summaryrefslogtreecommitdiff
path: root/src/providers/ipa
AgeCommit message (Collapse)AuthorFilesLines
2013-04-02Making the authtok structure really opaque.Lukas Slebodnik1-1/+1
Definition of structure sss_auth_token was removed from header file authtok.h and there left only declaration of this structure. Therefore only way how to use this structure is to use accessory function from same header file. To creating new empty authotok can only be used newly created function sss_authtok_new(). TALLOC context was removed from copy and setter functions, because pointer to stuct sss_auth_token is used as a memory context. All declaration of struct sss_auth_token variables was replaced with pointer to this structure and related changes was made in source code. Function copy_pam_data can copy from argument src which was dynamically allocated with function create_pam_data() or zero initialized struct pam_data allocated on stack. https://fedorahosted.org/sssd/ticket/1830
2013-03-27selinux: Remove unused parameterJakub Hrozek1-1/+0
https://fedorahosted.org/sssd/ticket/1848
2013-03-21LDAP: If deref search fails, try again without derefJan Cholasta1-0/+6
https://fedorahosted.org/sssd/ticket/1660
2013-03-20Return error code from ipa_subdom_storeJakub Hrozek1-5/+13
2013-03-20ldap: Fallback option for rfc2307 schemaSimo Sorce1-0/+1
Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
2013-03-19Convert sdap_access to new error codesSimo Sorce1-10/+11
Also simplify sdap_access_send to avoid completely fake _send() routines.
2013-03-19Make the SELinux refresh time configurable.Michal Zidek3-2/+5
Option ipa_selinux_refresh is added to basic ipa options.
2013-03-19Reuse cached SELinux mappings.Michal Zidek2-3/+29
Reuse cached SELinux maps when they are requested within time interval (in this patch it is hardcoded to be 5 seconds). https://fedorahosted.org/sssd/ticket/1744
2013-03-19Move SELinux processing to provider.Michal Zidek2-31/+388
The SELinux processing was distributed between provider and pam responder which resulted in hard to maintain code. This patch moves the logic to provider. IT ALSO REQUIRES CHANGE IN THE SELINUX POLICY, because the provider also writes the content of selinux login file to disk (which was done by responder before). https://fedorahosted.org/sssd/ticket/1743
2013-03-19Use common error facility instead of sdap_resultSimo Sorce2-31/+27
Simplifies and consolidates error reporting for ldap authentication paths. Adds 3 new error codes: ERR_CHPASS_DENIED - Used when password constraints deny password changes ERR_ACCOUNT_EXPIRED - Account is expired ERR_PASSWORD_EXPIRED - Password is expired
2013-03-18Decrease krb5_auth_timeout defaultOndrej Kos1-1/+1
https://fedorahosted.org/sssd/ticket/1738
2013-03-13Fix initialization of multiple variablesOndrej Kos2-2/+2
2013-03-06Updated Doxygen configuration to 1.8.1Thorsten Scherf1-134/+478
https://fedorahosted.org/sssd/ticket/1819
2013-02-14subdomains: replace invalid characters with underscore in krb5 mapping file namePavel Březina1-1/+26
https://fedorahosted.org/sssd/ticket/1795 Only alpha-numeric chars, dashes and underscores are allowed in krb5 include directory.
2013-02-12Filter out multicast addresses from IPA DNS updatesJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1804
2013-02-10Introduce IS_SUBDOMAIN() macroSimo Sorce1-2/+2
Fixes https://fedorahosted.org/sssd/ticket/1766
2013-02-10Change the way domains are linked.Simo Sorce1-107/+45
- Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()
2013-02-10Remove sysdb_subdom completelySimo Sorce1-52/+58
struct sss_domain_info is always used to represent domains now. Adjust tests accordingly.
2013-02-10Refactor sysdb_master_domain_add_info()Simo Sorce1-24/+6
2013-02-10Update main domain info in placeSimo Sorce1-5/+4
2013-02-10Avoid sysdb_subdom in sysdb_get_subdomains()Simo Sorce1-3/+1
2013-02-10Add realm info to sss_domain_infoSimo Sorce2-3/+4
2013-02-10NSS: Add original homedir to home directory template optionsStephen Gallagher1-0/+1
https://fedorahosted.org/sssd/ticket/1805
2013-01-25Possible null derefence in ipa_subdomains.c.Michal Zidek1-0/+4
Found by coverity. https://fedorahosted.org/sssd/ticket/1790
2013-01-21Add be_req_get_data() helper funciton.Simo Sorce5-9/+11
In preparation for making struct be_req opaque.
2013-01-21Add be_req_get_be_ctx() helper.Simo Sorce7-53/+61
In preparation for making be_req opaque
2013-01-21Add be_req_create() helperSimo Sorce1-3/+2
2013-01-21Introduce be_req_terminate() helperSimo Sorce4-34/+24
Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
2013-01-21Remove domain from be_req structureSimo Sorce4-60/+45
2013-01-21Pass domain not be_req to access check functionsSimo Sorce1-1/+1
2013-01-21Do not pass NULL to ipa_subdomain_retrieve()Simo Sorce1-18/+20
2013-01-21Move hbac_ctx_is_offline()Simo Sorce2-7/+6
2013-01-21Remove hbac_ctx_sdap_id_[ctx|op]()Simo Sorce2-18/+6
2013-01-21Remove hbac_ctx_ev()Simo Sorce2-10/+3
2013-01-21Remove hbac_ctx_be()Simo Sorce3-12/+4
2013-01-21Remove hbac_ctx_sysdb()Simo Sorce2-12/+4
2013-01-21Remove sysdb argument from hbac_get_cached_rules()Simo Sorce3-9/+6
2013-01-21Remove sysdb arg from [ipa_]hbac_sysdb_save()Simo Sorce3-36/+25
Also make ipa_hbac_save_list() static
2013-01-21Remove sysdb arg from ipa_hbac_service_info_send()Simo Sorce3-5/+0
2013-01-21Remove sysdb arg from hbac_*host_attrs_to_rule()Simo Sorce3-11/+4
2013-01-21Remove sysdb arg from hbac_service_attrs_to_rule()Simo Sorce3-5/+2
2013-01-21Remove sysdb argument from hbac_user_attrs_to_rule()Simo Sorce3-6/+4
2013-01-21Remove unused structureSimo Sorce1-6/+0
2013-01-21Remove sysdb argument from ipa_host_info_send()Simo Sorce5-9/+3
2013-01-21Remove sysdb as a be request structure memberSimo Sorce3-7/+7
The sysdb context is already available through the 'domain' context.
2013-01-21Remove sysdb as a be context structure memberSimo Sorce5-13/+13
The sysdb context is already available through the 'domain' structure.
2013-01-15Add domain to some subdomain functionsSimo Sorce1-2/+7
2013-01-15Add domain arguments to sysdb ssh functionsSimo Sorce1-1/+2
2013-01-15Add domain argument to sysdb selinux functionsSimo Sorce3-4/+9
2013-01-15Add domain arg to sysdb_search/delete_netgroup()Simo Sorce1-1/+1