summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-05-07Compare the full service nameSumit Bose1-1/+2
2010-05-07Create kdcinfo and kpasswdinfo file at startupSumit Bose3-1/+50
2010-05-07Clean up kdcinfo and kpasswdinfo files when exitingStephen Gallagher5-3/+59
2010-05-07Fix memory hierarchy in the ipa timerulesJakub Hrozek1-4/+4
2010-05-07Split pam_data utilities into a separate fileSumit Bose3-35/+62
2010-05-07Improve the offline authentication messageJakub Hrozek1-2/+2
2010-05-07Make krb5_kpasswd available for any krb5 providerStephen Gallagher3-1/+5
Previously, the option krb5_kpasswd was only available if 'chpass_provider = krb5' was specified explicitly. Now it will be available also if 'auth_provider = krb5'. This option was also missing from the IPA options, so I have added it there as well
2010-05-07Use all available servers in LDAP providerJakub Hrozek3-14/+91
2010-05-07Add a README fileJakub Hrozek1-0/+37
2010-05-07Fix segfault in GSSAPI reconnect codeStephen Gallagher2-57/+41
Also clean up some duplicated code into a single common routine sdap_account_info_common_done()
2010-05-03Fix a wrong return value in IPA HBACSumit Bose1-2/+2
2010-05-03Avoid freeing sdap_handle too earlySimo Sorce2-18/+46
Prevent freeing the sdap_handle by failing in the destructor if we are trying to recurse.
2010-05-03Better handle sdap_handle memory from callers.Simo Sorce7-42/+144
Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event.
2010-05-03Fix uninitialized variableJakub Hrozek1-0/+1
2010-04-30Add dns_resolver_timeout optionStephen Gallagher7-2/+34
We had a hard-coded timeout of five seconds for DNS lookups in the async resolver. This patch adds an option 'dns_resolver_timeout' to specify this value (Default: 5)
2010-04-30Introducing a comment objectDmitri Pal5-6/+804
Comment object will store the comments found in the INI file. It is based on the ref_array interface. Fixing review comments for comment obj.
2010-04-30Extending refarray interfaceDmitri Pal3-1/+563
Added functions to inert, delete, replace swap the array elements. Unit test and docs have been updated accordingly. Fixing review comments for refarray.
2010-04-30Fix wrong return valueSumit Bose1-15/+14
If there was a failure during a password change a wrong return value was send back to the PAM stack.
2010-04-30Remove the NSS_LIBS and KRB5_LIBS variables from sssd.specStephen Gallagher2-4/+0
Due to the way RPM processes the %configure macro, these variables were not actually being passed down to recursive configure invocations. In other words, they were useless. Futhermore, in more recent Fedora versions (13+), some of the dependencies have moved from -lnss to -lnspr4. As a result, it is safer to rely on the complete output of 'pkg-config nss --libs' instead of restricting to -lnss. The downside to this is that it may result in linking unnecessarily against other NSS components such as libsmime3 and libplc4 (among others). However, since these are already dependencies of libnss itself, there should be no risk of them being unavailable on the platform when installed.
2010-04-30Silence warnings with -O2Jakub Hrozek3-12/+26
2010-04-30Support SRV servers in failoverJakub Hrozek5-60/+551
Adds a new failover API call fo_add_srv_server that allows the caller to specify a server that is later resolved into a list of specific servers using SRV requests. Also adds a new failover option that specifies how often should the servers resolved from SRV query considered valid until we need a refresh. The "real" servers to connect to are returned to the user as usual, using the fo_resolve_service_{send,recv} calls. Make SRV resolution work with c-ares 1.6
2010-04-30Remove freed server_common entities from listJakub Hrozek1-1/+24
2010-04-30Sort SRV replies according to RFC 2782Jakub Hrozek3-0/+336
RFC 2782 defines a way to sort replies to a SRV query. In short, the algorithm sorts all replies by priority and then does a weight-based selection for every priority level. For details, please see the sections "Usage rules" for overview of the algorithm and section "The 'Weight' field" for description on the weight selection.
2010-04-26Display a message if a password reset by root failsSumit Bose4-8/+235
2010-04-26Unset authentication tokens if password change failsSumit Bose1-27/+52
2010-04-26Make the handling of fd events opaqueSumit Bose6-184/+280
Depending on the version of the OpenLDAP libraries we use two different schemes to find the file descriptor of the connection to the LDAP server. This patch removes the related ifdefs from the main code and introduces helper functions which can handle the specific cases.
2010-04-26Do not mark a request as failed twiceJakub Hrozek1-1/+0
2010-04-26Treat server names as case-insensitive in failover codeJakub Hrozek1-2/+2
2010-04-26Fix a potential memory violationSumit Bose1-2/+4
If read() returns with errno set to EINTR -1 is added to total_len.
2010-04-26Code restructuringDmitri Pal10-1472/+1705
Time came to split ini_config.c into many much smaller pieces. 1) ini_parse.c - will have parsing functions 2) ini_get_value.c - will have single value interpretation functions 3) ini_get_array.c - will have array interpretation functions. 4) ini_print.c - error printing 5) ini_defines.h - common constants 6) ini_parse.h header for parsing functions 7) ini_list.c - will have list processing functions
2010-04-26Set LDAP_OPT_RESTART for all LDAP connectionsSumit Bose1-7/+7
2010-04-16Avoid accessing half-deallocated memory when using talloc_zfree macro.eindenbom1-1/+5
The correct memory deallocation sequence is: - clear pointer to memory first - then deallocate memory
2010-04-16Make ID provider init functions clearerStephen Gallagher4-11/+11
Using sssm_*_init() as the name of the initialization function for identity providers was a holdover from earlier development when we thought we would only have a single "provider" entry in the config file. As we have now separated out the initialization functions for auth, chpass and access, we should rename sssm_*_init() to sssm_*_id_init() for a cleaner interface.
2010-04-16Give information about ldap_schema in the sample configStephen Gallagher1-0/+7
Resolves: https://fedorahosted.org/sssd/ticket/438
2010-04-16Use SO_PEERCRED on the PAM socketSumit Bose6-3/+162
This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
2010-04-16Revert "Add better checks on PAM socket"Sumit Bose4-274/+5
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
2010-04-15Updating ES translationHéctor Daniel Cabrera1-144/+129
2010-04-14Fixing buildDmitri Pal3-5/+6
2010-04-14Fixing spec file to match version.Dmitri Pal1-3/+3
2010-04-14Fix ini_config unit testStephen Gallagher1-1/+4
When running 'make distcheck', the entire source directory is set to read-only, to ensure that the build process only has write access to $builddir. As a result, this was causing the unit test for file mode to fail, since the file it was testing resides in the $srcdir. This patch guarantees that the test file has the correct permissions prior to running the access test.
2010-04-14Fix warning in sysdb-tests.cStephen Gallagher1-8/+0
When we converted to the synchronous sysdb interface, the synchronous-simulating function test_loop() became unnecessary, but we forgot to remove it.
2010-04-14Remove unused configure macroStephen Gallagher1-1/+0
2010-04-14Add ability to trace 64bit numbersDmitri Pal2-2/+58
[TRACE] Adding macros for signed numbers
2010-04-14Acess control and config change checksDmitri Pal4-38/+684
1) Fixed the issue that metadata was saved as numbers. Was supposed to be saved as strings. 2) Added two functions. One is to check permissions on the config file. Another to check if the file has changed and thus the cinfiguration needs to be reread. 3) Added unit test will sample code and comments how to use the functions. 4) Added doxygen description in the comments. 5) Fixed couple typos and ommisions here and there. [INI] Fixing crash detected on 64-bit system This patch corrects original code to be more on the safe side and check parameters before using. Instead of dereferencing metadata it is now passed as reference to the next level. It is not used there yet so no other new changes needed so far. [INI] Addressing review comments [INI] Addressing comments.
2010-04-14Resolve paths for reporting purposesDmitri Pal2-4/+21
2010-04-14Adding content to the metadataDmitri Pal4-13/+140
This patch implements function that collects stats and saves them in the ACCESS section inside metadata.
2010-04-14Adding metadata interfaceDmitri Pal7-277/+915
This patch: 1) Adds the definition of the metadata interface to the header file. The functions that were exposed for no good reason are now hidden. 2) Previously exposed functions and their descriptions are removed from the public header and placed into the source code for now. 3) The function that reads the config file no longer tries to close file in case of error. 4) Lines collection is still passed in into the reading function but as a collection itself not as a pointer to it. 5) All the parts related to processing lines are currently ifdefed using HAVE_VALIDATION that is currently is not defined. This is done to disable creation of the lines collection utill it is actually needed. I did not want to blindly remove it though and loose already done work that will be useful in future. 6) Version of the library and interface is updated 7) New header and source modules are introduced to hold functions related to the meta data. They are mostly stubbed out. This is incomplete patch. It builds and make check runs. It is created just to simplify the review a bit.
2010-04-12Update Polish translationPiotr Drąg1-20/+16
2010-04-12Update Ukrainian translationYuri Chornoivan1-18/+19
2010-04-12Fix merge error for sss_userdel.cStephen Gallagher1-21/+1