summaryrefslogtreecommitdiff
path: root/server
AgeCommit message (Collapse)AuthorFilesLines
2009-10-08add description of chpass_provider option to sssd.conf man pageSumit Bose1-0/+30
2009-10-06Remove unused btreemap codeStephen Gallagher12-268/+0
We have converted to using dhash in place of btreemap everywhere in the code.
2009-10-05Make dp requests more robustSimo Sorce1-36/+109
This should fix #218 It should also prevent us from leaking memory in case the original request times out and should prevent races with the callbacks beeing freed after sdp_req is freed and thus dereferencing freed memory in the callbacks detructors.
2009-10-05remove redundant talloc_freeSumit Bose1-3/+0
- this patch should fix bug #213, a double free in the sdap timeout handler
2009-10-05handle expired password during authenticationSumit Bose1-2/+25
2009-10-05Fix python sync operations and mem hierarchyJakub Hrozek1-397/+191
Similar to Simo's patch that fixed the tools, this one converts the python bindings to the start_transaction/end_transaction functions. Also fixes memory hierarchy so that tools_ctx is allocated in every operation and used as memory context for the operation instead of self->mem_ctx which simplifies cleanup.
2009-10-05more documentation and test for sssd.confSumit Bose2-0/+34
- add a hint to the man page about permissions on sssd.conf - add a test if a symbolic link can be opened
2009-10-05add utility call check_and_open_readonlySumit Bose6-8/+315
Use this new utility call to ensure that the config file is safe to read from.
2009-10-01Fix long timeout on ldap operationSimo Sorce2-5/+14
Always use the network timeout defined in the options. But raise defaults to 60 seconds or enumerations can easily fail.
2009-10-01Fix tools sync operations and mem hierarchySimo Sorce10-319/+193
Tools were using nested loops that are illegal. (and enforced in latest tevent with a nice abort()) Fix them by creating appropriate synchronous transaction calls. Also fix tools_ctx mem hierarchy setup.
2009-10-01Initial implementation of sasl bind supportSimo Sorce7-59/+567
Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
2009-10-01update sysdb tests to new config file versionSumit Bose1-12/+3
2009-10-01Update polish translation for 0.6.0Piotr Drąg1-73/+26
2009-09-29Fix infinite loop with empty group enumerationStephen Gallagher1-13/+15
Loop control variable was not being incremented. I also converted a goto loop into a do...while loop to make it easier to follow the logic.
2009-09-28Tighten up permission.Simo Sorce1-1/+12
SSSD may contain passwords and other sensitive data, make sure we always keep its permission tight. Also make /etc/sssd permission very strict, just in case, admins may inadvertently copy an sssd.conf file without checking it's permissions.
2009-09-25Update version to 0.6.0Stephen Gallagher3-342/+278
Update gettext strings
2009-09-25add defines for large file support to standard CFLAGSSumit Bose1-0/+2
- this fixes a compiler warning about the redefinition of SIZEOF_OFF_T in the python bindings, because python is compiled with large file support.
2009-09-25Let backend respond while fetching large resultsSimo Sorce1-2/+11
Timers always come before fd events, wait 5 microseconds between processing operations so that tevent has a chance of cactching an fd event in between. This allows the backend to reply to pings even while processing very large ldap results (importanty especially during the first enumeration).
2009-09-25remove krb5_try_simple_upn option and make it a default fallbackSumit Bose4-24/+17
2009-09-25Convert the example config to v2 format, upgrade config on update onlyJakub Hrozek1-76/+56
2009-09-25Send debug messages to logfileJakub Hrozek14-11/+128
Introduces a new option --debug-to-files which makes SSSD output its debug information to a file instead of stderr, which is still the default. Also introduces a new confdb option debug_to_files which does the same, but can be specified per-service in the config file. The logfiles are stored in /var/log/sssd by default. Changes the initscript to log to files by default.
2009-09-25fix possible short reads in kerberos providerSumit Bose2-15/+46
2009-09-25add new config options ldap_tls_cacert and ldap_tls_cacertdirSumit Bose5-67/+115
2009-09-25script to upgrade config to v2Jakub Hrozek2-0/+355
2009-09-25Manpages updateJakub Hrozek3-224/+193
2009-09-25Upgrade confdb to version 2Stephen Gallagher21-237/+310
This converts a great many configuration options to the new standard format.
2009-09-25toggle debug output of sssd_krb5_locator_plugin with an environment variableSumit Bose1-36/+55
2009-09-25Temporarily disable automatic config file rereadStephen Gallagher1-1/+7
The backends do not honor the reloadConfig SBUS message right now, so if an admin changes the sssd.conf file, it will update only the monitor, potentially leaving the SSSD as a whole in a bad state. This patch will simply comment out monitor_config_file() for the time being until https://fedorahosted.org/sssd/ticket/91 is fixed.
2009-09-24added support for older MIT kerberos versionssbose7-10/+170
- make the build of the locator plugin optional - added a man page for the locator plugin - use krb5.h if krb5/krb5.h cannot be found - added alternatives for missing functions - set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version is lesser than 1.0.0
2009-09-24Handle suspend casesSimo Sorce1-6/+13
When a laptop is suspended it may be dormant for hours. Do not check just the kast time a ping was successful, keep a counter with the failed pings instead.
2009-09-23add a man page for pam_sssSumit Bose1-0/+3
2009-09-23Remove provider=filesJakub Hrozek5-90/+1
Remove this provider type, as well as any references in the docs and examples to the "LEGACYLOCAL" migration domain. Fixes: #165
2009-09-23use getaddrinfo to resolve IP address of KDCSumit Bose1-17/+58
2009-09-23Don't try to use initgroups_dyn if not availableSimo Sorce1-0/+3
Fixes a segfault seen in the wild with providers=files
2009-09-23Fix copy&paste of wrong structureSimo Sorce1-2/+2
2009-09-23Allow entering parent groups as FQDNJakub Hrozek8-7/+83
Allow entering parent groups for groupadd,useradd,usermod as FQDN. Since members and parents must be from the same domain, error out if we can't determine the domain of member. Fixes: #121
2009-09-23Revert "Use syslog for logging error conditions in SSSD"Stephen Gallagher29-460/+403
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d. Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made use of the SYSLOG_ERROR() macro, so those portions of that code also needed to be reverted.
2009-09-22Make configure script compatible with older python versionsStephen Gallagher1-7/+16
Older python versions (such as that used in RHEL5) do not have a python-config executable to report CFLAGS and LIBS. In order to support such versions of python, we will duplicate the logic that python-config would have performed directly in our configure script
2009-09-21Several fixes and enhancements for config file processingStephen Gallagher1-15/+78
1) Add get_entry_as_bool function 2) Make all parameters in confdb_get_domain_internal() use macro names for the attributes. This will make it easer to convert them to the version 2 config file.
2009-09-21Use syslog for logging error conditions in SSSDJakub Hrozek29-398/+455
This is just a band-aid until ELAPI is fully functional and ready to use.
2009-09-21Provide python bindings for sysdbJakub Hrozek8-0/+1534
Implement a set of python bindings for the sysdb with feature set similar to what is available in the tools. The primary consumers would be applications like system-config-users. Resolves: Ticket #102
2009-09-21Decouple synchronous sysdb interface from toolsJakub Hrozek11-1020/+1845
Instead of working directly with async code in tools, create synchronous wrappers that could be used by tools and python bindings. Also resolves many issues with code duplication in tools and thus fixes ticket #87
2009-09-21Refactor tools codeJakub Hrozek8-268/+244
Move parameter parsing in tools before attempting to do anything that might fail - so that we have debug_level set correctly for potential error messages. That allows printing the --help and --usage messages without being root. Fix code duplicates in tools and refactor its code a little to lay ground for decoupling the synchronous interfaces. Remove some legacy tools leftovers, re-add sensible error message on removing nonexistent users/groups which was removed by accident. Fixes: Trac ticket #75 Fix typo in groupdel: fixes ticket #136
2009-09-18Include groupSearchBase in sssd-ldap(5) manpageStephen Gallagher1-1/+11
2009-09-18Add missing reference to sssd-ldap(5) in sssd.conf(5) manpageStephen Gallagher1-0/+3
2009-09-17Better handle groups w/o membersSimo Sorce1-6/+122
There was a chance that groups w/o members could end up causing a failure to store the group. This would happen in case the structure used by glibc to fill up the group data was "dirty". Always memset structures before passing them to te libc and also check if there are any members, before calling the async function. Finally add some tracing at level 7 so that it is easier to follow what is going on in case of touble.
2009-09-17Fix copy&paste error.Simo Sorce1-4/+4
2009-09-16Add missing updates to LINGUAS for pl translationStephen Gallagher1-0/+1
2009-09-16Add pl translationPiotr Drąg1-0/+261
2009-09-16Check if SSL/TLS handler is already in placeSumit Bose1-1/+8
Authentication against a LDAP server should always use an encrypted connection. To acchive this the LDAP provider calls ldap_start_tls which will fail if the connection is already encrypted, e.g. if an ldaps tunnel is already established. Because the error message from ldap_start_tls is not specific we check the status with ldap_tls_inplace before calling ldap_start_tls.