sssd.git/src/providers, branch err_facility Experimental work on SSSD - Systen Security Services Daemon Convert sdap_access to new error codes 2013-03-13T18:39:50+00:00 Simo Sorce simo@redhat.com 2013-03-03T23:06:13+00:00 12150d43f17feff531ce6c59c91653205f889649 Also simplify sdap_access_send to avoid completely fake _send() routines. 
Also simplify sdap_access_send to avoid completely fake _send() routines.
Use common error facility instead of sdap_result 2013-03-13T18:39:50+00:00 Simo Sorce simo@redhat.com 2013-02-26T21:25:07+00:00 d5d0fb8278afa5bb95bffd8e4e9c8ac13c18419c Simplifies and consolidates error reporting for ldap authentication paths. Adds 3 new error codes: ERR_CHPASS_DENIED - Used when password constraints deny password changes ERR_ACCOUNT_EXPIRED - Account is expired ERR_PASSWORD_EXPIRED - Password is expired 
Simplifies and consolidates error reporting for ldap authentication paths.

Adds 3 new error codes:
    ERR_CHPASS_DENIED  - Used when password constraints deny password changes
    ERR_ACCOUNT_EXPIRED  - Account is expired
    ERR_PASSWORD_EXPIRED  - Password is expired
Add support for krb5 1.11's responder callback. 2013-03-08T20:58:03+00:00 Nathaniel McCallum npmccallum@redhat.com 2013-03-08T17:06:10+00:00 b40583c6d52b72e41bf01106534535e54b4fba4f krb5 1.11 adds support for a new method for responding to structured data queries. This method, called the responder, provides an alternative to the prompter interface. This patch adds support for this method. It takes the password and provides it via a responder instead of the prompter. In the case of OTP authentication, it also disables the caching of credentials (since the credentials are one-time only). 
krb5 1.11 adds support for a new method for responding to
structured data queries. This method, called the responder,
provides an alternative to the prompter interface.

This patch adds support for this method. It takes the password
and provides it via a responder instead of the prompter. In the
case of OTP authentication, it also disables the caching of
credentials (since the credentials are one-time only).
Fixed typo in debug message. 2013-03-07T12:47:22+00:00 Lukas Slebodnik lslebodn@redhat.com 2013-03-07T09:46:10+00:00 b8e6d0e6d6b9b56ef508578a2ae0078b5b7d22d0 C compiler did not complain, because "index" is function defined in header file <string.h> 
C compiler did not complain, because "index" is function defined
in header file <string.h>
Updated Doxygen configuration to 1.8.1 2013-03-06T11:40:57+00:00 Thorsten Scherf tscherf@redhat.com 2013-03-04T15:50:41+00:00 f0d860c4a1048a05fd7fb9e7dd674474ad8a82f3 https://fedorahosted.org/sssd/ticket/1819 
https://fedorahosted.org/sssd/ticket/1819
Check the return value of sysdb_search_services 2013-03-05T16:36:21+00:00 Jakub Hrozek jhrozek@redhat.com 2013-03-04T23:11:46+00:00 1402e7140d143aaf48224c23182c2c12c2a89cd7 






Cleanup error message handling for krb5 child
2013-03-04T22:40:39+00:00

Simo Sorce
simo@redhat.com

2012-11-22T21:34:18+00:00

c6872e79e8496fd075e20aec0343ade99cca725c

Use the new internal SSSD errors, to simplify error handling.
Instead of using up to 3 different error types (system, krb5 and
pam_status), collapse all error reporting into one error type mapped
on errno_t.

The returned error can contain either SSSD internal errors, kerberos
errors or system errors, they all use different number spaces so there
is no overlap and they can be safely merged.

This means that errors being sent from the child to the parent are not
pam status error messages anymore.
The callers have been changed to properly deal with that.

Also note that this patch removes returning SSS_PAM_SYSTEM_INFO from
the krb5_child for kerberos errors as all it was doing was simply to
make the parent emit the same debug log already emitted by the child,
and the code is simpler if we do not do that.





Use the new internal SSSD errors, to simplify error handling.
Instead of using up to 3 different error types (system, krb5 and
pam_status), collapse all error reporting into one error type mapped
on errno_t.

The returned error can contain either SSSD internal errors, kerberos
errors or system errors, they all use different number spaces so there
is no overlap and they can be safely merged.

This means that errors being sent from the child to the parent are not
pam status error messages anymore.
The callers have been changed to properly deal with that.

Also note that this patch removes returning SSS_PAM_SYSTEM_INFO from
the krb5_child for kerberos errors as all it was doing was simply to
make the parent emit the same debug log already emitted by the child,
and the code is simpler if we do not do that.







krb5_child: fix value type and initialization
2013-03-04T13:44:59+00:00

Ondrej Kos
okos@redhat.com

2013-03-04T09:03:54+00:00

67dac0a65e9322771d853ee0914c41c30a1c4432

ret was defined as integer, instead of errno_t, and was uninitialized





ret was defined as integer, instead of errno_t, and was uninitialized







Use the correct memory context in be_req_create
2013-03-04T13:43:59+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-02-28T09:09:14+00:00

270378e688f30413d75eaa9b5170f4ed8676f1cf












Refactor krb5 child
2013-02-28T11:51:57+00:00

Simo Sorce
simo@redhat.com

2012-11-22T17:39:38+00:00

0a8a06a50e8deaf5b78b1bf4cc99fb571dda7860

The aim of this refactoring is to make the code readable and understandable.
This code has grown organically over time and has becomed confused and
baroque enough that understanding it's very simple flow had become very
complex for the uninitiated. Complex flows easily hide nasty bugs.

Improvements:
- Remove dead/unused data storage
- Fix and simplify talloc hierarchy, use a memory context (kr) for the
whole code and allocate kr->pd where it is filled up.
- Rename some functions to create a better name space (easier for
searching fucntions across the tree)
- Streamline setup function, by spliting out fast setup in a subroutine.
- Avoid confusing indirection in executng actual functions by not
using the krb5_req child_req member.
- Make main() flow s now simmetric, send abck data from the main function
instead of delegating a reply to every inner function that implements a
command.

Now the flow is evident from the main function:
1. read request
2. setup data
3. execute command
4. send reply back





The aim of this refactoring is to make the code readable and understandable.
This code has grown organically over time and has becomed confused and
baroque enough that understanding it's very simple flow had become very
complex for the uninitiated. Complex flows easily hide nasty bugs.

Improvements:
- Remove dead/unused data storage
- Fix and simplify talloc hierarchy, use a memory context (kr) for the
whole code and allocate kr->pd where it is filled up.
- Rename some functions to create a better name space (easier for
searching fucntions across the tree)
- Streamline setup function, by spliting out fast setup in a subroutine.
- Avoid confusing indirection in executng actual functions by not
using the krb5_req child_req member.
- Make main() flow s now simmetric, send abck data from the main function
instead of delegating a reply to every inner function that implements a
command.

Now the flow is evident from the main function:
1. read request
2. setup data
3. execute command
4. send reply back