summaryrefslogtreecommitdiff
path: root/src/db
AgeCommit message (Collapse)AuthorFilesLines
2012-10-26sysdb: add sysdb_base_dn()Sumit Bose2-0/+5
Add a help function which returns the ldb_dn object for the base dn of the cache.
2012-10-26sysdb: look for ranges in the parent treeSumit Bose1-1/+4
Make sure the right sub-tree in the cache is used to search for ranges. Sub-domain trees do not have range objects only the tree of the parent domain.
2012-10-12SSH: When host keys are removed from LDAP, remove them from the cache as wellJan Cholasta1-36/+34
https://fedorahosted.org/sssd/ticket/1574
2012-10-05SSH: Expire hosts in known_hostsJan Cholasta5-3/+179
2012-10-05SSH: Refactor sysdb and related codeJan Cholasta2-85/+182
2012-10-01sysdb_master_domain_get_info: fix copy-and-paste errorSumit Bose1-2/+2
2012-09-24DB: Use TALLOC_CTX for talloc contextJakub Hrozek1-10/+10
A couple of sysdb functions used "void *" in place of a TALLOC_CTX.
2012-09-24SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek5-76/+58
The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
2012-09-24AUTOFS: convert the existing autofs entries during a sysdb upgradeJakub Hrozek3-1/+144
2012-09-24AUTOFS: Use both key and value in entry RDNJakub Hrozek2-11/+40
This patch switches from using just key in the RDN to using both key and value. That is neccessary to allow multiple direct mounts in a single map.
2012-09-24AUTOFS: Add entry objects below map objectsJakub Hrozek4-146/+64
https://fedorahosted.org/sssd/ticket/1506 Changes how the new autofs entry objects are handled. Instead of creating the entry on the cn=autofs,cn=custom level, the entry is created below the map it belongs to.
2012-09-20DB: Cancel transaction in sysdb_store_user if sysdb_add_user failsJakub Hrozek1-1/+8
2012-09-20LDB_ERR_INVALID_ATTRIBUTE_SYNTAX added to sysdb_error_to_errno.Michal Zidek1-0/+2
2012-09-13SELinux: Always use the default if it exists on the serverJakub Hrozek1-2/+9
https://fedorahosted.org/sssd/ticket/1513 This is a counterpart of the FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3045 During an e-mail discussion, it was decided that * if the default is set in the IPA config object, the SSSD would use that default no matter what * if the default is not set (aka empty or missing), the SSSD would just use the system default and skip creating the login file altogether
2012-09-13DB: Always write the SELinux object to sysdbJakub Hrozek1-70/+8
There's no point in checking if the object already exists because we always wipe the whole sysdb subtree. We were also immediatelly cancelling the transaction because we'd jump to goto, even though it was with EOK.
2012-09-10SYSDB: NULL-terminate the output of sysdb_get_{ranges,subdomains}Jakub Hrozek2-2/+5
2012-09-05SYSDB: Commit transaction in sysdb_store_userJakub Hrozek1-17/+19
2012-09-04Unify usage of sysdb transactions (part 2).Michal Zidek9-270/+330
2012-08-21SYSDB: Make sysdb_attrs_get_el_int() publicStephen Gallagher2-8/+10
Also rename it to sysdb_attrs_get_el_ext()
2012-08-16Only create the SELinux login file if there are mappings on the serverJakub Hrozek1-6/+1
https://fedorahosted.org/sssd/ticket/1455 In case there are no rules on the IPA server, we must simply avoid generating the login file. That would make us fall back to the system-wide default defined in /etc/selinux/targeted/seusers. The IPA default must be only used if there *are* rules on the server, but none matches.
2012-08-07Remove SYSDB_SUDO_CACHE_OC from attribute listsPavel Březina1-1/+0
It is not an attribute.
2012-08-07Rename SYSDB_SUDO_CACHE_AT_OC to SYSDB_SUDO_CACHE_OCPavel Březina2-4/+4
It does not contain name of the object class attribute but the value itself. I renamed it to avoid confusion.
2012-08-07Remove redefinition of some SYSDB_* macrosPavel Březina1-10/+0
2012-08-06SYSDB: Use ldb_msg_add_string for simple string additionsJakub Hrozek3-12/+12
2012-08-06SYSDB: Check the return valueJakub Hrozek1-0/+1
2012-08-01Change refreshing of subdomainsSimo Sorce2-7/+9
This patch keeps a local copy of the subdomains in the ipa subdomains plugin context. This has 2 advantages: 1. allows to check if anything changed w/o always hitting the sysdb. 2. later will allows us to dump this information w/o having to retrieve it again. The timestamp also allows to avoid refreshing too often.
2012-08-01Add realm paramter to subdomain listSimo Sorce2-3/+63
This will be used later for setting domain_realm mappings in krb5.conf
2012-08-01Fix return error and debug messageSimo Sorce1-2/+7
The debuf message was trying to print the number of returned entries, but no integer was provided. Return ENOENT as the error for when there are no entries, not EINVAL.
2012-08-01Use ldb_msg_add_string with bare stringsSimo Sorce1-9/+7
2012-08-01Fix wrong elements used in comparisonSimo Sorce1-2/+2
2012-08-01Fix double semi-colonsSimo Sorce1-5/+5
2012-08-0180 columns policeSimo Sorce1-8/+13
2012-08-01Change subdomain_infoSimo Sorce2-17/+17
Rename the structure to use a standard name prefix so it is properly name-spaced, in preparation for changing the structure itself.
2012-07-20SYSDB: Add log message for unexpected LDB errorsStephen Gallagher1-0/+3
2012-07-20Fix sysdb_search_selinux_usermap_by_username return valueJakub Hrozek1-0/+1
There was a logic bug in sysdb_search_selinux_usermap_by_username that resulted in returning the value the variable "ret" had after the last call to sysdb_attrs_get_uint32_t, which in cases the last rule processed did not have the requested attributes led to using the default user context.
2012-07-18Fix uninitialized valuesNick Guay2-3/+3
https://fedorahosted.org/sssd/ticket/1379
2012-07-18SYSDB: Delete SELinux mappingsJakub Hrozek2-0/+19
2012-07-18Modify priority evaluation in SELinux user mapsJan Zeleny2-1/+34
The functionality now is following: When rule is being matched, its priority is determined as a combination of user and host specificity (host taking preference). After the rule is matched in provider, only its host priority is stored in sysdb for later usage. When rules are matched in the responder, their user priority is determined. After that their host priority is retrieved directly from sysdb and sum of both priorities is user to determine whether to use that rule or not. If more rules have the same priority, the order given in IPA config is used. https://fedorahosted.org/sssd/ticket/1360 https://fedorahosted.org/sssd/ticket/1395
2012-07-18Add function sysdb_attrs_copy_values()Jan Zeleny2-0/+27
This function copies all values from one sysdb_attrs structure to another
2012-07-10Cast uid_t to unsigned long long in DEBUG messagesJakub Hrozek1-2/+2
2012-06-29sudo: clean upPavel Březina2-212/+0
2012-06-29sudo sysdb: add expiration time to the filterPavel Březina2-0/+9
2012-06-29sysdb: remove sudo_set/get_refreshedPavel Březina2-63/+0
2012-06-29sysdb: add getter/setter for last sudo full refresh timePavel Březina2-0/+147
2012-06-29sudo sysdb: make sysdb_get_sudo_user_info more configurablePavel Březina1-25/+35
2012-06-21Add support for ID rangesSumit Bose2-0/+384
2012-06-12SYSDB: Reduce noise level of debug messages in lookupsStephen Gallagher1-6/+8
2012-06-10IPA subdomains - ask for information about master domainJan Zeleny2-0/+173
The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
2012-06-05Fix the 0.11 sysdb upgradeJakub Hrozek1-26/+26
The block that upgraded the version was at a wrong indentation level, so it never ran if there were no fake users to convert
2012-05-31Ghost members - sysdb upgrade routineJan Zeleny3-1/+157
It is remotely possible to have sysdb in an inconsistent state that might need upgrade. Consider scenario when user asks for group information. Some fake users are added as a part of this operation. Before users can be fully resolved and stored properly, SSSD is shut down and upgrade is performed. In this case we need to go over all fake user records (uidNumber=0) and replace each of them with ghost record in all group objects that are stated in its memberof attribute.