summaryrefslogtreecommitdiff
path: root/src/providers/ipa/ipa_subdomains.c
AgeCommit message (Collapse)AuthorFilesLines
2013-06-27AD: Write out domain-realm mappingsJakub Hrozek1-164/+3
This patch reuses the code from IPA provider to make sure that domain-realm mappings are written even for AD sub domains.
2013-06-16subdomains: touch krb5.conf when creating new domain-realm mappingsPavel Březina1-0/+8
https://fedorahosted.org/sssd/ticket/1815
2013-06-07LDAP: sdap_id_ctx might contain several connectionsJakub Hrozek1-1/+1
With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
2013-05-28IPA: Check for ENOMEMJakub Hrozek1-0/+3
2013-04-29Make IPA SELinux provider aware of subdomain usersSumit Bose1-0/+14
Fixes https://fedorahosted.org/sssd/ticket/1892
2013-03-20Return error code from ipa_subdom_storeJakub Hrozek1-5/+13
2013-02-14subdomains: replace invalid characters with underscore in krb5 mapping file namePavel Březina1-1/+26
https://fedorahosted.org/sssd/ticket/1795 Only alpha-numeric chars, dashes and underscores are allowed in krb5 include directory.
2013-02-10Introduce IS_SUBDOMAIN() macroSimo Sorce1-2/+2
Fixes https://fedorahosted.org/sssd/ticket/1766
2013-02-10Change the way domains are linked.Simo Sorce1-107/+45
- Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()
2013-02-10Remove sysdb_subdom completelySimo Sorce1-52/+58
struct sss_domain_info is always used to represent domains now. Adjust tests accordingly.
2013-02-10Refactor sysdb_master_domain_add_info()Simo Sorce1-24/+6
2013-02-10Update main domain info in placeSimo Sorce1-5/+4
2013-02-10Avoid sysdb_subdom in sysdb_get_subdomains()Simo Sorce1-3/+1
2013-01-25Possible null derefence in ipa_subdomains.c.Michal Zidek1-0/+4
Found by coverity. https://fedorahosted.org/sssd/ticket/1790
2013-01-21Add be_req_get_be_ctx() helper.Simo Sorce1-1/+2
In preparation for making be_req opaque
2013-01-21Add be_req_create() helperSimo Sorce1-3/+2
2013-01-21Introduce be_req_terminate() helperSimo Sorce1-13/+8
Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
2013-01-21Remove domain from be_req structureSimo Sorce1-19/+4
2013-01-21Do not pass NULL to ipa_subdomain_retrieve()Simo Sorce1-18/+20
2013-01-21Remove sysdb as a be request structure memberSimo Sorce1-4/+4
The sysdb context is already available through the 'domain' context.
2013-01-21Remove sysdb as a be context structure memberSimo Sorce1-3/+3
The sysdb context is already available through the 'domain' structure.
2013-01-15Add domain to some subdomain functionsSimo Sorce1-2/+7
2013-01-15Remove the sysdb_ctx_get_domain() function.Simo Sorce1-1/+4
We are deprecating sysdb->domain so kill the function that gives access to this member as we should stop relying on it being available (or correct).
2012-11-14Run IPA subdomain provider if IPA ID provider is configuredSumit Bose1-1/+67
To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
2012-10-12Allow extdom exop to return flat domain name as wellSumit Bose1-0/+24
There are case where the extdom extended operation will return the flat or NetBIOS name of a domain instead of the DNS domain name. If this name is available for the current domain we accept it as well. Related to https://fedorahosted.org/sssd/ticket/1561
2012-08-23Consolidation of functions that make realm upper-caseOndrej Kos1-17/+1
2012-08-06IPA: Securely set umask for mkstemp in subdomain providerStephen Gallagher1-0/+3
https://fedorahosted.org/sssd/ticket/1457
2012-08-06IPA: Do not attempt to close the same file twiceStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/1456
2012-08-01Create a domain-realm mapping for krb5.conf to be includedJakub Hrozek1-0/+135
When new subdomains are discovered, the SSSD creates a file that includes the domain-realm mappings. This file can in turn be included in the krb5.conf using the includedir directive, such as: includedir /var/lib/sss/pubconf/realm_mappings
2012-08-01Add automatic periodic retrieval of subdomainsSimo Sorce1-1/+44
2012-08-01Add online callback to enumerate subdomainsSimo Sorce1-24/+49
2012-08-01Limit refreshes keeping track of last refresh timeSimo Sorce1-26/+46
2012-08-01Change refreshing of subdomainsSimo Sorce1-65/+156
This patch keeps a local copy of the subdomains in the ipa subdomains plugin context. This has 2 advantages: 1. allows to check if anything changed w/o always hitting the sysdb. 2. later will allows us to dump this information w/o having to retrieve it again. The timestamp also allows to avoid refreshing too often.
2012-08-01Expose an initializer function from subdomainSimo Sorce1-0/+35
Instead of exporting internal structures, expose an initilizer function like the autofs code and initialize everything inside the ipa_subdomains.c file.
2012-08-01Add realm paramter to subdomain listSimo Sorce1-0/+27
This will be used later for setting domain_realm mappings in krb5.conf
2012-08-01Use a more tractable name for subdomain requestSimo Sorce1-7/+5
I am all for readable names, but there is a tradeof between expressing purpose and compactness.
2012-08-0180 col and style fixesSimo Sorce1-20/+48
Something like this: sysdb = (be_req->sysdb)?be_req->sysdb:be_req->be_ctx->sysdb; really is not readable, and we always discourage using obfuscated C, please refrain in future.
2012-08-01Make structure initializer more readableSimo Sorce1-7/+15
2012-08-01Fix wrong elements used in comparisonSimo Sorce1-1/+1
2012-08-01Change subdomain_infoSimo Sorce1-6/+6
Rename the structure to use a standard name prefix so it is properly name-spaced, in preparation for changing the structure itself.
2012-07-10Remove dead code in ipa_subdomains_handler_done()Sumit Bose1-1/+1
Fixes https://fedorahosted.org/sssd/ticket/1410
2012-06-21Add support for ID rangesSumit Bose1-10/+166
2012-06-10IPA subdomains - ask for information about master domainJan Zeleny1-15/+132
The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
2012-04-24IPA: Add get-domains targetSumit Bose1-0/+319