summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Refactor data provider callbacksSumit Bose2010-05-274-142/+188
|
* Revert "Create kdcinfo and kpasswdinfo file at startup"Sumit Bose2010-05-273-50/+1
| | | | This reverts commit f3c31d11bf365eb6a79c4f698667915a4c81eeb7.
* Support password changes in chpass_provider = proxyStephen Gallagher2010-05-271-5/+73
| | | | | We were not passing the old authtok to the pam_chauthtok() function, causing it to return PAM_AUTH_ERR.
* Proxy provider PAM handling in child processStephen Gallagher2010-05-274-138/+1539
| | | | | | | | | | | | | This patch adds a new tevent_req to the proxy provider, which will spawn short-lived child processes to handle PAM requests. These processes then call the proxied PAM stack and return the results via SBUS method reply. Once it is returned, the parent process kills the child. There is a maximum of ten child processes running simultaneously, after which requests will be queued for sending once a child slot frees up. The maximum processes will be made configurable at a later date (as this would violate string freeze).
* Copy pam data from DBus messageSumit Bose2010-05-273-54/+75
| | | | | | | | Instead of just using references to the pam data inside of the DBus message the data is copied. New the DBus message can be freed at any time and the pam data is part of the memory hierarchy. Additionally it is possible to overwrite the authentication tokens in the DBus message, because it is not used elsewhere.
* Fix error reporting for be_pam_handlerStephen Gallagher2010-05-271-1/+1
|
* Make data provider id_callback publicStephen Gallagher2010-05-272-2/+3
|
* Move parse_args() to utilSumit Bose2010-05-273-100/+101
|
* Fix handling of ccache file when going offlineSumit Bose2010-05-262-32/+76
| | | | | | | The ccache file was removed too early if system is offline but the backend was not already marked offline. Now we remove the ccache file only if the successfully got a new one and it is not the same as the old one.
* Add support for delayed kinit if offlineSumit Bose2010-05-2622-34/+591
| | | | | | | If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
* Handle Krb5 password expiration warningSumit Bose2010-05-264-176/+213
|
* Try all servers during Kerberos authJakub Hrozek2010-05-261-23/+104
| | | | | The Kerberos backend would previously try only the first server and if it was unreachable, it immediatelly went offline.
* Display name of PAM action in pam_print_data()Stephen Gallagher2010-05-241-1/+23
|
* Do not modify IPA_DOMAIN when setting Kerberos realmSumit Bose2010-05-231-6/+20
|
* Remove bash-isms from configure macrosPetter Reinholdtsen2010-05-213-14/+14
|
* Copy-edit and format review sssd.confDavid O'Brien2010-05-211-18/+27
| | | | | | Updated EntryCache*Timeout to the correct values. Fixed one missed EntryCacheTimeout Added notes about perf hit of using enumeration.
* Revert "Copy pam data from DBus message"Stephen Gallagher2010-05-203-75/+54
| | | | This reverts commit 2faf73eef14d66aeb345ffa38d0f53670fa8a9a1.
* Add enumerate details to the manpage and examplesStephen Gallagher2010-05-202-3/+21
|
* Copy pam data from DBus messageSumit Bose2010-05-203-54/+75
| | | | | | | | Instead of just using references to the pam data inside of the DBus message the data is copied. New the DBus message can be freed at any time and the pam data is part of the memory hierarchy. Additionally it is possible to overwrite the authentication tokens in the DBus message, because it is not used elsewhere.
* Defer sbus_dispatch() for 30ms during reconnectSumit Bose2010-05-201-1/+2
|
* Add a better error message for TLS failuresStephen Gallagher2010-05-201-3/+32
|
* Update pt translationRui Gouveia2010-05-181-8/+8
|
* Add ldap_krb5_ticket_lifetime optionSumit Bose2010-05-1612-13/+57
|
* Allow Debian/Ubuntu build to pass --install-layout=deb to setup.pyPetter Reinholdtsen2010-05-162-4/+13
|
* Don't report a fatal error for an HBAC denialStephen Gallagher2010-05-161-1/+1
|
* Add dynamic DNS updates to FreeIPAStephen Gallagher2010-05-1613-14/+715
| | | | | | | | | | | | | | | | | | This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
* Properly set up SIGCHLD handlersStephen Gallagher2010-05-166-46/+116
| | | | | | Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
* New version of IPA auth and password migrationSumit Bose2010-05-164-199/+400
| | | | | | | | | The current version modified some global structures to be able to use Kerberos and LDAP authentication during the IPA password migration. This new version only uses tevent requests. Additionally the ipaMigrationEnabled attribute is read from the IPA server to see if password migration is allowed or not.
* Make Kerberos authentication a tevent_reqSumit Bose2010-05-162-215/+345
| | | | | To allow other providers to include Kerberos authentication the main part is put into a tevent request.
* SSSDConfigAPI fixesJakub Hrozek2010-05-164-6/+10
| | | | | | | | * add forgotten ldap_dns_service option * sync IPA and LDAP options (ldap_pwd_policy and ldap_tls_cacertdir) * ldap_uri is no longer mandatory for LDAP provider - the default is to use service discovery with no address set now. Ditto for krb5_kdcip and ipa_server
* Updating pt translationRui Gouveia2010-05-101-89/+35
|
* Revert "Add dynamic DNS updates to FreeIPA"Stephen Gallagher2010-05-0713-715/+14
| | | | | | | This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7. While this patch applied cleanly, it was uncompilable. Reverting until it can be properly merged.
* Add dynamic DNS updates to FreeIPAStephen Gallagher2010-05-0713-14/+715
| | | | | | | | | | | | | | | | | | This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
* Use service discovery in backendsJakub Hrozek2010-05-0717-36/+224
| | | | | | | | | Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
* Add callback when the ID provider switches from offline to onlineStephen Gallagher2010-05-074-0/+174
| | | | | | | | Allow backends to set a callback in the be_ctx that should be invoked when the ID provider goes online. This can be used to perform regular maintenance tasks that are valid only when going online.
* Add more warnings about nearly expired passwordsSumit Bose2010-05-071-5/+66
| | | | | For the shadow and mit_kerberos password policy warnings are sent to the client if the password is about to expire.
* Add retry option to pam_sssSumit Bose2010-05-072-92/+164
|
* Compare the full service nameSumit Bose2010-05-071-1/+2
|
* Create kdcinfo and kpasswdinfo file at startupSumit Bose2010-05-073-1/+50
|
* Clean up kdcinfo and kpasswdinfo files when exitingStephen Gallagher2010-05-075-3/+59
|
* Fix memory hierarchy in the ipa timerulesJakub Hrozek2010-05-071-4/+4
|
* Split pam_data utilities into a separate fileSumit Bose2010-05-073-35/+62
|
* Improve the offline authentication messageJakub Hrozek2010-05-071-2/+2
|
* Make krb5_kpasswd available for any krb5 providerStephen Gallagher2010-05-073-1/+5
| | | | | | | | | Previously, the option krb5_kpasswd was only available if 'chpass_provider = krb5' was specified explicitly. Now it will be available also if 'auth_provider = krb5'. This option was also missing from the IPA options, so I have added it there as well
* Use all available servers in LDAP providerJakub Hrozek2010-05-073-14/+91
|
* Fix segfault in GSSAPI reconnect codeStephen Gallagher2010-05-072-57/+41
| | | | | Also clean up some duplicated code into a single common routine sdap_account_info_common_done()
* Fix a wrong return value in IPA HBACSumit Bose2010-05-031-2/+2
|
* Avoid freeing sdap_handle too earlySimo Sorce2010-05-032-18/+46
| | | | | Prevent freeing the sdap_handle by failing in the destructor if we are trying to recurse.
* Better handle sdap_handle memory from callers.Simo Sorce2010-05-037-42/+144
| | | | | | | | | | | | | Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event.
* Fix uninitialized variableJakub Hrozek2010-05-031-0/+1
|
generated by cgit (git 2.34.1) at 2024-06-28 09:07:09 +0000