summaryrefslogtreecommitdiff
path: root/server/responder/pam
AgeCommit message (Collapse)AuthorFilesLines
2009-08-10Simplify interfaces initializationSimo Sorce3-30/+37
Make as much as possible static, and remove use of talloc_reference and allocation/deallocation of memory when not necessary. Fix also responder use of rctx->conn, was mistakenly used for both monitor and dp connections.
2009-08-10Cosmetic changesSimo Sorce2-21/+21
Rationalize and rename connection names in preparatoin for merging of server and connection structures.
2009-08-10Remove redundant memory contextsSimo Sorce2-5/+5
Simplify code by removing stuff that is never used or redundant.
2009-07-29Address CVE-2009-2410Stephen Gallagher1-1/+1
Fix incorrect error code return in local_handler_callback
2009-07-20Implement resInit for monitor, NSS, PAM, DP and the backendsStephen Gallagher1-0/+20
2009-07-03Rework transaction code to use tevent_reqSimo Sorce1-31/+84
This is part of a set of patches to rewrite sysdb to a hopefully better API, that will also let use use tevent_req async style calls to manipulate our cache.
2009-07-03Rename sysdb_req to sysdb_handle.Simo Sorce2-12/+6
This sysdb_req has always really been a transaction handle and not a request. This is part of a set of patches to rewrite transaction support in sysdb to a hopefully better API, that will also let use use tevent_req async style to manipulate our cache.
2009-07-02check pending_return after dbus_connection_send_with_replySumit Bose1-1/+1
2009-07-02added kerberos backend with tevent_req event handlingSumit Bose1-1/+19
2009-06-08fix detection of authentication against LOCAL domainSumit Bose1-3/+9
2009-05-28special-case NSS calls in PAM codeJakub Hrozek1-2/+2
2009-05-26fix a wrong timeoutSumit Bose1-3/+4
The timeout of the data provider call (in ms) got overwritten by a cache timeout (in s).
2009-05-18Move actual password caching into sysdbSimo Sorce4-126/+2
Convert auth modules to do the caching themselves
2009-05-18Prevent accepting blank passwordsSimo Sorce1-0/+7
2009-05-18Fix crypt functions to not use static buffers.Simo Sorce2-18/+16
Also fix style, clarify, and simplify some logic.
2009-05-15added new pam client protocolSumit Bose1-1/+132
2009-05-15added more flexible handling of client protocolSumit Bose1-1/+12
- allow different protocol versions for PAM and NSS - support more than one protocol version in the responder
2009-05-14added check for NULL valuesSumit Bose2-9/+1
- allow unspecified value in struct pam_data to be NULL - check if domain structure is initialized in pam_reply
2009-04-28handle other pam calls when offlineSumit Bose1-0/+10
2009-04-28Use different attribute for cached passwords change timeSumit Bose1-2/+2
2009-04-28change PAM timeout the match NSS timeSumit Bose2-3/+1
2009-04-27Use different attribute for cached passwordsSimo Sorce1-3/+3
This fixes a bug with legacy backends where the cached password would be cleared on a user update. Using a different attribute we make sure a userPassword coming from the remote backend does not interfere with a cachedPassword (and vice versa).
2009-04-27fix for pam proxy chauthtokSumit Bose1-0/+1
When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
2009-04-23removed length of unused element from packet size calculationSumit Bose1-1/+1
The domain name is no longer send as an element on its own, but if set as a member of the response array. If the user was not found pd->domain is NULL and strlen will seg-fault.
2009-04-22fix for a seq fault when pam_reply_delay is called.Sumit Bose1-2/+2
see https://fedorahosted.org/sssd/ticket/25
2009-04-17Force user check and discover user's domainSimo Sorce2-19/+319
Force a user lookup against the users domain provider. If a user domain is not specified search though all non fully qualifying domains. Perform authentication against the corrent domain auth backend, based on the user's domain found in the lookup if one was not specified. Also move the NSS-DP functions in COMMON-DP as they are reused by the PAM responder too now.
2009-04-14Make reconnection to the Data Provider a global settingStephen Gallagher1-2/+2
Previously, every DP client was allowed to set its own "retries" option. This option was ambiguous, and useless. All DP clients will now use a global option set in the services config called "reconnection_retries"
2009-04-13Fix a couple of segfaults and timeout checksSimo Sorce1-1/+1
2009-04-13Implement credentials caching in pam responder.Simo Sorce8-373/+494
Implement credentials caching in pam responder. Currently works only for the proxy backend. Also cleanup pam responder code and mode common code in data provider. (the data provider should never include responder private headers)
2009-04-13Always pass full domain infoSimo Sorce1-1/+1
Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
2009-04-08Change the way we retrieve domainsSimo Sorce3-20/+16
To be able to correctly filter out duplicate names when multiple non-fully qualified domains are in use we need to be able to specify the domains order. This is now accomplished by the configuration paramets 'domains' in the config/domains entry. 'domains' is a comma separated list of domain names. This paramter allows also to have disbaled domains in the configuration without requiring to completely delete them. The domains list is now kept in a linked list of sss_domain_info objects. The first domain is also the "default" domain.
2009-04-07Clean up warnings in SSSDStephen Gallagher2-3/+2
2009-04-07Unify name parsing and reposnder headersSimo Sorce3-34/+35
Use common sss_parse_name function in all responders Simplify responder headers by combining common,cmd,dp in one header and add name parse structure as part of the common responder context.
2009-04-07Use info in the domain entry to determine action.Simo Sorce1-1/+12
This way LOCAL domains backed by files works as expected too. Tested with nss_files + pam_unix
2009-03-27Fix copy&paste errorSimo Sorce1-1/+1
2009-03-27Fix potential segfault if dp_ctx is still NULL.Simo Sorce1-2/+9
May happen at startup if, for some reason dp is very slow to start and we receive a request before a reconnection is rescheduled in the responder dp reconnection code. This shouldn't happen normally so make it clear with a debug statement.
2009-03-27Make nsssrv use the common responder functionsSimo Sorce2-12/+8
Make nss_ctx a private pointer of the common resp_ctx Use sss_process_init and remove all duplicate functions from nsssrv.c
2009-03-26Enable autoreconnection to the Data Provider in PAMStephen Gallagher1-1/+61
2009-03-26Refactor nss_ctx to resp_ctx in respondersStephen Gallagher3-11/+11
2009-03-20Enhance server_setupSimo Sorce1-1/+1
Now it can load from scratch default configuration that is valid for all daemons. First thing, make it possible for each daemon/provider to set its own debug level in its configuration entry.
2009-03-20added response type PAM_ENV_ITEM and integrated response data into dbus messagesSumit Bose2-19/+98
2009-03-19use pam_data as main data structure for dbus communicationSumit Bose3-27/+85
2009-03-11remove an unnecessary call to confdbSumit Bose1-8/+4
2009-03-10added generic PAM return messages and a false login delaySumit Bose5-64/+150
2009-03-09Always pass sss_domain_info to sysdb functions.Simo Sorce1-3/+3
2009-03-09Do not duplicate attribute names macros.Simo Sorce1-2/+2
Also shorten names oh other user attributes.
2009-03-09use fixed paths to sockets to make sure clients and server are using the sameSumit Bose1-2/+3
2009-03-05Remove _PW_ and _GR_ from SYSDB_ definesSimo Sorce1-7/+7
Also unify SYSDB_PW_NAME and SYSDB_GR_NAME in SYSDB_NAME and make it "name"
2009-03-05added password reset by rootSumit Bose1-0/+5
2009-03-05added a privileged pipeSumit Bose1-3/+2