summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Return the dp error from the providersSimo Sorce2009-10-156-81/+179
|
* Fix offline authenticationSimo Sorce2009-10-151-16/+3
| | | | | | | | The way we were processing errors from the provider caused offline authentication to stop working. Previously the problem was masked by a bug in the data provider that always returned "Success" for any operation no matter what the actual return code was. when DP got removed the bug became evident.
* use old password if available during password changeSumit Bose2009-10-141-8/+9
| | | | | | - if the password is reset by root we do not ask for a password during PAM_PRELIM_CHECK. But if there is one available during PAM_UPDATE_AUTHTOK we will use it, because now we are in an expired password dialog.
* Move ldap provider configuration into its own fileSimo Sorce2009-10-147-189/+254
|
* Make options parser available to all providersSimo Sorce2009-10-149-294/+367
|
* send a message if a backend target is not configuredSumit Bose2009-10-141-12/+30
| | | | | | If a backend target is not configured the return code is changed from PAM_SYSTEM_ERR to PAM_MODULE_UNKNOWN and an error message is sent back to the client.
* make sdap_id_connect_* independent of sdap_id_ctxSumit Bose2009-10-143-180/+188
| | | | | | | | The sdap_id_connect_* request tries to bind to an LDAP server with the default credentials. Only the opts component of the sdap_id_ctx context is used. A new request sdap_cli_connect_* is created which expects only the opts pointer as parameter and not the whole context. This makes it reusable by other providers.
* add missing %defattr to the filelist of the client packageSumit Bose2009-10-141-0/+1
|
* use PYTHON_PREFIX to install SSSDConfig python APISumit Bose2009-10-141-2/+2
|
* SUSE specific init scriptRalf Haferkamp2009-10-141-0/+78
|
* Fix error messages in toolsJakub Hrozek2009-10-1410-35/+342
| | | | | | | | | | Add getpwnam, getgrnam sync versions Fix ticket #164: Groupnames in non-local domains Fix ticket #100: Error Message Modifying a user that doesn't Exist Fix ticket #214: incorrect error message when MPG already exists Fix ticket #188: Deleting and modifying users in non-local domain Fix ticket #120: Adding a user to a full domain gives unhelpful error message
* Fix services startup when only LOCAL is configuredSimo Sorce2009-10-131-0/+3
|
* add a replacement if ldap_control_create is missingSumit Bose2009-10-137-9/+119
|
* add -Werror-implicit-function-declaration to default gcc flagsSumit Bose2009-10-131-1/+2
|
* Package SSSDConfig APIStephen Gallagher2009-10-133-0/+64
|
* Add plugin configuration schema for proxy providerStephen Gallagher2009-10-131-0/+7
|
* Add new SSSDConfig python APIStephen Gallagher2009-10-129-0/+2111
| | | | Also adds unit tests for the SSSDConfig API
* LDAP provider needs to link against krb librariesRalf Haferkamp2009-10-121-2/+4
|
* fix a wrong argument to unpack_bufferSumit Bose2009-10-121-18/+40
| | | | | | | | | - the patch to handle short read introduced a new variable len to store the amount of data read. Instead of using this variable unpack_buffer was called with the old variable ret. Thanks to mnagy@redhat.com for finding this. - this patch also fixes a potential error when the message size is equal to the buffer size.
* use the correct kerberos context for each targetSumit Bose2009-10-091-4/+33
| | | | | - when the kerberos provider was used as a chpass_provider but not as auth_provider the backend died
* Remove magicPrivateGroups optionSimo Sorce2009-10-097-64/+17
| | | | | | | | | In sssd only local is a native mpg domain, and it is forced. All other providers will have to unroll mpg users into a user/group pair of entries in the db. This allows the provider to automatically establish if the remote server provides mpg users w/o possibily conflicting manual configurations on the client trying to force an mpg behavior where none is provided.
* Start responders predictably after providersSimo Sorce2009-10-091-52/+147
| | | | | | | | | | | | | Instead of waiting an arbitrary timeout, start all providers first, and wait for all of them to reply to the monitor before starting other services. Add a timeout handler so that services are started even if one of the providers fails to actually register back to the monitor. Also fixes services destructors delist_service was overriding the natural svc destructor. remove the offending code and make the svc_destructor always try to remove a service from the service list, if the service is not listed it will just be a noop.
* Remove DP processSimo Sorce2009-10-0915-1377/+379
| | | | | Turn the backend process into data provider servers Make Frontends (pam, nss) directly attach to the backends
* Differentiate between search and network timeoutsSimo Sorce2009-10-093-5/+7
| | | | | | Network timeouts are used in quick operations like bind. Search timeout is used for operations that can "legally" require more time. Change defaults to 6 and 60 seconds respectively.
* add syslog message similar to pam_unixSumit Bose2009-10-081-2/+14
|
* add support for server side LDAP password policiesSumit Bose2009-10-083-11/+125
| | | | | | | - password policy request controls are send during bind and change password extended operation - the response control is evaluated to see if the password is expired or will expire, soon
* add description of chpass_provider option to sssd.conf man pageSumit Bose2009-10-081-0/+30
|
* Remove unused btreemap codeStephen Gallagher2009-10-0612-268/+0
| | | | | We have converted to using dhash in place of btreemap everywhere in the code.
* Make dp requests more robustSimo Sorce2009-10-051-36/+109
| | | | | | | This should fix #218 It should also prevent us from leaking memory in case the original request times out and should prevent races with the callbacks beeing freed after sdp_req is freed and thus dereferencing freed memory in the callbacks detructors.
* ELAPI Fixed the host name resolutionDmitri Pal2009-10-052-13/+111
| | | | | | | | The issue was that the host IP was recorded twice, once as a main address and another as IP alias. It seemed that the IP was returned as name but the issue turned out to be different. See https://fedorahosted.org/sssd/ticket/207.
* ELAPI Rename variables and functions not to use word templateDmitri Pal2009-10-057-113/+113
| | | | | | Addressing Ticket #191. Renamed all varibles from 'template' to 'tpl'. Used 'tplt' in function names instead of 'templete'.
* remove redundant talloc_freeSumit Bose2009-10-051-3/+0
| | | | - this patch should fix bug #213, a double free in the sdap timeout handler
* ask for new password if password is expiredSumit Bose2009-10-051-7/+40
|
* move password handling into subroutinesSumit Bose2009-10-051-71/+117
|
* handle expired password during authenticationSumit Bose2009-10-051-2/+25
|
* Fix python sync operations and mem hierarchyJakub Hrozek2009-10-051-397/+191
| | | | | | | | | Similar to Simo's patch that fixed the tools, this one converts the python bindings to the start_transaction/end_transaction functions. Also fixes memory hierarchy so that tools_ctx is allocated in every operation and used as memory context for the operation instead of self->mem_ctx which simplifies cleanup.
* more documentation and test for sssd.confSumit Bose2009-10-052-0/+34
| | | | | - add a hint to the man page about permissions on sssd.conf - add a test if a symbolic link can be opened
* add utility call check_and_open_readonlySumit Bose2009-10-056-8/+315
| | | | | Use this new utility call to ensure that the config file is safe to read from.
* INI Add config_from_fd() to ini_configStephen Gallagher2009-10-053-22/+239
| | | | | | | Patch adds ability to read configuration using already open file descriptor. Started by Steve G and refined a bit by me.
* ELAPI Fixing warnings in the exampleDmitri Pal2009-10-051-2/+9
|
* ELAPI Resolving message attributeDmitri Pal2009-10-058-57/+536
| | | | | | | | | | | | This patch continues work started with the previous patch. It resolves message attribute. Message attribute is a special attribute in the event that may contain references to other attributes in the event. When message is resolved the references are replaced with actual values of the referenced attributes.
* ELAPI Event resolverDmitri Pal2009-10-0514-95/+828
| | | | | | | | | | | | | | | | | Started working on the async processing and realised that I need to have a good copy of the event with all the fields resolved so this patch has some foundation for the async functions (module elapi_async.c) but they are mostly stubbed out. The actual code will be added down the road. Instead the patch focuses on the code introduced in elapi_resolve.c module and the use of the functions from it. It also adds the implementation of the high level calls that initialize ELAPI with the external callbacks to be used during async processing (elapi_log.c).
* COLLECTION Enhancing hashing and iteration functionsDmitri Pal2009-10-054-8/+76
|
* COLLECTION Making iterations pinnableDmitri Pal2009-10-054-7/+220
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a feature that helps ELAPI. It makes lookup of the fields that need to be resolved for every event a bit faster. The idea is to be able to put a 'pin' into a specific place while iterating the collection and make this place a new "wrap around" place for the collection. This means that next time you iterate this collection you will start iterating from the next item and the item you got before pin will be last in your iteration cycle. Here is the example: Assume you have two collections that you need to compare and perform some action on collection 1 based on the presense of the item in collection 2. Collection1 = A, B, C, D, E. F Collection2 = A, C, F The usual approach is to try A from collection 1 against A, B, C from collection 2. "A" will be found right away. But to find "F" it has to be compared to "A" and "C" first. The fact that the collections are to some extent ordered can in some cases help to reduce the number of comparisons. If we found "C" in the list we can put a "pin" into the collection there causing the iterator to warp at this "pin" point. Since "D" and "E" are not in the second collection we will have to make same amount of comparisons in traditional or "pinned" case to not find them. To find "F" in pinned case there will be just one comparison. Traditional case = 1 + 3 + 2 + 3 + 3 + 3 = 15 Pinned case = 1 + 3 + 1 + 3 + 3 + 1 = 12 It is a 20% comparison reduction.
* COLLECTION Realigning collection codeDmitri Pal2009-10-054-330/+372
| | | | | | | | | | Created a new module to hold functions related to iterator and iterating collections. Planning to add new functions but the main collection module is already too big. So this patch just moves code around and fixes the build making foundation for the next patch.
* COLLECTION Adding item comparison and sortingDmitri Pal2009-10-057-5/+697
| | | | | | | | | | | Needed item comparison functions and realized that the easiest way to test them would be using sorting. Since there already been a ticket #73 to do that I added function to sort collection based on different properties of the item. COLLECTION Fixing issues with comparisons COLLECTION Adding do-while to macro
* Fix long timeout on ldap operationSimo Sorce2009-10-012-5/+14
| | | | | Always use the network timeout defined in the options. But raise defaults to 60 seconds or enumerations can easily fail.
* Fix tools sync operations and mem hierarchySimo Sorce2009-10-0110-319/+193
| | | | | | | Tools were using nested loops that are illegal. (and enforced in latest tevent with a nice abort()) Fix them by creating appropriate synchronous transaction calls. Also fix tools_ctx mem hierarchy setup.
* Initial implementation of sasl bind supportSimo Sorce2009-10-017-59/+567
| | | | | | Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
* update sysdb tests to new config file versionSumit Bose2009-10-011-12/+3
|
generated by cgit (git 2.34.1) at 2024-04-25 20:36:31 +0000