sssd.git/src/responder/pam, branch simo Unnamed repository; edit this file to name it for gitweb. Add domain argument to sysdb selinux functions 2013-01-11T15:43:14+00:00 Simo Sorce simo@redhat.com 2013-01-08T05:48:12+00:00 787bc08f689e5e7ec0d452c1fc3e5daf3329c2fd 






Add domain argument to sysdb_cache_auth()
2013-01-11T15:43:12+00:00

Simo Sorce
simo@redhat.com

2013-01-08T02:40:12+00:00

822d27d1fd5e0169918d24ce86214637479aa7cc












Add domain argument to sysdb_set_user_attr()
2013-01-11T15:43:11+00:00

Simo Sorce
simo@redhat.com

2013-01-07T22:09:16+00:00

2252c24404d44e2e33054803995506f67c06f021












Add domain argument to sysdb_get_user_attr()
2013-01-11T15:43:10+00:00

Simo Sorce
simo@redhat.com

2013-01-06T22:54:02+00:00

7b8552a69077f329bf91ea9ceec68ec060e9a2a6












Pass domain to sysdb_get<pw/gr>nam() functions
2013-01-11T15:43:10+00:00

Simo Sorce
simo@redhat.com

2013-01-06T22:17:25+00:00

87cf33df962e48a39514d037ddc514ff11081db6

Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore
fqnames proper value in subdomains, by testing for a parent domain being
present or not.





Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore
fqnames proper value in subdomains, by testing for a parent domain being
present or not.







Change pam data auth tokens.
2013-01-10T17:24:59+00:00

Simo Sorce
simo@redhat.com

2012-10-18T22:43:56+00:00

64af76e2bef2565caa9738f675c108a4b3789237

Use the new authtok abstraction and interfaces throught the code.





Use the new authtok abstraction and interfaces throught the code.







Code can only check for cached passwords
2013-01-10T17:24:59+00:00

Simo Sorce
simo@redhat.com

2012-10-18T16:49:38+00:00

c83e409297711e6012a164cc929c758a3f38e9b9

Make it clear to the API users that we can not take arbitrary auth tokens.
We can only take a password for now so simplify and clarify the interface.





Make it clear to the API users that we can not take arbitrary auth tokens.
We can only take a password for now so simplify and clarify the interface.







RESPONDERS: Create a common file with service names and versions
2012-12-18T16:25:34+00:00

Jakub Hrozek
jhrozek@redhat.com

2012-12-15T15:24:25+00:00

e880949305cee3aca79441fe6113a9d79e7c98f2

The monitor sends calls different sbus methods to different responders.
Instead of including headers of the particular responders directly in
monitor, which breaks layering a little, create a common header file
that will be included from src/responder/common/





The monitor sends calls different sbus methods to different responders.
Instead of including headers of the particular responders directly in
monitor, which breaks layering a little, create a common header file
that will be included from src/responder/common/







sssd_pam: Cleanup requests cache on sbus reconect
2012-12-14T16:23:56+00:00

Simo Sorce
simo@redhat.com

2012-12-13T23:13:06+00:00

927c089ba7799a0d006769bf3a09f769966b068b

The pam responder was not properly configured to recover from a backend
disconnect. The connections that were in flight before the disconnection
were never freed and new requests for the same user would just pile up on
top of the now phantom requests.

Fixes: https://fedorahosted.org/sssd/ticket/1655





The pam responder was not properly configured to recover from a backend
disconnect. The connections that were in flight before the disconnection
were never freed and new requests for the same user would just pile up on
top of the now phantom requests.

Fixes: https://fedorahosted.org/sssd/ticket/1655







Refactor the way subdomain accounts are saved
2012-11-19T14:11:03+00:00

Simo Sorce
simo@redhat.com

2012-11-16T20:25:42+00:00

8d9e0547a864cee05ab36bc988300c0cfa986025

The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.

One of the side effects of this incongrunece is that currently group
memberships do not return fully qualified names for subdomain users as they
should.

In oreder to fix this and other potential issues surrounding the violation
of the original assumption, we need to fully qualify subdomain user names.
By savin them fully qualified we do not risk aliasing local users and have
group memberhips or other name based matching code mistake a domain user
with subdomain usr or vice versa.





The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.

One of the side effects of this incongrunece is that currently group
memberships do not return fully qualified names for subdomain users as they
should.

In oreder to fix this and other potential issues surrounding the violation
of the original assumption, we need to fully qualify subdomain user names.
By savin them fully qualified we do not risk aliasing local users and have
group memberhips or other name based matching code mistake a domain user
with subdomain usr or vice versa.