summaryrefslogtreecommitdiff
path: root/server/providers
AgeCommit message (Collapse)AuthorFilesLines
2009-08-05Consolidate tevent helpersJakub Hrozek2-33/+0
2009-08-04Fix race condition in sdap codeSimo Sorce2-83/+172
Retrieving ldap results and storing users could sometimes results in race conditions where the final ldap result was retrieved before the store operations where finished resulting in the operations to be aborted before termination. Implement a serialization mechanism per operation.
2009-08-03Fix search replies getting ignoredSimo Sorce1-14/+12
2009-07-31Add ignore_not_found parameter to sysdb delete functionsJakub Hrozek1-6/+9
Also add tests
2009-07-24Fix race condition that was causing segfaultsSimo Sorce1-80/+136
The sdap_handle might be freed when processing a message. Rearrange data flow so that the sdap_handle is never used after a message is processed but a new event (dependent on the handle) is instead scheduled. If the sdap_handle is freed, the scheduled event is also removed and not fired
2009-07-21added LDAP change password backend targetSumit Bose4-4/+307
2009-07-21add handling of the new backend targets to proxy backendSumit Bose1-0/+30
2009-07-20Rework the engine that deals with openldap librariesSimo Sorce3-497/+403
The way openldap libraries work, require to have a single engine per connection as all replies are read at the same time. So we need to always read anything that comes in from the wire and then loop to dispatch results to the requests that are waiting.
2009-07-20Implement resInit for monitor, NSS, PAM, DP and the backendsStephen Gallagher2-0/+38
2009-07-20add infrastructure to handle new backend targetsSumit Bose6-150/+228
2009-07-10let krb5 backend safe valid credentials for offline authenticationSumit Bose1-0/+43
2009-07-10fixed the default value for tls_reqcertSumit Bose1-1/+1
2009-07-08Implement the ldap identity module.Simo Sorce5-709/+1173
This uses and exapands the async helpers.
2009-07-08Unify password caching ops in sysdbSimo Sorce4-260/+49
2009-07-08Use async helpers for ldap auth moduleSimo Sorce1-722/+314
This changes the style quite a lot, but the tevent_req style is much more clear and much less error-prone than the giant loop we had previously.
2009-07-08Add async helper functionsSimo Sorce4-0/+2035
These functions use the tevent_req async model, where a pair of _send/_recv functions pilot requests, with additional helpers like _done functions, and where needed multiple stage helpers.
2009-07-08fix return code of krb5 child to indicate that the kdc is unavailableSumit Bose1-1/+5
2009-07-08fixed some typos which prevented password cachingSumit Bose1-3/+5
2009-07-03Cleanup warnings in client and server codeSimo Sorce1-3/+0
2009-07-03Convert proxy internals to tevent_req styleSimo Sorce1-865/+1438
2009-07-03Rework transaction code to use tevent_reqSimo Sorce2-247/+556
This is part of a set of patches to rewrite sysdb to a hopefully better API, that will also let use use tevent_req async style calls to manipulate our cache.
2009-07-03Rename sysdb_req to sysdb_handle.Simo Sorce2-50/+50
This sysdb_req has always really been a transaction handle and not a request. This is part of a set of patches to rewrite transaction support in sysdb to a hopefully better API, that will also let use use tevent_req async style to manipulate our cache.
2009-07-02check pending_return after dbus_connection_send_with_replySumit Bose1-3/+3
2009-07-02added kerberos backend with tevent_req event handlingSumit Bose5-0/+845
2009-06-30Remove redundant libPath option from proxy providerStephen Gallagher1-3/+7
The libPath should be constructed from the libName. There is no benefit to specifying it separately.
2009-06-16Control sssd_be exported functionsStephen Gallagher1-0/+4
2009-06-11Remove extra implementation of password_destructorStephen Gallagher1-11/+0
2009-06-10Turn sssd_mem_takeover into sssd_mem_attachSimo Sorce1-11/+0
The old function was not used anywhere, and this function uses better semantics, including not using void ** which gives strict aliasing problems. Also add a generic password destroy function
2009-06-02added tls_reqcert option for native LDAP backendSumit Bose1-0/+32
In order to allow to access LDAP servers which do not provide SSL/TLS encryption the option tls_reqcert is added to the native LDAP backend. It accepts the same arguments as the corresponding OpenLDAP option documented in ldap.conf(5) and should preform accordingly.
2009-05-26Silence warningsSimo Sorce3-10/+12
2009-05-19call tevent_add_fd only onceSumit Bose1-27/+11
2009-05-18Implement approximate offline detection in proxySimo Sorce1-5/+98
This will blackout any request to the backend for 15 seconds, then will allow again to retry.
2009-05-18Move actual password caching into sysdbSimo Sorce2-17/+230
Convert auth modules to do the caching themselves
2009-05-18Split ldap backend into auth and identity filesSimo Sorce2-19/+798
2009-05-18Move ldap_be.c into ldap/ldap_auth.cSimo Sorce1-0/+0
2009-05-14added check for NULL valuesSumit Bose1-0/+7
- allow unspecified value in struct pam_data to be NULL - check if domain structure is initialized in pam_reply
2009-05-04Fixes for porting SSSD to Debian-based platformsStephen Gallagher1-0/+1
2009-04-28enable offline handling for native LDAP backendSumit Bose1-4/+48
2009-04-27handle pam acct_mgmt, setcred and open/close_session before user bind in ↵Sumit Bose1-0/+17
ldap backend
2009-04-27fix for pam proxy chauthtokSumit Bose3-9/+21
When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
2009-04-14Make reconnection to the Data Provider a global settingStephen Gallagher1-2/+2
Previously, every DP client was allowed to set its own "retries" option. This option was ambiguous, and useless. All DP clients will now use a global option set in the services config called "reconnection_retries"
2009-04-13Fix a couple of segfaults and timeout checksSimo Sorce1-18/+17
2009-04-13Implement credentials caching in pam responder.Simo Sorce4-2/+255
Implement credentials caching in pam responder. Currently works only for the proxy backend. Also cleanup pam responder code and mode common code in data provider. (the data provider should never include responder private headers)
2009-04-13Always pass full domain infoSimo Sorce3-14/+23
Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
2009-04-07Split modules types in Identity and AuthenticatorSimo Sorce4-60/+222
The same module may implement both types, but initializatrion will be nonetheless performed separately, once for the identity module and once for the authenticator module. Also change the proxy module to retireve the pam target name from the domain configuration so that it is possibile to create per-domain pam stacks. With this modification it is actually possibile to use normal nss and pam modules to perform a successful authentication (tested only with sudo so far) Update exmples.
2009-04-03Remove useless fileSimo Sorce1-35/+0
This became obsolete when we moved all functions to sysdb.
2009-04-02Do not use the ldap libraries ldap_ prefixSimo Sorce1-76/+76
The ldap_ prefix should be considered reserved namespace for ldap librraies Renaming all ldap_* internal stuff to sdap_, in some cases also move from ldap_be_ to sdap_ as the reason for _be_ was just clearly a name space conflict (ldap_be_init, etc..)
2009-04-01Add way to use files as a proxy backend fro LOCALSimo Sorce2-19/+65
Makes LOCAL a normal backend removing some special handling. Fix/Add id range filtering and name filtering Filters uid=0 and gid=0 in the proxy backend as 0 is invalid within sysdb and was causing getxxent calls to fail completely. Fix nss_ncache_check_xxx calls to avoid dirtying the 'ret' variable and causing some unwanted failures. Change sysdb to always return the uid number when searching member entries so that id range filtering can be perfomed also in group searhes (does not work with legacy backends)
2009-04-01Do not file a sure segfault.Simo Sorce1-0/+2
2009-03-20Enhance server_setupSimo Sorce2-3/+11
Now it can load from scratch default configuration that is valid for all daemons. First thing, make it possible for each daemon/provider to set its own debug level in its configuration entry.