| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Also remove sysdb_delete_domgroup()
|
|
|
|
Also remove sysdb_delete_domuser()
|
|
|
|
Also changes sysdb_search_custom_by_name()
|
|
|
|
|
|
|
|
|
|
Also remove sysdb_store_domgroup()
|
|
Also remove sysdb_store_domuser()
|
|
|
|
|
|
|
|
Also remove unused sysdb_search_domgroup_by_gid()
|
|
Also remove unused sysdb_search_domgroup_by_name()
|
|
Also remove unused sysdb_search_domuser_by_name()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We are deprecating sysdb->domain so kill the function that gives access to
this member as we should stop relying on it being available (or correct).
|
|
Bring it out of sysdb, which will slowly remove internal dependencies on
domains and instead will always require them to be passed by callers.
|
|
https://fedorahosted.org/sssd/ticket/1760
|
|
sss_authtok_get_password() already returns length without terminating
zero. This broke authentication over LDAP because we removed the
last password character.
|
|
Use the new authtok abstraction and interfaces throught the code.
|
|
Make it clear to the API users that we can not take arbitrary auth tokens.
We can only take a password for now so simplify and clarify the interface.
|
|
This set of functions had a few important issues:
1. the base_dn was always NULL, as the base array was never actually used
to construct any DN. This means each function searched the whole database
multiple times.
It would try to remove SYSDB_USN from all database entries 3 times.
Then it would try to find non updated entries another 3 times and delete
them, arguably find empty results the last 2 times.
2. Remove use of sysdb_private.h, that header is *PRIVATE* which means it
should not be used anywhere but within sysdb. Do this by using existing
functions instead of using ldb calls directly. This is important to keep
sysdb as conistent and self-contained as possible.
|
|
In the AD case, deployments sometimes add groups as parents of the
primary GID group. These groups are then returned during initgroups
in the tokenGroups attribute and member/memberof links are established
between the user and the group. However, any update of these groups
would remove the links, so a sequence of calls: id -G user; id user; id
-G user would return different group memberships.
The downside of this approach is that the user is returned as a group
member during getgrgid call as well.
|
|
The code would call sysdb_attrs_add_uint32 which added another UID or GID
to the ID=0 we already downloaded from LDAP (0 is the default value) when
ID-mapping an entry. This led to funky behaviour later on when we wanted
to process the ID.
|
|
It is not a map, but a default context. The name should reflect that.
|
|
Changes the ipa_get_selinux{send,recv} request so that it only delivers
data and moves processing to the IPA selinux handler.
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1736
When there are no rules during first refresh, we don't have valid
USN value. We use 0 in this case, but it turned out that OpenLDAP
takes it as invalid time format (if modifyTimestamp is used instead
of USN) and thus returns no records.
Now we don't include USN/modifyTimestamp attribute in the filter
if such situasion occurs.
|
|
Use correct name for _done() function from the caller.
Remove unneded initializzations to NULL for a lot of variables hat are going to
be assigned as the first thing done in the functions.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1735
|
|
Added new parameter to split_on_separator that allows to skip
empty values.
The whole function was rewritten. Unit test case was added to
check the new implementation.
https://fedorahosted.org/sssd/ticket/1484
|
|
If we are unable to delete some rule from cache we print a debug
message and ignore the error. Thus we should set ret to EOK after
the for loop otherwise we return whether the last rule was deleted
successfully or not.
This also removes compilation warning that ret may be used
uninitialized (when we don't go inside the loop at all).
|
|
For some reason I was under the impression that the DN components are
counted backwards in libldb. This patch corrects this.
|
|
switch statements should always have a default section. In this
particular case gcc gave a "'send_fn' may be used uninitialized in this
function" warning.
|
|
If the Data Provider receives a request for the auto.master map, it
passes on a flag to let the actual provider let know he should
invalidate the existing maps
|
|
https://fedorahosted.org/sssd/ticket/1689
Add a online callback if the first full refresh fails due to the
provider beeing offline so we can perform the refresh as soon as
possible.
|
|
https://fedorahosted.org/sssd/ticket/1689
If the first full refresh of sudo rules fails because the data provider
is offline, we will schedule another one in 2, 4, ... minutes.
|
|
https://fedorahosted.org/sssd/ticket/1689
|
