summaryrefslogtreecommitdiffstats
path: root/server/providers
Commit message (Collapse)AuthorAgeFilesLines
* Change the why DP clients identifySimo Sorce2009-08-115-177/+271
| | | | Mirrors what we have done with the monitor.
* Change services identification mechanismSimo Sorce2009-08-112-156/+22
| | | | | | | Let services identify themselves voiluntarily as the first operation instead of polling from the monitor. Also consolidate some common functions and make them available as monitor helpers.
* Make child processes exit when parent diesJakub Hrozek2009-08-112-0/+12
| | | | | | | | The child processes call prctl() and when their parent process is killed, they are sent SIGTERM using prctl. This is currently Linux-specific, for non-Linuxes, a similar effect is achieved by catching a set of common termination signals and sending SIGTERM to the process group.
* Make socket paths a compile-time optionStephen Gallagher2009-08-113-3/+0
| | | | | | Previously, we had hardcoded the paths for the NSS, PAM and private PAM sockets to /var/lib/sss/pipes. With this patch, we will specify the sockets with --with-pipe-path.
* Do not fail enumerations because of range checksSimo Sorce2009-08-101-3/+15
|
* Simplify interfaces initializationSimo Sorce2009-08-105-130/+51
| | | | | | | Make as much as possible static, and remove use of talloc_reference and allocation/deallocation of memory when not necessary. Fix also responder use of rctx->conn, was mistakenly used for both monitor and dp connections.
* merge server and connection structuresSimo Sorce2009-08-102-25/+9
| | | | | | This reduce code duplication as it allows to use one set of watch and timeout functions, and at the same time also allow not to use a secondary structure just to unify these functions.
* Cosmetic changesSimo Sorce2009-08-103-105/+105
| | | | | Rationalize and rename connection names in preparatoin for merging of server and connection structures.
* Remove redundant memory contextsSimo Sorce2009-08-103-34/+45
| | | | Simplify code by removing stuff that is never used or redundant.
* Consolidate tevent helpersJakub Hrozek2009-08-052-33/+0
|
* Fix race condition in sdap codeSimo Sorce2009-08-042-83/+172
| | | | | | | Retrieving ldap results and storing users could sometimes results in race conditions where the final ldap result was retrieved before the store operations where finished resulting in the operations to be aborted before termination. Implement a serialization mechanism per operation.
* Fix search replies getting ignoredSimo Sorce2009-08-031-14/+12
|
* Add ignore_not_found parameter to sysdb delete functionsJakub Hrozek2009-07-311-6/+9
| | | | Also add tests
* Fix race condition that was causing segfaultsSimo Sorce2009-07-241-80/+136
| | | | | | | | The sdap_handle might be freed when processing a message. Rearrange data flow so that the sdap_handle is never used after a message is processed but a new event (dependent on the handle) is instead scheduled. If the sdap_handle is freed, the scheduled event is also removed and not fired
* added LDAP change password backend targetSumit Bose2009-07-214-4/+307
|
* add handling of the new backend targets to proxy backendSumit Bose2009-07-211-0/+30
|
* Rework the engine that deals with openldap librariesSimo Sorce2009-07-203-497/+403
| | | | | | | The way openldap libraries work, require to have a single engine per connection as all replies are read at the same time. So we need to always read anything that comes in from the wire and then loop to dispatch results to the requests that are waiting.
* Implement resInit for monitor, NSS, PAM, DP and the backendsStephen Gallagher2009-07-202-0/+38
|
* add infrastructure to handle new backend targetsSumit Bose2009-07-206-150/+228
|
* let krb5 backend safe valid credentials for offline authenticationSumit Bose2009-07-101-0/+43
|
* fixed the default value for tls_reqcertSumit Bose2009-07-101-1/+1
|
* Implement the ldap identity module.Simo Sorce2009-07-085-709/+1173
| | | | This uses and exapands the async helpers.
* Unify password caching ops in sysdbSimo Sorce2009-07-084-260/+49
|
* Use async helpers for ldap auth moduleSimo Sorce2009-07-081-722/+314
| | | | | | This changes the style quite a lot, but the tevent_req style is much more clear and much less error-prone than the giant loop we had previously.
* Add async helper functionsSimo Sorce2009-07-084-0/+2035
| | | | | | These functions use the tevent_req async model, where a pair of _send/_recv functions pilot requests, with additional helpers like _done functions, and where needed multiple stage helpers.
* fix return code of krb5 child to indicate that the kdc is unavailableSumit Bose2009-07-081-1/+5
|
* fixed some typos which prevented password cachingSumit Bose2009-07-081-3/+5
|
* Cleanup warnings in client and server codeSimo Sorce2009-07-031-3/+0
|
* Convert proxy internals to tevent_req styleSimo Sorce2009-07-031-865/+1438
|
* Rework transaction code to use tevent_reqSimo Sorce2009-07-032-247/+556
| | | | | | This is part of a set of patches to rewrite sysdb to a hopefully better API, that will also let use use tevent_req async style calls to manipulate our cache.
* Rename sysdb_req to sysdb_handle.Simo Sorce2009-07-032-50/+50
| | | | | | | | | This sysdb_req has always really been a transaction handle and not a request. This is part of a set of patches to rewrite transaction support in sysdb to a hopefully better API, that will also let use use tevent_req async style to manipulate our cache.
* check pending_return after dbus_connection_send_with_replySumit Bose2009-07-021-3/+3
|
* added kerberos backend with tevent_req event handlingSumit Bose2009-07-025-0/+845
|
* Remove redundant libPath option from proxy providerStephen Gallagher2009-06-301-3/+7
| | | | | The libPath should be constructed from the libName. There is no benefit to specifying it separately.
* Control sssd_be exported functionsStephen Gallagher2009-06-161-0/+4
|
* Remove extra implementation of password_destructorStephen Gallagher2009-06-111-11/+0
|
* Turn sssd_mem_takeover into sssd_mem_attachSimo Sorce2009-06-101-11/+0
| | | | | | | The old function was not used anywhere, and this function uses better semantics, including not using void ** which gives strict aliasing problems. Also add a generic password destroy function
* added tls_reqcert option for native LDAP backendSumit Bose2009-06-021-0/+32
| | | | | | | In order to allow to access LDAP servers which do not provide SSL/TLS encryption the option tls_reqcert is added to the native LDAP backend. It accepts the same arguments as the corresponding OpenLDAP option documented in ldap.conf(5) and should preform accordingly.
* Silence warningsSimo Sorce2009-05-263-10/+12
|
* call tevent_add_fd only onceSumit Bose2009-05-191-27/+11
|
* Implement approximate offline detection in proxySimo Sorce2009-05-181-5/+98
| | | | | This will blackout any request to the backend for 15 seconds, then will allow again to retry.
* Move actual password caching into sysdbSimo Sorce2009-05-182-17/+230
| | | | Convert auth modules to do the caching themselves
* Split ldap backend into auth and identity filesSimo Sorce2009-05-182-19/+798
|
* Move ldap_be.c into ldap/ldap_auth.cSimo Sorce2009-05-181-0/+0
|
* added check for NULL valuesSumit Bose2009-05-141-0/+7
| | | | | - allow unspecified value in struct pam_data to be NULL - check if domain structure is initialized in pam_reply
* Fixes for porting SSSD to Debian-based platformsStephen Gallagher2009-05-041-0/+1
|
* enable offline handling for native LDAP backendSumit Bose2009-04-281-4/+48
|
* handle pam acct_mgmt, setcred and open/close_session before user bind in ↵Sumit Bose2009-04-271-0/+17
| | | | ldap backend
* fix for pam proxy chauthtokSumit Bose2009-04-273-9/+21
| | | | | | | | | | When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
* Make reconnection to the Data Provider a global settingStephen Gallagher2009-04-141-2/+2
| | | | | | | Previously, every DP client was allowed to set its own "retries" option. This option was ambiguous, and useless. All DP clients will now use a global option set in the services config called "reconnection_retries"
generated by cgit (git 2.34.1) at 2024-05-17 12:54:47 +0000