summaryrefslogtreecommitdiff
path: root/src/lib/idmap
AgeCommit message (Collapse)AuthorFilesLines
2013-06-28idmap: add sss_idmap_domain_has_algorithmic_mappingSumit Bose2-0/+55
With this call it can be checked if for a given domain algorithmic mapping is available or if the ID must be read from an external source. The default if an error occurs or no matching range was found is false, i.e external mapping, to meet the requirements for simple LDAP based domains where only external mapping is available. Fixes https://fedorahosted.org/sssd/ticket/1960
2013-06-28idmap: add calls to check if ID mapping conforms to rangesSumit Bose2-0/+186
When ID are mapped externally it must be checked if the extern ID falls into the right configured range to avoid ID conflicts. Fixes https://fedorahosted.org/sssd/ticket/1960
2013-06-28idmap: allow NULL domain sid for external mappingsSumit Bose1-32/+44
Since it is planned that the LDAP based ID providers (LDAP, AD, IPA) will always use libsss_idmap to map ID or get information about how to map it, it must be possible to add domains to libsss_idmap which do not have a SID or where is SID is not known when external mapping is used. Algorithmic mapping always requires a domain SID. Fixes https://fedorahosted.org/sssd/ticket/1960
2013-06-28idmap: add option to indicate external_mappingSumit Bose2-4/+43
The idea is that ranges for IDs from AD can be used in libsss_idmap as well, but whenever a mapping is requested for this range a specific error code IDMAP_EXTERNAL is returned to tell SSSD to do an AD lookup. This way SSSD does not need to inspect the ranges itself but all is done inside if libsss_idmap. Fixes https://fedorahosted.org/sssd/ticket/1960
2013-06-28idmap: add optional unique range idSumit Bose2-1/+17
To be able to detect configuration changes in idranges managed by FreeIPA an identifier should be stored on the client together with the other idrange related data. Fixes https://fedorahosted.org/sssd/ticket/1979
2013-06-28idmap: allow first RID to be setSumit Bose2-20/+109
Currently libss_idmap implicitly assumes that the RID 0 is always mapped to the first ID of the given range. This is not the case anymore when multiple ranges are used e.g. for trusted domains in FreeIPA. A new call sss_idmap_add_domain_ex() was added which can take the first RID as an argument. This new call will get more options with other patches hence I didn't change the library version with this patch. Fixes https://fedorahosted.org/sssd/ticket/1938
2013-06-11Fix some doxygen warningsSumit Bose1-3/+3
2013-05-03IDMAP: Fix variable initializationOndrej Kos1-1/+1
Before the recent changes, the variable was set to 0 too because it used to be part of a structure allocated with talloc_zero.
2013-04-29libsss_idmap: function to calculate rangeMichal Zidek3-1/+287
Calculation of range for domains is moved from sdap_idmap code to sss_idmap code. Some refactoring have been done to allow this move. https://fedorahosted.org/sssd/ticket/1844
2013-04-03Fix potential out-of-bounds write in sss_idmap_sid_to_dom_sidJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1861
2013-03-06Updated Doxygen configuration to 1.8.1Thorsten Scherf1-134/+478
https://fedorahosted.org/sssd/ticket/1819
2013-01-08IDMAP: add sss_idmap_smb_sid_to_unix()Sumit Bose2-0/+39
To avoid a conversion on the caller side a new call is added to libsss_idmap which converts a Samba dom_sid structure to a Posix ID.
2012-12-04Dereference after null check in sss_idmap_sid_to_unixMichal Zidek1-1/+5
https://fedorahosted.org/sssd/ticket/1684
2012-11-28idmap: Silence DEBUG messages when dealing with built-in SIDs.Michal Zidek2-1/+17
When converting built-in SID to unix GID/UID a confusing debug message about the failed conversion was printed. This patch special cases these built-in objects. https://fedorahosted.org/sssd/ticket/1593
2012-06-08sss_idmap: fix typo which prevents sub auth larger then 2^31Sumit Bose1-3/+3
A test to cover this is added as well.
2012-06-08sss_idmap: add support for samba struct dom_sidSumit Bose3-0/+305
The samba ndr libraries use struct dom_sid to handle SIDs. Since there is no public samba library which offers conversion from other representations, e.g. as string, this is added to libsss_idmap. To avoid compile-time or run-time dependency to any samba library or header file the definition of the struct is copied here.
2012-05-14Rename struct dom_sid to struct sss_dom_sidSumit Bose3-23/+23
To avoid conflicts with struct dom_sid used by samba the sss_ prefix is added to the struct used by libsss_idmap.
2012-05-04Fix endian issue in SID conversionSumit Bose1-9/+13
Since the byte-order is only important when dealing with the binary SID the sub-auth values are stored in host order and are only converted while reading or writing the binary SID.
2012-05-03LDAP: Add routine to extract domain SID from an object SIDStephen Gallagher2-2/+3
Also makes the domain prefix macros from sss_idmap public.
2012-05-01Allow different SID representations in libidmapSumit Bose4-13/+719
Besides as strings it is now possible to use binary SIDs or a struct containing all SID information. Functions to convert between these formats are added as well.
2012-04-05Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTIONJakub Hrozek1-3/+4
https://fedorahosted.org/sssd/ticket/1271
2012-03-26Add idmap librarySumit Bose4-0/+2123