summaryrefslogtreecommitdiff
path: root/server
AgeCommit message (Collapse)AuthorFilesLines
2009-11-25In IPA, the realm is always the domain uppercased.Simo Sorce1-2/+7
2009-11-25Make ldb lib dir configurableSumit Bose2-1/+19
2009-11-25Use ldb modules from build root for testsSumit Bose2-0/+5
2009-11-25Fix internal options numbers testSimo Sorce1-12/+24
Unfortunately since we changed the defines to an enum the preprocessor test stopped working. Turn tests into runtime tests that will abort the process.
2009-11-23Really check return value from pam_set_itemSumit Bose1-3/+3
2009-11-23Fix ticket #289Simo Sorce1-0/+18
When I converted fill_grent to speed up enumerations I left out this check by mistake.
2009-11-23Update translation strings for string freezeStephen Gallagher5-382/+463
2009-11-23Read KDC info from file instead from environmentSumit Bose12-74/+474
Then name or IP adress of the KDC is written into the pubconf directory into a file named kdcinfo.REALM. The locator plugin will then read this file and pass the data to the kerberos libraries.
2009-11-23Speed up user requests while offlineStephen Gallagher6-52/+102
This adds a new boolean option to sss_dp_send_acct_req() called fast_reply. If we make a request to the backends and we are currently offline, this option will determine whether we should immediately return from the cache (acceptable for NSS requests) or potentially wait for an online check to complete (required for PAM requests).
2009-11-23Make backend request type a bitfieldStephen Gallagher3-5/+5
2009-11-23Update PL translationStephen Gallagher1-79/+80
2009-11-23Add ldap_pwd_policy optionSumit Bose7-45/+129
2009-11-20Add initial failover support for ldap and ipaSimo Sorce22-69/+938
The retun values are still not directly used with ldap libraries that still do their own name resolution, but this patch introduces a very basic framework to have a multiple providers in one domain use and share a single failover service if they want to.
2009-11-20Raise some timeoutsSimo Sorce2-3/+3
When using high debug levels or valgrind the code maybe slow enough that these timeouts were too strict.
2009-11-20Filter by id range before actually storing entries.Simo Sorce4-31/+89
This way we do not need to check for id ranges on every search.
2009-11-20Optimize sysdb_enumgrentSimo Sorce3-504/+203
This brings down the time needed to enumerate my group database from 2.4 seconds to 0.15 seconds.
2009-11-20Only display errors in unit testsStephen Gallagher10-11/+21
If you want to turn verbosity back on, just set the environment variable CK_VERBOSITY=verbose
2009-11-20Enhance check for remote hostsSumit Bose2-55/+97
2009-11-20Add ipa_authSumit Bose5-1/+352
To support IPA DS to Kerberos password migration a seperate authentication target is added. It calls the Kerberos authentication target and in the case of a 'Preauthentication Error' the LDAP authentication target. On success the Kerberos target is called again to request the TGT.
2009-11-20Add reference to sssd-krb5 man page.Simo Sorce1-0/+3
Thanks to Marko Myllynen for spotting this.
2009-11-20Improve handling of ccache filesSumit Bose8-206/+1081
- save current ccache file to sysdb - use the saved ccache file if the user has running processes - create an empty ccache if offline - return enviroment variables if offline
2009-11-20Correctly escape DN value.Simo Sorce1-6/+42
In building the DN string we weren't correctly escaping the value of the RDN component. This patches fixes that.
2009-11-20Better behavior on cleanupSimo Sorce4-20/+44
With the previous code in domains with many users and enumeration enable we would eventually end up making thousands of individual searches for entries in the clean-up process. Change the code to do a full enumeration before a cleanup so we do one single big search to update all entries and only then search for entries to purge. This also fixes the fact that the cleanup task was running at every enumeration instead of running every "ldap_purge_cache_timeout" seconds.
2009-11-20Add empty NL translationStephen Gallagher2-0/+614
2009-11-20Validate Kerberos credentials with local keytabSumit Bose16-43/+326
2009-11-20upgrade_config fixes for SSSD 0.6 and laterJakub Hrozek1-1/+19
Incorporates changes we made to v2 after 0.6, or that were missed by the original upgrade script: * removes magic_private_groups option * removes libPath option * changes provider=files to provider=proxy proxy_lib_name=files * changes store-legacy-passwords to store_legacy_passwords
2009-11-20SSSDConfigAPI fixesJakub Hrozek2-399/+133
* splitlist is a function * shared SSSDConfigObject to reduce code duplication * added missing exception class * fixed some typos * remove extra 'pass' in unittests * use assertRaises in unittests
2009-11-20Convert SSSDConfig API to ipachangeconfJakub Hrozek3-59/+70
With this patch, SSSDConfigAPI is able to keep comments and ordering of sections. Fixes: #226
2009-11-20Change the upgrade script to use ipachangeconfJakub Hrozek2-189/+165
With this patch, the upgrade script we use for changing the config files is able to keep ordering and comments. Fixes: #249
2009-11-20SSSDChangeConf - a wrapper around ipachangeconfJakub Hrozek1-0/+91
Provides a convenient wrapper around ipachangeconf that is closer API-wise to ConfigParser
2009-11-20Add Simo's ipachangeconfJakub Hrozek3-0/+461
2009-11-19Fix sysdb upgrade bugStephen Gallagher1-1/+1
After completing an upgrade successfully, we were still falling into the "version not found" case. We should be exiting the function after performing the upgrade.
2009-11-18Make the password field configurable in NSSJakub Hrozek6-4/+17
Per the discussion on sssd-devel list, nss_sss should not return a hardcoded value but this should rather be configurable to allow whatever the OS or distribution thinks is the best for the particular case. Fixes: #266
2009-11-18Adding Japanese translationnoriko2-0/+615
2009-11-18Update translatable stringsStephen Gallagher3-21/+51
2009-11-18Failover fixes and additionsSimo Sorce3-7/+25
2009-11-18Store initgr expire time on initgr callSimo Sorce1-6/+17
2009-11-18Change the pam code to perform an initgroups callSimo Sorce1-1/+1
An initgroups call refreshes both the user and the user's groups, this is ideal for pam so that we don't need addiotnal initgroups calls (initgroups calls are cached too now) during the login process.
2009-11-18Change initgroups code to use and check the cacheSimo Sorce2-218/+109
We were previously always ending up contacting the backend because we had no way to know if an initgroups call for the same user had ever been called. Add attribute to hold this information and rely on backends to update it. If they don't we fallback to the previous behvior of asking the backend.
2009-11-18Fix crash due to uninitialized timeout variableSimo Sorce1-0/+1
This slipped through in previous patches. Fixes #283
2009-11-18Upgrade cache and local databases to case-sensitive namesStephen Gallagher2-2/+96
2009-11-18Make the sysdb user and group names case-sensitiveStephen Gallagher2-1/+39
2009-11-13Fix option name krb5_changepw_principalSumit Bose5-7/+7
2009-11-12Change var name to make its use more clear.Simo Sorce2-7/+7
Change memctx to make clear it should be used only when a callback is being used.
2009-11-12Make 'permit' the default for the access targetSumit Bose2-16/+5
2009-11-12Fix check_cache bug in dealing with the callbackSimo Sorce1-97/+104
Also rework check_cache so that the operations it makes are more explicit. Also add comments about why we are doing something. Should make the code easier to understand in future (took quite some time and discussion on IRC to understand exactly how this function was behaving and to find the callback passing bug).
2009-11-12Fix double free case.Simo Sorce1-1/+3
2009-11-12Fixes for proxy providerSumit Bose2-7/+26
- use the correct private data for each PAM task - make proxy_pam_target a mandatory option for auth, chpass and access
2009-11-12Fix inconsistent use of krb5_ccname_templateSumit Bose2-2/+2
2009-11-12Try to fix offline loginsSimo Sorce1-12/+6