Age | Commit message (Collapse) | Author | Files | Lines |
|
Add a help function which returns the ldb_dn object for the base dn of
the cache.
|
|
Make sure the right sub-tree in the cache is used to search for ranges.
Sub-domain trees do not have range objects only the tree of the parent
domain.
|
|
https://fedorahosted.org/sssd/ticket/1574
|
|
|
|
|
|
|
|
A couple of sysdb functions used "void *" in place of a TALLOC_CTX.
|
|
The domain can be read from the sysdb object. Removing the domain string
makes the API more self-contained.
|
|
|
|
This patch switches from using just key in the RDN to using both key and
value. That is neccessary to allow multiple direct mounts in a single
map.
|
|
https://fedorahosted.org/sssd/ticket/1506
Changes how the new autofs entry objects are handled. Instead of
creating the entry on the cn=autofs,cn=custom level, the entry is
created below the map it belongs to.
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1513
This is a counterpart of the FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3045
During an e-mail discussion, it was decided that
* if the default is set in the IPA config object, the SSSD would use
that default no matter what
* if the default is not set (aka empty or missing), the SSSD
would just use the system default and skip creating the login
file altogether
|
|
There's no point in checking if the object already exists because we always
wipe the whole sysdb subtree. We were also immediatelly cancelling the
transaction because we'd jump to goto, even though it was with EOK.
|
|
|
|
|
|
|
|
Also rename it to sysdb_attrs_get_el_ext()
|
|
https://fedorahosted.org/sssd/ticket/1455
In case there are no rules on the IPA server, we must simply avoid generating
the login file. That would make us fall back to the system-wide default
defined in /etc/selinux/targeted/seusers.
The IPA default must be only used if there *are* rules on the server,
but none matches.
|
|
It is not an attribute.
|
|
It does not contain name of the object class attribute but the value
itself. I renamed it to avoid confusion.
|
|
|
|
|
|
|
|
This patch keeps a local copy of the subdomains in the ipa subdomains plugin
context.
This has 2 advantages:
1. allows to check if anything changed w/o always hitting the sysdb.
2. later will allows us to dump this information w/o having to retrieve it
again. The timestamp also allows to avoid refreshing too often.
|
|
This will be used later for setting domain_realm mappings in krb5.conf
|
|
The debuf message was trying to print the number of returned entries, but no
integer was provided.
Return ENOENT as the error for when there are no entries, not EINVAL.
|
|
|
|
|
|
|
|
|
|
Rename the structure to use a standard name prefix so it is properly
name-spaced, in preparation for changing the structure itself.
|
|
|
|
There was a logic bug in sysdb_search_selinux_usermap_by_username that
resulted in returning the value the variable "ret" had after the last
call to sysdb_attrs_get_uint32_t, which in cases the last rule processed
did not have the requested attributes led to using the default user
context.
|
|
https://fedorahosted.org/sssd/ticket/1379
|
|
|
|
The functionality now is following:
When rule is being matched, its priority is determined as a combination
of user and host specificity (host taking preference).
After the rule is matched in provider, only its host priority is stored
in sysdb for later usage.
When rules are matched in the responder, their user priority is
determined. After that their host priority is retrieved directly from
sysdb and sum of both priorities is user to determine whether to use
that rule or not. If more rules have the same priority, the order given
in IPA config is used.
https://fedorahosted.org/sssd/ticket/1360
https://fedorahosted.org/sssd/ticket/1395
|
|
This function copies all values from one sysdb_attrs structure to
another
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The query is performed only if there is missing information in the
cache. That means this should be done only once after restart when cache
doesn't exist. All subsequent requests for subdomains won't include the
request for master domain.
|
|
The block that upgraded the version was at a wrong indentation level, so
it never ran if there were no fake users to convert
|
|
It is remotely possible to have sysdb in an inconsistent state that
might need upgrade. Consider scenario when user asks for group
information. Some fake users are added as a part of this operation.
Before users can be fully resolved and stored properly, SSSD is shut
down and upgrade is performed.
In this case we need to go over all fake user records (uidNumber=0) and
replace each of them with ghost record in all group objects that are stated in
its memberof attribute.
|