summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* sssd 0.3.2sssd-0_3_2Jakub Hrozek2009-04-204-4/+7
|
* INI parser. Fix for line numbers.Dmitri Pal2009-04-171-1/+4
| | | | | | Realized that I need to differentiate sections and attributes. To do this the line numbers for sections will be negative.
* INI parser. Adding comments to avoid confusion.Dmitri Pal2009-04-171-0/+2
| | | | | | There was a confusion about the functions that were recently added. They are incomplete. New added comments make it clear.
* INI parser. Removing inlines.Dmitri Pal2009-04-171-17/+17
| | | | There is controversy about the inlines so they are removed.
* Force user check and discover user's domainSimo Sorce2009-04-176-297/+593
| | | | | | | | | | | Force a user lookup against the users domain provider. If a user domain is not specified search though all non fully qualifying domains. Perform authentication against the corrent domain auth backend, based on the user's domain found in the lookup if one was not specified. Also move the NSS-DP functions in COMMON-DP as they are reused by the PAM responder too now.
* INI parser. Cleanup. Prep for INI validation.Dmitri Pal2009-04-163-189/+460
| | | | | | | | | | | | | This patch addresses several issues: a) Cleaning unit test to match coding standard b) Replace tabs with spaces - I do not know where they came but there were some. c) Allowing to read file and keep aside a collection of K-V pairs where key is the key in the INI file and value is the line number on which line the key apears. d) There will be different kinds of errors so error printing function was abstracted. g) Placeholders for other printing functions have been introduced.
* Avoid unnecessary reloads of config.ldbSimo Sorce2009-04-161-4/+37
| | | | | | Add code to check if the file has changed since the last update was performed. Avoid dumping and reloading the config ldb if the modification time of the configuration file has not changed at all.
* Fix by_id enumeration with multiple domainsSimo Sorce2009-04-161-0/+10
| | | | | | We need to stop parsing domains as soon as a caaandidate is found and let the callback search additional domains if the id is not found. Should fix ticket #21
* INI parser. Better error handling if something bad happens.Dmitri Pal2009-04-151-6/+21
| | | | | | Tried to use the INI interface and saw that the list of parsing errors can be not NULL but the actual data is cleaned.
* Fixing memory issues in ini and collectionDmitri Pal2009-04-143-15/+40
| | | | | | | The read_line() function used an internal buffer allocated on stack as temporary storage for a line read from file, then returned it. read_line() now gets a buffer from the caller. Fixed memory leaks in INI and Collection found by valgrind.
* Add common function to retrieve comma sep. listsSimo Sorce2009-04-144-106/+179
| | | | | | Also convert all places where we were using custom code to parse config arguments. And fix a copy&paste error in nss_get_config
* Make reconnection to the Data Provider a global settingStephen Gallagher2009-04-146-10/+12
| | | | | | | Previously, every DP client was allowed to set its own "retries" option. This option was ambiguous, and useless. All DP clients will now use a global option set in the services config called "reconnection_retries"
* Replace the example sssd.conf file with the one used in FedoraStephen Gallagher2009-04-141-32/+71
| | | | | Also remove the [services/infopipe] section, since we're not shipping InfoPipe yet, and that would be confusing.
* Add reconnection code between the NSS responder and the Data providerStephen Gallagher2009-04-141-1/+52
|
* Bump up to 0.3.1sssd-0_3_1Simo Sorce2009-04-133-4/+7
|
* Fix a couple of segfaults and timeout checksSimo Sorce2009-04-135-51/+34
|
* Build fixes for RPM packaging of SSSDStephen Gallagher2009-04-133-2/+6
| | | | | | We were missing several BuildRequires for the autotools. Also, we were linking against two external libraries in the common code that we do not actually use.
* Set version to 0.3.0Simo Sorce2009-04-131-1/+1
|
* Add a LSB header to the initscriptSumit Bose2009-04-131-0/+14
|
* Fix segfaults when passing an unknown domainSimo Sorce2009-04-131-9/+20
| | | | | Also setting dctx->domain to NULL is a recipe for segfaults :-) Assign dctx->domain only when dom actually holds a domain pointer.
* Implement credentials caching in pam responder.Simo Sorce2009-04-1314-209/+576
| | | | | | | Implement credentials caching in pam responder. Currently works only for the proxy backend. Also cleanup pam responder code and mode common code in data provider. (the data provider should never include responder private headers)
* Always pass full domain infoSimo Sorce2009-04-1310-116/+174
| | | | | Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
* Remove InfoPipe from the RPM buildStephen Gallagher2009-04-131-4/+5
|
* Update RPM build for configuration changesStephen Gallagher2009-04-133-43/+44
|
* Allow configuration of the SSSD through /etc/sssd/sssd.confStephen Gallagher2009-04-1311-274/+686
| | | | | | | | | | | | | | | | | | | The SSSD now links with the ini_config and collection libraries in the common directory. The monitor will track changes to the /etc/sssd/sssd.conf file using inotify on platforms that support it, or polled every 5 seconds on platforms that do not. At startup or modification of the conf file, the monitor will purge the existing confdb and reread it completely from the conf file, to ensure that there are no lingering entries. It does this in a transaction, so there should be no race condition with the client services. A new option has been added to the startup options for the SSSD. It is now possible to specify an alternate config file with the -c <file> at the command line.
* Build system improvements for common toolsStephen Gallagher2009-04-138-16/+52
| | | | | | | | | Allows building shared or static libraries using autotools and provides a pkg-config file to simplify inclusion into other parts of the project (or other projects in the future) For now, we will statically link the collection library and INI parser.
* The lower level function now returns NOENT if file is not found.Dmitri Pal2009-04-102-3/+11
|
* Added functions to create list of sections and attributes.Dmitri Pal2009-04-105-0/+245
|
* Redesign the the monitor's configuration to enable live reloadsStephen Gallagher2009-04-102-150/+618
| | | | Fixes requested during code review
* Make the monitor address a compile-time optionStephen Gallagher2009-04-091-20/+10
| | | | | | Previously it was runtime-selectable in the confdb, but this is not a sensible approach, as if it were to change during runtime, it would cause problems communicating with the child services.
* INI component: Fixed issues introduced by cleanup.Dmitri Pal2009-04-096-82/+228
| | | | | | | Added a few new functions. Cleaned code that was subject to conditional build. Fixed the floating point conversion. Keep const values as const.
* Serialize requests vs backends.Simo Sorce2009-04-091-544/+702
| | | | | | | This way we do not waste resources starting searching for users/groups in multiple backends when the first one has the answer. Also prevents possible race conditions where a user named the same way is found in multiple backends and the wrong one is returned.
* Remove obsolete optionSimo Sorce2009-04-081-1/+0
|
* Fix missing entry from first-start configStephen Gallagher2009-04-081-0/+1
| | | | | | Since we switched to allowing domains to be configured but inactive, we need to include the default set (just LOCAL) into the first-start config.
* Fix SBUS handling of unknown messagesStephen Gallagher2009-04-081-0/+2
| | | | | This was missed when we moved away from using the message_handler for sending replies (in order to support async processing).
* Change the way we retrieve domainsSimo Sorce2009-04-0822-391/+273
| | | | | | | | | | | | | To be able to correctly filter out duplicate names when multiple non-fully qualified domains are in use we need to be able to specify the domains order. This is now accomplished by the configuration paramets 'domains' in the config/domains entry. 'domains' is a comma separated list of domain names. This paramter allows also to have disbaled domains in the configuration without requiring to completely delete them. The domains list is now kept in a linked list of sss_domain_info objects. The first domain is also the "default" domain.
* Clean up warnings in SSSDStephen Gallagher2009-04-076-25/+23
|
* Unify name parsing and reposnder headersSimo Sorce2009-04-0712-243/+328
| | | | | | Use common sss_parse_name function in all responders Simplify responder headers by combining common,cmd,dp in one header and add name parse structure as part of the common responder context.
* Use info in the domain entry to determine action.Simo Sorce2009-04-071-1/+12
| | | | | This way LOCAL domains backed by files works as expected too. Tested with nss_files + pam_unix
* Split modules types in Identity and AuthenticatorSimo Sorce2009-04-078-81/+275
| | | | | | | | | | | | | | The same module may implement both types, but initializatrion will be nonetheless performed separately, once for the identity module and once for the authenticator module. Also change the proxy module to retireve the pam target name from the domain configuration so that it is possibile to create per-domain pam stacks. With this modification it is actually possibile to use normal nss and pam modules to perform a successful authentication (tested only with sudo so far) Update exmples.
* Fix const warningsSimo Sorce2009-04-075-145/+169
|
* Style fixes for /commonSimo Sorce2009-04-076-1618/+1977
|
* Clean up a lot of warnings in Collection and INI parserStephen Gallagher2009-04-068-30/+22
|
* Fix build system for Collection and INI parser.Stephen Gallagher2009-04-065-6/+12
| | | | | | Adds ini subdirectory so it will be built, adds some clarification to the README, makes the configure --help more clear about the trace level and enables -Wall reporting.
* First attempt to produce INI interface.Dmitri Pal2009-04-067-0/+2312
|
* First commit of basic collection API.Dmitri Pal2009-04-0613-0/+5349
|
* Remove useless fileSimo Sorce2009-04-031-35/+0
| | | | This became obsolete when we moved all functions to sysdb.
* Do not use the ldap libraries ldap_ prefixSimo Sorce2009-04-021-76/+76
| | | | | | | The ldap_ prefix should be considered reserved namespace for ldap librraies Renaming all ldap_* internal stuff to sdap_, in some cases also move from ldap_be_ to sdap_ as the reason for _be_ was just clearly a name space conflict (ldap_be_init, etc..)
* Add way to use files as a proxy backend fro LOCALSimo Sorce2009-04-015-50/+160
| | | | | | | | | | | | Makes LOCAL a normal backend removing some special handling. Fix/Add id range filtering and name filtering Filters uid=0 and gid=0 in the proxy backend as 0 is invalid within sysdb and was causing getxxent calls to fail completely. Fix nss_ncache_check_xxx calls to avoid dirtying the 'ret' variable and causing some unwanted failures. Change sysdb to always return the uid number when searching member entries so that id range filtering can be perfomed also in group searhes (does not work with legacy backends)
* Add a more flexible way to parse and filter names.Simo Sorce2009-04-018-283/+899
| | | | | | | | | | A new nss_parse_name function uses pcre to parse names, this makes it possible, in future, to make the filter user configurable. Add a new filter mechanism to filter out users that uses the negative cache by setting a permanet negative entry. Rework the entry points where the negative cache is checked for.
generated by cgit (git 2.34.1) at 2024-05-01 14:12:36 +0000