summaryrefslogtreecommitdiffstats
path: root/server/providers/proxy.c
Commit message (Collapse)AuthorAgeFilesLines
* Handle chauthtok with PAM_PRELIM_CHECK separatelySumit Bose2009-12-181-1/+12
| | | | | | If pam_sm_chauthtok is called with the flag PAM_PRELIM_CHECK set we generate a separate call to the sssd to validate the old password before asking for a new password and sending the change password request.
* Fix nested group membershipsSimo Sorce2009-12-071-11/+60
| | | | | | | | | Search the local db to find the local DN using the original DN as search key. This way we do not have to rely on weak and faulty heuristicts based on DN names. Add a few helper functions in the process and change the way we pass members to sysdb_store_group_send(), instead of passing users and groups list, just add member DNs to the other sysdb attrs.
* Really check return value from pam_set_itemSumit Bose2009-11-231-3/+3
|
* Make backend request type a bitfieldStephen Gallagher2009-11-231-1/+1
|
* Filter by id range before actually storing entries.Simo Sorce2009-11-201-15/+62
| | | | This way we do not need to check for id ranges on every search.
* Fixes for proxy providerSumit Bose2009-11-121-6/+23
| | | | | - use the correct private data for each PAM task - make proxy_pam_target a mandatory option for auth, chpass and access
* Refactor delete functions and add a fewSimo Sorce2009-11-101-20/+17
| | | | | | Refactor user/group delete functions so that they can be used without a transaction (they autostart an operation). Add user and group search function where a subfilter can be specified.
* Fix tevent_req error checking.Simo Sorce2009-11-091-21/+3
| | | | When possible using a macro that correctly deals with tstate
* Move responsibility for entry expiration timeoutSimo Sorce2009-10-271-8/+22
| | | | | The providers are now responsible for determining how long a cached entry is considered valid. The default is the same as before (600s)
* Return the dp error from the providersSimo Sorce2009-10-151-30/+49
|
* Upgrade confdb to version 2Stephen Gallagher2009-09-251-2/+3
| | | | | This converts a great many configuration options to the new standard format.
* Don't try to use initgroups_dyn if not availableSimo Sorce2009-09-231-0/+3
| | | | Fixes a segfault seen in the wild with providers=files
* Revert "Use syslog for logging error conditions in SSSD"Stephen Gallagher2009-09-231-12/+12
| | | | | | | | This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d. Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made use of the SYSLOG_ERROR() macro, so those portions of that code also needed to be reverted.
* Use syslog for logging error conditions in SSSDJakub Hrozek2009-09-211-12/+12
| | | | | This is just a band-aid until ELAPI is fully functional and ready to use.
* Better handle groups w/o membersSimo Sorce2009-09-171-6/+122
| | | | | | | | | | There was a chance that groups w/o members could end up causing a failure to store the group. This would happen in case the structure used by glibc to fill up the group data was "dirty". Always memset structures before passing them to te libc and also check if there are any members, before calling the async function. Finally add some tracing at level 7 so that it is easier to follow what is going on in case of touble.
* Fix copy&paste error.Simo Sorce2009-09-171-4/+4
|
* Make the offline status backend-globalSimo Sorce2009-09-141-67/+13
| | | | | Add helpers functions to query/set the offline status per backend. Now all providers share the same offline status.
* Complete the removal of "legacy" option.Simo Sorce2009-09-111-4/+4
| | | | | | | | | The code was still dependent on it for the ldap driver. Changed the driver code to depend on the schema type. Fix defaults for user and groups trees. ATM if you use the rfc2307bis schema you have to put users and groups in 2 separate trees (what people does by default anyway. If this limitation will turn to be too hard, we will change this later.
* Fix proxy enumerationSimo Sorce2009-09-031-86/+123
| | | | New tevent library finally outlawed nested loops.
* Remove redunant function and always pass attrs.Simo Sorce2009-08-271-8/+12
|
* Make socket paths a compile-time optionStephen Gallagher2009-08-111-1/+0
| | | | | | Previously, we had hardcoded the paths for the NSS, PAM and private PAM sockets to /var/lib/sss/pipes. With this patch, we will specify the sockets with --with-pipe-path.
* Add ignore_not_found parameter to sysdb delete functionsJakub Hrozek2009-07-311-6/+9
| | | | Also add tests
* add handling of the new backend targets to proxy backendSumit Bose2009-07-211-0/+30
|
* add infrastructure to handle new backend targetsSumit Bose2009-07-201-11/+12
|
* Unify password caching ops in sysdbSimo Sorce2009-07-081-128/+27
|
* fixed some typos which prevented password cachingSumit Bose2009-07-081-3/+5
|
* Convert proxy internals to tevent_req styleSimo Sorce2009-07-031-865/+1438
|
* Rework transaction code to use tevent_reqSimo Sorce2009-07-031-226/+491
| | | | | | This is part of a set of patches to rewrite sysdb to a hopefully better API, that will also let use use tevent_req async style calls to manipulate our cache.
* Rename sysdb_req to sysdb_handle.Simo Sorce2009-07-031-45/+45
| | | | | | | | | This sysdb_req has always really been a transaction handle and not a request. This is part of a set of patches to rewrite transaction support in sysdb to a hopefully better API, that will also let use use tevent_req async style to manipulate our cache.
* Remove redundant libPath option from proxy providerStephen Gallagher2009-06-301-3/+7
| | | | | The libPath should be constructed from the libName. There is no benefit to specifying it separately.
* Turn sssd_mem_takeover into sssd_mem_attachSimo Sorce2009-06-101-11/+0
| | | | | | | The old function was not used anywhere, and this function uses better semantics, including not using void ** which gives strict aliasing problems. Also add a generic password destroy function
* Silence warningsSimo Sorce2009-05-261-4/+5
|
* Implement approximate offline detection in proxySimo Sorce2009-05-181-5/+98
| | | | | This will blackout any request to the backend for 15 seconds, then will allow again to retry.
* Move actual password caching into sysdbSimo Sorce2009-05-181-11/+113
| | | | Convert auth modules to do the caching themselves
* fix for pam proxy chauthtokSumit Bose2009-04-271-9/+17
| | | | | | | | | | When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
* Always pass full domain infoSimo Sorce2009-04-131-7/+11
| | | | | Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
* Split modules types in Identity and AuthenticatorSimo Sorce2009-04-071-13/+60
| | | | | | | | | | | | | | The same module may implement both types, but initializatrion will be nonetheless performed separately, once for the identity module and once for the authenticator module. Also change the proxy module to retireve the pam target name from the domain configuration so that it is possibile to create per-domain pam stacks. With this modification it is actually possibile to use normal nss and pam modules to perform a successful authentication (tested only with sudo so far) Update exmples.
* Add way to use files as a proxy backend fro LOCALSimo Sorce2009-04-011-11/+65
| | | | | | | | | | | | Makes LOCAL a normal backend removing some special handling. Fix/Add id range filtering and name filtering Filters uid=0 and gid=0 in the proxy backend as 0 is invalid within sysdb and was causing getxxent calls to fail completely. Fix nss_ncache_check_xxx calls to avoid dirtying the 'ret' variable and causing some unwanted failures. Change sysdb to always return the uid number when searching member entries so that id range filtering can be perfomed also in group searhes (does not work with legacy backends)
* Enable autoreconnection of Data Provider Backends to the Data ProviderStephen Gallagher2009-03-201-3/+10
|
* use pam_data as main data structure for dbus communicationSumit Bose2009-03-191-4/+2
|
* Convert sync calls in sysdb to async, transaction dependent, calls.Simo Sorce2009-02-281-350/+610
|
* Rebase the code to use talloc, tdb, tevent, ldb as externalSimo Sorce2009-02-261-0/+1
| | | | | | dependencies based on the latest samba code. Convert all references to the old events library to use the renamed tevent library.
* Add PAM responderSumit Bose2009-02-241-1/+131
| | | | | | | Also move responders under server/responder with shared code in server/responder/common Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Completely rework the nss interface to be able to use 2Simo Sorce2009-02-201-31/+189
| | | | | | | | | | | | | | | | | | | | | | | | | types of domains: modern and legacy modern uses member/meberof, legacy uses memberUid for group memberships. Rework the proxy backend to use the legacy style as that's the format the data comes in (trying to convert would require too many transformations and increased the number of queries). Add support for fetching groups in nss. Add support for enumerating users and groups (requires to enable enumeration in config) both in nss and in the proxy provider. Remove confdb_get_domain_basedn() and substitute with generic calls in the nss init function. Store a domain structure in the btree not the basedn so that we can add enumeration flags. Also make sure NSS understand how to make multiple calls on enumerations, also make passing the domian parameter always mandatory, passing in domain=* is not valid anymore. This work fixes also a few memory, degfault, and logic bugs found while testing all nss functions (there are still some to fix that are less critical and much harder to find yet).
* Make backend requests asyncSimo Sorce2009-02-131-48/+349
|
* - make all functions supposed to get input in posix formatSimo Sorce2009-02-121-12/+12
| | | | | | | | use the same namespace (sysdb_posix_) - no need to explicitly start a transaction if only one operation is performed using a synchronous interface - split _add_remove_ functions into separate functions, don't let ldap madness creep into out interfaces
* Regroup database rleated functions under db andSimo Sorce2009-01-121-4/+7
| | | | rename everything with the sysdb suffix.
* Add support for getpwuid in proxy backendSimo Sorce2009-01-111-1/+60
|
* Turn ldap_provider.c into proxy.c and make it possible to load just anySimo Sorce2009-01-111-0/+281
libnss library through config directives on the domain object
generated by cgit (git 2.34.1) at 2024-05-28 01:38:07 +0000