summaryrefslogtreecommitdiff
path: root/server/providers/data_provider_be.c
AgeCommit message (Collapse)AuthorFilesLines
2010-02-15Make PAM responses more compatible with D-BUS specStephen Gallagher1-0/+2
Previously, the PAM responses could contain an arbitrary number of arguments. This is not acceptable by the D-BUS protocol, as there is no way to introspect it. This patch converts the response objects to be an array of D-BUS structs. It also fixes two potential memory leaks by not unref'ing the reply object if we get an error.
2010-02-15Make attr_type an integerStephen Gallagher1-17/+11
Previously it was a string being passed and converted into an integer. It will be more efficient this way (and simpler for other implementers)
2010-02-05Internationalize the command-line help messageStephen Gallagher1-1/+1
2010-02-01Force offline operation with SIGUSR1Stephen Gallagher1-0/+32
If the monitor receives SIGUSR1, it will instruct all providers to enter offline operation. If any individual provider receives SIGUSR1, it alone will enter offline operation.
2010-02-01Avoid 'PAM' at the beginning of define and enum namesSumit Bose1-1/+1
2010-02-01Rename PAM_USER_INFO to PAM_SYSTEM_INFOSumit Bose1-1/+1
2010-01-12Re-create c-ares channels if /etc/resolv.conf is modifiedMartin Nagy1-1/+11
Fixes: #378
2010-01-05Return an error for an unknown PAM requestSumit Bose1-2/+7
2009-12-18Handle chauthtok with PAM_PRELIM_CHECK separatelySumit Bose1-0/+1
If pam_sm_chauthtok is called with the flag PAM_PRELIM_CHECK set we generate a separate call to the sssd to validate the old password before asking for a new password and sending the change password request.
2009-11-23Speed up user requests while offlineStephen Gallagher1-37/+76
This adds a new boolean option to sss_dp_send_acct_req() called fast_reply. If we make a request to the backends and we are currently offline, this option will determine whether we should immediately return from the cache (acceptable for NSS requests) or potentially wait for an online check to complete (required for PAM requests).
2009-11-20Add initial failover support for ldap and ipaSimo Sorce1-1/+8
The retun values are still not directly used with ldap libraries that still do their own name resolution, but this patch introduces a very basic framework to have a multiple providers in one domain use and share a single failover service if they want to.
2009-11-12Make 'permit' the default for the access targetSumit Bose1-13/+4
2009-11-02Make debug message less irritating.Sumit Bose1-2/+2
The 'Unable to load' debug message is now only shown when the backend target is given explicitly in the config file. I the other case we let the caller decided how to handle this error condition.
2009-10-22Fix potential memory leaks in the data providerMartin Nagy1-2/+4
2009-10-15more implicit provider target settingsSumit Bose1-13/+48
If auth_provider or access_provider is ont set explicitly id_provider is used if it can handle auth or access control requests respectively. If not auth defaults to 'none' and the access_provider is set to 'permit'. The option 'deny' is added for the access_provider to explicitly deny access.
2009-10-15set chpass_provider implicit if not set explicitSumit Bose1-20/+59
- if chpass_provider is not given in the configuration file but an auth_provider and the auth_provider can also handle change password requests it is used as chpass_provider.
2009-10-15Return the dp error from the providersSimo Sorce1-8/+52
2009-10-14send a message if a backend target is not configuredSumit Bose1-12/+30
If a backend target is not configured the return code is changed from PAM_SYSTEM_ERR to PAM_MODULE_UNKNOWN and an error message is sent back to the client.
2009-10-09Remove DP processSimo Sorce1-178/+206
Turn the backend process into data provider servers Make Frontends (pam, nss) directly attach to the backends
2009-10-06Remove unused btreemap codeStephen Gallagher1-1/+0
We have converted to using dhash in place of btreemap everywhere in the code.
2009-09-25Send debug messages to logfileJakub Hrozek1-0/+4
Introduces a new option --debug-to-files which makes SSSD output its debug information to a file instead of stderr, which is still the default. Also introduces a new confdb option debug_to_files which does the same, but can be specified per-service in the config file. The logfiles are stored in /var/log/sssd by default. Changes the initscript to log to files by default.
2009-09-25Upgrade confdb to version 2Stephen Gallagher1-12/+10
This converts a great many configuration options to the new standard format.
2009-09-23Remove provider=filesJakub Hrozek1-56/+0
Remove this provider type, as well as any references in the docs and examples to the "LEGACYLOCAL" migration domain. Fixes: #165
2009-09-23Revert "Use syslog for logging error conditions in SSSD"Stephen Gallagher1-41/+35
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d. Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made use of the SYSLOG_ERROR() macro, so those portions of that code also needed to be reverted.
2009-09-21Use syslog for logging error conditions in SSSDJakub Hrozek1-35/+41
This is just a band-aid until ELAPI is fully functional and ready to use.
2009-09-14Make the offline status backend-globalSimo Sorce1-86/+31
Add helpers functions to query/set the offline status per backend. Now all providers share the same offline status.
2009-09-08Split database in multiple filesSimo Sorce1-2/+2
The special persistent local database retains the original name. All other backends now have their own cache-NAME.ldb file.
2009-09-02remove the concept of a backend nameSumit Bose1-17/+31
The data provider backends stored a name value besides the domain name to identify themselves to the data provider. This was the name of the id provider. Currently the backends can have different providers for id, authentication etc. So the name may be missleading. Also when there are more domains with the same id provider the name is not enough to identify the backend but the domain name is. As a consequence the backend name is removed completely and only the domain name is used for identification.
2009-08-17Fix reconnection codeSimo Sorce1-2/+0
Remove redundant reconnection code that was interfeering with the sbus reconnection code. Consolidate include files for sbus relates operations. Make pamsrv code similar to nsssrv code.
2009-08-13Make "files" a reserved word for legacy local domainJakub Hrozek1-0/+43
This patch introduces provider=files as a valid provider. Upon loading the backend, its properties in confdb are overwritten to those that represent legacy local domain. Also document this in sssd.conf(5) and example config
2009-08-11Change the why DP clients identifySimo Sorce1-43/+22
Mirrors what we have done with the monitor.
2009-08-11Change services identification mechanismSimo Sorce1-81/+11
Let services identify themselves voiluntarily as the first operation instead of polling from the monitor. Also consolidate some common functions and make them available as monitor helpers.
2009-08-11Make child processes exit when parent diesJakub Hrozek1-0/+6
The child processes call prctl() and when their parent process is killed, they are sent SIGTERM using prctl. This is currently Linux-specific, for non-Linuxes, a similar effect is achieved by catching a set of common termination signals and sending SIGTERM to the process group.
2009-08-11Make socket paths a compile-time optionStephen Gallagher1-1/+0
Previously, we had hardcoded the paths for the NSS, PAM and private PAM sockets to /var/lib/sss/pipes. With this patch, we will specify the sockets with --with-pipe-path.
2009-08-10Simplify interfaces initializationSimo Sorce1-37/+22
Make as much as possible static, and remove use of talloc_reference and allocation/deallocation of memory when not necessary. Fix also responder use of rctx->conn, was mistakenly used for both monitor and dp connections.
2009-08-10merge server and connection structuresSimo Sorce1-10/+4
This reduce code duplication as it allows to use one set of watch and timeout functions, and at the same time also allow not to use a secondary structure just to unify these functions.
2009-08-10Cosmetic changesSimo Sorce1-41/+41
Rationalize and rename connection names in preparatoin for merging of server and connection structures.
2009-08-10Remove redundant memory contextsSimo Sorce1-21/+27
Simplify code by removing stuff that is never used or redundant.
2009-07-21added LDAP change password backend targetSumit Bose1-2/+6
2009-07-20Implement resInit for monitor, NSS, PAM, DP and the backendsStephen Gallagher1-0/+19
2009-07-20add infrastructure to handle new backend targetsSumit Bose1-110/+168
2009-04-14Make reconnection to the Data Provider a global settingStephen Gallagher1-2/+2
Previously, every DP client was allowed to set its own "retries" option. This option was ambiguous, and useless. All DP clients will now use a global option set in the services config called "reconnection_retries"
2009-04-13Fix a couple of segfaults and timeout checksSimo Sorce1-18/+17
2009-04-13Always pass full domain infoSimo Sorce1-6/+11
Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
2009-04-07Split modules types in Identity and AuthenticatorSimo Sorce1-20/+135
The same module may implement both types, but initializatrion will be nonetheless performed separately, once for the identity module and once for the authenticator module. Also change the proxy module to retireve the pam target name from the domain configuration so that it is possibile to create per-domain pam stacks. With this modification it is actually possibile to use normal nss and pam modules to perform a successful authentication (tested only with sudo so far) Update exmples.
2009-04-01Do not file a sure segfault.Simo Sorce1-0/+2
2009-03-20Enhance server_setupSimo Sorce1-1/+7
Now it can load from scratch default configuration that is valid for all daemons. First thing, make it possible for each daemon/provider to set its own debug level in its configuration entry.
2009-03-20Enable autoreconnection of Data Provider Backends to the Data ProviderStephen Gallagher1-3/+94
2009-03-19use pam_data as main data structure for dbus communicationSumit Bose1-38/+8
2009-02-26Rebase the code to use talloc, tdb, tevent, ldb as externalSimo Sorce1-5/+6
dependencies based on the latest samba code. Convert all references to the old events library to use the renamed tevent library.