Commit Graph

16 Commits

Author SHA1 Message Date
Sumit Bose
c885bc3e49 extdom: do not return results from the wrong domain
Resolves: https://fedorahosted.org/freeipa/ticket/4264
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-03-25 14:03:05 +01:00
Jan Cholasta
5e2f7b68f0 Remove CFLAGS duplication.
https://fedorahosted.org/freeipa/ticket/3896
2013-12-06 14:44:41 +01:00
Jakub Hrozek
ec08458b65 EXTDOM: Do not overwrite domain_name for INP_SID 2013-08-29 15:30:38 +02:00
Alexander Bokovoy
ad575f067c Fix extdom plugin to provide unqualified name in response as sssd expects
extdom plugin handles external operation over which SSSD asks IPA server about
trusted domain users not found through normal paths but detected to belong
to the trusted domains associated with IPA realm.

SSSD expects that user or group name in the response will be unqualified
because domain name for the user or group is also included in the response.
Strip domain name from the name if getgrnam_r/getpwnam_r calls returned fully
qualified name which includes the domain name we are asked to handle.

The code already expects that fully-qualified names are following user@domain
convention so we are simply tracking whether '@' symbol is present and is followed
by the domain name.
2013-07-11 12:39:28 +03:00
Alexander Bokovoy
fb62414e81 Make sure domain_name is also set when processing INP_NAME requests 2013-07-11 12:39:27 +03:00
Sumit Bose
18c5e483db extdom: replace winbind calls with POSIX/SSSD calls
With the new ipa_server_mode SSSD is able to read user and group data
from trusted AD domains directly and makes this data available via the
NSS responder. With this mode enabled winbind is not needed anymore to
lookup users and groups of trusted domains.

This patch removed the calls to winbind from the extdom plugin and
replaces them with standard POSIX calls like getpwnam() and calls from
libsss_nss_idmap to lookup SIDs.

Fixes https://fedorahosted.org/freeipa/ticket/3637 because now the
extdom plugin does not need to handle idranges anymore, but everything
is done inside SSSD.
2013-07-11 12:39:27 +03:00
Diane Trout
517e475f61 Fix log format not a string literal.
This was to resolve a -Werror=format-security error.

  ipa_extdom_extop.c: In function 'ipa_extdom_extop':
  ipa_extdom_extop.c:144:9: error: format not a string literal and no format
arguments [-Werror=format-security]
2013-06-03 09:57:24 +02:00
Sumit Bose
c152c9e7ff Allow ID-to-SID mappings in the extdom plugin
https://fedorahosted.org/freeipa/ticket/3596
2013-05-02 16:57:12 -04:00
Sumit Bose
0f43cd6ea0 Do not store SID string in a local buffer
https://fedorahosted.org/freeipa/ticket/3596
2013-05-02 16:57:12 -04:00
Sumit Bose
631b3cf7cd Do not lookup up the domain too early if only the SID is known
Request with a SID as input parameter do not contain the domain name,
hence is must be tried to resolve the SID first before the corresponding
domain can be looked up.

https://fedorahosted.org/freeipa/ticket/3596
2013-05-02 16:57:12 -04:00
Martin Kosek
13b1028ac8 Remove build warnings
Fix rpm build warnings report in Fedora 19 build.

https://fedorahosted.org/freeipa/ticket/3500
2013-03-29 08:59:36 +01:00
Sumit Bose
99ff913b89 ipa-extdom: Double-free in ipa_extdom_common.c
Fixes https://fedorahosted.org/freeipa/ticket/3426
2013-02-28 12:32:43 +01:00
Sumit Bose
89e315d639 extdom: handle INP_POSIX_UID and INP_POSIX_GID requests
Fixes https://fedorahosted.org/freeipa/ticket/3166
2012-10-18 10:57:54 +02:00
Sumit Bose
c1b922352f Fix various issues found by Coverity 2012-10-17 14:32:37 +02:00
Sumit Bose
d815c3bc99 extdom: read ranges from LDAP 2012-08-15 23:41:06 -04:00
Sumit Bose
316aac5a8d Add external domain extop DS plugin
This extop can be used by clients of the IPA domain, e.g. sssd, to
retrieve data from trusted external domains. It can be used e.g. to map
Windows SIDs to user or groups names and back.
2012-06-28 13:08:26 +02:00