PROXY: Share common code of save_{group,user}() These two functions (save_user() and save_group()) share, between themselves, the code preparing the attributes that are going to be stored in the sysdb. This patch basically splits this code out of those functions and introduces the new prepare_attrs_for_saving_ops(). Related: https://fedorahosted.org/sssd/ticket/3134 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

PROXY: Mention that save_user()'s parameters are already qualified Those comments are similar to what we have in the save_group() function. Related: https://fedorahosted.org/sssd/ticket/3134 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

PROXY: Remove cache_timeout attribute from save_group() As this function already receives a struct sss_domain_info * parameter as argument, we can simply get the cache_timeout attribute by accessing domain->group_timeout. Related: https://fedorahosted.org/sssd/ticket/3134 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

PROXY: Remove cache_timeout attribute from save_user() As this function already receives a struct sss_domain_info * parameter as argument, we can simply get the cache_timeout attribute by accessing domain->user_timeout. Related: https://fedorahosted.org/sssd/ticket/3134 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

PROXY: Remove lowercase attribute from save_user() As this function already receives a struct sss_domain_info * parameter as argument, we can simply check whether we will need a lowercase name by accessing domain->case_sensitive. Related: https://fedorahosted.org/sssd/ticket/3134 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

PROXY: Use the fqname when converting to lowercase When saving the user there is a comparison between the "cased alias" and the "lowercase password name". However, the first doesn't use fully qualified name while the second does, resulting in a not expected override of the "nameAlias" attribute of a stored user when trying to authenticate more than once using an alias. Resolves: https://fedorahosted.org/sssd/ticket/3134 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

DP: rename be_acct_req to dp_id_data Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

PROXY: Use fully qualified names internally Only user shortnames to interact with the system. Reviewed-by: Sumit Bose <sbose@redhat.com>

DP: Switch to new interface Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

PROXY: add missing space in debug message Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

proxy: Do not try to store same alias twice LDB does not store attributes if they have the same name and value and errors out instead. Fixes: https://fedorahosted.org/sssd/ticket/2461 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Remove DEBUG macro support for old debug levels Remove support for specifying old debug levels to the DEBUG macro: * remove debug_get_level function which was used for conversion, * remove debug_get_level tests, * remove mentions of old/new levels from DEBUG and DEBUG_IS_SET macro descriptions, * rename "newlevel" argument of debug_fn to just "level". Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Use sysdb_attrs_add_lc_name_alias to add case-insensitive alias

Remove unused memory context in proxy

Remove unused parameter from save_netgroup

Remove unused parameter from save_user

Remove unused parameter from delete_user

SYSDB: Drop the sysdb_ctx parameter - module sysdb_ops (part 2)

SYSDB: Drop the sysdb_ctx parameter - module sysdb_ops (part 1)

SYSDB: Drop the sysdb_ctx parameter from the sysdb_services module

SYSDB: Drop the sysdb_ctx parameter from the sysdb_search module

Fix formating of variables with type: gid_t

Fix formating of variables with type: uid_t

PROXY: Handle empty GECOS If the user's GECOS as returned by the proxied module is an empty string (as opposed to NULL), the ldb transaction would error out.

proxy: Allow initgroup to return NOTFOUND When the user is only member of its own primary group, initgroups_dyn may return NOTFOUND as, at least for the 'files' nss provider the code skips the passed in group. Resolves: https://fedorahosted.org/sssd/ticket/2051

Add secid filter to responder-dp protocol This patch add a new filter type to the data-provider interface which can be used for SID-based lookups.

Add be_req_get_data() helper funciton. In preparation for making struct be_req opaque.

Add be_req_get_be_ctx() helper. In preparation for making be_req opaque

Introduce be_req_terminate() helper Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.

Remove sysdb as a be context structure member The sysdb context is already available through the 'domain' structure.

Add domain argument to sysdb_delete_group() Also remove sysdb_delete_domgroup()

Add domain argument to sysdb_delete_user() Also remove sysdb_delete_domuser()

Add domain argument to sysdb_store_group() Also remove sysdb_store_domgroup()

Add domain argument to sysdb_store_user() Also remove sysdb_store_domuser()

Add domain to sysdb_search_user_by_name() Also remove unused sysdb_search_domuser_by_name()

Pass domain to sysdb_get<pwu/grg><id() functions

PROXY: fix groups caching https://fedorahosted.org/sssd/ticket/1685 Properly react on deleting group which was not found in sysdb.

PROXY: fix negative cache https://fedorahosted.org/sssd/ticket/1685 The PROXY provider wasn't storing credentials to negative cache due to bad return value. This was delegated from attempt to delete these credentials from local cache. Therefore ENOENT is replaced as EOK.

Use an entry type mask macro to filter entry types Avoids hardcoding magic numbers everywhere and self documents why a mask is being applied.

LDAP: Only convert direct parents' ghost attribute to member https://fedorahosted.org/sssd/ticket/1612 This patch changes the handling of ghost attributes when saving the actual user entry. Instead of always linking all groups that contained the ghost attribute with the new user entry, the original member attributes are now saved in the group object and the user entry is only linked with its direct parents. As the member attribute is compared against the originalDN of the user, if either the originalDN or the originalMember attributes are missing, the user object is linked with all the groups as a fallback. The original member attributes are only saved if the LDAP schema supports nesting.

Unify usage of sysdb transactions Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c).

Backward GOTOs rewritten into do-while loops.

Removed unused variable assignment https://fedorahosted.org/sssd/ticket/1453

Ghost members - support in proxy provider

Potential NULL dereference in proxy provider

PROXY: return correct return codes We were reporting on the value of "status" instead of "ret'. We also didn't set ret to EOK in cases group contained no members.

proxy: new option proxy_fast_alias

proxy: Canonicalize user and group names https://fedorahosted.org/sssd/ticket/1249

PROXY: Create fake user entries for group lookups

Fix uninitialized value error in proxy provider Coverity #12467

NSS: Add individual timeouts for entry types https://fedorahosted.org/sssd/ticket/1016

PROXY: add support for enumerating services

PROXY: add support for service lookups (non-enumeration)

Use the case sensitivity flag in the proxy provider

Cleanup: Remove unused parameters

Fixed empty loginShell in proxy provider https://fedorahosted.org/sssd/ticket/892

SysDB commands that save lastUpdate allows this value to be passed in https://fedorahosted.org/sssd/ticket/836

Use explicit base 10 for converting strings to integers https://fedorahosted.org/sssd/ticket/1013

New DEBUG facility - conversion https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)

sysdb refactoring: memory context deleted This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.

sysdb refactoring: deleted domain variables in sysdb API The patch also updates code using modified functions. Tests have also been adjusted.

Fix proxy provider return code for secondary missing groups

Delete attributes that are removed from LDAP Sometimes, a value in LDAP will cease to exist (the classic example being shadowExpire). We need to make sure we purge that value from SSSD's sysdb as well. https://fedorahosted.org/sssd/ticket/750

Add a special filter type to handle enumerations

Fix const cast issue with sysdb_attrs_users_from_str_list

Always use uint32_t for UID/GID numbers

Implement netgroups for proxy provider

Add netgroups infrastructure to proxy provider

Use unsigned long for conversion to id_t We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead.

Dead assignments cleanup in providers code Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586

Fixed uninialized value in proxy_id provider In function get_pw_name when allocation of memory fails, there were two codepaths which could cause printing of undefined value. This patch fixes both cases. Ticket: #580

Split proxy.c into smaller files proxy.c was growing too large to manage (and some graphical development tools could no longer open it because of memory limitations). This patch splits proxy.c into the following files: proxy_init.c: Setup routines for the plugin proxy_id.c: Functions to handle user and group lookups proxy_auth.c: Functions to handle PAM interactions proxy_common.c: Common utility routines