summaryrefslogtreecommitdiff
path: root/src/providers
AgeCommit message (Collapse)AuthorFilesLines
2013-01-15Add domain arguments to sysdb_add_inetgroup fns.Simo Sorce3-4/+6
2013-01-15Add domain arguments to sysdb_add_group functions.Simo Sorce2-4/+6
2013-01-15Add domain argument to sysdb_set_user_attr()Simo Sorce3-8/+16
2013-01-15Add domain to sysdb_search_group_by_gid()Simo Sorce2-2/+2
Also remove unused sysdb_search_domgroup_by_gid()
2013-01-15Add domain to sysdb_search_group_by_name()Simo Sorce3-7/+16
Also remove unused sysdb_search_domgroup_by_name()
2013-01-15Add domain to sysdb_search_user_by_name()Simo Sorce10-23/+50
Also remove unused sysdb_search_domuser_by_name()
2013-01-15Add domain argument to sysdb_get_user_attr()Simo Sorce6-15/+18
2013-01-15Add domain argument to sysdb_initgroups()Simo Sorce1-1/+1
2013-01-15Pass domain to sysdb_get<pwu/grg><id() functionsSimo Sorce1-3/+3
2013-01-15Make sysdb_custom_subtree_dn() require a domain.Simo Sorce3-4/+6
2013-01-15Make sysdb_custom_dn() require a domain.Simo Sorce2-5/+9
2013-01-15Make sysdb_domain_dn() require a domain.Simo Sorce1-1/+1
2013-01-15Make sysdb_netgroup_base_dn() require a domain.Simo Sorce1-1/+1
2013-01-15Remove the sysdb_ctx_get_domain() function.Simo Sorce1-1/+4
We are deprecating sysdb->domain so kill the function that gives access to this member as we should stop relying on it being available (or correct).
2013-01-15Refactor single domain initializationSimo Sorce1-2/+2
Bring it out of sysdb, which will slowly remove internal dependencies on domains and instead will always require them to be passed by callers.
2013-01-14let ldap_backup_chpass_uri workPavel Březina1-2/+4
https://fedorahosted.org/sssd/ticket/1760
2013-01-14Fix LDAP authentication - invalid password lengthPavel Březina1-1/+1
sss_authtok_get_password() already returns length without terminating zero. This broke authentication over LDAP because we removed the last password character.
2013-01-10Change pam data auth tokens.Simo Sorce16-373/+429
Use the new authtok abstraction and interfaces throught the code.
2013-01-10Code can only check for cached passwordsSimo Sorce1-4/+17
Make it clear to the API users that we can not take arbitrary auth tokens. We can only take a password for now so simplify and clarify the interface.
2013-01-10Fix sdap reinit.Simo Sorce1-82/+89
This set of functions had a few important issues: 1. the base_dn was always NULL, as the base array was never actually used to construct any DN. This means each function searched the whole database multiple times. It would try to remove SYSDB_USN from all database entries 3 times. Then it would try to find non updated entries another 3 times and delete them, arguably find empty results the last 2 times. 2. Remove use of sysdb_private.h, that header is *PRIVATE* which means it should not be used anywhere but within sysdb. Do this by using existing functions instead of using ldb calls directly. This is important to keep sysdb as conistent and self-contained as possible.
2013-01-09AD: Add user as a direct member of his primary groupJakub Hrozek1-8/+109
In the AD case, deployments sometimes add groups as parents of the primary GID group. These groups are then returned during initgroups in the tokenGroups attribute and member/memberof links are established between the user and the group. However, any update of these groups would remove the links, so a sequence of calls: id -G user; id user; id -G user would return different group memberships. The downside of this approach is that the user is returned as a group member during getgrgid call as well.
2013-01-09AD: replace GID/UID, do not add another oneJakub Hrozek4-7/+41
The code would call sysdb_attrs_add_uint32 which added another UID or GID to the ID=0 we already downloaded from LDAP (0 is the default value) when ID-mapping an entry. This led to funky behaviour later on when we wanted to process the ID.
2013-01-08IPA: Rename IPA_CONFIG_SELINUX_DEFAULT_MAPJakub Hrozek3-4/+6
It is not a map, but a default context. The name should reflect that.
2013-01-08SELINUX: Process maps even when offlineJakub Hrozek1-226/+429
Changes the ipa_get_selinux{send,recv} request so that it only delivers data and moves processing to the IPA selinux handler.
2013-01-08SYSDB: Remove duplicate selinux definesJakub Hrozek1-0/+1
2013-01-07sudo smart refresh: fix debug messagePavel Březina1-1/+1
2013-01-07sudo smart refresh: do not include usn in filter if no valid usn is knownPavel Březina1-5/+12
https://fedorahosted.org/sssd/ticket/1736 When there are no rules during first refresh, we don't have valid USN value. We use 0 in this case, but it turned out that OpenLDAP takes it as invalid time format (if modifyTimestamp is used instead of USN) and thus returns no records. Now we don't include USN/modifyTimestamp attribute in the filter if such situasion occurs.
2013-01-07Fix tevent_req style for sdap_async_sudo.Simo Sorce1-22/+22
Use correct name for _done() function from the caller. Remove unneded initializzations to NULL for a lot of variables hat are going to be assigned as the first thing done in the functions.
2013-01-04LDAP: initialize refresh function handlerOndrej Kos1-1/+1
2013-01-02let krb5_backup_kpasswd failover workPavel Březina1-2/+2
https://fedorahosted.org/sssd/ticket/1735
2013-01-02failover: Protect against empty host namesMichal Zidek6-8/+8
Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
2013-01-02set ret to EOK after for loop in sdap_sudo_purge_sudoersPavel Březina1-0/+2
If we are unable to delete some rule from cache we print a debug message and ignore the error. Thus we should set ret to EOK after the for loop otherwise we return whether the last rule was deleted successfully or not. This also removes compilation warning that ret may be used uninitialized (when we don't go inside the loop at all).
2012-12-20krb5 tgt renewal: fix usage of ldb_dn_get_component_val()Sumit Bose1-4/+4
For some reason I was under the impression that the DN components are counted backwards in libldb. This patch corrects this.
2012-12-19Add default section to switch statementSumit Bose1-0/+3
switch statements should always have a default section. In this particular case gcc gave a "'send_fn' may be used uninitialized in this function" warning.
2012-12-18DP: invalidate all cached maps if a request for auto.master comes inJakub Hrozek3-0/+16
If the Data Provider receives a request for the auto.master map, it passes on a flag to let the actual provider let know he should invalidate the existing maps
2012-12-18sudo: do full refresh when data provider is back onlinePavel Březina2-7/+75
https://fedorahosted.org/sssd/ticket/1689 Add a online callback if the first full refresh fails due to the provider beeing offline so we can perform the refresh as soon as possible.
2012-12-18sudo: schedule another full refresh in short interval if the first failsPavel Březina2-0/+28
https://fedorahosted.org/sssd/ticket/1689 If the first full refresh of sudo rules fails because the data provider is offline, we will schedule another one in 2, 4, ... minutes.
2012-12-18check dp error in sdap_sudo_full_refresh_done()Pavel Březina1-3/+8
https://fedorahosted.org/sssd/ticket/1689
2012-12-18add sdap_sudo_schedule_refresh()Pavel Březina2-43/+77
Reduces amount of code duplication.
2012-12-18try primary server after retry_timeout + 1 seconds when switching to backupPavel Březina3-1/+13
https://fedorahosted.org/sssd/ticket/1679 The problem is when we are about to reset the server status, we don't get through the timeout (30 seconds) because the "switch to primary server" task is scheduled 30 seconds after fall back to a backup server. Thus the server status remains "not working" and is resetted after another 30 seconds. We need to make sure that the server status is tried after the timeout period. retry_timeout is currently hardcoded to 30, thus the change in man page.
2012-12-17PROXY: fix groups cachingOndrej Kos1-0/+6
https://fedorahosted.org/sssd/ticket/1685 Properly react on deleting group which was not found in sysdb.
2012-12-15let ldap_chpass_uri failover work when using same hostnamePavel Březina1-11/+4
https://fedorahosted.org/sssd/ticket/1699 We want to continue with the next server on all errors, not only on ETIMEDOUT. This particullar ticket was dealing with ECONNREFUSED.
2012-12-11sudo: don't get stuck in rules and smart refresh when offlinePavel Březina1-4/+14
https://fedorahosted.org/sssd/ticket/1682 The problem was in following code: if (ret != EOK || state->dp_error != DP_ERR_OK || state->error != EOK) { tevent_req_error(req, ret); return; } In situation when data provider error occurs (e.g. when offline), ret == EOK but dp_error != DP_ERR_OK and we take the true branch. This results in calling tevent_req_error(req, EOK). Unfortunately, with EOK tevent_req_error only returns false, but does not trigger callback and this tevent request hangs forever, because no tevent_req_done(req) is called.
2012-12-10LDAP: remove dead assignmentJakub Hrozek1-1/+0
2012-12-10let krb5_kpasswd failover workPavel Březina1-3/+7
https://fedorahosted.org/sssd/ticket/1680 There were two errors: 1. kr->kpasswd_srv was never set 2. bad service name (KERBEROS) was provided when setting port status, thus the port status never changed
2012-12-10PROXY: fix negative cacheOndrej Kos1-20/+24
https://fedorahosted.org/sssd/ticket/1685 The PROXY provider wasn't storing credentials to negative cache due to bad return value. This was delegated from attempt to delete these credentials from local cache. Therefore ENOENT is replaced as EOK.
2012-12-07SUDO: strdup the input variableJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1701
2012-12-05Fix comment on wrong lineSimo Sorce1-1/+1
2012-12-05LDAP: Continue adjusting group membership even if there is nothing to addJakub Hrozek1-2/+1
https://fedorahosted.org/sssd/ticket/1695
2012-12-05Add backchannel NSS provider query on initgr callsSimo Sorce1-0/+165
This is needed in order to assure the memcache is properly and promptly cleaned up if a user memberships change on login. The list of the current groups for the user is sourced before it is updated and sent to the NSS provider to verify if it has changed after the update call has been made.