summaryrefslogtreecommitdiffstats
path: root/server/responder
Commit message (Collapse)AuthorAgeFilesLines
* Add copyright noticesJakub Hrozek2009-09-112-0/+42
| | | | Fixes: #138
* Add support for the EntryCacheNoWaitRefreshTimeoutStephen Gallagher2009-09-093-2/+53
| | | | | | | | This timeout specifies the lifetime of a cache entry before it is updated out-of-band. When this timeout is hit, the request will still complete from cache, but the SSSD will also go and update the cached entry in the background to extend the life of the cache entry and reduce the wait time of a future request.
* Consolidate cache lookups in the NSSStephen Gallagher2009-09-091-177/+93
| | | | | | getpwnam, getpwuid, getgrnam and getgrgid will now use a common function, check_cache, for determining whether to return a cached value or to go to the provider.
* Split database in multiple filesSimo Sorce2009-09-086-30/+227
| | | | | The special persistent local database retains the original name. All other backends now have their own cache-NAME.ldb file.
* Fix two possible uninitialized valuesSimo Sorce2009-09-081-3/+4
| | | | Make counter for used messages explicit.
* Turn enumeration into a boolean valueSimo Sorce2009-08-312-8/+4
|
* Fix group replies when using member/memberofSimo Sorce2009-08-273-197/+180
| | | | Also remove legacy memberuid support
* fix handling of filtersUsers in groupsSumit Bose2009-08-213-31/+44
| | | | | | | | - with the boolean option filterUsersInGroups it can be controlled wether filtered users appear in groups or not. - fixed an error which prevented the display of groups with filtered members - removed some tab indents
* added missing hash_create which was remove by a previous patchSumit Bose2009-08-181-5/+14
|
* Fix reconnection codeSimo Sorce2009-08-178-209/+116
| | | | | | | Remove redundant reconnection code that was interfeering with the sbus reconnection code. Consolidate include files for sbus relates operations. Make pamsrv code similar to nsssrv code.
* Refactor responder_dp.cStephen Gallagher2009-08-144-117/+117
| | | | | | Many of the functions in responder_dp.c were originally NSS- specific and were moved there from the NSS responder code. Since they are now generic to any responder, rename them to sss_dp_*
* Don't go to the backend for identical cache entry requestsStephen Gallagher2009-08-142-54/+294
| | | | | | | | | Currently, if an additional request comes in for a cache entry while that same entry is already in the process of being refreshed, we start a duplicate cache update request. This patch adds allows the cache to maintain a hash table of all in-progress requests and queue up multiple callbacks for updates in progress. Once the data is returned, all of these callbacks will fire.
* Eliminate unnecessary explicit timeout for DP account requestsStephen Gallagher2009-08-121-33/+19
| | | | | | | D-BUS handles timeouts itself and reports DBUS_ERROR_NO_REPLY if a timeout fires, so we can rely on this instead of having an explicit timeout ourselves. Furthermore, the two timeouts present a potential race condition.
* Change the why DP clients identifySimo Sorce2009-08-119-143/+69
| | | | Mirrors what we have done with the monitor.
* Change services identification mechanismSimo Sorce2009-08-114-150/+24
| | | | | | | Let services identify themselves voiluntarily as the first operation instead of polling from the monitor. Also consolidate some common functions and make them available as monitor helpers.
* Make child processes exit when parent diesJakub Hrozek2009-08-112-0/+12
| | | | | | | | The child processes call prctl() and when their parent process is killed, they are sent SIGTERM using prctl. This is currently Linux-specific, for non-Linuxes, a similar effect is achieved by catching a set of common termination signals and sending SIGTERM to the process group.
* Make socket paths a compile-time optionStephen Gallagher2009-08-112-2/+0
| | | | | | Previously, we had hardcoded the paths for the NSS, PAM and private PAM sockets to /var/lib/sss/pipes. With this patch, we will specify the sockets with --with-pipe-path.
* Simplify interfaces initializationSimo Sorce2009-08-109-100/+86
| | | | | | | Make as much as possible static, and remove use of talloc_reference and allocation/deallocation of memory when not necessary. Fix also responder use of rctx->conn, was mistakenly used for both monitor and dp connections.
* merge server and connection structuresSimo Sorce2009-08-102-4/+4
| | | | | | This reduce code duplication as it allows to use one set of watch and timeout functions, and at the same time also allow not to use a secondary structure just to unify these functions.
* Cosmetic changesSimo Sorce2009-08-107-51/+51
| | | | | Rationalize and rename connection names in preparatoin for merging of server and connection structures.
* Remove redundant memory contextsSimo Sorce2009-08-106-30/+36
| | | | Simplify code by removing stuff that is never used or redundant.
* Move parsing of names and domains into util/Jakub Hrozek2009-08-052-120/+1
|
* Address CVE-2009-2410Stephen Gallagher2009-07-291-1/+1
| | | | Fix incorrect error code return in local_handler_callback
* Raise debug level for version negotiationSimo Sorce2009-07-201-2/+2
|
* Implement resInit for monitor, NSS, PAM, DP and the backendsStephen Gallagher2009-07-202-0/+40
|
* Rework transaction code to use tevent_reqSimo Sorce2009-07-031-31/+84
| | | | | | This is part of a set of patches to rewrite sysdb to a hopefully better API, that will also let use use tevent_req async style calls to manipulate our cache.
* Rename sysdb_req to sysdb_handle.Simo Sorce2009-07-032-12/+6
| | | | | | | | | This sysdb_req has always really been a transaction handle and not a request. This is part of a set of patches to rewrite transaction support in sysdb to a hopefully better API, that will also let use use tevent_req async style to manipulate our cache.
* check pending_return after dbus_connection_send_with_replySumit Bose2009-07-022-2/+2
|
* added kerberos backend with tevent_req event handlingSumit Bose2009-07-021-1/+19
|
* fix detection of authentication against LOCAL domainSumit Bose2009-06-081-3/+9
|
* Fix user enumeration bugSimo Sorce2009-05-281-4/+0
| | | | | | The previous patch to fix an enumeration bug found with group enumeration inadvertently introduced a bug with user enumeration. Yeah, almost funny!
* special-case NSS calls in PAM codeJakub Hrozek2009-05-281-2/+2
|
* Fix enumerations (bug #42)Simo Sorce2009-05-271-12/+76
| | | | | | | | | | If a backend had all its results filtered in fill_pwent or fill_grent then we would return an empty result, which means "end of results" to the client. Now we return ENOENT and let callers decide what to do. Also make sure we do not grow packets unless we are going to fill them as that's a recipe for killing the client as the size passed to sss_packet_grow is used to determine the size of the final packet.
* fix a wrong timeoutSumit Bose2009-05-261-3/+4
| | | | | The timeout of the data provider call (in ms) got overwritten by a cache timeout (in s).
* Silence warningsSimo Sorce2009-05-263-6/+10
|
* Do not fire up backend search when the data provider is localJakub Hrozek2009-05-262-14/+18
|
* Move actual password caching into sysdbSimo Sorce2009-05-184-126/+2
| | | | Convert auth modules to do the caching themselves
* Prevent accepting blank passwordsSimo Sorce2009-05-181-0/+7
|
* Fix crypt functions to not use static buffers.Simo Sorce2009-05-182-18/+16
| | | | Also fix style, clarify, and simplify some logic.
* added new pam client protocolSumit Bose2009-05-151-1/+132
|
* added more flexible handling of client protocolSumit Bose2009-05-154-2/+63
| | | | | - allow different protocol versions for PAM and NSS - support more than one protocol version in the responder
* added check for NULL valuesSumit Bose2009-05-142-9/+1
| | | | | - allow unspecified value in struct pam_data to be NULL - check if domain structure is initialized in pam_reply
* Fix some more return paths using uninitalized retSimo Sorce2009-05-061-3/+3
|
* Fix use of uninitialized return variableSimo Sorce2009-04-291-5/+5
|
* handle other pam calls when offlineSumit Bose2009-04-281-0/+10
|
* Use different attribute for cached passwords change timeSumit Bose2009-04-281-2/+2
|
* change PAM timeout the match NSS timeSumit Bose2009-04-282-3/+1
|
* Use different attribute for cached passwordsSimo Sorce2009-04-271-3/+3
| | | | | | | This fixes a bug with legacy backends where the cached password would be cleared on a user update. Using a different attribute we make sure a userPassword coming from the remote backend does not interfere with a cachedPassword (and vice versa).
* Eliminate segfault on NSS and PAM responder startup.Stephen Gallagher2009-04-271-0/+4
| | | | | | | | If the data provider is not yet available when NSS and PAM start, they will generate a segmentation fault when trying to configure their automatic reconnection to the Data Provider. I've now added code in sss_dp_init() to detect whether the dp_ctx is NULL and return EIO.
* fix for pam proxy chauthtokSumit Bose2009-04-271-0/+1
| | | | | | | | | | When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
generated by cgit (git 2.34.1) at 2024-05-12 08:09:04 +0000