summaryrefslogtreecommitdiffstats
path: root/server
Commit message (Collapse)AuthorAgeFilesLines
...
* use PYTHON_PREFIX to install SSSDConfig python APISumit Bose2009-10-141-2/+2
|
* SUSE specific init scriptRalf Haferkamp2009-10-141-0/+78
|
* Fix error messages in toolsJakub Hrozek2009-10-1410-35/+342
| | | | | | | | | | Add getpwnam, getgrnam sync versions Fix ticket #164: Groupnames in non-local domains Fix ticket #100: Error Message Modifying a user that doesn't Exist Fix ticket #214: incorrect error message when MPG already exists Fix ticket #188: Deleting and modifying users in non-local domain Fix ticket #120: Adding a user to a full domain gives unhelpful error message
* Fix services startup when only LOCAL is configuredSimo Sorce2009-10-131-0/+3
|
* add a replacement if ldap_control_create is missingSumit Bose2009-10-137-9/+119
|
* add -Werror-implicit-function-declaration to default gcc flagsSumit Bose2009-10-131-1/+2
|
* Package SSSDConfig APIStephen Gallagher2009-10-132-0/+55
|
* Add plugin configuration schema for proxy providerStephen Gallagher2009-10-131-0/+7
|
* Add new SSSDConfig python APIStephen Gallagher2009-10-129-0/+2111
| | | | Also adds unit tests for the SSSDConfig API
* LDAP provider needs to link against krb librariesRalf Haferkamp2009-10-121-2/+4
|
* fix a wrong argument to unpack_bufferSumit Bose2009-10-121-18/+40
| | | | | | | | | - the patch to handle short read introduced a new variable len to store the amount of data read. Instead of using this variable unpack_buffer was called with the old variable ret. Thanks to mnagy@redhat.com for finding this. - this patch also fixes a potential error when the message size is equal to the buffer size.
* use the correct kerberos context for each targetSumit Bose2009-10-091-4/+33
| | | | | - when the kerberos provider was used as a chpass_provider but not as auth_provider the backend died
* Remove magicPrivateGroups optionSimo Sorce2009-10-097-64/+17
| | | | | | | | | In sssd only local is a native mpg domain, and it is forced. All other providers will have to unroll mpg users into a user/group pair of entries in the db. This allows the provider to automatically establish if the remote server provides mpg users w/o possibily conflicting manual configurations on the client trying to force an mpg behavior where none is provided.
* Start responders predictably after providersSimo Sorce2009-10-091-52/+147
| | | | | | | | | | | | | Instead of waiting an arbitrary timeout, start all providers first, and wait for all of them to reply to the monitor before starting other services. Add a timeout handler so that services are started even if one of the providers fails to actually register back to the monitor. Also fixes services destructors delist_service was overriding the natural svc destructor. remove the offending code and make the svc_destructor always try to remove a service from the service list, if the service is not listed it will just be a noop.
* Remove DP processSimo Sorce2009-10-0915-1377/+379
| | | | | Turn the backend process into data provider servers Make Frontends (pam, nss) directly attach to the backends
* Differentiate between search and network timeoutsSimo Sorce2009-10-093-5/+7
| | | | | | Network timeouts are used in quick operations like bind. Search timeout is used for operations that can "legally" require more time. Change defaults to 6 and 60 seconds respectively.
* add support for server side LDAP password policiesSumit Bose2009-10-083-11/+125
| | | | | | | - password policy request controls are send during bind and change password extended operation - the response control is evaluated to see if the password is expired or will expire, soon
* add description of chpass_provider option to sssd.conf man pageSumit Bose2009-10-081-0/+30
|
* Remove unused btreemap codeStephen Gallagher2009-10-0612-268/+0
| | | | | We have converted to using dhash in place of btreemap everywhere in the code.
* Make dp requests more robustSimo Sorce2009-10-051-36/+109
| | | | | | | This should fix #218 It should also prevent us from leaking memory in case the original request times out and should prevent races with the callbacks beeing freed after sdp_req is freed and thus dereferencing freed memory in the callbacks detructors.
* remove redundant talloc_freeSumit Bose2009-10-051-3/+0
| | | | - this patch should fix bug #213, a double free in the sdap timeout handler
* handle expired password during authenticationSumit Bose2009-10-051-2/+25
|
* Fix python sync operations and mem hierarchyJakub Hrozek2009-10-051-397/+191
| | | | | | | | | Similar to Simo's patch that fixed the tools, this one converts the python bindings to the start_transaction/end_transaction functions. Also fixes memory hierarchy so that tools_ctx is allocated in every operation and used as memory context for the operation instead of self->mem_ctx which simplifies cleanup.
* more documentation and test for sssd.confSumit Bose2009-10-052-0/+34
| | | | | - add a hint to the man page about permissions on sssd.conf - add a test if a symbolic link can be opened
* add utility call check_and_open_readonlySumit Bose2009-10-056-8/+315
| | | | | Use this new utility call to ensure that the config file is safe to read from.
* Fix long timeout on ldap operationSimo Sorce2009-10-012-5/+14
| | | | | Always use the network timeout defined in the options. But raise defaults to 60 seconds or enumerations can easily fail.
* Fix tools sync operations and mem hierarchySimo Sorce2009-10-0110-319/+193
| | | | | | | Tools were using nested loops that are illegal. (and enforced in latest tevent with a nice abort()) Fix them by creating appropriate synchronous transaction calls. Also fix tools_ctx mem hierarchy setup.
* Initial implementation of sasl bind supportSimo Sorce2009-10-017-59/+567
| | | | | | Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
* update sysdb tests to new config file versionSumit Bose2009-10-011-12/+3
|
* Update polish translation for 0.6.0Piotr Drąg2009-10-011-73/+26
|
* Fix infinite loop with empty group enumerationStephen Gallagher2009-09-291-13/+15
| | | | | | Loop control variable was not being incremented. I also converted a goto loop into a do...while loop to make it easier to follow the logic.
* Tighten up permission.Simo Sorce2009-09-281-1/+12
| | | | | | | SSSD may contain passwords and other sensitive data, make sure we always keep its permission tight. Also make /etc/sssd permission very strict, just in case, admins may inadvertently copy an sssd.conf file without checking it's permissions.
* Update version to 0.6.0sssd-0_6_0Stephen Gallagher2009-09-253-342/+278
| | | | Update gettext strings
* add defines for large file support to standard CFLAGSSumit Bose2009-09-251-0/+2
| | | | | | - this fixes a compiler warning about the redefinition of SIZEOF_OFF_T in the python bindings, because python is compiled with large file support.
* Let backend respond while fetching large resultsSimo Sorce2009-09-251-2/+11
| | | | | | | Timers always come before fd events, wait 5 microseconds between processing operations so that tevent has a chance of cactching an fd event in between. This allows the backend to reply to pings even while processing very large ldap results (importanty especially during the first enumeration).
* remove krb5_try_simple_upn option and make it a default fallbackSumit Bose2009-09-254-24/+17
|
* Convert the example config to v2 format, upgrade config on update onlyJakub Hrozek2009-09-251-76/+56
|
* Send debug messages to logfileJakub Hrozek2009-09-2514-11/+128
| | | | | | | | | | | | | Introduces a new option --debug-to-files which makes SSSD output its debug information to a file instead of stderr, which is still the default. Also introduces a new confdb option debug_to_files which does the same, but can be specified per-service in the config file. The logfiles are stored in /var/log/sssd by default. Changes the initscript to log to files by default.
* fix possible short reads in kerberos providerSumit Bose2009-09-252-15/+46
|
* add new config options ldap_tls_cacert and ldap_tls_cacertdirSumit Bose2009-09-255-67/+115
|
* script to upgrade config to v2Jakub Hrozek2009-09-252-0/+355
|
* Manpages updateJakub Hrozek2009-09-253-224/+193
|
* Upgrade confdb to version 2Stephen Gallagher2009-09-2521-237/+310
| | | | | This converts a great many configuration options to the new standard format.
* toggle debug output of sssd_krb5_locator_plugin with an environment variableSumit Bose2009-09-251-36/+55
|
* Temporarily disable automatic config file rereadStephen Gallagher2009-09-251-1/+7
| | | | | | | | | The backends do not honor the reloadConfig SBUS message right now, so if an admin changes the sssd.conf file, it will update only the monitor, potentially leaving the SSSD as a whole in a bad state. This patch will simply comment out monitor_config_file() for the time being until https://fedorahosted.org/sssd/ticket/91 is fixed.
* added support for older MIT kerberos versionssbose2009-09-247-10/+170
| | | | | | | | | - make the build of the locator plugin optional - added a man page for the locator plugin - use krb5.h if krb5/krb5.h cannot be found - added alternatives for missing functions - set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version is lesser than 1.0.0
* Handle suspend casesSimo Sorce2009-09-241-6/+13
| | | | | | When a laptop is suspended it may be dormant for hours. Do not check just the kast time a ping was successful, keep a counter with the failed pings instead.
* add a man page for pam_sssSumit Bose2009-09-231-0/+3
|
* Remove provider=filesJakub Hrozek2009-09-235-90/+1
| | | | | | | Remove this provider type, as well as any references in the docs and examples to the "LEGACYLOCAL" migration domain. Fixes: #165
* use getaddrinfo to resolve IP address of KDCSumit Bose2009-09-231-17/+58
|
generated by cgit (git 2.34.1) at 2024-05-08 07:43:05 +0000