summaryrefslogtreecommitdiffstats
path: root/server
Commit message (Collapse)AuthorAgeFilesLines
* Provide python bindings for sysdbJakub Hrozek2009-09-218-0/+1534
| | | | | | | | Implement a set of python bindings for the sysdb with feature set similar to what is available in the tools. The primary consumers would be applications like system-config-users. Resolves: Ticket #102
* Decouple synchronous sysdb interface from toolsJakub Hrozek2009-09-2111-1020/+1845
| | | | | | | | Instead of working directly with async code in tools, create synchronous wrappers that could be used by tools and python bindings. Also resolves many issues with code duplication in tools and thus fixes ticket #87
* Refactor tools codeJakub Hrozek2009-09-218-268/+244
| | | | | | | | | | | | | | | | Move parameter parsing in tools before attempting to do anything that might fail - so that we have debug_level set correctly for potential error messages. That allows printing the --help and --usage messages without being root. Fix code duplicates in tools and refactor its code a little to lay ground for decoupling the synchronous interfaces. Remove some legacy tools leftovers, re-add sensible error message on removing nonexistent users/groups which was removed by accident. Fixes: Trac ticket #75 Fix typo in groupdel: fixes ticket #136
* Include groupSearchBase in sssd-ldap(5) manpageStephen Gallagher2009-09-181-1/+11
|
* Add missing reference to sssd-ldap(5) in sssd.conf(5) manpageStephen Gallagher2009-09-181-0/+3
|
* Better handle groups w/o membersSimo Sorce2009-09-171-6/+122
| | | | | | | | | | There was a chance that groups w/o members could end up causing a failure to store the group. This would happen in case the structure used by glibc to fill up the group data was "dirty". Always memset structures before passing them to te libc and also check if there are any members, before calling the async function. Finally add some tracing at level 7 so that it is easier to follow what is going on in case of touble.
* Fix copy&paste error.Simo Sorce2009-09-171-4/+4
|
* Add missing updates to LINGUAS for pl translationStephen Gallagher2009-09-161-0/+1
|
* Add pl translationPiotr Drąg2009-09-161-0/+261
|
* Check if SSL/TLS handler is already in placeSumit Bose2009-09-161-1/+8
| | | | | | | | | Authentication against a LDAP server should always use an encrypted connection. To acchive this the LDAP provider calls ldap_start_tls which will fail if the connection is already encrypted, e.g. if an ldaps tunnel is already established. Because the error message from ldap_start_tls is not specific we check the status with ldap_tls_inplace before calling ldap_start_tls.
* Include m4 directories in tarballStephen Gallagher2009-09-151-1/+2
| | | | Necessary for RPM builds on RHEL5
* added child timeout handlerSumit Bose2009-09-143-6/+104
|
* fix the wrong usage of an offsetSumit Bose2009-09-141-1/+1
|
* add krb5ccache_dir and krb5ccname_template optionSumit Bose2009-09-149-60/+713
| | | | | | | | The configuration options krb5ccache_dir and krb5ccname_template are added to the Kerberos provider to create the user's credential caches the same way as pam_krb5 does. Due to the design of the sssd and the supported ccache types of MIT Kerberos only files are allowed.
* make cli_pid mandatory and increase version number of pam protocolSumit Bose2009-09-141-1/+25
|
* Let the PAM client send its PIDSumit Bose2009-09-143-4/+27
| | | | | | - the client sends the PID as uint32_t and sssd will use uint32_t too - fix a possible type issue where a uint32_t is sent as int32 in internal dbus communication
* Turn ldap driver options into multitypeSimo Sorce2009-09-146-194/+376
| | | | | | | | | | This patch makes basic options multiype, the init function assigns a type from the initialization array, and processes values fetched from confdb accordingly. 4 types are supported so far: string, number, blob and boolean Also convert defines into enums where appropriate. Add fetch functions that check the requested type.
* Make the offline status backend-globalSimo Sorce2009-09-146-215/+94
| | | | | Add helpers functions to query/set the offline status per backend. Now all providers share the same offline status.
* Exit if the sssd is launched as a user other than rootStephen Gallagher2009-09-111-0/+9
|
* Print error message when connection to the config db failsStephen Gallagher2009-09-111-0/+2
|
* use fork+exec for kerberos helperSumit Bose2009-09-115-195/+477
|
* add change password target to krb5 backendSumit Bose2009-09-116-209/+464
|
* Update documentation and examplesSimo Sorce2009-09-113-18/+31
| | | | | | | Remove the "legacy" option from examples and man pages. Legacy is is finally R.I.P Add docs for ldapSchema in sssd-ldap man page.
* Complete the removal of "legacy" option.Simo Sorce2009-09-1110-76/+243
| | | | | | | | | The code was still dependent on it for the ldap driver. Changed the driver code to depend on the schema type. Fix defaults for user and groups trees. ATM if you use the rfc2307bis schema you have to put users and groups in 2 separate trees (what people does by default anyway. If this limitation will turn to be too hard, we will change this later.
* Fix getgrnam and getgrgid callsSimo Sorce2009-09-111-7/+9
| | | | | The patch that added check_cache() broke them, no results returned for any group with actual members ...
* Add strtoint32 and strtouint32 testsStephen Gallagher2009-09-112-0/+465
|
* Add 'make tests' targetStephen Gallagher2009-09-111-0/+2
|
* Fix ldap enumeration async taskSimo Sorce2009-09-111-12/+16
| | | | | | | | | The request was being freed, instead of marking it done and let the callback free it when done. This was causing us to access freed memory, when trying to set the next run. Let the callback add new runs and free the request instead as normally we would do with any other tevent_req async call. Courtesy of valgrind again.
* Fix memory mishandling.Simo Sorce2009-09-111-10/+7
| | | | | | | | By attaching the reply to a subreq, we ended up freeing the operations list element before we used it to skip to the next one. Do not steal the context and let the unlocking code free the old reply, when it moves onto processing the next one. Got this one with valgrind.
* Fix first-time confdb generationStephen Gallagher2009-09-111-1/+1
| | | | We were talloc_free()-ing the cdb_file string too early.
* Add copyright noticesJakub Hrozek2009-09-1114-0/+288
| | | | Fixes: #138
* Small changes to the example config and manpageJakub Hrozek2009-09-112-18/+29
| | | | | | | | | Remove magicPrivateGroups since it's set automatically, use bool values for enumerate. Also add a notice about krb5 auth-module with a link to specialized manpage to sssd.conf(5) similar to what we have for ldap auth-module. Move both outside proxy domain description.
* Read the configuration parsing before daemonizationStephen Gallagher2009-09-102-83/+106
| | | | | | | We will now parse the config file and validate the confdb contents before processing the rest of the monitor startup. This will allow us to return an appropriate error code to the shell if the configuration is invalid.
* Remove unused event context argument from confdb_initStephen Gallagher2009-09-106-7/+5
| | | | | | Because the confdb always operates synchronously, it maintains its own private event context internally. The event context argument passed to it is never used, so we'll remove it to avoid confusion.
* Properly detect negative/invalid values for the minId and maxIdStephen Gallagher2009-09-101-6/+53
|
* Add strtoint32 and strtouint32 convenience functionsStephen Gallagher2009-09-105-0/+144
|
* Fix Ldap id backend offline codeSimo Sorce2009-09-102-14/+83
| | | | | | | After the recent changes we lost the capability to actually go offline. Put back code that would mark the backend as offline when timeouts happen. Make sure the enumeration code also obbeys the offline timeout, and contributes in determining if we are offline or not.
* Update manpage to reflect new syntax for enumerateStephen Gallagher2009-09-101-12/+6
|
* Check for valid min and max IDs in confdb_get_domainsStephen Gallagher2009-09-101-1/+7
|
* Add support for the EntryCacheNoWaitRefreshTimeoutStephen Gallagher2009-09-095-2/+75
| | | | | | | | This timeout specifies the lifetime of a cache entry before it is updated out-of-band. When this timeout is hit, the request will still complete from cache, but the SSSD will also go and update the cached entry in the background to extend the life of the cache entry and reduce the wait time of a future request.
* Consolidate cache lookups in the NSSStephen Gallagher2009-09-091-177/+93
| | | | | | getpwnam, getpwuid, getgrnam and getgrgid will now use a common function, check_cache, for determining whether to return a cached value or to go to the provider.
* Cleanups for library linkingsbose2009-09-091-2/+1
| | | | | - remove unused PAM_LIBS from LDAP and Kerberos provider - add OPENLDAP_LIBS to LDAP provider
* more fixes for older libpcre versionssbose2009-09-092-3/+10
| | | | | - older version of libpcre only support the Python syntax (?P<name>) for named subpatterns
* Remove shadow-utils support from toolsJakub Hrozek2009-09-088-763/+73
| | | | | Removes the ability to proxy to shadow-utils. Also remove all the supporting functions for getting domain type, domain by id etc.
* Tools are allowed to touch only the 'local' domainSimo Sorce2009-09-088-76/+35
|
* Split database in multiple filesSimo Sorce2009-09-0826-335/+1184
| | | | | The special persistent local database retains the original name. All other backends now have their own cache-NAME.ldb file.
* Fix two possible uninitialized valuesSimo Sorce2009-09-082-4/+5
| | | | Make counter for used messages explicit.
* initialize sockaddr_in structureSumit Bose2009-09-081-0/+10
|
* fix libdbus configure checkSumit Bose2009-09-082-1/+2
| | | | | - remove unneeded CFLAGS component - do not leak LDFLAGS used by configure check to final Makefile
* configure cleanupsSumit Bose2009-09-034-4/+6
| | | | | - replaced mailing list address - let sssd base components read version from VERSION
generated by cgit (git 2.34.1) at 2024-05-03 08:10:09 +0000