summaryrefslogtreecommitdiffstats
path: root/src/providers
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Make ldap bind asynchronous"Jakub Hrozek2010-09-157-1219/+167
| | | | This reverts 56d8d19ac9d857580a233d8264e851883b883c67
* Store rootdse supported features in sdap_handlerSumit Bose2010-09-157-63/+112
|
* Dead assignments cleanup in providers codeJan Zeleny2010-09-086-20/+9
| | | | | | | Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
* Deobfuscate password in back endsJakub Hrozek2010-09-081-7/+52
| | | | | | When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.
* Fixed small issue in memory context hierarchyJan Zeleny2010-09-071-1/+1
| | | | | In fail_over.c, there was a small bug causing subrequest to have wrong parent memory context. This patch fixes it.
* Cleaned some dead assignmentsJan Zeleny2010-09-072-15/+13
| | | | | | Two needless assignments were deleted, two were complemented with code checking function results. Ticket: #582
* Fixed uninialized value in proxy_id providerJan Zeleny2010-09-021-0/+2
| | | | | | | In function get_pw_name when allocation of memory fails, there were two codepaths which could cause printing of undefined value. This patch fixes both cases. Ticket: #580
* Fixed printing of undefined value in sdap_async_accounts.cJan Zeleny2010-09-021-1/+1
| | | | | | | If sysdb_attrs_get_el() call failed in function sdap_save_group(), it would result in printing an undefined value of variable name. This is now fixed by initializing the variable. Ticket: #579
* Fixed potential comparison of undefined variableJan Zeleny2010-09-021-0/+1
| | | | | | If the allocation on line 678 failed, the value of ret was undefined in following comparison. ENOMEM is now assigned before the comparison. Ticket: #578
* Initialized return value in dp_copy_options()Jan Zeleny2010-09-021-1/+1
| | | | | | | In the very unlikely case dp_copy_options was called with num_options == 0, the return value as well as the left operand of comparison on line 214 would be undefined. Ticket: #577
* Fix wrong return value in HBAC time rules evaluationJakub Hrozek2010-09-021-0/+1
| | | | Fixes: #584
* Make ldap bind asynchronousMartin Nagy2010-09-027-167/+1219
| | | | | | Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
* Properly handle errors from a password change operationStephen Gallagher2010-09-021-8/+14
|
* Treat a zero-length password as a failureStephen Gallagher2010-08-241-0/+7
| | | | | Some LDAP servers allow binding with blank passwords. We should not allow a blank password to authenticate the SSSD.
* Fix chpass operations with LDAP providerStephen Gallagher2010-08-041-0/+1
| | | | | | | The initial verification of the old password was returning an error because we were not explicitly setting dp_err to DP_ERR_SUCCESS and it was initialized earlier in the function to DP_ERR_FATAL.
* Clean up initgroups processing for RFC2307Stephen Gallagher2010-08-031-11/+89
| | | | | | | | Instead of recursively updating all users of each group the user being queried belongs to, just add or remove membership for the requested user. Fixes https://fedorahosted.org/sssd/ticket/478
* Return proper error value when SRV lookup failsJakub Hrozek2010-08-031-1/+1
| | | | Fixes: #587
* Fix check_time_rule() return value on failureJakub Hrozek2010-08-031-1/+1
| | | | | | | The value returned in the 'done:' label was always EOK which is wrong as any parsing errors are not returned to the caller. Fixes: #583
* be_pam_handler(): Fix potential NULL dereferenceStephen Gallagher2010-08-031-1/+2
|
* Validate keytab at startupJakub Hrozek2010-08-032-48/+19
| | | | | | | | In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556
* Fix getting default realm in the ldap childJakub Hrozek2010-08-031-1/+10
|
* Fix IPA access backend handling of obsolete and missing HBAC entries:eindenbom2010-07-231-9/+68
| | | | | - Ticket #567: Fix removal of obsolete HBAC host, rules and service records from sysdb. - Ticket #565: When no HBAC host record is found return PAM_PERM_DENIED instead of PAM_SYSTEM_ERROR.
* Do not treat missing HBAC rules as an errorSumit Bose2010-07-231-0/+5
|
* Log TLS errors to syslogStephen Gallagher2010-07-092-1/+23
| | | | | Also adds support for detecting LDAPS errors by adding a check for SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
* Add syslog messages for LDAP GSSAPI bindStephen Gallagher2010-07-091-2/+58
| | | | | We will now emit a level 0 debug message on keytab errors, and also write to the syslog (LOG_DAEMON)
* Use netlink to detect going onlineJakub Hrozek2010-07-091-0/+20
| | | | | | | | Integrates libnl to detect adding routes. When a route is added, the offline status of all back ends is reset. This patch adds no heuristics to detect whether back end went offline. Fixes: #456
* Eliminate delayed sdap_handle destruction after fail-over retry.eindenbom2010-07-091-9/+6
|
* Remove remainder of now unused global LDAP connection handle.eindenbom2010-07-094-188/+1
|
* Use new LDAP connection framework in IPA dynamic DNS forwarder.eindenbom2010-07-093-45/+126
|
* Use new LDAP connection framework in IPA access backend.eindenbom2010-07-093-308/+308
|
* Use new LDAP connection framework in LDAP access backend.eindenbom2010-07-091-59/+73
|
* Use new LDAP connection framework for LDAP user and group enumeration.eindenbom2010-07-091-236/+131
|
* Use new LDAP connection framework to get user account groups from LDAP.eindenbom2010-07-091-108/+67
|
* Use new LDAP connection framework to get group account info from LDAP.eindenbom2010-07-092-37/+66
|
* Use new LDAP connection framework to get user account info from LDAP.eindenbom2010-07-092-38/+91
|
* Add an interface to try next fail-over server after connection to the active ↵eindenbom2010-07-095-45/+81
| | | | server was unexpectedly dropped.
* LDAP connection usage tracking, sharing and failover retry framework.eindenbom2010-07-096-0/+869
|
* Added an interface to query number of configured (and currently resolved ↵eindenbom2010-07-094-0/+40
| | | | through SRV records) failover servers.
* GSSAPI ticket expiry time is returned from ldap_child and stored in ↵eindenbom2010-07-096-17/+64
| | | | sdap_handle for future reference.
* Add dns_discovery_domain optionJakub Hrozek2010-06-306-27/+192
| | | | | | | | | | | | The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
* Split proxy.c into smaller filesStephen Gallagher2010-06-307-2518/+2599
| | | | | | | | | | | | proxy.c was growing too large to manage (and some graphical development tools could no longer open it because of memory limitations). This patch splits proxy.c into the following files: proxy_init.c: Setup routines for the plugin proxy_id.c: Functions to handle user and group lookups proxy_auth.c: Functions to handle PAM interactions proxy_common.c: Common utility routines
* Rename proxy_ctx to proxy_id_ctx for clarityStephen Gallagher2010-06-301-14/+15
|
* Make RootDSE optionalStephen Gallagher2010-06-282-3/+17
| | | | | | | | | | | In violation of the standard, some LDAP servers control access to the RootDSE, thus preventing us from being able to read it before performing a bind. This patch will allow us to continue on if the RootDSE was inaccessible. All of the places that we use the return value of the RootDSE after this are already checked for NULL and use sane defaults if the RootDSE is unavailable
* Add explicit requests for several operational attrsAlexander Gordeev2010-06-281-1/+12
| | | | | | | | | | | | | | | | Operational attributes are not returned in searched requests unless explicitly requested according to RFC 4512 section 5.1. Therefore to get several standard attributes of root DSE we have to request for them. The requested attrs are: - altServer - namingContexts - supportedControl - supportedExtension - supportedFeatures - supportedLDAPVersion - supportedSASLMechanisms Signed-off-by: Alexander Gordeev <lasaine@lvk.cs.msu.su>
* Fix SASL authenticationSumit Bose2010-06-281-2/+2
|
* Protect against segfault in remove_ldap_connection_callbacksStephen Gallagher2010-06-181-1/+6
| | | | | | | | | If sdap_mark_offline() is called before a live connection is established, sdap_fd_events could be NULL, causing a segfault when remove_ldap_connection_callbacks() attempts to free the sdap_fd_events->conncb https://fedorahosted.org/sssd/ticket/545
* Fix return value from remove_connection_callback() destructorStephen Gallagher2010-06-181-9/+2
| | | | | ldap_get_option() can only fail if the option we're removing has already been removed. It is sufficient to log this and continue.
* Standardize on correct spelling of "principal" for krb5Stephen Gallagher2010-06-163-6/+6
| | | | https://fedorahosted.org/sssd/ticket/542
* Don't segfault if ldap_access_filter is unspecifiedStephen Gallagher2010-06-141-12/+13
| | | | https://fedorahosted.org/sssd/ticket/539
* Remove krb5_changepw_principal optionJakub Hrozek2010-06-146-44/+23
| | | | Fixes: #531
generated by cgit (git 2.34.1) at 2024-07-08 21:56:42 +0000