summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-11-20Enhance check for remote hostsSumit Bose2-55/+97
2009-11-20Add ipa_authSumit Bose5-1/+352
To support IPA DS to Kerberos password migration a seperate authentication target is added. It calls the Kerberos authentication target and in the case of a 'Preauthentication Error' the LDAP authentication target. On success the Kerberos target is called again to request the TGT.
2009-11-20Add reference to sssd-krb5 man page.Simo Sorce1-0/+3
Thanks to Marko Myllynen for spotting this.
2009-11-20Improve handling of ccache filesSumit Bose8-206/+1081
- save current ccache file to sysdb - use the saved ccache file if the user has running processes - create an empty ccache if offline - return enviroment variables if offline
2009-11-20Correctly escape DN value.Simo Sorce1-6/+42
In building the DN string we weren't correctly escaping the value of the RDN component. This patches fixes that.
2009-11-20Better behavior on cleanupSimo Sorce4-20/+44
With the previous code in domains with many users and enumeration enable we would eventually end up making thousands of individual searches for entries in the clean-up process. Change the code to do a full enumeration before a cleanup so we do one single big search to update all entries and only then search for entries to purge. This also fixes the fact that the cleanup task was running at every enumeration instead of running every "ldap_purge_cache_timeout" seconds.
2009-11-20Add empty NL translationStephen Gallagher4-0/+654
2009-11-20Validate Kerberos credentials with local keytabSumit Bose16-43/+326
2009-11-20upgrade_config fixes for SSSD 0.6 and laterJakub Hrozek1-1/+19
Incorporates changes we made to v2 after 0.6, or that were missed by the original upgrade script: * removes magic_private_groups option * removes libPath option * changes provider=files to provider=proxy proxy_lib_name=files * changes store-legacy-passwords to store_legacy_passwords
2009-11-20SSSDConfigAPI fixesJakub Hrozek2-399/+133
* splitlist is a function * shared SSSDConfigObject to reduce code duplication * added missing exception class * fixed some typos * remove extra 'pass' in unittests * use assertRaises in unittests
2009-11-20Convert SSSDConfig API to ipachangeconfJakub Hrozek3-59/+70
With this patch, SSSDConfigAPI is able to keep comments and ordering of sections. Fixes: #226
2009-11-20Change the upgrade script to use ipachangeconfJakub Hrozek2-189/+165
With this patch, the upgrade script we use for changing the config files is able to keep ordering and comments. Fixes: #249
2009-11-20SSSDChangeConf - a wrapper around ipachangeconfJakub Hrozek1-0/+91
Provides a convenient wrapper around ipachangeconf that is closer API-wise to ConfigParser
2009-11-20Add Simo's ipachangeconfJakub Hrozek3-0/+461
2009-11-19Fix sysdb upgrade bugStephen Gallagher1-1/+1
After completing an upgrade successfully, we were still falling into the "version not found" case. We should be exiting the function after performing the upgrade.
2009-11-18Make the password field configurable in NSSJakub Hrozek6-4/+17
Per the discussion on sssd-devel list, nss_sss should not return a hardcoded value but this should rather be configurable to allow whatever the OS or distribution thinks is the best for the particular case. Fixes: #266
2009-11-18Adding Japanese translationnoriko4-0/+654
2009-11-18Add Italian translation for sss_clientdeneb2-0/+41
2009-11-18Add French translation to sss_clientBouska2-0/+37
2009-11-18Update translatable stringsStephen Gallagher6-39/+69
2009-11-18Failover fixes and additionsSimo Sorce3-7/+25
2009-11-18Store initgr expire time on initgr callSimo Sorce1-6/+17
2009-11-18Change the pam code to perform an initgroups callSimo Sorce1-1/+1
An initgroups call refreshes both the user and the user's groups, this is ideal for pam so that we don't need addiotnal initgroups calls (initgroups calls are cached too now) during the login process.
2009-11-18Change initgroups code to use and check the cacheSimo Sorce2-218/+109
We were previously always ending up contacting the backend because we had no way to know if an initgroups call for the same user had ever been called. Add attribute to hold this information and rely on backends to update it. If they don't we fallback to the previous behvior of asking the backend.
2009-11-18Fix crash due to uninitialized timeout variableSimo Sorce1-0/+1
This slipped through in previous patches. Fixes #283
2009-11-18Upgrade cache and local databases to case-sensitive namesStephen Gallagher2-2/+96
2009-11-18Make the sysdb user and group names case-sensitiveStephen Gallagher2-1/+39
2009-11-13Fix option name krb5_changepw_principalSumit Bose5-7/+7
2009-11-12Change var name to make its use more clear.Simo Sorce2-7/+7
Change memctx to make clear it should be used only when a callback is being used.
2009-11-12Make 'permit' the default for the access targetSumit Bose2-16/+5
2009-11-12Fix check_cache bug in dealing with the callbackSimo Sorce1-97/+104
Also rework check_cache so that the operations it makes are more explicit. Also add comments about why we are doing something. Should make the code easier to understand in future (took quite some time and discussion on IRC to understand exactly how this function was behaving and to find the callback passing bug).
2009-11-12Fix double free case.Simo Sorce1-1/+3
2009-11-12Fixes for proxy providerSumit Bose2-7/+26
- use the correct private data for each PAM task - make proxy_pam_target a mandatory option for auth, chpass and access
2009-11-12Fix inconsistent use of krb5_ccname_templateSumit Bose2-2/+2
2009-11-12Try to fix offline loginsSimo Sorce2-13/+7
2009-11-12Add support for host, source host and user categorySumit Bose1-8/+54
This patch add support for the host, source host and user category 'all'. All other category values are ignored so far. With the patch the interpretation of an empty memberUser and empty sourceHost and externalHost is changed to 'not applicable'.
2009-11-10Fix Requires: sssd-client line in specfileStephen Gallagher1-1/+1
2009-11-10Add cleanup taskSimo Sorce9-156/+915
2009-11-10Refactor delete functions and add a fewSimo Sorce4-234/+648
Refactor user/group delete functions so that they can be used without a transaction (they autostart an operation). Add user and group search function where a subfilter can be specified.
2009-11-10Add check for access-time rules to ipa_access.Sumit Bose4-0/+74
2009-11-10Simplify krb5 child handlerSumit Bose1-17/+18
Currently the Kerberos child handler evaluates the siginfo_t structure to wait for a specific child. This scheme is prone to error, especially when there are more than one child process active, and can produce missleading debug message. This patch simplifies the scheme as it waits for any child.
2009-11-09Fix segfault on unknown user/domainStephen Gallagher1-2/+2
2009-11-09Fix tevent_req error checking.Simo Sorce16-284/+111
When possible using a macro that correctly deals with tstate
2009-11-09Assorted manpage fixesJakub Hrozek1-27/+14
* do not mention the sbus_timeout parameter at all * document the config_file_version parameter * different wording for negative cache
2009-11-09Fix regression in error message when deleting groupsJakub Hrozek1-6/+4
2009-11-09Fix enumerationsSimo Sorce1-2/+6
The counter was not set so we were storing only the first user for each anumeration.
2009-11-09IPA time rules parsing routinesJakub Hrozek4-0/+1841
2009-11-09Add missing includeJakub Hrozek1-0/+1
2009-11-09Check return, zero free hostent, adhere to styleSimo Sorce4-20/+28
2009-11-07Fix ldap driverSimo Sorce1-0/+3