summaryrefslogtreecommitdiff
path: root/server/providers/proxy.c
AgeCommit message (Collapse)AuthorFilesLines
2010-01-05Return an error for an unknown PAM requestSumit Bose1-2/+8
2009-12-18Handle chauthtok with PAM_PRELIM_CHECK separatelySumit Bose1-1/+12
If pam_sm_chauthtok is called with the flag PAM_PRELIM_CHECK set we generate a separate call to the sssd to validate the old password before asking for a new password and sending the change password request.
2009-12-07Fix nested group membershipsSimo Sorce1-11/+60
Search the local db to find the local DN using the original DN as search key. This way we do not have to rely on weak and faulty heuristicts based on DN names. Add a few helper functions in the process and change the way we pass members to sysdb_store_group_send(), instead of passing users and groups list, just add member DNs to the other sysdb attrs.
2009-11-23Really check return value from pam_set_itemSumit Bose1-3/+3
2009-11-23Make backend request type a bitfieldStephen Gallagher1-1/+1
2009-11-20Filter by id range before actually storing entries.Simo Sorce1-15/+62
This way we do not need to check for id ranges on every search.
2009-11-12Fixes for proxy providerSumit Bose1-6/+23
- use the correct private data for each PAM task - make proxy_pam_target a mandatory option for auth, chpass and access
2009-11-10Refactor delete functions and add a fewSimo Sorce1-20/+17
Refactor user/group delete functions so that they can be used without a transaction (they autostart an operation). Add user and group search function where a subfilter can be specified.
2009-11-09Fix tevent_req error checking.Simo Sorce1-21/+3
When possible using a macro that correctly deals with tstate
2009-10-27Move responsibility for entry expiration timeoutSimo Sorce1-8/+22
The providers are now responsible for determining how long a cached entry is considered valid. The default is the same as before (600s)
2009-10-15Return the dp error from the providersSimo Sorce1-30/+49
2009-09-25Upgrade confdb to version 2Stephen Gallagher1-2/+3
This converts a great many configuration options to the new standard format.
2009-09-23Don't try to use initgroups_dyn if not availableSimo Sorce1-0/+3
Fixes a segfault seen in the wild with providers=files
2009-09-23Revert "Use syslog for logging error conditions in SSSD"Stephen Gallagher1-12/+12
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d. Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made use of the SYSLOG_ERROR() macro, so those portions of that code also needed to be reverted.
2009-09-21Use syslog for logging error conditions in SSSDJakub Hrozek1-12/+12
This is just a band-aid until ELAPI is fully functional and ready to use.
2009-09-17Better handle groups w/o membersSimo Sorce1-6/+122
There was a chance that groups w/o members could end up causing a failure to store the group. This would happen in case the structure used by glibc to fill up the group data was "dirty". Always memset structures before passing them to te libc and also check if there are any members, before calling the async function. Finally add some tracing at level 7 so that it is easier to follow what is going on in case of touble.
2009-09-17Fix copy&paste error.Simo Sorce1-4/+4
2009-09-14Make the offline status backend-globalSimo Sorce1-67/+13
Add helpers functions to query/set the offline status per backend. Now all providers share the same offline status.
2009-09-11Complete the removal of "legacy" option.Simo Sorce1-4/+4
The code was still dependent on it for the ldap driver. Changed the driver code to depend on the schema type. Fix defaults for user and groups trees. ATM if you use the rfc2307bis schema you have to put users and groups in 2 separate trees (what people does by default anyway. If this limitation will turn to be too hard, we will change this later.
2009-09-03Fix proxy enumerationSimo Sorce1-86/+123
New tevent library finally outlawed nested loops.
2009-08-27Remove redunant function and always pass attrs.Simo Sorce1-8/+12
2009-08-11Make socket paths a compile-time optionStephen Gallagher1-1/+0
Previously, we had hardcoded the paths for the NSS, PAM and private PAM sockets to /var/lib/sss/pipes. With this patch, we will specify the sockets with --with-pipe-path.
2009-07-31Add ignore_not_found parameter to sysdb delete functionsJakub Hrozek1-6/+9
Also add tests
2009-07-21add handling of the new backend targets to proxy backendSumit Bose1-0/+30
2009-07-20add infrastructure to handle new backend targetsSumit Bose1-11/+12
2009-07-08Unify password caching ops in sysdbSimo Sorce1-128/+27
2009-07-08fixed some typos which prevented password cachingSumit Bose1-3/+5
2009-07-03Convert proxy internals to tevent_req styleSimo Sorce1-865/+1438
2009-07-03Rework transaction code to use tevent_reqSimo Sorce1-226/+491
This is part of a set of patches to rewrite sysdb to a hopefully better API, that will also let use use tevent_req async style calls to manipulate our cache.
2009-07-03Rename sysdb_req to sysdb_handle.Simo Sorce1-45/+45
This sysdb_req has always really been a transaction handle and not a request. This is part of a set of patches to rewrite transaction support in sysdb to a hopefully better API, that will also let use use tevent_req async style to manipulate our cache.
2009-06-30Remove redundant libPath option from proxy providerStephen Gallagher1-3/+7
The libPath should be constructed from the libName. There is no benefit to specifying it separately.
2009-06-10Turn sssd_mem_takeover into sssd_mem_attachSimo Sorce1-11/+0
The old function was not used anywhere, and this function uses better semantics, including not using void ** which gives strict aliasing problems. Also add a generic password destroy function
2009-05-26Silence warningsSimo Sorce1-4/+5
2009-05-18Implement approximate offline detection in proxySimo Sorce1-5/+98
This will blackout any request to the backend for 15 seconds, then will allow again to retry.
2009-05-18Move actual password caching into sysdbSimo Sorce1-11/+113
Convert auth modules to do the caching themselves
2009-04-27fix for pam proxy chauthtokSumit Bose1-9/+17
When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
2009-04-13Always pass full domain infoSimo Sorce1-7/+11
Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
2009-04-07Split modules types in Identity and AuthenticatorSimo Sorce1-13/+60
The same module may implement both types, but initializatrion will be nonetheless performed separately, once for the identity module and once for the authenticator module. Also change the proxy module to retireve the pam target name from the domain configuration so that it is possibile to create per-domain pam stacks. With this modification it is actually possibile to use normal nss and pam modules to perform a successful authentication (tested only with sudo so far) Update exmples.
2009-04-01Add way to use files as a proxy backend fro LOCALSimo Sorce1-11/+65
Makes LOCAL a normal backend removing some special handling. Fix/Add id range filtering and name filtering Filters uid=0 and gid=0 in the proxy backend as 0 is invalid within sysdb and was causing getxxent calls to fail completely. Fix nss_ncache_check_xxx calls to avoid dirtying the 'ret' variable and causing some unwanted failures. Change sysdb to always return the uid number when searching member entries so that id range filtering can be perfomed also in group searhes (does not work with legacy backends)
2009-03-20Enable autoreconnection of Data Provider Backends to the Data ProviderStephen Gallagher1-3/+10
2009-03-19use pam_data as main data structure for dbus communicationSumit Bose1-4/+2
2009-02-28Convert sync calls in sysdb to async, transaction dependent, calls.Simo Sorce1-350/+610
2009-02-26Rebase the code to use talloc, tdb, tevent, ldb as externalSimo Sorce1-0/+1
dependencies based on the latest samba code. Convert all references to the old events library to use the renamed tevent library.
2009-02-24Add PAM responderSumit Bose1-1/+131
Also move responders under server/responder with shared code in server/responder/common Signed-off-by: Simo Sorce <ssorce@redhat.com>
2009-02-20Completely rework the nss interface to be able to use 2Simo Sorce1-31/+189
types of domains: modern and legacy modern uses member/meberof, legacy uses memberUid for group memberships. Rework the proxy backend to use the legacy style as that's the format the data comes in (trying to convert would require too many transformations and increased the number of queries). Add support for fetching groups in nss. Add support for enumerating users and groups (requires to enable enumeration in config) both in nss and in the proxy provider. Remove confdb_get_domain_basedn() and substitute with generic calls in the nss init function. Store a domain structure in the btree not the basedn so that we can add enumeration flags. Also make sure NSS understand how to make multiple calls on enumerations, also make passing the domian parameter always mandatory, passing in domain=* is not valid anymore. This work fixes also a few memory, degfault, and logic bugs found while testing all nss functions (there are still some to fix that are less critical and much harder to find yet).
2009-02-13Make backend requests asyncSimo Sorce1-48/+349
2009-02-12- make all functions supposed to get input in posix formatSimo Sorce1-12/+12
use the same namespace (sysdb_posix_) - no need to explicitly start a transaction if only one operation is performed using a synchronous interface - split _add_remove_ functions into separate functions, don't let ldap madness creep into out interfaces
2009-01-12Regroup database rleated functions under db andSimo Sorce1-4/+7
rename everything with the sysdb suffix.
2009-01-11Add support for getpwuid in proxy backendSimo Sorce1-1/+60
2009-01-11Turn ldap_provider.c into proxy.c and make it possible to load just anySimo Sorce1-0/+281
libnss library through config directives on the domain object