summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-10-16Add krb5_common.h to the list of headers to 'make dist'Stephen Gallagher1-0/+1
With this missing, RPM builds were broken.
2009-10-16Do not allow setting auth, access or chpass providers for LOCALStephen Gallagher1-0/+33
The LOCAL provider does not have a mechanism to load alternate auth, access or chpass backends, nor does it make sense to do so. This will throw a configuration error if these values are specified (unless they are explicitly also set to 'local')
2009-10-16ELAPI Compatibility code for getifaddr()Dmitri Pal10-20/+357
Addreses ticket #94 Actually works pretty well. To try use --enable-compat when build ELAPI. It will use compatibility code instead of getifaddr(). The trick in the elapi_ioctl.h with memory allocation is taken from Stevens book.
2009-10-16Add first basic IPA providerSimo Sorce2-1/+256
2009-10-16Move all krb5 provider init functionsSimo Sorce6-195/+264
Put all init functions in their own file so that the other files can be reused in other providers w/o having them in the way.
2009-10-16Move all ldap provider init functionsSimo Sorce6-145/+203
Put all init functions in their own file so that the other files can be reused in other providers w/o having them in the way.
2009-10-16Fix segfault when using SSS tools with no local providerStephen Gallagher1-5/+0
There was a double-free here. I removed the free()s within setup_db, because upon returning to sss_init_tools(), if ret != EOK, the context is freed as well.
2009-10-15Remove two unused functions.Stephen Gallagher2-18/+0
These functions were used when reconnecting to the DP after losing the connection. Since there is no DP any longer, there's no reason to have these functions.
2009-10-15Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7Stephen Gallagher1-0/+8
There were unused functions still being compiled. This will suppress them until we turn live configuration updates back on.
2009-10-15Clean up warnings in pysss.cStephen Gallagher1-8/+12
On older versions of the python headers, some arguments used 'char *' instead of 'const char *', which means that assigning a constant string such as "adduser" threw a warning about discarding qualifiers. This patch cleans up most of these warnings in this file. There remain several warnings in the sss_local_methods initialization that I do not know how to fix.
2009-10-15Check for expired passwords in LDAP providerSumit Bose4-23/+425
2009-10-15enable debugging of krb5_childSumit Bose6-8/+182
2009-10-15more implicit provider target settingsSumit Bose2-14/+76
If auth_provider or access_provider is ont set explicitly id_provider is used if it can handle auth or access control requests respectively. If not auth defaults to 'none' and the access_provider is set to 'permit'. The option 'deny' is added for the access_provider to explicitly deny access.
2009-10-15set chpass_provider implicit if not set explicitSumit Bose3-20/+67
- if chpass_provider is not given in the configuration file but an auth_provider and the auth_provider can also handle change password requests it is used as chpass_provider.
2009-10-15Return the dp error from the providersSimo Sorce6-81/+179
2009-10-15Fix offline authenticationSimo Sorce1-16/+3
The way we were processing errors from the provider caused offline authentication to stop working. Previously the problem was masked by a bug in the data provider that always returned "Success" for any operation no matter what the actual return code was. when DP got removed the bug became evident.
2009-10-14use old password if available during password changeSumit Bose1-8/+9
- if the password is reset by root we do not ask for a password during PAM_PRELIM_CHECK. But if there is one available during PAM_UPDATE_AUTHTOK we will use it, because now we are in an expired password dialog.
2009-10-14Move ldap provider configuration into its own fileSimo Sorce7-189/+254
2009-10-14Make options parser available to all providersSimo Sorce9-294/+367
2009-10-14send a message if a backend target is not configuredSumit Bose1-12/+30
If a backend target is not configured the return code is changed from PAM_SYSTEM_ERR to PAM_MODULE_UNKNOWN and an error message is sent back to the client.
2009-10-14make sdap_id_connect_* independent of sdap_id_ctxSumit Bose3-180/+188
The sdap_id_connect_* request tries to bind to an LDAP server with the default credentials. Only the opts component of the sdap_id_ctx context is used. A new request sdap_cli_connect_* is created which expects only the opts pointer as parameter and not the whole context. This makes it reusable by other providers.
2009-10-14add missing %defattr to the filelist of the client packageSumit Bose1-0/+1
2009-10-14use PYTHON_PREFIX to install SSSDConfig python APISumit Bose1-2/+2
2009-10-14SUSE specific init scriptRalf Haferkamp1-0/+78
2009-10-14Fix error messages in toolsJakub Hrozek10-35/+342
Add getpwnam, getgrnam sync versions Fix ticket #164: Groupnames in non-local domains Fix ticket #100: Error Message Modifying a user that doesn't Exist Fix ticket #214: incorrect error message when MPG already exists Fix ticket #188: Deleting and modifying users in non-local domain Fix ticket #120: Adding a user to a full domain gives unhelpful error message
2009-10-13Fix services startup when only LOCAL is configuredSimo Sorce1-0/+3
2009-10-13add a replacement if ldap_control_create is missingSumit Bose7-9/+119
2009-10-13add -Werror-implicit-function-declaration to default gcc flagsSumit Bose1-1/+2
2009-10-13Package SSSDConfig APIStephen Gallagher3-0/+64
2009-10-13Add plugin configuration schema for proxy providerStephen Gallagher1-0/+7
2009-10-12Add new SSSDConfig python APIStephen Gallagher9-0/+2111
Also adds unit tests for the SSSDConfig API
2009-10-12LDAP provider needs to link against krb librariesRalf Haferkamp1-2/+4
2009-10-12fix a wrong argument to unpack_bufferSumit Bose1-18/+40
- the patch to handle short read introduced a new variable len to store the amount of data read. Instead of using this variable unpack_buffer was called with the old variable ret. Thanks to mnagy@redhat.com for finding this. - this patch also fixes a potential error when the message size is equal to the buffer size.
2009-10-09use the correct kerberos context for each targetSumit Bose1-4/+33
- when the kerberos provider was used as a chpass_provider but not as auth_provider the backend died
2009-10-09Remove magicPrivateGroups optionSimo Sorce7-64/+17
In sssd only local is a native mpg domain, and it is forced. All other providers will have to unroll mpg users into a user/group pair of entries in the db. This allows the provider to automatically establish if the remote server provides mpg users w/o possibily conflicting manual configurations on the client trying to force an mpg behavior where none is provided.
2009-10-09Start responders predictably after providersSimo Sorce1-52/+147
Instead of waiting an arbitrary timeout, start all providers first, and wait for all of them to reply to the monitor before starting other services. Add a timeout handler so that services are started even if one of the providers fails to actually register back to the monitor. Also fixes services destructors delist_service was overriding the natural svc destructor. remove the offending code and make the svc_destructor always try to remove a service from the service list, if the service is not listed it will just be a noop.
2009-10-09Remove DP processSimo Sorce15-1377/+379
Turn the backend process into data provider servers Make Frontends (pam, nss) directly attach to the backends
2009-10-09Differentiate between search and network timeoutsSimo Sorce3-5/+7
Network timeouts are used in quick operations like bind. Search timeout is used for operations that can "legally" require more time. Change defaults to 6 and 60 seconds respectively.
2009-10-08add syslog message similar to pam_unixSumit Bose1-2/+14
2009-10-08add support for server side LDAP password policiesSumit Bose3-11/+125
- password policy request controls are send during bind and change password extended operation - the response control is evaluated to see if the password is expired or will expire, soon
2009-10-08add description of chpass_provider option to sssd.conf man pageSumit Bose1-0/+30
2009-10-06Remove unused btreemap codeStephen Gallagher12-268/+0
We have converted to using dhash in place of btreemap everywhere in the code.
2009-10-05Make dp requests more robustSimo Sorce1-36/+109
This should fix #218 It should also prevent us from leaking memory in case the original request times out and should prevent races with the callbacks beeing freed after sdp_req is freed and thus dereferencing freed memory in the callbacks detructors.
2009-10-05ELAPI Fixed the host name resolutionDmitri Pal2-13/+111
The issue was that the host IP was recorded twice, once as a main address and another as IP alias. It seemed that the IP was returned as name but the issue turned out to be different. See https://fedorahosted.org/sssd/ticket/207.
2009-10-05ELAPI Rename variables and functions not to use word templateDmitri Pal7-113/+113
Addressing Ticket #191. Renamed all varibles from 'template' to 'tpl'. Used 'tplt' in function names instead of 'templete'.
2009-10-05remove redundant talloc_freeSumit Bose1-3/+0
- this patch should fix bug #213, a double free in the sdap timeout handler
2009-10-05ask for new password if password is expiredSumit Bose1-7/+40
2009-10-05move password handling into subroutinesSumit Bose1-71/+117
2009-10-05handle expired password during authenticationSumit Bose1-2/+25
2009-10-05Fix python sync operations and mem hierarchyJakub Hrozek1-397/+191
Similar to Simo's patch that fixed the tools, this one converts the python bindings to the start_transaction/end_transaction functions. Also fixes memory hierarchy so that tools_ctx is allocated in every operation and used as memory context for the operation instead of self->mem_ctx which simplifies cleanup.