summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update version to 0.7.0sssd-0_7_0Stephen Gallagher2009-10-237-238/+509
| | | | Update gettext strings
* Add support for offline auth cache timeoutStephen Gallagher2009-10-229-3/+217
| | | | | | | | | This adds a new option (offline_credentials_expiration) to the [PAM] section of the sssd.conf If the user does not perform an online authentication within the timeout (in days), they will be denied auth once the timeout passes.
* Add pam_ctx (similar to nss_ctx) for storing global PAM configStephen Gallagher2009-10-222-5/+25
|
* User home directories managementJakub Hrozek2009-10-2219-60/+1984
| | | | | | Create and populate user directories on useradd, delete them on userdel Fixes: #212
* Fix setting the schema in the ipa providerSimo Sorce2009-10-221-0/+3
|
* fix a compiler warning about redefinition of DEBUGSumit Bose2009-10-221-15/+19
|
* update ipa auth options to new option schemeSumit Bose2009-10-224-110/+134
|
* update krb5 option handling to new option schemeSumit Bose2009-10-229-131/+296
|
* Bring SSSDConfig API options up-to-dateStephen Gallagher2009-10-223-21/+68
|
* add store/search/delete interface for custom sysdb objectsSumit Bose2009-10-224-0/+933
|
* Delete sssd-i18n.h and put it's old contents into util.hMartin Nagy2009-10-227-37/+10
| | | | Also include talloc.h, tevent.h and ldb.h as system headers in util.h.
* Various improvements to the resolv test suiteMartin Nagy2009-10-223-59/+223
| | | | | | | | | | | | | * The resolv test case can now test for TXT and SRV resolving by specifying -t host and -s host respectively. The -n flag must still be passed in to enable network tests. * Added test for the little complicated resolv_copy_hostent() function. * Leak checking using the new tests common functions. * Fix indentation for test_internet, since the whole function was modified to be able to handle SRV and TXT replies. * Initialize the debug variable in main(). Also removed one unused variable in krb5_utils-tests.c
* Add a new set of helpful common functions for testsMartin Nagy2009-10-223-1/+125
| | | | | | | | | | | | | | | | | | | | | | The leak_check_setup() and leak_check_teardown() functions can be added to a test case with tcase_add_checked_fixture(). They will make sure that all tests are checked for memory leaks. However, since talloc is hierarchical and automatically frees the children, this will not catch all cases, but might still be helpful. The check_leaks(ctx, bytes) function takes a talloc context as an argument and the number of bytes it should be using up (children included). The total byte size used up by the context is determined by the talloc_total_size() function. If the size doesn't agree, check_leaks() will print out a talloc report on the context and makes the current test fail. The check_leaks_push() and check_leaks_pop() both take a talloc context as an argument. Every time push is called, the context is "pushed" onto an internal stack and it's current size is noted. When the context is later "poped", the pop function will make sure that the size is the same as when it was pushed. It will also check that it's not called out-of-order or if the stack isn't empty.
* Use talloc to copy data from c-aresMartin Nagy2009-10-222-27/+212
| | | | | | | | | | | C-ares either returned a malloc-ed memory or it automatically freed the memory after out callback has returned. This patch will make sure that anything that the resolv_* function return is allocated by talloc and can be safely freed by talloc_free(). This will break the resolv tests to the point they will not be compilable. This will be addressed in a later patch with other improvements to the tests.
* Resolver: Use talloc_get_type() for type safetyMartin Nagy2009-10-221-5/+5
|
* Fix potential memory leaks in the data providerMartin Nagy2009-10-221-2/+4
|
* Use correct talloc context in sss_names_init()Martin Nagy2009-10-221-2/+2
|
* Better offline/enumeration behaviorSimo Sorce2009-10-221-10/+12
| | | | | | | | Go offline in case of hard errors too. It makes no sense to keep trying too often when you have bad credentials for example. Also delay starting the enumeration thread so that we finish initializations first (bind to ldap is still a blocking operation and this may interfere with clients/monitor registrations).
* added generic LDAP search sdap_get_generic_send/_recvSumit Bose2009-10-224-0/+304
|
* Fix RPM builds on older versions of rpmbuildStephen Gallagher2009-10-201-3/+4
| | | | | | Older versions of rpmbuild do not accept multiple '-f' options being specified, so we'll add the krb5_locator_plugin.so to the sss_daemon.lang filelist instead of putting it in its own file.
* Start implementing ipa specific options.Simo Sorce2009-10-208-8/+779
| | | | | First step generate ldap options from ipa options. Add sssd-ipa man page too.
* Set the Default-Stop LSB option for the SSSD sysv init scriptStephen Gallagher2009-10-201-0/+1
|
* Clean up rpmlint errors and warnings in sssd-client packageStephen Gallagher2009-10-202-2/+8
| | | | | | - Run ldconfig in sssd-client post and postun - Version libnss_sss.so as libnss_sss.so.2 (to set the correct SONAME)
* Better detect installed language filesStephen Gallagher2009-10-201-4/+9
|
* Use Python 3-compatible sitearch and sitelibStephen Gallagher2009-10-201-2/+2
|
* Always list inputs before outputsSimo Sorce2009-10-161-8/+11
|
* Add krb5_common.h to the list of headers to 'make dist'Stephen Gallagher2009-10-161-0/+1
| | | | With this missing, RPM builds were broken.
* Do not allow setting auth, access or chpass providers for LOCALStephen Gallagher2009-10-161-0/+33
| | | | | | | | The LOCAL provider does not have a mechanism to load alternate auth, access or chpass backends, nor does it make sense to do so. This will throw a configuration error if these values are specified (unless they are explicitly also set to 'local')
* ELAPI Compatibility code for getifaddr()Dmitri Pal2009-10-1610-20/+357
| | | | | | | | | | Addreses ticket #94 Actually works pretty well. To try use --enable-compat when build ELAPI. It will use compatibility code instead of getifaddr(). The trick in the elapi_ioctl.h with memory allocation is taken from Stevens book.
* Add first basic IPA providerSimo Sorce2009-10-162-1/+256
|
* Move all krb5 provider init functionsSimo Sorce2009-10-166-195/+264
| | | | | Put all init functions in their own file so that the other files can be reused in other providers w/o having them in the way.
* Move all ldap provider init functionsSimo Sorce2009-10-166-145/+203
| | | | | Put all init functions in their own file so that the other files can be reused in other providers w/o having them in the way.
* Fix segfault when using SSS tools with no local providerStephen Gallagher2009-10-161-5/+0
| | | | | | There was a double-free here. I removed the free()s within setup_db, because upon returning to sss_init_tools(), if ret != EOK, the context is freed as well.
* Remove two unused functions.Stephen Gallagher2009-10-152-18/+0
| | | | | | These functions were used when reconnecting to the DP after losing the connection. Since there is no DP any longer, there's no reason to have these functions.
* Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7Stephen Gallagher2009-10-151-0/+8
| | | | | There were unused functions still being compiled. This will suppress them until we turn live configuration updates back on.
* Clean up warnings in pysss.cStephen Gallagher2009-10-151-8/+12
| | | | | | | | | | | On older versions of the python headers, some arguments used 'char *' instead of 'const char *', which means that assigning a constant string such as "adduser" threw a warning about discarding qualifiers. This patch cleans up most of these warnings in this file. There remain several warnings in the sss_local_methods initialization that I do not know how to fix.
* Check for expired passwords in LDAP providerSumit Bose2009-10-154-23/+425
|
* enable debugging of krb5_childSumit Bose2009-10-156-8/+182
|
* more implicit provider target settingsSumit Bose2009-10-152-14/+76
| | | | | | | | | If auth_provider or access_provider is ont set explicitly id_provider is used if it can handle auth or access control requests respectively. If not auth defaults to 'none' and the access_provider is set to 'permit'. The option 'deny' is added for the access_provider to explicitly deny access.
* set chpass_provider implicit if not set explicitSumit Bose2009-10-153-20/+67
| | | | | | - if chpass_provider is not given in the configuration file but an auth_provider and the auth_provider can also handle change password requests it is used as chpass_provider.
* Return the dp error from the providersSimo Sorce2009-10-156-81/+179
|
* Fix offline authenticationSimo Sorce2009-10-151-16/+3
| | | | | | | | The way we were processing errors from the provider caused offline authentication to stop working. Previously the problem was masked by a bug in the data provider that always returned "Success" for any operation no matter what the actual return code was. when DP got removed the bug became evident.
* use old password if available during password changeSumit Bose2009-10-141-8/+9
| | | | | | - if the password is reset by root we do not ask for a password during PAM_PRELIM_CHECK. But if there is one available during PAM_UPDATE_AUTHTOK we will use it, because now we are in an expired password dialog.
* Move ldap provider configuration into its own fileSimo Sorce2009-10-147-189/+254
|
* Make options parser available to all providersSimo Sorce2009-10-149-294/+367
|
* send a message if a backend target is not configuredSumit Bose2009-10-141-12/+30
| | | | | | If a backend target is not configured the return code is changed from PAM_SYSTEM_ERR to PAM_MODULE_UNKNOWN and an error message is sent back to the client.
* make sdap_id_connect_* independent of sdap_id_ctxSumit Bose2009-10-143-180/+188
| | | | | | | | The sdap_id_connect_* request tries to bind to an LDAP server with the default credentials. Only the opts component of the sdap_id_ctx context is used. A new request sdap_cli_connect_* is created which expects only the opts pointer as parameter and not the whole context. This makes it reusable by other providers.
* add missing %defattr to the filelist of the client packageSumit Bose2009-10-141-0/+1
|
* use PYTHON_PREFIX to install SSSDConfig python APISumit Bose2009-10-141-2/+2
|
* SUSE specific init scriptRalf Haferkamp2009-10-141-0/+78
|