summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-04-13Implement credentials caching in pam responder.Simo Sorce14-209/+576
Implement credentials caching in pam responder. Currently works only for the proxy backend. Also cleanup pam responder code and mode common code in data provider. (the data provider should never include responder private headers)
2009-04-13Always pass full domain infoSimo Sorce10-116/+174
Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
2009-04-13Remove InfoPipe from the RPM buildStephen Gallagher1-4/+5
2009-04-13Update RPM build for configuration changesStephen Gallagher3-43/+44
2009-04-13Allow configuration of the SSSD through /etc/sssd/sssd.confStephen Gallagher11-274/+686
The SSSD now links with the ini_config and collection libraries in the common directory. The monitor will track changes to the /etc/sssd/sssd.conf file using inotify on platforms that support it, or polled every 5 seconds on platforms that do not. At startup or modification of the conf file, the monitor will purge the existing confdb and reread it completely from the conf file, to ensure that there are no lingering entries. It does this in a transaction, so there should be no race condition with the client services. A new option has been added to the startup options for the SSSD. It is now possible to specify an alternate config file with the -c <file> at the command line.
2009-04-13Build system improvements for common toolsStephen Gallagher8-16/+52
Allows building shared or static libraries using autotools and provides a pkg-config file to simplify inclusion into other parts of the project (or other projects in the future) For now, we will statically link the collection library and INI parser.
2009-04-10The lower level function now returns NOENT if file is not found.Dmitri Pal2-3/+11
2009-04-10Added functions to create list of sections and attributes.Dmitri Pal5-0/+245
2009-04-10Redesign the the monitor's configuration to enable live reloadsStephen Gallagher2-150/+618
Fixes requested during code review
2009-04-09Make the monitor address a compile-time optionStephen Gallagher1-20/+10
Previously it was runtime-selectable in the confdb, but this is not a sensible approach, as if it were to change during runtime, it would cause problems communicating with the child services.
2009-04-09INI component: Fixed issues introduced by cleanup.Dmitri Pal6-82/+228
Added a few new functions. Cleaned code that was subject to conditional build. Fixed the floating point conversion. Keep const values as const.
2009-04-09Serialize requests vs backends.Simo Sorce1-544/+702
This way we do not waste resources starting searching for users/groups in multiple backends when the first one has the answer. Also prevents possible race conditions where a user named the same way is found in multiple backends and the wrong one is returned.
2009-04-08Remove obsolete optionSimo Sorce1-1/+0
2009-04-08Fix missing entry from first-start configStephen Gallagher1-0/+1
Since we switched to allowing domains to be configured but inactive, we need to include the default set (just LOCAL) into the first-start config.
2009-04-08Fix SBUS handling of unknown messagesStephen Gallagher1-0/+2
This was missed when we moved away from using the message_handler for sending replies (in order to support async processing).
2009-04-08Change the way we retrieve domainsSimo Sorce22-391/+273
To be able to correctly filter out duplicate names when multiple non-fully qualified domains are in use we need to be able to specify the domains order. This is now accomplished by the configuration paramets 'domains' in the config/domains entry. 'domains' is a comma separated list of domain names. This paramter allows also to have disbaled domains in the configuration without requiring to completely delete them. The domains list is now kept in a linked list of sss_domain_info objects. The first domain is also the "default" domain.
2009-04-07Clean up warnings in SSSDStephen Gallagher6-25/+23
2009-04-07Unify name parsing and reposnder headersSimo Sorce12-243/+328
Use common sss_parse_name function in all responders Simplify responder headers by combining common,cmd,dp in one header and add name parse structure as part of the common responder context.
2009-04-07Use info in the domain entry to determine action.Simo Sorce1-1/+12
This way LOCAL domains backed by files works as expected too. Tested with nss_files + pam_unix
2009-04-07Split modules types in Identity and AuthenticatorSimo Sorce8-81/+275
The same module may implement both types, but initializatrion will be nonetheless performed separately, once for the identity module and once for the authenticator module. Also change the proxy module to retireve the pam target name from the domain configuration so that it is possibile to create per-domain pam stacks. With this modification it is actually possibile to use normal nss and pam modules to perform a successful authentication (tested only with sudo so far) Update exmples.
2009-04-07Fix const warningsSimo Sorce5-145/+169
2009-04-07Style fixes for /commonSimo Sorce6-1618/+1977
2009-04-06Clean up a lot of warnings in Collection and INI parserStephen Gallagher8-30/+22
2009-04-06Fix build system for Collection and INI parser.Stephen Gallagher5-6/+12
Adds ini subdirectory so it will be built, adds some clarification to the README, makes the configure --help more clear about the trace level and enables -Wall reporting.
2009-04-06First attempt to produce INI interface.Dmitri Pal7-0/+2312
2009-04-06First commit of basic collection API.Dmitri Pal13-0/+5349
2009-04-03Remove useless fileSimo Sorce1-35/+0
This became obsolete when we moved all functions to sysdb.
2009-04-02Do not use the ldap libraries ldap_ prefixSimo Sorce1-76/+76
The ldap_ prefix should be considered reserved namespace for ldap librraies Renaming all ldap_* internal stuff to sdap_, in some cases also move from ldap_be_ to sdap_ as the reason for _be_ was just clearly a name space conflict (ldap_be_init, etc..)
2009-04-01Add way to use files as a proxy backend fro LOCALSimo Sorce5-50/+160
Makes LOCAL a normal backend removing some special handling. Fix/Add id range filtering and name filtering Filters uid=0 and gid=0 in the proxy backend as 0 is invalid within sysdb and was causing getxxent calls to fail completely. Fix nss_ncache_check_xxx calls to avoid dirtying the 'ret' variable and causing some unwanted failures. Change sysdb to always return the uid number when searching member entries so that id range filtering can be perfomed also in group searhes (does not work with legacy backends)
2009-04-01Add a more flexible way to parse and filter names.Simo Sorce8-283/+899
A new nss_parse_name function uses pcre to parse names, this makes it possible, in future, to make the filter user configurable. Add a new filter mechanism to filter out users that uses the negative cache by setting a permanet negative entry. Rework the entry points where the negative cache is checked for.
2009-04-01allow compilation with older version of dbusSumit Bose3-0/+14
2009-04-01Do not file a sure segfault.Simo Sorce1-0/+2
2009-03-30fixed two issues in the initial configurationSumit Bose2-2/+1
- value array is not terminated properly - infopipe service is added dynamically
2009-03-27Fix copy&paste errorSimo Sorce1-1/+1
2009-03-27Fix potential segfault if dp_ctx is still NULL.Simo Sorce2-2/+18
May happen at startup if, for some reason dp is very slow to start and we receive a request before a reconnection is rescheduled in the responder dp reconnection code. This shouldn't happen normally so make it clear with a debug statement.
2009-03-27Make nsssrv use the common responder functionsSimo Sorce10-734/+221
Make nss_ctx a private pointer of the common resp_ctx Use sss_process_init and remove all duplicate functions from nsssrv.c
2009-03-27Fix uninitailized pointer and cut&paste errorSimo Sorce1-1/+5
The structure we copy the domain pointerr on is not zero when allocated. We need to zero it ourselves or we get segfaults later on. A cut&paste error caused us to call the wrong getpw function.
2009-03-27Fix bug where services restarted by the monitor would be pinged more than ↵Stephen Gallagher1-0/+8
once per cycle
2009-03-26Enable autoreconnection to the Data Provider in PAMStephen Gallagher3-4/+67
2009-03-26Refactor nss_ctx to resp_ctx in respondersStephen Gallagher7-109/+109
2009-03-25Fix compilation error due to implicit castStephen Gallagher1-2/+2
2009-03-24Fix buildSimo Sorce2-1/+4
forgot to commit a few changes
2009-03-20Retrieve some options from confdbSimo Sorce3-11/+46
This fixes some old 'Fixme's :)
2009-03-20Enhance server_setupSimo Sorce10-10/+36
Now it can load from scratch default configuration that is valid for all daemons. First thing, make it possible for each daemon/provider to set its own debug level in its configuration entry.
2009-03-20Simplify default configurationSimo Sorce4-122/+157
Make confdb load a base ldif like sysdb to initialize the db, makes it simpler to understand at first sight what is the default configuration. Make the parameter "command" optional. Derive the default command from available information. Make the debug level a global by default so that enabling debug for all components is as easy as passing just -d X to the sssd binary.
2009-03-20Add better error reporting to confdb functionsSimo Sorce1-29/+63
2009-03-20Avoid nested events in confdbSimo Sorce1-1/+15
2009-03-20added response type PAM_ENV_ITEM and integrated response data into dbus messagesSumit Bose4-19/+133
2009-03-20Add reconnection logic to the SBUSStephen Gallagher2-1/+206
Any client of the SBUS that wants to implement automatic reconnection may now call sbus_reconnect_init to set it up. The clients will need to set up a callback to handle the result of the reconnection and (in the case of a successful reconnection) readd the method handlers to the connection context.
2009-03-20Enable autoreconnection of Data Provider Backends to the Data ProviderStephen Gallagher4-7/+124