summaryrefslogtreecommitdiff
path: root/server/providers/proxy.c
AgeCommit message (Collapse)AuthorFilesLines
2009-07-21add handling of the new backend targets to proxy backendSumit Bose1-0/+30
2009-07-20add infrastructure to handle new backend targetsSumit Bose1-11/+12
2009-07-08Unify password caching ops in sysdbSimo Sorce1-128/+27
2009-07-08fixed some typos which prevented password cachingSumit Bose1-3/+5
2009-07-03Convert proxy internals to tevent_req styleSimo Sorce1-865/+1438
2009-07-03Rework transaction code to use tevent_reqSimo Sorce1-226/+491
This is part of a set of patches to rewrite sysdb to a hopefully better API, that will also let use use tevent_req async style calls to manipulate our cache.
2009-07-03Rename sysdb_req to sysdb_handle.Simo Sorce1-45/+45
This sysdb_req has always really been a transaction handle and not a request. This is part of a set of patches to rewrite transaction support in sysdb to a hopefully better API, that will also let use use tevent_req async style to manipulate our cache.
2009-06-30Remove redundant libPath option from proxy providerStephen Gallagher1-3/+7
The libPath should be constructed from the libName. There is no benefit to specifying it separately.
2009-06-10Turn sssd_mem_takeover into sssd_mem_attachSimo Sorce1-11/+0
The old function was not used anywhere, and this function uses better semantics, including not using void ** which gives strict aliasing problems. Also add a generic password destroy function
2009-05-26Silence warningsSimo Sorce1-4/+5
2009-05-18Implement approximate offline detection in proxySimo Sorce1-5/+98
This will blackout any request to the backend for 15 seconds, then will allow again to retry.
2009-05-18Move actual password caching into sysdbSimo Sorce1-11/+113
Convert auth modules to do the caching themselves
2009-04-27fix for pam proxy chauthtokSumit Bose1-9/+17
When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
2009-04-13Always pass full domain infoSimo Sorce1-7/+11
Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
2009-04-07Split modules types in Identity and AuthenticatorSimo Sorce1-13/+60
The same module may implement both types, but initializatrion will be nonetheless performed separately, once for the identity module and once for the authenticator module. Also change the proxy module to retireve the pam target name from the domain configuration so that it is possibile to create per-domain pam stacks. With this modification it is actually possibile to use normal nss and pam modules to perform a successful authentication (tested only with sudo so far) Update exmples.
2009-04-01Add way to use files as a proxy backend fro LOCALSimo Sorce1-11/+65
Makes LOCAL a normal backend removing some special handling. Fix/Add id range filtering and name filtering Filters uid=0 and gid=0 in the proxy backend as 0 is invalid within sysdb and was causing getxxent calls to fail completely. Fix nss_ncache_check_xxx calls to avoid dirtying the 'ret' variable and causing some unwanted failures. Change sysdb to always return the uid number when searching member entries so that id range filtering can be perfomed also in group searhes (does not work with legacy backends)
2009-03-20Enable autoreconnection of Data Provider Backends to the Data ProviderStephen Gallagher1-3/+10
2009-03-19use pam_data as main data structure for dbus communicationSumit Bose1-4/+2
2009-02-28Convert sync calls in sysdb to async, transaction dependent, calls.Simo Sorce1-350/+610
2009-02-26Rebase the code to use talloc, tdb, tevent, ldb as externalSimo Sorce1-0/+1
dependencies based on the latest samba code. Convert all references to the old events library to use the renamed tevent library.
2009-02-24Add PAM responderSumit Bose1-1/+131
Also move responders under server/responder with shared code in server/responder/common Signed-off-by: Simo Sorce <ssorce@redhat.com>
2009-02-20Completely rework the nss interface to be able to use 2Simo Sorce1-31/+189
types of domains: modern and legacy modern uses member/meberof, legacy uses memberUid for group memberships. Rework the proxy backend to use the legacy style as that's the format the data comes in (trying to convert would require too many transformations and increased the number of queries). Add support for fetching groups in nss. Add support for enumerating users and groups (requires to enable enumeration in config) both in nss and in the proxy provider. Remove confdb_get_domain_basedn() and substitute with generic calls in the nss init function. Store a domain structure in the btree not the basedn so that we can add enumeration flags. Also make sure NSS understand how to make multiple calls on enumerations, also make passing the domian parameter always mandatory, passing in domain=* is not valid anymore. This work fixes also a few memory, degfault, and logic bugs found while testing all nss functions (there are still some to fix that are less critical and much harder to find yet).
2009-02-13Make backend requests asyncSimo Sorce1-48/+349
2009-02-12- make all functions supposed to get input in posix formatSimo Sorce1-12/+12
use the same namespace (sysdb_posix_) - no need to explicitly start a transaction if only one operation is performed using a synchronous interface - split _add_remove_ functions into separate functions, don't let ldap madness creep into out interfaces
2009-01-12Regroup database rleated functions under db andSimo Sorce1-4/+7
rename everything with the sysdb suffix.
2009-01-11Add support for getpwuid in proxy backendSimo Sorce1-1/+60
2009-01-11Turn ldap_provider.c into proxy.c and make it possible to load just anySimo Sorce1-0/+281
libnss library through config directives on the domain object