summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-05-12Fix warnings in monitor.c and confdb.cStephen Gallagher2-7/+13
2009-05-11Separate confdb API from confdb setupStephen Gallagher8-374/+458
Refactoring the confdb so that the setup code can be linked separately from the access API. This is being done so that our plugins do not need to link against the collection and ini_config libraries.
2009-05-08added syslog support to pam_sssSumit Bose1-5/+40
2009-05-08cleanup and fixes for pam_sssSumit Bose1-190/+352
- if PAM_USER==root return PAM_USER_UNKNOWN - pam_sss now can handle to following options: - use_first_pass: forces the module to use a previous stacked modules password and will never prompt the user - use_authtok: when password changing enforce the module to set the new password to the one provided by a previously stacked password module - forward_pass: store the passwords collected by the module as pam items for modules called later in the stack
2009-05-08Chdir to / when daemonizingJakub Hrozek1-0/+11
2009-05-08Use tevent for shutdown signals, remove old pidfile, make sssd single-instance.Jakub Hrozek2-1/+79
Use tevent signal handling facilities for handlong SIGTERM and SIGINT in the monitor. Remove pidfile on SIGTERM and SIGINT. Make sssd single-instance by checking if we suceeded in signaling the process in the pidfile.
2009-05-08redirect stderr to /dev/null in initscriptJakub Hrozek1-1/+1
2009-05-06Fix some more return paths using uninitalized retSimo Sorce1-3/+3
2009-05-04Fixes for porting SSSD to Debian-based platformsStephen Gallagher5-5/+7
2009-04-29Fix configuration corruption issueStephen Gallagher1-2/+20
In the event that the configuration was corrupt the first time the SSSD is started, it would write in the special data for attributes and indexes, but it would fail before writing the version. Subsequent reloads (even with correct configuration files) would fail, since they would try again to write the attributes and indexes and fail since they were already present.
2009-04-29Fix IndentationSimo Sorce1-88/+89
2009-04-29reuse authtok which is already in the pam stackSumit Bose1-2/+22
2009-04-29Fix use of uninitialized return variableSimo Sorce1-5/+5
2009-04-28Add debug param to the tools, fix lock/unlock in sss_usermodJakub Hrozek6-3/+31
2009-04-28Invoke shadow-utils in sss_ toolsJakub Hrozek11-48/+643
Make shadow-utils base path configurable Use default values for params, allow configuring them
2009-04-28handle other pam calls when offlineSumit Bose1-0/+10
2009-04-28Use different attribute for cached passwords change timeSumit Bose1-2/+2
2009-04-28enable offline handling for native LDAP backendSumit Bose1-4/+48
2009-04-28change PAM timeout the match NSS timeSumit Bose2-3/+1
2009-04-27Use different attribute for cached passwordsSimo Sorce2-3/+5
This fixes a bug with legacy backends where the cached password would be cleared on a user update. Using a different attribute we make sure a userPassword coming from the remote backend does not interfere with a cachedPassword (and vice versa).
2009-04-27Update sss_client configure.ac tooSimo Sorce1-1/+1
2009-04-27Release version 0.3.3Stephen Gallagher3-3/+3
2009-04-27Eliminate segfault on NSS and PAM responder startup.Stephen Gallagher1-0/+4
If the data provider is not yet available when NSS and PAM start, they will generate a segmentation fault when trying to configure their automatic reconnection to the Data Provider. I've now added code in sss_dp_init() to detect whether the dp_ctx is NULL and return EIO.
2009-04-27Stress testJakub Hrozek3-1/+333
2009-04-27enable uid/gid generation againSumit Bose1-3/+6
2009-04-27handle pam acct_mgmt, setcred and open/close_session before user bind in ↵Sumit Bose1-0/+17
ldap backend
2009-04-27fix for pam proxy chauthtokSumit Bose4-9/+22
When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
2009-04-23removed length of unused element from packet size calculationSumit Bose1-1/+1
The domain name is no longer send as an element on its own, but if set as a member of the response array. If the user was not found pd->domain is NULL and strlen will seg-fault.
2009-04-23fixes for user and group creation in LOCAL domainSumit Bose2-1/+20
- added range check for supplied UIDs and GIDs - initialize pc_gid to 0 to trigger gid generation
2009-04-23allow to forward the authtok to other pam modulesSumit Bose1-0/+16
Other pam modules which are called after pam_sss might want to reuse the given password so that the user is not bothered with multiple password prompt. When pam_sss is configured with the option 'forward_pass' it will use pam_set_item to safe the password for other pam modules.
2009-04-22fix for a seq fault when pam_reply_delay is called.Sumit Bose1-2/+2
see https://fedorahosted.org/sssd/ticket/25
2009-04-22add dynamic hash table data structure implementationJohn Dennis8-2/+1903
Apply suggested fixes by Simo after code review * return statements no longer use () unless it's an expression * remove all use of assert() in library * use bool,true,false instead of int,TRUE,FALSE * add check for NULL hash table in public entry points * example code in header file now a seperate file * assure consistent use of unsigned long data type * add more debugging support * break out generation of integer key into convert_key() function * table parameters now tunable rather than hardcoded * table can now accept custom alloc()/free() functions * add function create_table_ex() to pass extra table parameters * remove MUL(), DIV(), MOD() macros * hash statistics now separate struct which can be queried * test program now accepts tuning parameters, iteration count; has better error checking and reporting fix min/max load factor comman line args in test program
2009-04-20Add a release script to help building tarballsSimo Sorce1-0/+8
It needs a gpg key for signing the tarball.
2009-04-20sssd 0.3.2Jakub Hrozek4-4/+7
2009-04-17INI parser. Fix for line numbers.Dmitri Pal1-1/+4
Realized that I need to differentiate sections and attributes. To do this the line numbers for sections will be negative.
2009-04-17INI parser. Adding comments to avoid confusion.Dmitri Pal1-0/+2
There was a confusion about the functions that were recently added. They are incomplete. New added comments make it clear.
2009-04-17INI parser. Removing inlines.Dmitri Pal1-17/+17
There is controversy about the inlines so they are removed.
2009-04-17Force user check and discover user's domainSimo Sorce6-297/+593
Force a user lookup against the users domain provider. If a user domain is not specified search though all non fully qualifying domains. Perform authentication against the corrent domain auth backend, based on the user's domain found in the lookup if one was not specified. Also move the NSS-DP functions in COMMON-DP as they are reused by the PAM responder too now.
2009-04-16INI parser. Cleanup. Prep for INI validation.Dmitri Pal3-189/+460
This patch addresses several issues: a) Cleaning unit test to match coding standard b) Replace tabs with spaces - I do not know where they came but there were some. c) Allowing to read file and keep aside a collection of K-V pairs where key is the key in the INI file and value is the line number on which line the key apears. d) There will be different kinds of errors so error printing function was abstracted. g) Placeholders for other printing functions have been introduced.
2009-04-16Avoid unnecessary reloads of config.ldbSimo Sorce1-4/+37
Add code to check if the file has changed since the last update was performed. Avoid dumping and reloading the config ldb if the modification time of the configuration file has not changed at all.
2009-04-16Fix by_id enumeration with multiple domainsSimo Sorce1-0/+10
We need to stop parsing domains as soon as a caaandidate is found and let the callback search additional domains if the id is not found. Should fix ticket #21
2009-04-15INI parser. Better error handling if something bad happens.Dmitri Pal1-6/+21
Tried to use the INI interface and saw that the list of parsing errors can be not NULL but the actual data is cleaned.
2009-04-14Fixing memory issues in ini and collectionDmitri Pal3-15/+40
The read_line() function used an internal buffer allocated on stack as temporary storage for a line read from file, then returned it. read_line() now gets a buffer from the caller. Fixed memory leaks in INI and Collection found by valgrind.
2009-04-14Add common function to retrieve comma sep. listsSimo Sorce4-106/+179
Also convert all places where we were using custom code to parse config arguments. And fix a copy&paste error in nss_get_config
2009-04-14Make reconnection to the Data Provider a global settingStephen Gallagher6-10/+12
Previously, every DP client was allowed to set its own "retries" option. This option was ambiguous, and useless. All DP clients will now use a global option set in the services config called "reconnection_retries"
2009-04-14Replace the example sssd.conf file with the one used in FedoraStephen Gallagher1-32/+71
Also remove the [services/infopipe] section, since we're not shipping InfoPipe yet, and that would be confusing.
2009-04-14Add reconnection code between the NSS responder and the Data providerStephen Gallagher1-1/+52
2009-04-13Bump up to 0.3.1Simo Sorce3-4/+7
2009-04-13Fix a couple of segfaults and timeout checksSimo Sorce5-51/+34
2009-04-13Build fixes for RPM packaging of SSSDStephen Gallagher3-2/+6
We were missing several BuildRequires for the autotools. Also, we were linking against two external libraries in the common code that we do not actually use.