summaryrefslogtreecommitdiff
path: root/server
AgeCommit message (Collapse)AuthorFilesLines
2009-09-21Refactor tools codeJakub Hrozek8-268/+244
Move parameter parsing in tools before attempting to do anything that might fail - so that we have debug_level set correctly for potential error messages. That allows printing the --help and --usage messages without being root. Fix code duplicates in tools and refactor its code a little to lay ground for decoupling the synchronous interfaces. Remove some legacy tools leftovers, re-add sensible error message on removing nonexistent users/groups which was removed by accident. Fixes: Trac ticket #75 Fix typo in groupdel: fixes ticket #136
2009-09-18Include groupSearchBase in sssd-ldap(5) manpageStephen Gallagher1-1/+11
2009-09-18Add missing reference to sssd-ldap(5) in sssd.conf(5) manpageStephen Gallagher1-0/+3
2009-09-17Better handle groups w/o membersSimo Sorce1-6/+122
There was a chance that groups w/o members could end up causing a failure to store the group. This would happen in case the structure used by glibc to fill up the group data was "dirty". Always memset structures before passing them to te libc and also check if there are any members, before calling the async function. Finally add some tracing at level 7 so that it is easier to follow what is going on in case of touble.
2009-09-17Fix copy&paste error.Simo Sorce1-4/+4
2009-09-16Add missing updates to LINGUAS for pl translationStephen Gallagher1-0/+1
2009-09-16Add pl translationPiotr Drąg1-0/+261
2009-09-16Check if SSL/TLS handler is already in placeSumit Bose1-1/+8
Authentication against a LDAP server should always use an encrypted connection. To acchive this the LDAP provider calls ldap_start_tls which will fail if the connection is already encrypted, e.g. if an ldaps tunnel is already established. Because the error message from ldap_start_tls is not specific we check the status with ldap_tls_inplace before calling ldap_start_tls.
2009-09-15Include m4 directories in tarballStephen Gallagher1-1/+2
Necessary for RPM builds on RHEL5
2009-09-14added child timeout handlerSumit Bose3-6/+104
2009-09-14fix the wrong usage of an offsetSumit Bose1-1/+1
2009-09-14add krb5ccache_dir and krb5ccname_template optionSumit Bose9-60/+713
The configuration options krb5ccache_dir and krb5ccname_template are added to the Kerberos provider to create the user's credential caches the same way as pam_krb5 does. Due to the design of the sssd and the supported ccache types of MIT Kerberos only files are allowed.
2009-09-14make cli_pid mandatory and increase version number of pam protocolSumit Bose1-1/+25
2009-09-14Let the PAM client send its PIDSumit Bose3-4/+27
- the client sends the PID as uint32_t and sssd will use uint32_t too - fix a possible type issue where a uint32_t is sent as int32 in internal dbus communication
2009-09-14Turn ldap driver options into multitypeSimo Sorce6-194/+376
This patch makes basic options multiype, the init function assigns a type from the initialization array, and processes values fetched from confdb accordingly. 4 types are supported so far: string, number, blob and boolean Also convert defines into enums where appropriate. Add fetch functions that check the requested type.
2009-09-14Make the offline status backend-globalSimo Sorce6-215/+94
Add helpers functions to query/set the offline status per backend. Now all providers share the same offline status.
2009-09-11Exit if the sssd is launched as a user other than rootStephen Gallagher1-0/+9
2009-09-11Print error message when connection to the config db failsStephen Gallagher1-0/+2
2009-09-11use fork+exec for kerberos helperSumit Bose5-195/+477
2009-09-11add change password target to krb5 backendSumit Bose6-209/+464
2009-09-11Update documentation and examplesSimo Sorce3-18/+31
Remove the "legacy" option from examples and man pages. Legacy is is finally R.I.P Add docs for ldapSchema in sssd-ldap man page.
2009-09-11Complete the removal of "legacy" option.Simo Sorce10-76/+243
The code was still dependent on it for the ldap driver. Changed the driver code to depend on the schema type. Fix defaults for user and groups trees. ATM if you use the rfc2307bis schema you have to put users and groups in 2 separate trees (what people does by default anyway. If this limitation will turn to be too hard, we will change this later.
2009-09-11Fix getgrnam and getgrgid callsSimo Sorce1-7/+9
The patch that added check_cache() broke them, no results returned for any group with actual members ...
2009-09-11Add strtoint32 and strtouint32 testsStephen Gallagher2-0/+465
2009-09-11Add 'make tests' targetStephen Gallagher1-0/+2
2009-09-11Fix ldap enumeration async taskSimo Sorce1-12/+16
The request was being freed, instead of marking it done and let the callback free it when done. This was causing us to access freed memory, when trying to set the next run. Let the callback add new runs and free the request instead as normally we would do with any other tevent_req async call. Courtesy of valgrind again.
2009-09-11Fix memory mishandling.Simo Sorce1-10/+7
By attaching the reply to a subreq, we ended up freeing the operations list element before we used it to skip to the next one. Do not steal the context and let the unlocking code free the old reply, when it moves onto processing the next one. Got this one with valgrind.
2009-09-11Fix first-time confdb generationStephen Gallagher1-1/+1
We were talloc_free()-ing the cdb_file string too early.
2009-09-11Add copyright noticesJakub Hrozek14-0/+288
Fixes: #138
2009-09-11Small changes to the example config and manpageJakub Hrozek2-18/+29
Remove magicPrivateGroups since it's set automatically, use bool values for enumerate. Also add a notice about krb5 auth-module with a link to specialized manpage to sssd.conf(5) similar to what we have for ldap auth-module. Move both outside proxy domain description.
2009-09-10Read the configuration parsing before daemonizationStephen Gallagher2-83/+106
We will now parse the config file and validate the confdb contents before processing the rest of the monitor startup. This will allow us to return an appropriate error code to the shell if the configuration is invalid.
2009-09-10Remove unused event context argument from confdb_initStephen Gallagher6-7/+5
Because the confdb always operates synchronously, it maintains its own private event context internally. The event context argument passed to it is never used, so we'll remove it to avoid confusion.
2009-09-10Properly detect negative/invalid values for the minId and maxIdStephen Gallagher1-6/+53
2009-09-10Add strtoint32 and strtouint32 convenience functionsStephen Gallagher5-0/+144
2009-09-10Fix Ldap id backend offline codeSimo Sorce2-14/+83
After the recent changes we lost the capability to actually go offline. Put back code that would mark the backend as offline when timeouts happen. Make sure the enumeration code also obbeys the offline timeout, and contributes in determining if we are offline or not.
2009-09-10Update manpage to reflect new syntax for enumerateStephen Gallagher1-12/+6
2009-09-10Check for valid min and max IDs in confdb_get_domainsStephen Gallagher1-1/+7
2009-09-09Add support for the EntryCacheNoWaitRefreshTimeoutStephen Gallagher5-2/+75
This timeout specifies the lifetime of a cache entry before it is updated out-of-band. When this timeout is hit, the request will still complete from cache, but the SSSD will also go and update the cached entry in the background to extend the life of the cache entry and reduce the wait time of a future request.
2009-09-09Consolidate cache lookups in the NSSStephen Gallagher1-177/+93
getpwnam, getpwuid, getgrnam and getgrgid will now use a common function, check_cache, for determining whether to return a cached value or to go to the provider.
2009-09-09Cleanups for library linkingsbose1-2/+1
- remove unused PAM_LIBS from LDAP and Kerberos provider - add OPENLDAP_LIBS to LDAP provider
2009-09-09more fixes for older libpcre versionssbose2-3/+10
- older version of libpcre only support the Python syntax (?P<name>) for named subpatterns
2009-09-08Remove shadow-utils support from toolsJakub Hrozek8-763/+73
Removes the ability to proxy to shadow-utils. Also remove all the supporting functions for getting domain type, domain by id etc.
2009-09-08Tools are allowed to touch only the 'local' domainSimo Sorce8-76/+35
2009-09-08Split database in multiple filesSimo Sorce26-335/+1184
The special persistent local database retains the original name. All other backends now have their own cache-NAME.ldb file.
2009-09-08Fix two possible uninitialized valuesSimo Sorce2-4/+5
Make counter for used messages explicit.
2009-09-08initialize sockaddr_in structureSumit Bose1-0/+10
2009-09-08fix libdbus configure checkSumit Bose2-1/+2
- remove unneeded CFLAGS component - do not leak LDFLAGS used by configure check to final Makefile
2009-09-03configure cleanupsSumit Bose4-4/+6
- replaced mailing list address - let sssd base components read version from VERSION
2009-09-03Avoid crash when timestamp is NULLRalf Haferkamp1-1/+3
Check if the timestamp argument of sdap_save_group_recv is NULL before using it.
2009-09-03Fix initgroups search filter when using rfc2307bisRalf Haferkamp1-2/+2
sdap_get_initgr_process() was using the wrong sdap_id_map struct when creating the searchfilter for the initgroups() call.