summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-04-28Add debug param to the tools, fix lock/unlock in sss_usermodJakub Hrozek6-3/+31
2009-04-28Invoke shadow-utils in sss_ toolsJakub Hrozek11-48/+643
Make shadow-utils base path configurable Use default values for params, allow configuring them
2009-04-28handle other pam calls when offlineSumit Bose1-0/+10
2009-04-28Use different attribute for cached passwords change timeSumit Bose1-2/+2
2009-04-28enable offline handling for native LDAP backendSumit Bose1-4/+48
2009-04-28change PAM timeout the match NSS timeSumit Bose2-3/+1
2009-04-27Use different attribute for cached passwordsSimo Sorce2-3/+5
This fixes a bug with legacy backends where the cached password would be cleared on a user update. Using a different attribute we make sure a userPassword coming from the remote backend does not interfere with a cachedPassword (and vice versa).
2009-04-27Update sss_client configure.ac tooSimo Sorce1-1/+1
2009-04-27Release version 0.3.3Stephen Gallagher3-3/+3
2009-04-27Eliminate segfault on NSS and PAM responder startup.Stephen Gallagher1-0/+4
If the data provider is not yet available when NSS and PAM start, they will generate a segmentation fault when trying to configure their automatic reconnection to the Data Provider. I've now added code in sss_dp_init() to detect whether the dp_ctx is NULL and return EIO.
2009-04-27Stress testJakub Hrozek3-1/+333
2009-04-27enable uid/gid generation againSumit Bose1-3/+6
2009-04-27handle pam acct_mgmt, setcred and open/close_session before user bind in ↵Sumit Bose1-0/+17
ldap backend
2009-04-27fix for pam proxy chauthtokSumit Bose4-9/+22
When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
2009-04-23removed length of unused element from packet size calculationSumit Bose1-1/+1
The domain name is no longer send as an element on its own, but if set as a member of the response array. If the user was not found pd->domain is NULL and strlen will seg-fault.
2009-04-23fixes for user and group creation in LOCAL domainSumit Bose2-1/+20
- added range check for supplied UIDs and GIDs - initialize pc_gid to 0 to trigger gid generation
2009-04-23allow to forward the authtok to other pam modulesSumit Bose1-0/+16
Other pam modules which are called after pam_sss might want to reuse the given password so that the user is not bothered with multiple password prompt. When pam_sss is configured with the option 'forward_pass' it will use pam_set_item to safe the password for other pam modules.
2009-04-22fix for a seq fault when pam_reply_delay is called.Sumit Bose1-2/+2
see https://fedorahosted.org/sssd/ticket/25
2009-04-22add dynamic hash table data structure implementationJohn Dennis8-2/+1903
Apply suggested fixes by Simo after code review * return statements no longer use () unless it's an expression * remove all use of assert() in library * use bool,true,false instead of int,TRUE,FALSE * add check for NULL hash table in public entry points * example code in header file now a seperate file * assure consistent use of unsigned long data type * add more debugging support * break out generation of integer key into convert_key() function * table parameters now tunable rather than hardcoded * table can now accept custom alloc()/free() functions * add function create_table_ex() to pass extra table parameters * remove MUL(), DIV(), MOD() macros * hash statistics now separate struct which can be queried * test program now accepts tuning parameters, iteration count; has better error checking and reporting fix min/max load factor comman line args in test program
2009-04-20Add a release script to help building tarballsSimo Sorce1-0/+8
It needs a gpg key for signing the tarball.
2009-04-20sssd 0.3.2Jakub Hrozek4-4/+7
2009-04-17INI parser. Fix for line numbers.Dmitri Pal1-1/+4
Realized that I need to differentiate sections and attributes. To do this the line numbers for sections will be negative.
2009-04-17INI parser. Adding comments to avoid confusion.Dmitri Pal1-0/+2
There was a confusion about the functions that were recently added. They are incomplete. New added comments make it clear.
2009-04-17INI parser. Removing inlines.Dmitri Pal1-17/+17
There is controversy about the inlines so they are removed.
2009-04-17Force user check and discover user's domainSimo Sorce6-297/+593
Force a user lookup against the users domain provider. If a user domain is not specified search though all non fully qualifying domains. Perform authentication against the corrent domain auth backend, based on the user's domain found in the lookup if one was not specified. Also move the NSS-DP functions in COMMON-DP as they are reused by the PAM responder too now.
2009-04-16INI parser. Cleanup. Prep for INI validation.Dmitri Pal3-189/+460
This patch addresses several issues: a) Cleaning unit test to match coding standard b) Replace tabs with spaces - I do not know where they came but there were some. c) Allowing to read file and keep aside a collection of K-V pairs where key is the key in the INI file and value is the line number on which line the key apears. d) There will be different kinds of errors so error printing function was abstracted. g) Placeholders for other printing functions have been introduced.
2009-04-16Avoid unnecessary reloads of config.ldbSimo Sorce1-4/+37
Add code to check if the file has changed since the last update was performed. Avoid dumping and reloading the config ldb if the modification time of the configuration file has not changed at all.
2009-04-16Fix by_id enumeration with multiple domainsSimo Sorce1-0/+10
We need to stop parsing domains as soon as a caaandidate is found and let the callback search additional domains if the id is not found. Should fix ticket #21
2009-04-15INI parser. Better error handling if something bad happens.Dmitri Pal1-6/+21
Tried to use the INI interface and saw that the list of parsing errors can be not NULL but the actual data is cleaned.
2009-04-14Fixing memory issues in ini and collectionDmitri Pal3-15/+40
The read_line() function used an internal buffer allocated on stack as temporary storage for a line read from file, then returned it. read_line() now gets a buffer from the caller. Fixed memory leaks in INI and Collection found by valgrind.
2009-04-14Add common function to retrieve comma sep. listsSimo Sorce4-106/+179
Also convert all places where we were using custom code to parse config arguments. And fix a copy&paste error in nss_get_config
2009-04-14Make reconnection to the Data Provider a global settingStephen Gallagher6-10/+12
Previously, every DP client was allowed to set its own "retries" option. This option was ambiguous, and useless. All DP clients will now use a global option set in the services config called "reconnection_retries"
2009-04-14Replace the example sssd.conf file with the one used in FedoraStephen Gallagher1-32/+71
Also remove the [services/infopipe] section, since we're not shipping InfoPipe yet, and that would be confusing.
2009-04-14Add reconnection code between the NSS responder and the Data providerStephen Gallagher1-1/+52
2009-04-13Bump up to 0.3.1Simo Sorce3-4/+7
2009-04-13Fix a couple of segfaults and timeout checksSimo Sorce5-51/+34
2009-04-13Build fixes for RPM packaging of SSSDStephen Gallagher3-2/+6
We were missing several BuildRequires for the autotools. Also, we were linking against two external libraries in the common code that we do not actually use.
2009-04-13Set version to 0.3.0Simo Sorce1-1/+1
2009-04-13Add a LSB header to the initscriptSumit Bose1-0/+14
2009-04-13Fix segfaults when passing an unknown domainSimo Sorce1-9/+20
Also setting dctx->domain to NULL is a recipe for segfaults :-) Assign dctx->domain only when dom actually holds a domain pointer.
2009-04-13Implement credentials caching in pam responder.Simo Sorce14-209/+576
Implement credentials caching in pam responder. Currently works only for the proxy backend. Also cleanup pam responder code and mode common code in data provider. (the data provider should never include responder private headers)
2009-04-13Always pass full domain infoSimo Sorce10-116/+174
Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
2009-04-13Remove InfoPipe from the RPM buildStephen Gallagher1-4/+5
2009-04-13Update RPM build for configuration changesStephen Gallagher3-43/+44
2009-04-13Allow configuration of the SSSD through /etc/sssd/sssd.confStephen Gallagher11-274/+686
The SSSD now links with the ini_config and collection libraries in the common directory. The monitor will track changes to the /etc/sssd/sssd.conf file using inotify on platforms that support it, or polled every 5 seconds on platforms that do not. At startup or modification of the conf file, the monitor will purge the existing confdb and reread it completely from the conf file, to ensure that there are no lingering entries. It does this in a transaction, so there should be no race condition with the client services. A new option has been added to the startup options for the SSSD. It is now possible to specify an alternate config file with the -c <file> at the command line.
2009-04-13Build system improvements for common toolsStephen Gallagher8-16/+52
Allows building shared or static libraries using autotools and provides a pkg-config file to simplify inclusion into other parts of the project (or other projects in the future) For now, we will statically link the collection library and INI parser.
2009-04-10The lower level function now returns NOENT if file is not found.Dmitri Pal2-3/+11
2009-04-10Added functions to create list of sections and attributes.Dmitri Pal5-0/+245
2009-04-10Redesign the the monitor's configuration to enable live reloadsStephen Gallagher2-150/+618
Fixes requested during code review
2009-04-09Make the monitor address a compile-time optionStephen Gallagher1-20/+10
Previously it was runtime-selectable in the confdb, but this is not a sensible approach, as if it were to change during runtime, it would cause problems communicating with the child services.