summaryrefslogtreecommitdiff
path: root/server/providers
AgeCommit message (Collapse)AuthorFilesLines
2009-06-02added tls_reqcert option for native LDAP backendSumit Bose1-0/+32
In order to allow to access LDAP servers which do not provide SSL/TLS encryption the option tls_reqcert is added to the native LDAP backend. It accepts the same arguments as the corresponding OpenLDAP option documented in ldap.conf(5) and should preform accordingly.
2009-05-26Silence warningsSimo Sorce3-10/+12
2009-05-19call tevent_add_fd only onceSumit Bose1-27/+11
2009-05-18Implement approximate offline detection in proxySimo Sorce1-5/+98
This will blackout any request to the backend for 15 seconds, then will allow again to retry.
2009-05-18Move actual password caching into sysdbSimo Sorce2-17/+230
Convert auth modules to do the caching themselves
2009-05-18Split ldap backend into auth and identity filesSimo Sorce2-19/+798
2009-05-18Move ldap_be.c into ldap/ldap_auth.cSimo Sorce1-0/+0
2009-05-14added check for NULL valuesSumit Bose1-0/+7
- allow unspecified value in struct pam_data to be NULL - check if domain structure is initialized in pam_reply
2009-05-04Fixes for porting SSSD to Debian-based platformsStephen Gallagher1-0/+1
2009-04-28enable offline handling for native LDAP backendSumit Bose1-4/+48
2009-04-27handle pam acct_mgmt, setcred and open/close_session before user bind in ↵Sumit Bose1-0/+17
ldap backend
2009-04-27fix for pam proxy chauthtokSumit Bose3-9/+21
When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
2009-04-14Make reconnection to the Data Provider a global settingStephen Gallagher1-2/+2
Previously, every DP client was allowed to set its own "retries" option. This option was ambiguous, and useless. All DP clients will now use a global option set in the services config called "reconnection_retries"
2009-04-13Fix a couple of segfaults and timeout checksSimo Sorce1-18/+17
2009-04-13Implement credentials caching in pam responder.Simo Sorce4-2/+255
Implement credentials caching in pam responder. Currently works only for the proxy backend. Also cleanup pam responder code and mode common code in data provider. (the data provider should never include responder private headers)
2009-04-13Always pass full domain infoSimo Sorce3-14/+23
Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
2009-04-07Split modules types in Identity and AuthenticatorSimo Sorce4-60/+222
The same module may implement both types, but initializatrion will be nonetheless performed separately, once for the identity module and once for the authenticator module. Also change the proxy module to retireve the pam target name from the domain configuration so that it is possibile to create per-domain pam stacks. With this modification it is actually possibile to use normal nss and pam modules to perform a successful authentication (tested only with sudo so far) Update exmples.
2009-04-03Remove useless fileSimo Sorce1-35/+0
This became obsolete when we moved all functions to sysdb.
2009-04-02Do not use the ldap libraries ldap_ prefixSimo Sorce1-76/+76
The ldap_ prefix should be considered reserved namespace for ldap librraies Renaming all ldap_* internal stuff to sdap_, in some cases also move from ldap_be_ to sdap_ as the reason for _be_ was just clearly a name space conflict (ldap_be_init, etc..)
2009-04-01Add way to use files as a proxy backend fro LOCALSimo Sorce2-19/+65
Makes LOCAL a normal backend removing some special handling. Fix/Add id range filtering and name filtering Filters uid=0 and gid=0 in the proxy backend as 0 is invalid within sysdb and was causing getxxent calls to fail completely. Fix nss_ncache_check_xxx calls to avoid dirtying the 'ret' variable and causing some unwanted failures. Change sysdb to always return the uid number when searching member entries so that id range filtering can be perfomed also in group searhes (does not work with legacy backends)
2009-04-01Do not file a sure segfault.Simo Sorce1-0/+2
2009-03-20Enhance server_setupSimo Sorce2-3/+11
Now it can load from scratch default configuration that is valid for all daemons. First thing, make it possible for each daemon/provider to set its own debug level in its configuration entry.
2009-03-20Enable autoreconnection of Data Provider Backends to the Data ProviderStephen Gallagher4-7/+124
2009-03-19Remove references to FreeIPA from D-BUS interfacesStephen Gallagher2-4/+4
Per discussion with the desktop team, using the org.freedesktop interface name will simplify adoption, as potential users won't feel like they're pulling in a FreeIPA dependency.
2009-03-19use pam_data as main data structure for dbus communicationSumit Bose5-108/+31
2009-03-06minor fixes for the build processSumit Bose1-0/+7
enable --without-tests
2009-02-28Convert sync calls in sysdb to async, transaction dependent, calls.Simo Sorce1-350/+610
2009-02-26Rebase the code to use talloc, tdb, tevent, ldb as externalSimo Sorce7-20/+24
dependencies based on the latest samba code. Convert all references to the old events library to use the renamed tevent library.
2009-02-25added more ldap backend options and an example configurationSumit Bose1-68/+92
Signed-off-by: Simo Sorce <ssorce@redhat.com>
2009-02-24Add PAM responderSumit Bose6-2/+1232
Also move responders under server/responder with shared code in server/responder/common Signed-off-by: Simo Sorce <ssorce@redhat.com>
2009-02-24Proper fix for memory handling problem.Simo Sorce2-57/+79
sbus_message_handler is not responsible anymore for sending back data in any case. Transfer this responsibility to the handler function called. This way both synchronous and asynchronous funstions use the interface the same way and can properly free memory referenced by the reply after the send buffer has been filled in and all copies are done in sbus_conn_send_reply()
2009-02-24Revert "Fixing serious memory allocation bug in sbus_message_handler."Simo Sorce2-51/+66
This reverts commit 13421cbe0af4343f9d110600755ffa756690b282. Conflicts: server/infopipe/infopipe.c server/infopipe/infopipe.h While this solution fixed the contingent memory problem it introduced other problems in handling asynchronous replies. Reverting in preparation for a different way to solve it. Conflicts have been taken care of.
2009-02-23Fixing serious memory allocation bug in sbus_message_handler.Stephen Gallagher2-66/+51
dbus_message_append_args() adds a reference to memory that is not copied to the outgoing message until dbus_connection_send() is called. Since we compile our reply messages in functions and then return the reply, we need a mechanism for deleting allocated memory after invoking dbus_connection_send. I have changed the arguments to sbus_msg_handler_fn so that it takes a talloc ctx containing the sbus_message_handler_ctx and a pointer to a reply object. We can now allocate memory as a child of the reply context and free it after calling dbus_connection_send.
2009-02-20Completely rework the nss interface to be able to use 2Simo Sorce2-31/+190
types of domains: modern and legacy modern uses member/meberof, legacy uses memberUid for group memberships. Rework the proxy backend to use the legacy style as that's the format the data comes in (trying to convert would require too many transformations and increased the number of queries). Add support for fetching groups in nss. Add support for enumerating users and groups (requires to enable enumeration in config) both in nss and in the proxy provider. Remove confdb_get_domain_basedn() and substitute with generic calls in the nss init function. Store a domain structure in the btree not the basedn so that we can add enumeration flags. Also make sure NSS understand how to make multiple calls on enumerations, also make passing the domian parameter always mandatory, passing in domain=* is not valid anymore. This work fixes also a few memory, degfault, and logic bugs found while testing all nss functions (there are still some to fix that are less critical and much harder to find yet).
2009-02-13Make backend requests asyncSimo Sorce4-72/+599
2009-02-13Always pass teh database path explicitly, so that test cases can useSimo Sorce1-1/+1
throw away databases Check version and init main db if empty
2009-02-12Remove dp_cli_sbus_initSimo Sorce3-128/+5
2009-02-12- make all functions supposed to get input in posix formatSimo Sorce1-12/+12
use the same namespace (sysdb_posix_) - no need to explicitly start a transaction if only one operation is performed using a synchronous interface - split _add_remove_ functions into separate functions, don't let ldap madness creep into out interfaces
2009-01-27Refactoring the monitor code and SBUS utility functions.Stephen Gallagher6-20/+247
2009-01-14Add code to make it easier to reconnect in case the serverSimo Sorce3-15/+15
is not available immediately or drops the dbus connection. First step is the nss connection to the data provider.
2009-01-13Fix return, dbus would abort because we were passing values andSimo Sorce1-3/+3
not pointers to values. Check domain is never null (or dbus will abort).
2009-01-12Add placeholders for new configuration reload methods. The monitor will be ↵Stephen Gallagher1-0/+12
able to call the reloadConfig DBUS method on any or all of its children to force them to reread their configuration from the confdb.
2009-01-12Regroup database rleated functions under db andSimo Sorce5-475/+11
rename everything with the sysdb suffix.
2009-01-11Use a unified base (temp. dc=sssd), for all domain including LOCAL.Simo Sorce1-27/+28
It makes no sense to have internal attribute names user configurable, remove that option and use macros internally. Also now always pass the domain name to all nss_ldb_* calls.
2009-01-11Add support for getpwuid in proxy backendSimo Sorce3-25/+160
2009-01-11Turn ldap_provider.c into proxy.c and make it possible to load just anySimo Sorce3-32/+62
libnss library through config directives on the domain object
2009-01-09Lots of little nasty bugs fixed.Simo Sorce1-9/+21
I was finally able to get a getpwnam() request go through sssd, hit the remote ldap server and get the answer back with 'getent passwd foo' Yupiee!
2009-01-08The code now successfully sends a getpwnam request to a remote LDAP server,Simo Sorce4-50/+93
and caches the result in LDAP. Still chasing a bug that does not let NSS known that the BE was successful. This makes NSS timeout the client and not return any results yet.
2009-01-06Add more infrastructure to data provider to dispatch requests (still untested).Simo Sorce7-172/+1061
Add helper functions to connect to the data provider. Add some plumbing to the ldap provider (still untested).
2009-01-05Fix dp client to connect to the right dbus pipeSimo Sorce2-19/+24