summaryrefslogtreecommitdiffstats
path: root/src/responder
Commit message (Collapse)AuthorAgeFilesLines
* Honor filter_users in PAMStephen Gallagher2010-06-173-10/+47
|
* Move setup of filter_users and filter_groups to negcache.cStephen Gallagher2010-06-173-187/+220
| | | | | Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM.
* Refactor the negative cacheStephen Gallagher2010-06-175-57/+57
| | | | | Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h
* Ensure that all domains are checked for users/groupsStephen Gallagher2010-06-171-3/+15
| | | | | | | There was a bug in the negative cache checks (probably a leftover from when filter_users was global-only) that meant that if a user was filtered out of a domain, the remaining domains would not be checked for that user. (Same for groups/initgroups)
* Properly null-terminate socket pathStephen Gallagher2010-06-141-2/+4
| | | | https://fedorahosted.org/sssd/ticket/540
* Check the correct variable for NULL after creating timerStephen Gallagher2010-06-101-1/+1
| | | | | | | | | In several places, we were creating a new timer and assigning it to the tev variable, but then we were checking for NULL from the te variable (which, incidentally, is guaranteed never to be NULL in this situation) https://fedorahosted.org/sssd/ticket/523
* Remove dead code from the PAM responderJakub Hrozek2010-06-062-13/+0
|
* Add support for delayed kinit if offlineSumit Bose2010-05-261-1/+1
| | | | | | | If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
* Use SO_PEERCRED on the PAM socketSumit Bose2010-04-162-1/+55
| | | | | | | | | | | | | | | | | This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
* Revert "Add better checks on PAM socket"Sumit Bose2010-04-162-140/+1
| | | | This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
* sysydb: Finally stop using a common event contextSimo Sorce2010-04-121-1/+1
| | | | This commit completes the migration to a synchronous sysdb
* sysdb: remove remaining traces of sysdb_handleSimo Sorce2010-04-121-1/+0
|
* sysdb: convert sysdb_initgroupsSimo Sorce2010-04-121-222/+117
|
* Adjust fill_pwent and fill_grentSimo Sorce2010-04-121-13/+13
| | | | | | | | | fill_pwent should return the number of users actually processed. Otherwise in case of a recoverable error we may end up skipping a large chunk of users. fill_grent doesn't need to distinguish between number of entries and number of groups to process since we started adding memberuid. Remove remnants that are not useful anymore.
* sysdb: convert sysdb_enumgrentSimo Sorce2010-04-121-161/+106
|
* sysdb: convert sysdb_enumpwentSimo Sorce2010-04-121-172/+116
|
* sysdb: convert sysdb_get_user_attrSimo Sorce2010-04-121-57/+39
|
* sysdb: convert sysdb_getgrgidSimo Sorce2010-04-121-193/+109
|
* sysdb: convert sysdb_getgrnamSimo Sorce2010-04-121-223/+134
|
* sysdb: convert sysdb_getpwuidSimo Sorce2010-04-121-198/+107
|
* sysdb: convert sysdb_getpwnamSimo Sorce2010-04-123-448/+309
|
* Remove remaining use of sysdb_transaction_sendSimo Sorce2010-04-122-232/+32
|
* sysdb: convert sysdb_cache_authSimo Sorce2010-04-121-47/+39
|
* sysdb: convert sysdb_set_entry/user/group_attrSimo Sorce2010-04-122-45/+7
|
* Fix warnings from -Wmissing-field-initializersSumit Bose2010-03-252-18/+18
| | | | This patch removes some tab-indentations from pamsrv.c, too.
* Fix a series of memory leaks in the SBUSStephen Gallagher2010-03-172-7/+6
|
* Fixes for client communicationSumit Bose2010-03-172-9/+17
| | | | | | | - catch all errors of send() and recv(), not only EAGAIN - check if send() or recv() return EWOULDBLOCK or EINTR - remove unused parameter from client_send() and client_recv() - fix a debugging message
* Fixed buffer alignment in exchange_credentials().George McCollister2010-03-151-3/+7
| | | | | | buf needs to be 32 bit aligned on ARM. Also made the fix on the server side. Signed-off-by: George McCollister <George.McCollister@gmail.com>
* Properly handle dbus send attempts on a closed connectionStephen Gallagher2010-03-152-44/+15
| | | | | | | | dbus_connection_send_with_reply() will report success and return a NULL pending_reply when the connection is not open for communication. This patch creates a new wrapper around dbus_connection_send_with_reply() to properly detect this condition and report it as an error.
* Add better checks on PAM socketSumit Bose2010-03-112-1/+136
| | | | | - check if the public socket belongs to root and has 0666 permissions - use a SCM_CREDENTIALS message if available
* Make filter_users and filter_groups also per-domainJakub Hrozek2010-03-081-13/+109
| | | | Fixes: #290
* Reopen logs when SIGHUP is caughtJakub Hrozek2010-03-082-0/+2
| | | | | | | | Upon receiving SIGHUP, the monitor signals all services to reopen their debug logs. It is also possible to signal individual services to reopen their particular files. Fixes: #332
* Fixed alignment problems in nss client/serverGeorge McCollister2010-03-081-6/+5
| | | | | | | | I fixed a handful of alignment problems in sss_client and nss responder. Enumerating group and passwd with getgrent and getpwent now works correctly on ARM. Signed-off-by: George McCollister <georgem@novatech-llc.com>
* Add forgotten \n in DEBUG statementsMartin Nagy2010-03-045-9/+9
| | | | | | Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.
* Eliminate monitor reconfigStephen Gallagher2010-03-042-27/+0
| | | | | | | | | | | | We disabled live reconfiguration a long time ago with the intent of fixing it so that it wasn't completely broken, but we've decided that live updates are too delicate to handle all cases gracefully. For the forseeable future, we will rely on process restart for updating the configuration. Furthermore, we had not completely disabled live updates. It would still attempt to run if we sent a SIGHUP. This has also been eliminated.
* Store lastLogin attribute when authenticating onlineJakub Hrozek2010-02-231-0/+5
|
* Remove unnecessary "domain" parameter from DP registrationStephen Gallagher2010-02-223-3/+3
| | | | | | This was a holdover from when the DP and the providers were unique processes. The NSS and PAM registrations do not need to send the domain, as it is not ambiguous which one they are talking to.
* Remove unneeded items from struct pam_dataSumit Bose2010-02-191-18/+0
|
* Rename server/ directory to src/Stephen Gallagher2010-02-1816-0/+7801
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-04-30 20:36:02 +0000