sssd.git/src/providers/ipa/ipa_auth.c, branch simo_ccname sssd with jhrozek's patches LDAP: sdap_id_ctx might contain several connections 2013-06-06T22:14:12+00:00 Jakub Hrozek jhrozek@redhat.com 2013-05-21T15:18:03+00:00 dcb44c39dda9699cdd6488fd116a51ced0687de3 With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches. 
With some LDAP server implementations, one server might provide
different "views" of the identites on different ports. One example is
the Active Directory Global catalog. The provider would contact
different view depending on which operation it is performing and against
which SSSD domain.

At the same time, these views run on the same server, which means the same
server options, enumeration, cleanup or Kerberos service should be used.
So instead of using several different failover ports or several
instances of sdap_id_ctx, this patch introduces a new "struct
sdap_id_conn_ctx" that contains the connection cache to the particular
view and an instance of "struct sdap_options" that contains the URI.

No functional changes are present in this patch, currently all providers
use a single connection. Multiple connections will be used later in the
upcoming patches.
Making the authtok structure really opaque. 2013-04-02T15:01:08+00:00 Lukas Slebodnik lslebodn@redhat.com 2013-03-14T08:10:39+00:00 9acfb09f7969a69f58bd45c856b01700541853ca Definition of structure sss_auth_token was removed from header file authtok.h and there left only declaration of this structure. Therefore only way how to use this structure is to use accessory function from same header file. To creating new empty authotok can only be used newly created function sss_authtok_new(). TALLOC context was removed from copy and setter functions, because pointer to stuct sss_auth_token is used as a memory context. All declaration of struct sss_auth_token variables was replaced with pointer to this structure and related changes was made in source code. Function copy_pam_data can copy from argument src which was dynamically allocated with function create_pam_data() or zero initialized struct pam_data allocated on stack. https://fedorahosted.org/sssd/ticket/1830 
Definition of structure sss_auth_token was removed from header file
authtok.h and there left only declaration of this structure.
Therefore only way how to use this structure is to use accessory function from
same header file.

To creating new empty authotok can only be used newly created function
sss_authtok_new(). TALLOC context was removed from copy and setter functions,
because pointer to stuct sss_auth_token is used as a memory context.

All declaration of struct sss_auth_token variables was replaced with
pointer to this structure and related changes was made in source code.

Function copy_pam_data can copy from argument src which was dynamically
allocated with function create_pam_data() or zero initialized struct pam_data
allocated on stack.

https://fedorahosted.org/sssd/ticket/1830
Use common error facility instead of sdap_result 2013-03-19T13:07:41+00:00 Simo Sorce simo@redhat.com 2013-02-26T21:25:07+00:00 233a3c6c48972b177e60d6ef4cecfacd3cf31659 Simplifies and consolidates error reporting for ldap authentication paths. Adds 3 new error codes: ERR_CHPASS_DENIED - Used when password constraints deny password changes ERR_ACCOUNT_EXPIRED - Account is expired ERR_PASSWORD_EXPIRED - Password is expired 
Simplifies and consolidates error reporting for ldap authentication paths.

Adds 3 new error codes:
    ERR_CHPASS_DENIED  - Used when password constraints deny password changes
    ERR_ACCOUNT_EXPIRED  - Account is expired
    ERR_PASSWORD_EXPIRED  - Password is expired
Add be_req_get_data() helper funciton. 2013-01-21T21:17:34+00:00 Simo Sorce simo@redhat.com 2013-01-11T23:13:36+00:00 cbaba2f47da96c4191971bce86f03afb3f88864a In preparation for making struct be_req opaque. 
In preparation for making struct be_req opaque.
Add be_req_get_be_ctx() helper. 2013-01-21T21:17:34+00:00 Simo Sorce simo@redhat.com 2013-01-11T22:26:19+00:00 03abdaa21ecf562b714f204ca42379ff08626f75 In preparation for making be_req opaque 
In preparation for making be_req opaque
Introduce be_req_terminate() helper 2013-01-21T21:17:34+00:00 Simo Sorce simo@redhat.com 2013-01-11T17:25:53+00:00 8e5549e453558d4bebdec333a93e215d5d6ffaec Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque. 
Call it everywhere instead of directly dereferencing be_req->fn
This is in preparation of making be_req opaque.
Remove sysdb as a be context structure member 2013-01-21T21:17:33+00:00 Simo Sorce simo@redhat.com 2013-01-09T21:23:25+00:00 df0596ec12bc5091608371e2977f3111241e8caf The sysdb context is already available through the 'domain' structure. 
The sysdb context is already available through the 'domain' structure.
Add domain to sysdb_search_user_by_name() 2013-01-15T09:49:20+00:00 Simo Sorce simo@redhat.com 2013-01-06T23:24:12+00:00 2ce00e0d3896bb42db169d1e79553a81ca837a22 Also remove unused sysdb_search_domuser_by_name() 
Also remove unused sysdb_search_domuser_by_name()
Change pam data auth tokens. 2013-01-10T17:24:59+00:00 Simo Sorce simo@redhat.com 2012-10-18T22:43:56+00:00 64af76e2bef2565caa9738f675c108a4b3789237 Use the new authtok abstraction and interfaces throught the code. 
Use the new authtok abstraction and interfaces throught the code.
krb5_auth_send: check for sub-domains 2012-10-26T08:32:05+00:00 Sumit Bose sbose@redhat.com 2012-10-19T16:28:41+00:00 d29e91321d175dce94d87c23a44ced40d265de2c If there is an authentication request for a user from a sub-domain a temporary sysdb context is generated to allow lookups in the corresponding sub-tree in the cache. 
If there is an authentication request for a user from a sub-domain a
temporary sysdb context is generated to allow lookups in the
corresponding sub-tree in the cache.