summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release version 0.3.3sssd-0_3_3Stephen Gallagher2009-04-273-3/+3
|
* Eliminate segfault on NSS and PAM responder startup.Stephen Gallagher2009-04-271-0/+4
| | | | | | | | If the data provider is not yet available when NSS and PAM start, they will generate a segmentation fault when trying to configure their automatic reconnection to the Data Provider. I've now added code in sss_dp_init() to detect whether the dp_ctx is NULL and return EIO.
* Stress testJakub Hrozek2009-04-273-1/+333
|
* enable uid/gid generation againSumit Bose2009-04-271-3/+6
|
* handle pam acct_mgmt, setcred and open/close_session before user bind in ↵Sumit Bose2009-04-271-0/+17
| | | | ldap backend
* fix for pam proxy chauthtokSumit Bose2009-04-274-9/+22
| | | | | | | | | | When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
* removed length of unused element from packet size calculationSumit Bose2009-04-231-1/+1
| | | | | | The domain name is no longer send as an element on its own, but if set as a member of the response array. If the user was not found pd->domain is NULL and strlen will seg-fault.
* fixes for user and group creation in LOCAL domainSumit Bose2009-04-232-1/+20
| | | | | - added range check for supplied UIDs and GIDs - initialize pc_gid to 0 to trigger gid generation
* allow to forward the authtok to other pam modulesSumit Bose2009-04-231-0/+16
| | | | | | | | Other pam modules which are called after pam_sss might want to reuse the given password so that the user is not bothered with multiple password prompt. When pam_sss is configured with the option 'forward_pass' it will use pam_set_item to safe the password for other pam modules.
* fix for a seq fault when pam_reply_delay is called.Sumit Bose2009-04-221-2/+2
| | | | see https://fedorahosted.org/sssd/ticket/25
* add dynamic hash table data structure implementationJohn Dennis2009-04-228-2/+1903
| | | | | | | | | | | | | | | | | | | | | | Apply suggested fixes by Simo after code review * return statements no longer use () unless it's an expression * remove all use of assert() in library * use bool,true,false instead of int,TRUE,FALSE * add check for NULL hash table in public entry points * example code in header file now a seperate file * assure consistent use of unsigned long data type * add more debugging support * break out generation of integer key into convert_key() function * table parameters now tunable rather than hardcoded * table can now accept custom alloc()/free() functions * add function create_table_ex() to pass extra table parameters * remove MUL(), DIV(), MOD() macros * hash statistics now separate struct which can be queried * test program now accepts tuning parameters, iteration count; has better error checking and reporting fix min/max load factor comman line args in test program
* Add a release script to help building tarballsSimo Sorce2009-04-201-0/+8
| | | | It needs a gpg key for signing the tarball.
* sssd 0.3.2sssd-0_3_2Jakub Hrozek2009-04-204-4/+7
|
* INI parser. Fix for line numbers.Dmitri Pal2009-04-171-1/+4
| | | | | | Realized that I need to differentiate sections and attributes. To do this the line numbers for sections will be negative.
* INI parser. Adding comments to avoid confusion.Dmitri Pal2009-04-171-0/+2
| | | | | | There was a confusion about the functions that were recently added. They are incomplete. New added comments make it clear.
* INI parser. Removing inlines.Dmitri Pal2009-04-171-17/+17
| | | | There is controversy about the inlines so they are removed.
* Force user check and discover user's domainSimo Sorce2009-04-176-297/+593
| | | | | | | | | | | Force a user lookup against the users domain provider. If a user domain is not specified search though all non fully qualifying domains. Perform authentication against the corrent domain auth backend, based on the user's domain found in the lookup if one was not specified. Also move the NSS-DP functions in COMMON-DP as they are reused by the PAM responder too now.
* INI parser. Cleanup. Prep for INI validation.Dmitri Pal2009-04-163-189/+460
| | | | | | | | | | | | | This patch addresses several issues: a) Cleaning unit test to match coding standard b) Replace tabs with spaces - I do not know where they came but there were some. c) Allowing to read file and keep aside a collection of K-V pairs where key is the key in the INI file and value is the line number on which line the key apears. d) There will be different kinds of errors so error printing function was abstracted. g) Placeholders for other printing functions have been introduced.
* Avoid unnecessary reloads of config.ldbSimo Sorce2009-04-161-4/+37
| | | | | | Add code to check if the file has changed since the last update was performed. Avoid dumping and reloading the config ldb if the modification time of the configuration file has not changed at all.
* Fix by_id enumeration with multiple domainsSimo Sorce2009-04-161-0/+10
| | | | | | We need to stop parsing domains as soon as a caaandidate is found and let the callback search additional domains if the id is not found. Should fix ticket #21
* INI parser. Better error handling if something bad happens.Dmitri Pal2009-04-151-6/+21
| | | | | | Tried to use the INI interface and saw that the list of parsing errors can be not NULL but the actual data is cleaned.
* Fixing memory issues in ini and collectionDmitri Pal2009-04-143-15/+40
| | | | | | | The read_line() function used an internal buffer allocated on stack as temporary storage for a line read from file, then returned it. read_line() now gets a buffer from the caller. Fixed memory leaks in INI and Collection found by valgrind.
* Add common function to retrieve comma sep. listsSimo Sorce2009-04-144-106/+179
| | | | | | Also convert all places where we were using custom code to parse config arguments. And fix a copy&paste error in nss_get_config
* Make reconnection to the Data Provider a global settingStephen Gallagher2009-04-146-10/+12
| | | | | | | Previously, every DP client was allowed to set its own "retries" option. This option was ambiguous, and useless. All DP clients will now use a global option set in the services config called "reconnection_retries"
* Replace the example sssd.conf file with the one used in FedoraStephen Gallagher2009-04-141-32/+71
| | | | | Also remove the [services/infopipe] section, since we're not shipping InfoPipe yet, and that would be confusing.
* Add reconnection code between the NSS responder and the Data providerStephen Gallagher2009-04-141-1/+52
|
* Bump up to 0.3.1sssd-0_3_1Simo Sorce2009-04-133-4/+7
|
* Fix a couple of segfaults and timeout checksSimo Sorce2009-04-135-51/+34
|
* Build fixes for RPM packaging of SSSDStephen Gallagher2009-04-133-2/+6
| | | | | | We were missing several BuildRequires for the autotools. Also, we were linking against two external libraries in the common code that we do not actually use.
* Set version to 0.3.0Simo Sorce2009-04-131-1/+1
|
* Add a LSB header to the initscriptSumit Bose2009-04-131-0/+14
|
* Fix segfaults when passing an unknown domainSimo Sorce2009-04-131-9/+20
| | | | | Also setting dctx->domain to NULL is a recipe for segfaults :-) Assign dctx->domain only when dom actually holds a domain pointer.
* Implement credentials caching in pam responder.Simo Sorce2009-04-1314-209/+576
| | | | | | | Implement credentials caching in pam responder. Currently works only for the proxy backend. Also cleanup pam responder code and mode common code in data provider. (the data provider should never include responder private headers)
* Always pass full domain infoSimo Sorce2009-04-1310-116/+174
| | | | | Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
* Remove InfoPipe from the RPM buildStephen Gallagher2009-04-131-4/+5
|
* Update RPM build for configuration changesStephen Gallagher2009-04-133-43/+44
|
* Allow configuration of the SSSD through /etc/sssd/sssd.confStephen Gallagher2009-04-1311-274/+686
| | | | | | | | | | | | | | | | | | | The SSSD now links with the ini_config and collection libraries in the common directory. The monitor will track changes to the /etc/sssd/sssd.conf file using inotify on platforms that support it, or polled every 5 seconds on platforms that do not. At startup or modification of the conf file, the monitor will purge the existing confdb and reread it completely from the conf file, to ensure that there are no lingering entries. It does this in a transaction, so there should be no race condition with the client services. A new option has been added to the startup options for the SSSD. It is now possible to specify an alternate config file with the -c <file> at the command line.
* Build system improvements for common toolsStephen Gallagher2009-04-138-16/+52
| | | | | | | | | Allows building shared or static libraries using autotools and provides a pkg-config file to simplify inclusion into other parts of the project (or other projects in the future) For now, we will statically link the collection library and INI parser.
* The lower level function now returns NOENT if file is not found.Dmitri Pal2009-04-102-3/+11
|
* Added functions to create list of sections and attributes.Dmitri Pal2009-04-105-0/+245
|
* Redesign the the monitor's configuration to enable live reloadsStephen Gallagher2009-04-102-150/+618
| | | | Fixes requested during code review
* Make the monitor address a compile-time optionStephen Gallagher2009-04-091-20/+10
| | | | | | Previously it was runtime-selectable in the confdb, but this is not a sensible approach, as if it were to change during runtime, it would cause problems communicating with the child services.
* INI component: Fixed issues introduced by cleanup.Dmitri Pal2009-04-096-82/+228
| | | | | | | Added a few new functions. Cleaned code that was subject to conditional build. Fixed the floating point conversion. Keep const values as const.
* Serialize requests vs backends.Simo Sorce2009-04-091-544/+702
| | | | | | | This way we do not waste resources starting searching for users/groups in multiple backends when the first one has the answer. Also prevents possible race conditions where a user named the same way is found in multiple backends and the wrong one is returned.
* Remove obsolete optionSimo Sorce2009-04-081-1/+0
|
* Fix missing entry from first-start configStephen Gallagher2009-04-081-0/+1
| | | | | | Since we switched to allowing domains to be configured but inactive, we need to include the default set (just LOCAL) into the first-start config.
* Fix SBUS handling of unknown messagesStephen Gallagher2009-04-081-0/+2
| | | | | This was missed when we moved away from using the message_handler for sending replies (in order to support async processing).
* Change the way we retrieve domainsSimo Sorce2009-04-0822-391/+273
| | | | | | | | | | | | | To be able to correctly filter out duplicate names when multiple non-fully qualified domains are in use we need to be able to specify the domains order. This is now accomplished by the configuration paramets 'domains' in the config/domains entry. 'domains' is a comma separated list of domain names. This paramter allows also to have disbaled domains in the configuration without requiring to completely delete them. The domains list is now kept in a linked list of sss_domain_info objects. The first domain is also the "default" domain.
* Clean up warnings in SSSDStephen Gallagher2009-04-076-25/+23
|
* Unify name parsing and reposnder headersSimo Sorce2009-04-0712-243/+328
| | | | | | Use common sss_parse_name function in all responders Simplify responder headers by combining common,cmd,dp in one header and add name parse structure as part of the common responder context.
generated by cgit (git 2.34.1) at 2024-04-30 13:33:24 +0000