summaryrefslogtreecommitdiff
path: root/server
AgeCommit message (Collapse)AuthorFilesLines
2009-10-14send a message if a backend target is not configuredSumit Bose1-12/+30
If a backend target is not configured the return code is changed from PAM_SYSTEM_ERR to PAM_MODULE_UNKNOWN and an error message is sent back to the client.
2009-10-14make sdap_id_connect_* independent of sdap_id_ctxSumit Bose3-180/+188
The sdap_id_connect_* request tries to bind to an LDAP server with the default credentials. Only the opts component of the sdap_id_ctx context is used. A new request sdap_cli_connect_* is created which expects only the opts pointer as parameter and not the whole context. This makes it reusable by other providers.
2009-10-14use PYTHON_PREFIX to install SSSDConfig python APISumit Bose1-2/+2
2009-10-14SUSE specific init scriptRalf Haferkamp1-0/+78
2009-10-14Fix error messages in toolsJakub Hrozek10-35/+342
Add getpwnam, getgrnam sync versions Fix ticket #164: Groupnames in non-local domains Fix ticket #100: Error Message Modifying a user that doesn't Exist Fix ticket #214: incorrect error message when MPG already exists Fix ticket #188: Deleting and modifying users in non-local domain Fix ticket #120: Adding a user to a full domain gives unhelpful error message
2009-10-13Fix services startup when only LOCAL is configuredSimo Sorce1-0/+3
2009-10-13add a replacement if ldap_control_create is missingSumit Bose7-9/+119
2009-10-13add -Werror-implicit-function-declaration to default gcc flagsSumit Bose1-1/+2
2009-10-13Package SSSDConfig APIStephen Gallagher2-0/+55
2009-10-13Add plugin configuration schema for proxy providerStephen Gallagher1-0/+7
2009-10-12Add new SSSDConfig python APIStephen Gallagher9-0/+2111
Also adds unit tests for the SSSDConfig API
2009-10-12LDAP provider needs to link against krb librariesRalf Haferkamp1-2/+4
2009-10-12fix a wrong argument to unpack_bufferSumit Bose1-18/+40
- the patch to handle short read introduced a new variable len to store the amount of data read. Instead of using this variable unpack_buffer was called with the old variable ret. Thanks to mnagy@redhat.com for finding this. - this patch also fixes a potential error when the message size is equal to the buffer size.
2009-10-09use the correct kerberos context for each targetSumit Bose1-4/+33
- when the kerberos provider was used as a chpass_provider but not as auth_provider the backend died
2009-10-09Remove magicPrivateGroups optionSimo Sorce7-64/+17
In sssd only local is a native mpg domain, and it is forced. All other providers will have to unroll mpg users into a user/group pair of entries in the db. This allows the provider to automatically establish if the remote server provides mpg users w/o possibily conflicting manual configurations on the client trying to force an mpg behavior where none is provided.
2009-10-09Start responders predictably after providersSimo Sorce1-52/+147
Instead of waiting an arbitrary timeout, start all providers first, and wait for all of them to reply to the monitor before starting other services. Add a timeout handler so that services are started even if one of the providers fails to actually register back to the monitor. Also fixes services destructors delist_service was overriding the natural svc destructor. remove the offending code and make the svc_destructor always try to remove a service from the service list, if the service is not listed it will just be a noop.
2009-10-09Remove DP processSimo Sorce15-1377/+379
Turn the backend process into data provider servers Make Frontends (pam, nss) directly attach to the backends
2009-10-09Differentiate between search and network timeoutsSimo Sorce3-5/+7
Network timeouts are used in quick operations like bind. Search timeout is used for operations that can "legally" require more time. Change defaults to 6 and 60 seconds respectively.
2009-10-08add support for server side LDAP password policiesSumit Bose3-11/+125
- password policy request controls are send during bind and change password extended operation - the response control is evaluated to see if the password is expired or will expire, soon
2009-10-08add description of chpass_provider option to sssd.conf man pageSumit Bose1-0/+30
2009-10-06Remove unused btreemap codeStephen Gallagher12-268/+0
We have converted to using dhash in place of btreemap everywhere in the code.
2009-10-05Make dp requests more robustSimo Sorce1-36/+109
This should fix #218 It should also prevent us from leaking memory in case the original request times out and should prevent races with the callbacks beeing freed after sdp_req is freed and thus dereferencing freed memory in the callbacks detructors.
2009-10-05remove redundant talloc_freeSumit Bose1-3/+0
- this patch should fix bug #213, a double free in the sdap timeout handler
2009-10-05handle expired password during authenticationSumit Bose1-2/+25
2009-10-05Fix python sync operations and mem hierarchyJakub Hrozek1-397/+191
Similar to Simo's patch that fixed the tools, this one converts the python bindings to the start_transaction/end_transaction functions. Also fixes memory hierarchy so that tools_ctx is allocated in every operation and used as memory context for the operation instead of self->mem_ctx which simplifies cleanup.
2009-10-05more documentation and test for sssd.confSumit Bose2-0/+34
- add a hint to the man page about permissions on sssd.conf - add a test if a symbolic link can be opened
2009-10-05add utility call check_and_open_readonlySumit Bose6-8/+315
Use this new utility call to ensure that the config file is safe to read from.
2009-10-01Fix long timeout on ldap operationSimo Sorce2-5/+14
Always use the network timeout defined in the options. But raise defaults to 60 seconds or enumerations can easily fail.
2009-10-01Fix tools sync operations and mem hierarchySimo Sorce10-319/+193
Tools were using nested loops that are illegal. (and enforced in latest tevent with a nice abort()) Fix them by creating appropriate synchronous transaction calls. Also fix tools_ctx mem hierarchy setup.
2009-10-01Initial implementation of sasl bind supportSimo Sorce7-59/+567
Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
2009-10-01update sysdb tests to new config file versionSumit Bose1-12/+3
2009-10-01Update polish translation for 0.6.0Piotr Drąg1-73/+26
2009-09-29Fix infinite loop with empty group enumerationStephen Gallagher1-13/+15
Loop control variable was not being incremented. I also converted a goto loop into a do...while loop to make it easier to follow the logic.
2009-09-28Tighten up permission.Simo Sorce1-1/+12
SSSD may contain passwords and other sensitive data, make sure we always keep its permission tight. Also make /etc/sssd permission very strict, just in case, admins may inadvertently copy an sssd.conf file without checking it's permissions.
2009-09-25Update version to 0.6.0Stephen Gallagher3-342/+278
Update gettext strings
2009-09-25add defines for large file support to standard CFLAGSSumit Bose1-0/+2
- this fixes a compiler warning about the redefinition of SIZEOF_OFF_T in the python bindings, because python is compiled with large file support.
2009-09-25Let backend respond while fetching large resultsSimo Sorce1-2/+11
Timers always come before fd events, wait 5 microseconds between processing operations so that tevent has a chance of cactching an fd event in between. This allows the backend to reply to pings even while processing very large ldap results (importanty especially during the first enumeration).
2009-09-25remove krb5_try_simple_upn option and make it a default fallbackSumit Bose4-24/+17
2009-09-25Convert the example config to v2 format, upgrade config on update onlyJakub Hrozek1-76/+56
2009-09-25Send debug messages to logfileJakub Hrozek14-11/+128
Introduces a new option --debug-to-files which makes SSSD output its debug information to a file instead of stderr, which is still the default. Also introduces a new confdb option debug_to_files which does the same, but can be specified per-service in the config file. The logfiles are stored in /var/log/sssd by default. Changes the initscript to log to files by default.
2009-09-25fix possible short reads in kerberos providerSumit Bose2-15/+46
2009-09-25add new config options ldap_tls_cacert and ldap_tls_cacertdirSumit Bose5-67/+115
2009-09-25script to upgrade config to v2Jakub Hrozek2-0/+355
2009-09-25Manpages updateJakub Hrozek3-224/+193
2009-09-25Upgrade confdb to version 2Stephen Gallagher21-237/+310
This converts a great many configuration options to the new standard format.
2009-09-25toggle debug output of sssd_krb5_locator_plugin with an environment variableSumit Bose1-36/+55
2009-09-25Temporarily disable automatic config file rereadStephen Gallagher1-1/+7
The backends do not honor the reloadConfig SBUS message right now, so if an admin changes the sssd.conf file, it will update only the monitor, potentially leaving the SSSD as a whole in a bad state. This patch will simply comment out monitor_config_file() for the time being until https://fedorahosted.org/sssd/ticket/91 is fixed.
2009-09-24added support for older MIT kerberos versionssbose7-10/+170
- make the build of the locator plugin optional - added a man page for the locator plugin - use krb5.h if krb5/krb5.h cannot be found - added alternatives for missing functions - set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version is lesser than 1.0.0
2009-09-24Handle suspend casesSimo Sorce1-6/+13
When a laptop is suspended it may be dormant for hours. Do not check just the kast time a ping was successful, keep a counter with the failed pings instead.
2009-09-23add a man page for pam_sssSumit Bose1-0/+3