Cross Reference: /sssd-io/src/providers/ad/ad

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*$[^(]+)\((.*?)$\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

History log of /sssd-io/src/providers/ad/ad_access.c
Revision	Date	Author	Comments Expand
dea636af4d1902a081ee891f1b19ee2f8729d759	20-Jun-2016	Pavel Březina <pbrezina@redhat.com>	DP: Switch to new interface Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> /sssd-io/Makefile.am ad_access.c ad_access.h ad_autofs.c ad_common.h ad_id.c ad_id.h ad_init.c ad_subdomains.c ad_subdomains.h ad_sudo.c /sssd-io/src/providers/backend.h /sssd-io/src/providers/data_provider/dp_custom_data.h /sssd-io/src/providers/data_provider/dp_iface.c /sssd-io/src/providers/data_provider/dp_iface.h /sssd-io/src/providers/data_provider/dp_target_auth.c /sssd-io/src/providers/data_provider/dp_target_autofs.c /sssd-io/src/providers/data_provider/dp_target_hostid.c /sssd-io/src/providers/data_provider/dp_target_id.c /sssd-io/src/providers/data_provider/dp_target_subdomains.c /sssd-io/src/providers/data_provider/dp_target_sudo.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_req.c /sssd-io/src/providers/data_provider_req.h /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_access.h /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_auth.h /sssd-io/src/providers/ipa/ipa_autofs.c /sssd-io/src/providers/ipa/ipa_common.h /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hostid.c /sssd-io/src/providers/ipa/ipa_hostid.h /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_id.h /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/ipa/ipa_selinux.h /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/ipa/ipa_subdomains.h /sssd-io/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd-io/src/providers/ipa/ipa_subdomains_id.c /sssd-io/src/providers/ipa/ipa_subdomains_server.c /sssd-io/src/providers/ipa/ipa_sudo.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_auth.h /sssd-io/src/providers/krb5/krb5_common.h /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_common.h /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap_access.h /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_autofs.h /sssd-io/src/providers/ldap/sdap_idmap.c /sssd-io/src/providers/ldap/sdap_online_check.c /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/ldap/sdap_sudo.h /sssd-io/src/providers/proxy/proxy.h /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_client.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/simple/simple_access.c /sssd-io/src/providers/simple/simple_access_check.c /sssd-io/src/responder/autofs/autofssrv_dp.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/ssh/sshsrv_dp.c /sssd-io/src/responder/sudo/sudosrv_dp.c /sssd-io/src/tests/cmocka/test_nested_groups.c /sssd-io/src/tests/simple_access-tests.c
cc2d77d5218c188119fa954c856e858cbde76947	20-Jun-2016	Pavel Březina <pbrezina@redhat.com>	Rename dp_backend.h to backend.h Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> /sssd-io/Makefile.am /sssd-io/src/p11_child/p11_child_nss.c ad_access.c ad_gpo.c ad_gpo_child.c ad_srv.c ad_subdomains.h /sssd-io/src/providers/backend.h /sssd-io/src/providers/be_dyndns.c /sssd-io/src/providers/be_ptask.c /sssd-io/src/providers/be_refresh.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/ipa/ipa_auth.h /sssd-io/src/providers/ipa/ipa_dyndns.h /sssd-io/src/providers/ipa/ipa_subdomains.h /sssd-io/src/providers/ipa/selinux_child.c /sssd-io/src/providers/krb5/krb5_auth.h /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_common.h /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.h /sssd-io/src/providers/ldap/sdap.h /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_access.h /sssd-io/src/providers/ldap/sdap_async.h /sssd-io/src/providers/ldap/sdap_async_sudo.c /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_dyndns.c /sssd-io/src/providers/ldap/sdap_dyndns.h /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/ldap/sdap_sudo.h /sssd-io/src/providers/ldap/sdap_sudo_shared.h /sssd-io/src/providers/proxy/proxy.h /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/simple/simple_access.c /sssd-io/src/providers/simple/simple_access_check.c /sssd-io/src/tests/cmocka/test_be_ptask.c /sssd-io/src/tests/cmocka/test_data_provider_be.c
a8356a0c98ee44e7256bb1c7767159c70e1fc218	08-Sep-2014	Yassir Elley <yelley@redhat.com>	AD-GPO: processing changes for gpo_map_* options Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> ad_access.c ad_access.h ad_gpo.c ad_gpo.h ad_init.c
f929e9e5a6daa71a22176b08eb7983fb4b708180	02-Sep-2014	Lukas Slebodnik <lslebodn@redhat.com>	AD: Ignore all errors if gpo is in permissive mode. This patch prevents problems with user authentication if gpo is misconfigurated. [ad_gpo_target_dn_retrieval_done] (0x0040): No DN retrieved for policy target. [sdap_id_op_destroy] (0x4000): releasing operation connection [ad_gpo_access_done] (0x0040): GPO-based access control failed. [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, No such file or directory) [Internal Error (System error)] [be_pam_handler_callback] (0x0100): Sending result [4][sssdad.com] [be_pam_handler_callback] (0x0100): Sent result [4][sssdad.com] Reviewed-by: Yassir Elley <yelley@redhat.com> ad_access.c
db18dda869bc6c52a41797b2066cf121cf10f49c	22-Jul-2014	Pavel Reichl <preichl@redhat.com>	UTIL: rename find_subdomain_by_name The function was named "find_subdomain" yet it could find both main domain and subdomain. sed 's/find_subdomain_by_name/find_domain_by_name/' -i `find . -name "*.[ch]"` Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> ad_access.c ad_id.c ad_subdomains.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_idmap.c /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/ipa/ipa_subdomains_id.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/tests/cmocka/test_utils.c /sssd-io/src/util/domain_info_utils.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.h
60cab26b12df9a2153823972cde0c38ca86e01b9	13-May-2014	Yassir Elley <yelley@redhat.com>	Implemented LDAP component of GPO-based access control Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> /sssd-io/Makefile.am /sssd-io/src/config/SSSDConfig/__init__.py.in /sssd-io/src/config/etc/sssd.api.d/sssd-ad.conf /sssd-io/src/man/sssd-ad.5.xml ad_access.c ad_access.h ad_common.h ad_domain_info.c ad_domain_info.h ad_gpo.c ad_gpo.h ad_id.c ad_init.c ad_opts.h ad_subdomains.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async.h /sssd-io/src/util/sss_ldap.h /sssd-io/src/util/util_errors.c /sssd-io/src/util/util_errors.h
a3c8390d19593b1e5277d95bfb4ab206d4785150	12-Feb-2014	Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>	Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '.[hc]' DEBUG . \| while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\STDIN); $text=~s#(\bDEBUG\s\([^(]+)\((.?)\)\s\)\s;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> /sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_autofs.c /sssd-io/src/db/sysdb_idmap.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_selinux.c /sssd-io/src/db/sysdb_services.c /sssd-io/src/db/sysdb_ssh.c /sssd-io/src/db/sysdb_subdomains.c /sssd-io/src/db/sysdb_sudo.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c ad_access.c ad_common.c ad_domain_info.c ad_dyndns.c ad_id.c ad_init.c ad_srv.c ad_subdomains.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_dyndns.c /sssd-io/src/providers/dp_pam_data_util.c /sssd-io/src/providers/dp_ptask.c /sssd-io/src/providers/dp_refresh.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over_srv.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_autofs.c /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_config.c /sssd-io/src/providers/ipa/ipa_dyndns.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hbac_hosts.c /sssd-io/src/providers/ipa/ipa_hbac_rules.c /sssd-io/src/providers/ipa/ipa_hbac_services.c /sssd-io/src/providers/ipa/ipa_hbac_users.c /sssd-io/src/providers/ipa/ipa_hostid.c /sssd-io/src/providers/ipa/ipa_hosts.c /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_idmap.c /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_netgroups.c /sssd-io/src/providers/ipa/ipa_s2n_exop.c /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/ipa/ipa_selinux_maps.c /sssd-io/src/providers/ipa/ipa_srv.c /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd-io/src/providers/ipa/ipa_subdomains_id.c /sssd-io/src/providers/ipa/ipa_sudo.c /sssd-io/src/providers/krb5/krb5_access.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_become_user.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_child_handler.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_delayed_online_authentication.c /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/krb5/krb5_init_shared.c /sssd-io/src/providers/krb5/krb5_renew_tgt.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/krb5/krb5_wait_queue.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_enum.c /sssd-io/src/providers/ldap/ldap_id_netgroup.c /sssd-io/src/providers/ldap/ldap_id_services.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async_autofs.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_enum.c /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_groups_ad.c /sssd-io/src/providers/ldap/sdap_async_initgroups.c /sssd-io/src/providers/ldap/sdap_async_initgroups_ad.c /sssd-io/src/providers/ldap/sdap_async_nested_groups.c /sssd-io/src/providers/ldap/sdap_async_netgroups.c /sssd-io/src/providers/ldap/sdap_async_services.c /sssd-io/src/providers/ldap/sdap_async_sudo.c /sssd-io/src/providers/ldap/sdap_async_sudo_hostinfo.c /sssd-io/src/providers/ldap/sdap_async_sudo_timer.c /sssd-io/src/providers/ldap/sdap_async_users.c /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/ldap/sdap_dyndns.c /sssd-io/src/providers/ldap/sdap_fd_events.c /sssd-io/src/providers/ldap/sdap_id_op.c /sssd-io/src/providers/ldap/sdap_idmap.c /sssd-io/src/providers/ldap/sdap_range.c /sssd-io/src/providers/ldap/sdap_refresh.c /sssd-io/src/providers/ldap/sdap_reinit.c /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/ldap/sdap_sudo_cache.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/providers/proxy/proxy_services.c /sssd-io/src/providers/simple/simple_access.c /sssd-io/src/providers/simple/simple_access_check.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv_utils.c /sssd-io/src/responder/autofs/autofssrv.c /sssd-io/src/responder/autofs/autofssrv_cmd.c /sssd-io/src/responder/autofs/autofssrv_dp.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_get_domains.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_mmap_cache.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pac/pacsrv.c /sssd-io/src/responder/pac/pacsrv_cmd.c /sssd-io/src/responder/pac/pacsrv_utils.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pam_helpers.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/responder/ssh/sshsrv.c /sssd-io/src/responder/ssh/sshsrv_cmd.c /sssd-io/src/responder/ssh/sshsrv_dp.c /sssd-io/src/responder/sudo/sudosrv.c /sssd-io/src/responder/sudo/sudosrv_cmd.c /sssd-io/src/responder/sudo/sudosrv_dp.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/responder/sudo/sudosrv_query.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd-io/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/cmocka/test_dyndns.c /sssd-io/src/tests/cmocka/test_fqnames.c /sssd-io/src/tests/cmocka/test_nss_srv.c /sssd-io/src/tests/cmocka/test_utils.c /sssd-io/src/tests/common_dom.c /sssd-io/src/tests/common_tev.c /sssd-io/src/tests/debug-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/krb5_child-test.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/simple_access-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_debuglevel.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_seed.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_mc_util.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/authtok.c /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/libcrypto/crypto_base64.c /sssd-io/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/domain_info_utils.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/server.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_ini.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_nss.c /sssd-io/src/util/sss_selinux.c /sssd-io/src/util/sss_ssh.c /sssd-io/src/util/sss_tc_utf8.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h /sssd-io/src/util/util_lock.c /sssd-io/src/util/well_known_sids.c
72ae534f5aef6d2e5d3f2f51299aede5abf9687e	19-Dec-2013	Jakub Hrozek <jhrozek@redhat.com>	AD: Add a utility function to create list of connections ad_id.c and ad_access.c used the same block of code. With the upcoming option to disable GC lookups, we should unify the code in a function to avoid breaking one of the code paths. The same applies for the LDAP connection to the trusted AD DC. Includes a unit test. /sssd-io/Makefile.am ad_access.c ad_access.h ad_common.c ad_common.h ad_id.c ad_init.c /sssd-io/src/tests/cmocka/test_ad_common.c
64cb81a65e584858dd631bc5160959d350c091e3	30-Oct-2013	Jakub Hrozek <jhrozek@redhat.com>	AD: Fix ad_access_filter parsing with empty filter ad_access.c /sssd-io/src/tests/cmocka/test_ad_access_filter.c
1ce58f139699dd26b8888f4131c996263b6a80a5	25-Oct-2013	Jakub Hrozek <jhrozek@redhat.com>	AD: Add extended access filter https://fedorahosted.org/sssd/ticket/2082 Adds a new option that allows the admin to specify a LDAP access filter that can be applied globally, per-domain or per-forest. /sssd-io/Makefile.am /sssd-io/src/man/sssd-ad.5.xml ad_access.c ad_init.c /sssd-io/src/tests/cmocka/test_ad_access_filter.c
67b1fc914190e12ab014c0616b7f0a642fbe6356	25-Oct-2013	Jakub Hrozek <jhrozek@redhat.com>	AD: Search GC by default during access control, fall back to LDAP Resolves: https://fedorahosted.org/sssd/ticket/2082 In order to allow the ad_access_filter option to work for subdomain users as well, the Global Catalog must be searched. This patch adds a wrapper request atop sdap_access_send that selects the right connection (GC or LDAP) and optionally falls back to LDAP. ad_access.c ad_access.h ad_init.c
443eb8217741df57d9f58f2098487b91e3404e71	25-Oct-2013	Jakub Hrozek <jhrozek@redhat.com>	LDAP: Amend sdap_access_check to allow any connection Related: https://fedorahosted.org/sssd/ticket/2082 Also move the check for subdomain to the handler. I think it is the job of the handler to decide which domain the request belongs to, not the request itself. ad_access.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_access.h
b8d703cf3aba81800cf1b8ccca64bb00ef0b30f7	28-Jun-2013	Sumit Bose <sbose@redhat.com>	Replace new_subdomain() with find_subdomain_by_name() new_subdomain() will create a new domain object and should not be used anymore in the priovder code directly. Instead a reference to the domain from the common domain object should be used. ad_access.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_subdomains_id.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/ldap/sdap_access.c
ee02e59e4d966f44c7a48ad04474156fc65d7006	17-Jun-2013	Pavel Březina <pbrezina@redhat.com>	handle ERR_ACCOUNT_EXPIRED properly https://fedorahosted.org/sssd/ticket/1953 ad_access.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ldap/ldap_access.c
dfd71fc92db940b2892cc996911cec03d7b6c52b	19-Mar-2013	Simo Sorce <simo@redhat.com>	Convert sdap_access to new error codes Also simplify sdap_access_send to avoid completely fake _send() routines. ad_access.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_access.h /sssd-io/src/util/util_errors.c /sssd-io/src/util/util_errors.h
b8dcd1216e5ea7065213c750a92dabfe01fa3b70	10-Feb-2013	Simo Sorce <simo@redhat.com>	Add realm info to sss_domain_info /sssd-io/src/confdb/confdb.h ad_access.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_subdomains_id.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/responder/common/responder_get_domains.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/util/domain_info_utils.c /sssd-io/src/util/util.h
cbaba2f47da96c4191971bce86f03afb3f88864a	21-Jan-2013	Simo Sorce <simo@redhat.com>	Add be_req_get_data() helper funciton. In preparation for making struct be_req opaque. ad_access.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/dp_backend.h /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_hostid.c /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/simple/simple_access.c
03abdaa21ecf562b714f204ca42379ff08626f75	21-Jan-2013	Simo Sorce <simo@redhat.com>	Add be_req_get_be_ctx() helper. In preparation for making be_req opaque ad_access.c ad_id.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/dp_backend.h /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hostid.c /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_wait_queue.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/simple/simple_access.c
8e5549e453558d4bebdec333a93e215d5d6ffaec	21-Jan-2013	Simo Sorce <simo@redhat.com>	Introduce be_req_terminate() helper Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque. /sssd-io/Makefile.am ad_access.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/dp_backend.h /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/proxy/proxy.h /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_common.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/simple/simple_access.c
249a28dbf31e11794c7f35d709c5561c1555898d	21-Jan-2013	Simo Sorce <simo@redhat.com>	Pass domain not be_req to access check functions ad_access.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_access.h
24b715f096613d18f182cf0fff537e1fc79647fa	21-Jan-2013	Simo Sorce <simo@redhat.com>	Remove sysdb as a be request structure member The sysdb context is already available through the 'domain' context. ad_access.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/dp_backend.h /sssd-io/src/providers/ipa/ipa_access.h /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/ldap/sdap_access.c
a4cce2c98eedecb5d3b47da62104634cae268434	06-Jul-2012	Stephen Gallagher <sgallagh@redhat.com>	AD: Add AD access-control provider This patch adds support for checking whether a user is expired or disabled in AD. /sssd-io/Makefile.am ad_access.c ad_access.h ad_init.c ad_opts.h