summaryrefslogtreecommitdiffstats
path: root/src/sss_client
Commit message (Collapse)AuthorAgeFilesLines
* Fixed implicit declaration of function 'time' in src/sss_client/common.c.Pavel Březina2011-08-081-0/+1
|
* sss_client: avoid leaking file descriptorsSimo Sorce2011-07-291-0/+3
| | | | | | | | | | If a pam or nss module is dlcolse()d and unloaded we were leaking the file descriptor used to communicate to sssd in the process. Make sure the fucntion used to close the socket file descriptor is called on dlclose() Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
* Import config.h earlierStephen Gallagher2011-05-231-1/+1
| | | | | | On RHEL 5 and other older platforms, failing to set _GNU_SOURCE early would cause some functions - such as strndup() - to be unavailable.
* Include string.h in sss_cli.hSumit Bose2011-05-231-0/+1
| | | | Since memcpy() is used in sss_cli.h it should be declared here, too.
* Set _GNU_SOURCE globallySumit Bose2011-05-232-7/+1
|
* clients: use poll instead of selectSimo Sorce2011-05-031-9/+6
| | | | | | | select is limited to fd numbers up to 1024, we need to use poll() here to avoid causing memory corruption in the calling process. Fixes: https://fedorahosted.org/sssd/ticket/861
* Use neutral name for functions used by both pam and nssSimo Sorce2011-02-113-49/+64
|
* Check that the socket is really ours before attempting to close it.Simo Sorce2011-02-081-13/+42
| | | | Fixes: https://fedorahosted.org/sssd/ticket/790
* Fix wrong test in pam_sssSimo Sorce2010-12-171-1/+1
|
* Fix segfault for PAM_TEXT_INFO conversationsStephen Gallagher2010-12-161-1/+1
|
* Fix another possible memory leak in sss_nss_recv_rep()Sumit Bose2010-12-151-8/+19
| | | | https://fedorahosted.org/sssd/ticket/723
* Fix possible memory leak in do_pam_conversationSumit Bose2010-12-151-16/+28
| | | | https://fedorahosted.org/sssd/ticket/731
* Fix possible memory leak in sss_nss_recv_rep()Sumit Bose2010-12-141-8/+13
| | | | https://fedorahosted.org/sssd/ticket/723
* Fix improper bit manipulation in pam_sssSumit Bose2010-12-141-1/+1
| | | | https://fedorahosted.org/sssd/ticket/715
* Add a renew task to krb5_childSumit Bose2010-12-031-1/+7
|
* sss_client: make code thread-safeSimo Sorce2010-11-225-58/+219
| | | | | | | | | | Add mutexes around nss operations and serialize them. This is necessary because nss operations may have global state. For pam it is sufficient to protect socket operations instead. As pam functions use only the provided pam handler. Fixes: https://fedorahosted.org/sssd/ticket/640
* Fix incorrect type comparisonStephen Gallagher2010-11-151-1/+1
| | | | https://fedorahosted.org/sssd/ticket/657
* Fix cast warning for pam_sss.cStephen Gallagher2010-11-151-8/+11
|
* Avoid long long in messages to PAM client use int64_tSumit Bose2010-11-152-9/+9
|
* Avoid a global variable in netgroup client.Sumit Bose2010-10-132-38/+26
| | | | | The structure which is used to store the result also provides elements to store a context for the netgroup enumeration call.
* Add handling of nested netgroups to nss clientSumit Bose2010-10-132-68/+109
|
* Return NSS_STATUS_RETURN instead of NSS_STATUS_NOTFOUNDSumit Bose2010-10-131-1/+1
| | | | | NSS_STATUS_RETURN needs to be returned to glibc otherwise nested groups are not resolved by glibc.
* Add support for netgroups to NSS sss_clientStephen Gallagher2010-10-134-5/+364
|
* Rename group.c and passwd.c for clarityStephen Gallagher2010-10-132-0/+0
| | | | | Prefixing group.c and passwd.c with "nss_" similar to the way the PAM client sources are prefixed with "pam_"
* Add utility function sss_strnlen()Stephen Gallagher2010-10-132-0/+34
| | | | This is useful for guaranteeing the size of an input buffer.
* Allow sssd clients to reconnectSumit Bose2010-07-231-4/+3
| | | | | | | Currently the PAM and NSS client just return an error if there are problems on an open socket. This will lead to problems in long running programs like gdm if sssd is restarted, e.g. during an update. With this patch the socket is closed and reopened.
* Potential memory leak in _nss_sss_*_r()Jakub Hrozek2010-06-142-0/+5
| | | | Fixes: #516
* Properly handle read() and write() throughout the SSSDStephen Gallagher2010-06-102-1/+17
| | | | | | | We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
* Add a missing free()Sumit Bose2010-06-091-0/+1
|
* Avoid a potential double-freeSumit Bose2010-06-091-0/+1
|
* Handle Krb5 password expiration warningSumit Bose2010-05-262-2/+18
|
* Add retry option to pam_sssSumit Bose2010-05-071-92/+147
|
* Improve the offline authentication messageJakub Hrozek2010-05-071-2/+2
|
* Fix wrong return valueSumit Bose2010-04-301-15/+14
| | | | | If there was a failure during a password change a wrong return value was send back to the PAM stack.
* Display a message if a password reset by root failsSumit Bose2010-04-261-8/+198
|
* Unset authentication tokens if password change failsSumit Bose2010-04-261-27/+52
|
* Use SO_PEERCRED on the PAM socketSumit Bose2010-04-163-2/+95
| | | | | | | | | | | | | | | | | This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
* Revert "Add better checks on PAM socket"Sumit Bose2010-04-161-122/+4
| | | | This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
* Allow arbitrary-length PAM messagesStephen Gallagher2010-03-251-3/+20
| | | | | | | | | The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432
* Improvements for LDAP Password Policy supportRalf Haferkamp2010-03-222-7/+98
| | | | | | | | Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
* Fixed buffer alignment in exchange_credentials().George McCollister2010-03-151-5/+9
| | | | | | buf needs to be 32 bit aligned on ARM. Also made the fix on the server side. Signed-off-by: George McCollister <George.McCollister@gmail.com>
* Prompt for old password even when running as rootRalf Haferkamp2010-03-151-2/+4
| | | | | When changing an expired password (during e.g. login) the PAM module needs to prompt for the old password even when running as root.
* Warn user about an expired passwordRalf Haferkamp2010-03-151-1/+6
|
* Add better checks on PAM socketSumit Bose2010-03-111-4/+118
| | | | | - check if the public socket belongs to root and has 0666 permissions - use a SCM_CREDENTIALS message if available
* Fixed alignment problems in nss client/serverGeorge McCollister2010-03-083-7/+32
| | | | | | | | I fixed a handful of alignment problems in sss_client and nss responder. Enumerating group and passwd with getgrent and getpwent now works correctly on ARM. Signed-off-by: George McCollister <georgem@novatech-llc.com>
* Define _GNU_SOURCE in pam_sss.c.George McCollister2010-03-041-0/+4
| | | | | _GNU_SOURCE needs to be defined when using strndup. Signed-off-by: George McCollister <georgem@novatech-llc.com>
* Handle expired passwords like other PAM modulesSumit Bose2010-02-232-19/+51
| | | | | | | | | | | | | So far we handled expired password during authentication. Other PAM modules typically detect expired password during account management and return PAM_NEW_AUTHTOK_REQD if the password is expired and should be changed. The PAM library then calls the change password routines. To meet these standards pam_sss is change accordingly. As a result it is now possible to update an expired password via ssh if sssd is running with PasswordAuthentication=yes. One drawback due to limitations of PAM is that the user now has to type his current password again before setting a new one.
* Add documentation for PAM response messagesSumit Bose2010-02-191-19/+200
|
* Fix bad mergeStephen Gallagher2010-02-182-0/+839
| | | | | | | | Merging ba8937d83675c7d69808d1d3df8f823afdc5ce2a left the COPYING and COPYING.LESSER files in the now-defunct sss_client directory. This patch moves them into the right location and fixes the spec file to look for them correctly.
* Fix licensing issues for sss_clientStephen Gallagher2010-02-185-30/+72
|