace this ghost membership by a real one. This will eliminate duplicite memberships.
2012-05-31Ghost members - add the ghost attribute to sysdbJan Zeleny1-0/+2
2012-05-03LDAP: Map the user's primaryGroupIDStephen Gallagher1-0/+1
2012-05-03LDAP: Enable looking up ID-mapped users by nameStephen Gallagher1-0/+1
2012-05-03SYSDB: Add sysdb routines for ID-mappingStephen Gallagher1-0/+31
2012-05-03LDAP: Add objectSID config optionStephen Gallagher1-0/+1
2012-04-24Sysdb routines for subdomainsJan Zeleny1-0/+72
2012-04-18Removed unused function sysdb_attrs_users_from_ldb_vals()Jan Zeleny1-5/+0
2012-03-06Search netgroups by alias, tooJakub Hrozek1-2/+2
https://fedorahosted.org/sssd/ticket/1228
2012-02-29Remove sysdb_get_ctx_from_list()Sumit Bose1-4/+0
2012-02-29Keep sysdb context in domain info structSumit Bose1-0/+9