summaryrefslogtreecommitdiff
path: root/server
AgeCommit message (Collapse)AuthorFilesLines
2009-10-15Remove two unused functions.Stephen Gallagher2-18/+0
These functions were used when reconnecting to the DP after losing the connection. Since there is no DP any longer, there's no reason to have these functions.
2009-10-15Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7Stephen Gallagher1-0/+8
There were unused functions still being compiled. This will suppress them until we turn live configuration updates back on.
2009-10-15Clean up warnings in pysss.cStephen Gallagher1-8/+12
On older versions of the python headers, some arguments used 'char *' instead of 'const char *', which means that assigning a constant string such as "adduser" threw a warning about discarding qualifiers. This patch cleans up most of these warnings in this file. There remain several warnings in the sss_local_methods initialization that I do not know how to fix.
2009-10-15Check for expired passwords in LDAP providerSumit Bose4-23/+425
2009-10-15enable debugging of krb5_childSumit Bose6-8/+182
2009-10-15more implicit provider target settingsSumit Bose2-14/+76
If auth_provider or access_provider is ont set explicitly id_provider is used if it can handle auth or access control requests respectively. If not auth defaults to 'none' and the access_provider is set to 'permit'. The option 'deny' is added for the access_provider to explicitly deny access.
2009-10-15set chpass_provider implicit if not set explicitSumit Bose3-20/+67
- if chpass_provider is not given in the configuration file but an auth_provider and the auth_provider can also handle change password requests it is used as chpass_provider.
2009-10-15Return the dp error from the providersSimo Sorce6-81/+179
2009-10-15Fix offline authenticationSimo Sorce1-16/+3
The way we were processing errors from the provider caused offline authentication to stop working. Previously the problem was masked by a bug in the data provider that always returned "Success" for any operation no matter what the actual return code was. when DP got removed the bug became evident.
2009-10-14Move ldap provider configuration into its own fileSimo Sorce7-189/+254
2009-10-14Make options parser available to all providersSimo Sorce9-294/+367
2009-10-14send a message if a backend target is not configuredSumit Bose1-12/+30
If a backend target is not configured the return code is changed from PAM_SYSTEM_ERR to PAM_MODULE_UNKNOWN and an error message is sent back to the client.
2009-10-14make sdap_id_connect_* independent of sdap_id_ctxSumit Bose3-180/+188
The sdap_id_connect_* request tries to bind to an LDAP server with the default credentials. Only the opts component of the sdap_id_ctx context is used. A new request sdap_cli_connect_* is created which expects only the opts pointer as parameter and not the whole context. This makes it reusable by other providers.
2009-10-14use PYTHON_PREFIX to install SSSDConfig python APISumit Bose1-2/+2
2009-10-14SUSE specific init scriptRalf Haferkamp1-0/+78
2009-10-14Fix error messages in toolsJakub Hrozek10-35/+342
Add getpwnam, getgrnam sync versions Fix ticket #164: Groupnames in non-local domains Fix ticket #100: Error Message Modifying a user that doesn't Exist Fix ticket #214: incorrect error message when MPG already exists Fix ticket #188: Deleting and modifying users in non-local domain Fix ticket #120: Adding a user to a full domain gives unhelpful error message
2009-10-13Fix services startup when only LOCAL is configuredSimo Sorce1-0/+3
2009-10-13add a replacement if ldap_control_create is missingSumit Bose7-9/+119
2009-10-13add -Werror-implicit-function-declaration to default gcc flagsSumit Bose1-1/+2
2009-10-13Package SSSDConfig APIStephen Gallagher2-0/+55
2009-10-13Add plugin configuration schema for proxy providerStephen Gallagher1-0/+7
2009-10-12Add new SSSDConfig python APIStephen Gallagher9-0/+2111
Also adds unit tests for the SSSDConfig API
2009-10-12LDAP provider needs to link against krb librariesRalf Haferkamp1-2/+4
2009-10-12fix a wrong argument to unpack_bufferSumit Bose1-18/+40
- the patch to handle short read introduced a new variable len to store the amount of data read. Instead of using this variable unpack_buffer was called with the old variable ret. Thanks to mnagy@redhat.com for finding this. - this patch also fixes a potential error when the message size is equal to the buffer size.
2009-10-09use the correct kerberos context for each targetSumit Bose1-4/+33
- when the kerberos provider was used as a chpass_provider but not as auth_provider the backend died
2009-10-09Remove magicPrivateGroups optionSimo Sorce7-64/+17
In sssd only local is a native mpg domain, and it is forced. All other providers will have to unroll mpg users into a user/group pair of entries in the db. This allows the provider to automatically establish if the remote server provides mpg users w/o possibily conflicting manual configurations on the client trying to force an mpg behavior where none is provided.
2009-10-09Start responders predictably after providersSimo Sorce1-52/+147
Instead of waiting an arbitrary timeout, start all providers first, and wait for all of them to reply to the monitor before starting other services. Add a timeout handler so that services are started even if one of the providers fails to actually register back to the monitor. Also fixes services destructors delist_service was overriding the natural svc destructor. remove the offending code and make the svc_destructor always try to remove a service from the service list, if the service is not listed it will just be a noop.
2009-10-09Remove DP processSimo Sorce15-1377/+379
Turn the backend process into data provider servers Make Frontends (pam, nss) directly attach to the backends
2009-10-09Differentiate between search and network timeoutsSimo Sorce3-5/+7
Network timeouts are used in quick operations like bind. Search timeout is used for operations that can "legally" require more time. Change defaults to 6 and 60 seconds respectively.
2009-10-08add support for server side LDAP password policiesSumit Bose3-11/+125
- password policy request controls are send during bind and change password extended operation - the response control is evaluated to see if the password is expired or will expire, soon
2009-10-08add description of chpass_provider option to sssd.conf man pageSumit Bose1-0/+30
2009-10-06Remove unused btreemap codeStephen Gallagher12-268/+0
We have converted to using dhash in place of btreemap everywhere in the code.
2009-10-05Make dp requests more robustSimo Sorce1-36/+109
This should fix #218 It should also prevent us from leaking memory in case the original request times out and should prevent races with the callbacks beeing freed after sdp_req is freed and thus dereferencing freed memory in the callbacks detructors.
2009-10-05remove redundant talloc_freeSumit Bose1-3/+0
- this patch should fix bug #213, a double free in the sdap timeout handler
2009-10-05handle expired password during authenticationSumit Bose1-2/+25
2009-10-05Fix python sync operations and mem hierarchyJakub Hrozek1-397/+191
Similar to Simo's patch that fixed the tools, this one converts the python bindings to the start_transaction/end_transaction functions. Also fixes memory hierarchy so that tools_ctx is allocated in every operation and used as memory context for the operation instead of self->mem_ctx which simplifies cleanup.
2009-10-05more documentation and test for sssd.confSumit Bose2-0/+34
- add a hint to the man page about permissions on sssd.conf - add a test if a symbolic link can be opened
2009-10-05add utility call check_and_open_readonlySumit Bose6-8/+315
Use this new utility call to ensure that the config file is safe to read from.
2009-10-01Fix long timeout on ldap operationSimo Sorce2-5/+14
Always use the network timeout defined in the options. But raise defaults to 60 seconds or enumerations can easily fail.
2009-10-01Fix tools sync operations and mem hierarchySimo Sorce10-319/+193
Tools were using nested loops that are illegal. (and enforced in latest tevent with a nice abort()) Fix them by creating appropriate synchronous transaction calls. Also fix tools_ctx mem hierarchy setup.
2009-10-01Initial implementation of sasl bind supportSimo Sorce7-59/+567
Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
2009-10-01update sysdb tests to new config file versionSumit Bose1-12/+3
2009-10-01Update polish translation for 0.6.0Piotr Drąg1-73/+26
2009-09-29Fix infinite loop with empty group enumerationStephen Gallagher1-13/+15
Loop control variable was not being incremented. I also converted a goto loop into a do...while loop to make it easier to follow the logic.
2009-09-28Tighten up permission.Simo Sorce1-1/+12
SSSD may contain passwords and other sensitive data, make sure we always keep its permission tight. Also make /etc/sssd permission very strict, just in case, admins may inadvertently copy an sssd.conf file without checking it's permissions.
2009-09-25Update version to 0.6.0Stephen Gallagher3-342/+278
Update gettext strings
2009-09-25add defines for large file support to standard CFLAGSSumit Bose1-0/+2
- this fixes a compiler warning about the redefinition of SIZEOF_OFF_T in the python bindings, because python is compiled with large file support.
2009-09-25Let backend respond while fetching large resultsSimo Sorce1-2/+11
Timers always come before fd events, wait 5 microseconds between processing operations so that tevent has a chance of cactching an fd event in between. This allows the backend to reply to pings even while processing very large ldap results (importanty especially during the first enumeration).
2009-09-25remove krb5_try_simple_upn option and make it a default fallbackSumit Bose4-24/+17
2009-09-25Convert the example config to v2 format, upgrade config on update onlyJakub Hrozek1-76/+56