Commit message (Collapse)AuthorAgeFilesLines
* Better detect installed language filesStephen Gallagher2009-10-201-4/+9
* Use Python 3-compatible sitearch and sitelibStephen Gallagher2009-10-201-2/+2
* Always list inputs before outputsSimo Sorce2009-10-161-8/+11
* Add krb5_common.h to the list of headers to 'make dist'Stephen Gallagher2009-10-161-0/+1
| | | | With this missing, RPM builds were broken.
* Do not allow setting auth, access or chpass providers for LOCALStephen Gallagher2009-10-161-0/+33
| | | | | | | | The LOCAL provider does not have a mechanism to load alternate auth, access or chpass backends, nor does it make sense to do so. This will throw a configuration error if these values are specified (unless they are explicitly also set to 'local')
* ELAPI Compatibility code for getifaddr()Dmitri Pal2009-10-1610-20/+357
| | | | | | | | | | Addreses ticket #94 Actually works pretty well. To try use --enable-compat when build ELAPI. It will use compatibility code instead of getifaddr(). The trick in the elapi_ioctl.h with memory allocation is taken from Stevens book.
* Add first basic IPA providerSimo Sorce2009-10-162-1/+256
* Move all krb5 provider init functionsSimo Sorce2009-10-166-195/+264
| | | | | Put all init functions in their own file so that the other files can be reused in other providers w/o having them in the way.
* Move all ldap provider init functionsSimo Sorce2009-10-166-145/+203
| | | | | Put all init functions in their own file so that the other files can be reused in other providers w/o having them in the way.
* Fix segfault when using SSS tools with no local providerStephen Gallagher2009-10-161-5/+0
| | | | | | There was a double-free here. I removed the free()s within setup_db, because upon returning to sss_init_tools(), if ret != EOK, the context is freed as well.
* Remove two unused functions.Stephen Gallagher2009-10-152-18/+0
| | | | | | These functions were used when reconnecting to the DP after losing the connection. Since there is no DP any longer, there's no reason to have these functions.
* Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7Stephen Gallagher2009-10-151-0/+8
| | | | | There were unused functions still being compiled. This will suppress them until we turn live configuration updates back on.
* Clean up warnings in pysss.cStephen Gallagher2009-10-151-8/+12
| | | | | | | | | | | On older versions of the python headers, some arguments used 'char *' instead of 'const char *', which means that assigning a constant string such as "adduser" threw a warning about discarding qualifiers. This patch cleans up most of these warnings in this file. There remain several warnings in the sss_local_methods initialization that I do not know how to fix.
* Check for expired passwords in LDAP providerSumit Bose2009-10-154-23/+425
* enable debugging of krb5_childSumit Bose2009-10-156-8/+182
* more implicit provider target settingsSumit Bose2009-10-152-14/+76
| | | | | | | | | If auth_provider or access_provider is ont set explicitly id_provider is used if it can handle auth or access control requests respectively. If not auth defaults to 'none' and the access_provider is set to 'permit'. The option 'deny' is added for the access_provider to explicitly deny access.
* set chpass_provider implicit if not set explicitSumit Bose2009-10-153-20/+67
| | | | | | - if chpass_provider is not given in the configuration file but an auth_provider and the auth_provider can also handle change password requests it is used as chpass_provider.
* Return the dp error from the providersSimo Sorce2009-10-156-81/+179
* Fix offline authenticationSimo Sorce2009-10-151-16/+3
| | | | | | | | The way we were processing errors from the provider caused offline authentication to stop working. Previously the problem was masked by a bug in the data provider that always returned "Success" for any operation no matter what the actual return code was. when DP got removed the bug became evident.
* use old password if available during password changeSumit Bose2009-10-141-8/+9
| | | | | | - if the password is reset by root we do not ask for a password during PAM_PRELIM_CHECK. But if there is one available during PAM_UPDATE_AUTHTOK we will use it, because now we are in an expired password dialog.
* Move ldap provider configuration into its own fileSimo Sorce2009-10-147-189/+254
* Make options parser available to all providersSimo Sorce2009-10-149-294/+367
* send a message if a backend target is not configuredSumit Bose2009-10-141-12/+30
| | | | | | If a backend target is not configured the return code is changed from PAM_SYSTEM_ERR to PAM_MODULE_UNKNOWN and an error message is sent back to the client.
* make sdap_id_connect_* independent of sdap_id_ctxSumit Bose2009-10-143-180/+188
| | | | | | | | The sdap_id_connect_* request tries to bind to an LDAP server with the default credentials. Only the opts component of the sdap_id_ctx context is used. A new request sdap_cli_connect_* is created which expects only the opts pointer as parameter and not the whole context. This makes it reusable by other providers.
* add missing %defattr to the filelist of the client packageSumit Bose2009-10-141-0/+1
* use PYTHON_PREFIX to install SSSDConfig python APISumit Bose2009-10-141-2/+2
* SUSE specific init scriptRalf Haferkamp2009-10-141-0/+78
* Fix error messages in toolsJakub Hrozek2009-10-1410-35/+342
| | | | | | | | | | Add getpwnam, getgrnam sync versions Fix ticket #164: Groupnames in non-local domains Fix ticket #100: Error Message Modifying a user that doesn't Exist Fix ticket #214: incorrect error message when MPG already exists Fix ticket #188: Deleting and modifying users in non-local domain Fix ticket #120: Adding a user to a full domain gives unhelpful error message
* Fix services startup when only LOCAL is configuredSimo Sorce2009-10-131-0/+3
* add a replacement if ldap_control_create is missingSumit Bose2009-10-137-9/+119
* add -Werror-implicit-function-declaration to default gcc flagsSumit Bose2009-10-131-1/+2
* Package SSSDConfig APIStephen Gallagher2009-10-133-0/+64
* Add plugin configuration schema for proxy providerStephen Gallagher2009-10-131-0/+7
* Add new SSSDConfig python APIStephen Gallagher2009-10-129-0/+2111
| | | | Also adds unit tests for the SSSDConfig API
* LDAP provider needs to link against krb librariesRalf Haferkamp2009-10-121-2/+4
* fix a wrong argument to unpack_bufferSumit Bose2009-10-121-18/+40
| | | | | | | | | - the patch to handle short read introduced a new variable len to store the amount of data read. Instead of using this variable unpack_buffer was called with the old variable ret. Thanks to for finding this. - this patch also fixes a potential error when the message size is equal to the buffer size.
* use the correct kerberos context for each targetSumit Bose2009-10-091-4/+33
| | | | | - when the kerberos provider was used as a chpass_provider but not as auth_provider the backend died
* Remove magicPrivateGroups optionSimo Sorce2009-10-097-64/+17
| | | | | | | | | In sssd only local is a native mpg domain, and it is forced. All other providers will have to unroll mpg users into a user/group pair of entries in the db. This allows the provider to automatically establish if the remote server provides mpg users w/o possibily conflicting manual configurations on the client trying to force an mpg behavior where none is provided.
* Start responders predictably after providersSimo Sorce2009-10-091-52/+147
| | | | | | | | | | | | | Instead of waiting an arbitrary timeout, start all providers first, and wait for all of them to reply to the monitor before starting other services. Add a timeout handler so that services are started even if one of the providers fails to actually register back to the monitor. Also fixes services destructors delist_service was overriding the natural svc destructor. remove the offending code and make the svc_destructor always try to remove a service from the service list, if the service is not listed it will just be a noop.
* Remove DP processSimo Sorce2009-10-0915-1377/+379
| | | | | Turn the backend process into data provider servers Make Frontends (pam, nss) directly attach to the backends
* Differentiate between search and network timeoutsSimo Sorce2009-10-093-5/+7
| | | | | | Network timeouts are used in quick operations like bind. Search timeout is used for operations that can "legally" require more time. Change defaults to 6 and 60 seconds respectively.
* add syslog message similar to pam_unixSumit Bose2009-10-081-2/+14
* add support for server side LDAP password policiesSumit Bose2009-10-083-11/+125
| | | | | | | - password policy request controls are send during bind and change password extended operation - the response control is evaluated to see if the password is expired or will expire, soon
* add description of chpass_provider option to sssd.conf man pageSumit Bose2009-10-081-0/+30
* Remove unused btreemap codeStephen Gallagher2009-10-0612-268/+0
| | | | | We have converted to using dhash in place of btreemap everywhere in the code.
* Make dp requests more robustSimo Sorce2009-10-051-36/+109
| | | | | | | This should fix #218 It should also prevent us from leaking memory in case the original request times out and should prevent races with the callbacks beeing freed after sdp_req is freed and thus dereferencing freed memory in the callbacks detructors.
* ELAPI Fixed the host name resolutionDmitri Pal2009-10-052-13/+111
| | | | | | | | The issue was that the host IP was recorded twice, once as a main address and another as IP alias. It seemed that the IP was returned as name but the issue turned out to be different. See
* ELAPI Rename variables and functions not to use word templateDmitri Pal2009-10-057-113/+113
| | | | | | Addressing Ticket #191. Renamed all varibles from 'template' to 'tpl'. Used 'tplt' in function names instead of 'templete'.
* remove redundant talloc_freeSumit Bose2009-10-051-3/+0
| | | | - this patch should fix bug #213, a double free in the sdap timeout handler
* ask for new password if password is expiredSumit Bose2009-10-051-7/+40