summaryrefslogtreecommitdiffstats
path: root/server
Commit message (Collapse)AuthorAgeFilesLines
* Resolver: Use talloc_get_type() for type safetyMartin Nagy2009-10-221-5/+5
|
* Fix potential memory leaks in the data providerMartin Nagy2009-10-221-2/+4
|
* Use correct talloc context in sss_names_init()Martin Nagy2009-10-221-2/+2
|
* Better offline/enumeration behaviorSimo Sorce2009-10-221-10/+12
| | | | | | | | Go offline in case of hard errors too. It makes no sense to keep trying too often when you have bad credentials for example. Also delay starting the enumeration thread so that we finish initializations first (bind to ldap is still a blocking operation and this may interfere with clients/monitor registrations).
* added generic LDAP search sdap_get_generic_send/_recvSumit Bose2009-10-224-0/+304
|
* Start implementing ipa specific options.Simo Sorce2009-10-207-8/+778
| | | | | First step generate ldap options from ipa options. Add sssd-ipa man page too.
* Set the Default-Stop LSB option for the SSSD sysv init scriptStephen Gallagher2009-10-201-0/+1
|
* Always list inputs before outputsSimo Sorce2009-10-161-8/+11
|
* Add krb5_common.h to the list of headers to 'make dist'Stephen Gallagher2009-10-161-0/+1
| | | | With this missing, RPM builds were broken.
* Do not allow setting auth, access or chpass providers for LOCALStephen Gallagher2009-10-161-0/+33
| | | | | | | | The LOCAL provider does not have a mechanism to load alternate auth, access or chpass backends, nor does it make sense to do so. This will throw a configuration error if these values are specified (unless they are explicitly also set to 'local')
* Add first basic IPA providerSimo Sorce2009-10-162-1/+256
|
* Move all krb5 provider init functionsSimo Sorce2009-10-166-195/+264
| | | | | Put all init functions in their own file so that the other files can be reused in other providers w/o having them in the way.
* Move all ldap provider init functionsSimo Sorce2009-10-166-145/+203
| | | | | Put all init functions in their own file so that the other files can be reused in other providers w/o having them in the way.
* Fix segfault when using SSS tools with no local providerStephen Gallagher2009-10-161-5/+0
| | | | | | There was a double-free here. I removed the free()s within setup_db, because upon returning to sss_init_tools(), if ret != EOK, the context is freed as well.
* Remove two unused functions.Stephen Gallagher2009-10-152-18/+0
| | | | | | These functions were used when reconnecting to the DP after losing the connection. Since there is no DP any longer, there's no reason to have these functions.
* Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7Stephen Gallagher2009-10-151-0/+8
| | | | | There were unused functions still being compiled. This will suppress them until we turn live configuration updates back on.
* Clean up warnings in pysss.cStephen Gallagher2009-10-151-8/+12
| | | | | | | | | | | On older versions of the python headers, some arguments used 'char *' instead of 'const char *', which means that assigning a constant string such as "adduser" threw a warning about discarding qualifiers. This patch cleans up most of these warnings in this file. There remain several warnings in the sss_local_methods initialization that I do not know how to fix.
* Check for expired passwords in LDAP providerSumit Bose2009-10-154-23/+425
|
* enable debugging of krb5_childSumit Bose2009-10-156-8/+182
|
* more implicit provider target settingsSumit Bose2009-10-152-14/+76
| | | | | | | | | If auth_provider or access_provider is ont set explicitly id_provider is used if it can handle auth or access control requests respectively. If not auth defaults to 'none' and the access_provider is set to 'permit'. The option 'deny' is added for the access_provider to explicitly deny access.
* set chpass_provider implicit if not set explicitSumit Bose2009-10-153-20/+67
| | | | | | - if chpass_provider is not given in the configuration file but an auth_provider and the auth_provider can also handle change password requests it is used as chpass_provider.
* Return the dp error from the providersSimo Sorce2009-10-156-81/+179
|
* Fix offline authenticationSimo Sorce2009-10-151-16/+3
| | | | | | | | The way we were processing errors from the provider caused offline authentication to stop working. Previously the problem was masked by a bug in the data provider that always returned "Success" for any operation no matter what the actual return code was. when DP got removed the bug became evident.
* Move ldap provider configuration into its own fileSimo Sorce2009-10-147-189/+254
|
* Make options parser available to all providersSimo Sorce2009-10-149-294/+367
|
* send a message if a backend target is not configuredSumit Bose2009-10-141-12/+30
| | | | | | If a backend target is not configured the return code is changed from PAM_SYSTEM_ERR to PAM_MODULE_UNKNOWN and an error message is sent back to the client.
* make sdap_id_connect_* independent of sdap_id_ctxSumit Bose2009-10-143-180/+188
| | | | | | | | The sdap_id_connect_* request tries to bind to an LDAP server with the default credentials. Only the opts component of the sdap_id_ctx context is used. A new request sdap_cli_connect_* is created which expects only the opts pointer as parameter and not the whole context. This makes it reusable by other providers.
* use PYTHON_PREFIX to install SSSDConfig python APISumit Bose2009-10-141-2/+2
|
* SUSE specific init scriptRalf Haferkamp2009-10-141-0/+78
|
* Fix error messages in toolsJakub Hrozek2009-10-1410-35/+342
| | | | | | | | | | Add getpwnam, getgrnam sync versions Fix ticket #164: Groupnames in non-local domains Fix ticket #100: Error Message Modifying a user that doesn't Exist Fix ticket #214: incorrect error message when MPG already exists Fix ticket #188: Deleting and modifying users in non-local domain Fix ticket #120: Adding a user to a full domain gives unhelpful error message
* Fix services startup when only LOCAL is configuredSimo Sorce2009-10-131-0/+3
|
* add a replacement if ldap_control_create is missingSumit Bose2009-10-137-9/+119
|
* add -Werror-implicit-function-declaration to default gcc flagsSumit Bose2009-10-131-1/+2
|
* Package SSSDConfig APIStephen Gallagher2009-10-132-0/+55
|
* Add plugin configuration schema for proxy providerStephen Gallagher2009-10-131-0/+7
|
* Add new SSSDConfig python APIStephen Gallagher2009-10-129-0/+2111
| | | | Also adds unit tests for the SSSDConfig API
* LDAP provider needs to link against krb librariesRalf Haferkamp2009-10-121-2/+4
|
* fix a wrong argument to unpack_bufferSumit Bose2009-10-121-18/+40
| | | | | | | | | - the patch to handle short read introduced a new variable len to store the amount of data read. Instead of using this variable unpack_buffer was called with the old variable ret. Thanks to mnagy@redhat.com for finding this. - this patch also fixes a potential error when the message size is equal to the buffer size.
* use the correct kerberos context for each targetSumit Bose2009-10-091-4/+33
| | | | | - when the kerberos provider was used as a chpass_provider but not as auth_provider the backend died
* Remove magicPrivateGroups optionSimo Sorce2009-10-097-64/+17
| | | | | | | | | In sssd only local is a native mpg domain, and it is forced. All other providers will have to unroll mpg users into a user/group pair of entries in the db. This allows the provider to automatically establish if the remote server provides mpg users w/o possibily conflicting manual configurations on the client trying to force an mpg behavior where none is provided.
* Start responders predictably after providersSimo Sorce2009-10-091-52/+147
| | | | | | | | | | | | | Instead of waiting an arbitrary timeout, start all providers first, and wait for all of them to reply to the monitor before starting other services. Add a timeout handler so that services are started even if one of the providers fails to actually register back to the monitor. Also fixes services destructors delist_service was overriding the natural svc destructor. remove the offending code and make the svc_destructor always try to remove a service from the service list, if the service is not listed it will just be a noop.
* Remove DP processSimo Sorce2009-10-0915-1377/+379
| | | | | Turn the backend process into data provider servers Make Frontends (pam, nss) directly attach to the backends
* Differentiate between search and network timeoutsSimo Sorce2009-10-093-5/+7
| | | | | | Network timeouts are used in quick operations like bind. Search timeout is used for operations that can "legally" require more time. Change defaults to 6 and 60 seconds respectively.
* add support for server side LDAP password policiesSumit Bose2009-10-083-11/+125
| | | | | | | - password policy request controls are send during bind and change password extended operation - the response control is evaluated to see if the password is expired or will expire, soon
* add description of chpass_provider option to sssd.conf man pageSumit Bose2009-10-081-0/+30
|
* Remove unused btreemap codeStephen Gallagher2009-10-0612-268/+0
| | | | | We have converted to using dhash in place of btreemap everywhere in the code.
* Make dp requests more robustSimo Sorce2009-10-051-36/+109
| | | | | | | This should fix #218 It should also prevent us from leaking memory in case the original request times out and should prevent races with the callbacks beeing freed after sdp_req is freed and thus dereferencing freed memory in the callbacks detructors.
* remove redundant talloc_freeSumit Bose2009-10-051-3/+0
| | | | - this patch should fix bug #213, a double free in the sdap timeout handler
* handle expired password during authenticationSumit Bose2009-10-051-2/+25
|
* Fix python sync operations and mem hierarchyJakub Hrozek2009-10-051-397/+191
| | | | | | | | | Similar to Simo's patch that fixed the tools, this one converts the python bindings to the start_transaction/end_transaction functions. Also fixes memory hierarchy so that tools_ctx is allocated in every operation and used as memory context for the operation instead of self->mem_ctx which simplifies cleanup.
generated by cgit (git 2.34.1) at 2024-05-14 00:48:06 +0000