| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Struct sss_auth_token became opaque in commit
9acfb09f7969a69f58bd45c856b01700541853ca.
All ocasions of "struct sss_auth_token" was replaced with pointer to this
struct, but proper initialization of auth_tokens was missing
in struct authtok_conv.
Resolves:
https://fedorahosted.org/sssd/ticket/2046
|
|
Definition of structure sss_auth_token was removed from header file
authtok.h and there left only declaration of this structure.
Therefore only way how to use this structure is to use accessory function from
same header file.
To creating new empty authotok can only be used newly created function
sss_authtok_new(). TALLOC context was removed from copy and setter functions,
because pointer to stuct sss_auth_token is used as a memory context.
All declaration of struct sss_auth_token variables was replaced with
pointer to this structure and related changes was made in source code.
Function copy_pam_data can copy from argument src which was dynamically
allocated with function create_pam_data() or zero initialized struct pam_data
allocated on stack.
https://fedorahosted.org/sssd/ticket/1830
|
|
Use the new authtok abstraction and interfaces throught the code.
|
|
https://fedorahosted.org/sssd/ticket/1495
|
|
Removed:
SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED)
Added new macro:
CONVERT_AND_SET_DEBUG_LEVEL(new_value)
Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0
so DEBUG macro could be reduced by one condition. Anyway, it has a minor
effect, every time you want to load debug_level from command line parameters,
you have to use following pattern:
/* Set debug level to invalid value so we can deside if -d 0 was used. */
debug_level = SSSDBG_INVALID;
pc = poptGetContext(argv[0], argc, argv, long_options, 0);
while((opt = poptGetNextOpt(pc)) != -1) { ... }
CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
|
|
https://fedorahosted.org/sssd/ticket/925
Conversion of the old debug_level format to the new one.
(only where it was necessary)
Removed:
SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
|
|
proxy.c was growing too large to manage (and some graphical
development tools could no longer open it because of memory
limitations).
This patch splits proxy.c into the following files:
proxy_init.c: Setup routines for the plugin
proxy_id.c: Functions to handle user and group lookups
proxy_auth.c: Functions to handle PAM interactions
proxy_common.c: Common utility routines
|
|
We were not passing the old authtok to the pam_chauthtok()
function, causing it to return PAM_AUTH_ERR.
|
|
This patch adds a new tevent_req to the proxy provider, which will
spawn short-lived child processes to handle PAM requests. These
processes then call the proxied PAM stack and return the results
via SBUS method reply. Once it is returned, the parent process
kills the child.
There is a maximum of ten child processes running simultaneously,
after which requests will be queued for sending once a child slot
frees up. The maximum processes will be made configurable at a
later date (as this would violate string freeze).
|
