| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
crypto_sha512crypt.c is a clone of nss_sha512crypt.c with the exception that
all usage of NSS and related libraries has been switched to libcrypto.
I renamed nss_sha512crypt.h to sha512crypt.h since it is common to both
crypto_sha512crypt.c and nss_sha512crypt.c. Note that the random number
generator is not seeded manually and thus relies on seeding done
automatically by libcrypto. On some systems without /dev/urandom
seeding may not be performed.
See http://www.openssl.org/docs/crypto/RAND_add.html.
Signed-off-by: George McCollister <georgem@novatech-llc.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The code for authentication against a cached password is moved from the
pam responder to a generic sysdb tevent request. The new code can be
used by other components of sssd to verify passwords on their own.
Tests for the sysdb_cache_password and sysdb_cache_auth request are
added and some unneeded or unused code and variables are removed.
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d.
Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made
use of the SYSLOG_ERROR() macro, so those portions of that code
also needed to be reverted.
|
|
|
|
|
| |
This is just a band-aid until ELAPI is fully functional and ready to
use.
|
|
|
|
|
| |
The special persistent local database retains the original name.
All other backends now have their own cache-NAME.ldb file.
|
|
|
|
| |
Fix incorrect error code return in local_handler_callback
|
|
|
|
|
|
| |
This is part of a set of patches to rewrite sysdb to a hopefully better
API, that will also let use use tevent_req async style calls to manipulate
our cache.
|
|
|
|
|
|
|
|
|
| |
This sysdb_req has always really been a transaction handle and not
a request.
This is part of a set of patches to rewrite transaction support in sysdb to a
hopefully better API, that will also let use use tevent_req async style to
manipulate our cache.
|
|
|
|
| |
Convert auth modules to do the caching themselves
|
| |
|
|
|
|
| |
Also fix style, clarify, and simplify some logic.
|
| |
|
|
|
|
|
|
|
| |
Implement credentials caching in pam responder.
Currently works only for the proxy backend.
Also cleanup pam responder code and mode common code in data provider.
(the data provider should never include responder private headers)
|
|
|
|
|
| |
Change sysdb to always passwd sss_domain_info, not just the domain name.
This way domain specific options can always be honored at the db level.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To be able to correctly filter out duplicate names when multiple non-fully
qualified domains are in use we need to be able to specify the domains order.
This is now accomplished by the configuration paramets 'domains' in the
config/domains entry. 'domains' is a comma separated list of domain names.
This paramter allows also to have disbaled domains in the configuration without
requiring to completely delete them.
The domains list is now kept in a linked list of sss_domain_info objects.
The first domain is also the "default" domain.
|
| |
|
| |
|
| |
|
|
|
|
| |
Also shorten names oh other user attributes.
|
|
|
|
| |
Also unify SYSDB_PW_NAME and SYSDB_GR_NAME in SYSDB_NAME and make it "name"
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use only one context (the local request) for all functions.
Use new helper function in sysdb to set numbers as sysdb_attrs values.
Do not use pam_status to report internal errors, use an error variable
and check it only when we finally reply.
Use sysdb_error_to_errno() to convert and ldb error to errno.
Do not free every single buffer allocated, they are all appended to the
local request and will be automatically freed once the request is finished.
|
| |
|
|
|