summaryrefslogtreecommitdiff
path: root/server
AgeCommit message (Collapse)AuthorFilesLines
2009-05-18Move actual password caching into sysdbSimo Sorce12-156/+286
Convert auth modules to do the caching themselves
2009-05-18Split ldap backend into auth and identity filesSimo Sorce3-20/+800
2009-05-18Move ldap_be.c into ldap/ldap_auth.cSimo Sorce1-0/+0
2009-05-18Prevent accepting blank passwordsSimo Sorce1-0/+7
2009-05-18Fix crypt functions to not use static buffers.Simo Sorce4-338/+334
Also fix style, clarify, and simplify some logic.
2009-05-15Treat the local provider as a special caseStephen Gallagher2-1/+17
The local provider needs no backend, so we'll create a special provider entry for it called "local" that will not attempt to retrieve provider configuration but will remain in the service list so it can be updated when the config file changes.
2009-05-15added new pam client protocolSumit Bose1-1/+132
2009-05-15added more flexible handling of client protocolSumit Bose4-2/+63
- allow different protocol versions for PAM and NSS - support more than one protocol version in the responder
2009-05-14Manpage generationJakub Hrozek7-3/+240
Provides a set of make rules for generating UNIX manual pages from DocBook 4.5 source as well as sample manpage for sss_useradd. Automatic generation of manual pages during "make" process is tunable with config parameter "--with-manpages". To rebuild the man pages separately, use the "make doc" target. Before building, the manpages are validated using a DTD schema.
2009-05-14Update configure rules for LDB and POPTStephen Gallagher2-4/+9
We need to ensure that configure fails with an error if the popt development libraries are not present or if ldb module support is not available.
2009-05-14More useful error message when adding user/group that already existsJakub Hrozek2-2/+18
Fixes: RHBZ #498462
2009-05-14Check for valid ID range, domains overlapJakub Hrozek1-0/+36
2009-05-14added check for NULL valuesSumit Bose3-9/+8
- allow unspecified value in struct pam_data to be NULL - check if domain structure is initialized in pam_reply
2009-05-12Fix warnings in monitor.c and confdb.cStephen Gallagher2-7/+13
2009-05-11Separate confdb API from confdb setupStephen Gallagher8-374/+458
Refactoring the confdb so that the setup code can be linked separately from the access API. This is being done so that our plugins do not need to link against the collection and ini_config libraries.
2009-05-08Chdir to / when daemonizingJakub Hrozek1-0/+11
2009-05-08Use tevent for shutdown signals, remove old pidfile, make sssd single-instance.Jakub Hrozek2-1/+79
Use tevent signal handling facilities for handlong SIGTERM and SIGINT in the monitor. Remove pidfile on SIGTERM and SIGINT. Make sssd single-instance by checking if we suceeded in signaling the process in the pidfile.
2009-05-08redirect stderr to /dev/null in initscriptJakub Hrozek1-1/+1
2009-05-06Fix some more return paths using uninitalized retSimo Sorce1-3/+3
2009-05-04Fixes for porting SSSD to Debian-based platformsStephen Gallagher5-5/+7
2009-04-29Fix configuration corruption issueStephen Gallagher1-2/+20
In the event that the configuration was corrupt the first time the SSSD is started, it would write in the special data for attributes and indexes, but it would fail before writing the version. Subsequent reloads (even with correct configuration files) would fail, since they would try again to write the attributes and indexes and fail since they were already present.
2009-04-29Fix use of uninitialized return variableSimo Sorce1-5/+5
2009-04-28Add debug param to the tools, fix lock/unlock in sss_usermodJakub Hrozek6-3/+31
2009-04-28Invoke shadow-utils in sss_ toolsJakub Hrozek11-48/+643
Make shadow-utils base path configurable Use default values for params, allow configuring them
2009-04-28handle other pam calls when offlineSumit Bose1-0/+10
2009-04-28Use different attribute for cached passwords change timeSumit Bose1-2/+2
2009-04-28enable offline handling for native LDAP backendSumit Bose1-4/+48
2009-04-28change PAM timeout the match NSS timeSumit Bose2-3/+1
2009-04-27Use different attribute for cached passwordsSimo Sorce2-3/+5
This fixes a bug with legacy backends where the cached password would be cleared on a user update. Using a different attribute we make sure a userPassword coming from the remote backend does not interfere with a cachedPassword (and vice versa).
2009-04-27Release version 0.3.3Stephen Gallagher1-1/+1
2009-04-27Eliminate segfault on NSS and PAM responder startup.Stephen Gallagher1-0/+4
If the data provider is not yet available when NSS and PAM start, they will generate a segmentation fault when trying to configure their automatic reconnection to the Data Provider. I've now added code in sss_dp_init() to detect whether the dp_ctx is NULL and return EIO.
2009-04-27Stress testJakub Hrozek3-1/+333
2009-04-27enable uid/gid generation againSumit Bose1-3/+6
2009-04-27handle pam acct_mgmt, setcred and open/close_session before user bind in ↵Sumit Bose1-0/+17
ldap backend
2009-04-27fix for pam proxy chauthtokSumit Bose4-9/+22
When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
2009-04-23removed length of unused element from packet size calculationSumit Bose1-1/+1
The domain name is no longer send as an element on its own, but if set as a member of the response array. If the user was not found pd->domain is NULL and strlen will seg-fault.
2009-04-23fixes for user and group creation in LOCAL domainSumit Bose2-1/+20
- added range check for supplied UIDs and GIDs - initialize pc_gid to 0 to trigger gid generation
2009-04-22fix for a seq fault when pam_reply_delay is called.Sumit Bose1-2/+2
see https://fedorahosted.org/sssd/ticket/25
2009-04-20sssd 0.3.2Jakub Hrozek1-1/+1
2009-04-17Force user check and discover user's domainSimo Sorce6-297/+593
Force a user lookup against the users domain provider. If a user domain is not specified search though all non fully qualifying domains. Perform authentication against the corrent domain auth backend, based on the user's domain found in the lookup if one was not specified. Also move the NSS-DP functions in COMMON-DP as they are reused by the PAM responder too now.
2009-04-16Avoid unnecessary reloads of config.ldbSimo Sorce1-4/+37
Add code to check if the file has changed since the last update was performed. Avoid dumping and reloading the config ldb if the modification time of the configuration file has not changed at all.
2009-04-16Fix by_id enumeration with multiple domainsSimo Sorce1-0/+10
We need to stop parsing domains as soon as a caaandidate is found and let the callback search additional domains if the id is not found. Should fix ticket #21
2009-04-14Add common function to retrieve comma sep. listsSimo Sorce4-106/+179
Also convert all places where we were using custom code to parse config arguments. And fix a copy&paste error in nss_get_config
2009-04-14Make reconnection to the Data Provider a global settingStephen Gallagher6-10/+12
Previously, every DP client was allowed to set its own "retries" option. This option was ambiguous, and useless. All DP clients will now use a global option set in the services config called "reconnection_retries"
2009-04-14Replace the example sssd.conf file with the one used in FedoraStephen Gallagher1-32/+71
Also remove the [services/infopipe] section, since we're not shipping InfoPipe yet, and that would be confusing.
2009-04-14Add reconnection code between the NSS responder and the Data providerStephen Gallagher1-1/+52
2009-04-13Bump up to 0.3.1Simo Sorce1-1/+1
2009-04-13Fix a couple of segfaults and timeout checksSimo Sorce5-51/+34
2009-04-13Set version to 0.3.0Simo Sorce1-1/+1
2009-04-13Add a LSB header to the initscriptSumit Bose1-0/+14