summaryrefslogtreecommitdiff
path: root/src/providers
AgeCommit message (Collapse)AuthorFilesLines
2010-10-15Check for GSSAPI before attempting to kinitJakub Hrozek1-8/+12
2010-10-13Implement netgroup support for LDAP providerSumit Bose5-1/+982
2010-10-13Add infrastructure to LDAP provider for netgroup supportSumit Bose4-4/+86
2010-10-13Add netgroup support to the NSS responderStephen Gallagher1-0/+1
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek9-5/+302
2010-10-13Make ldap_child report kerberos return code to parentJakub Hrozek4-13/+31
2010-10-13Report Kerberos error code from ldap_child_get_tgt_syncJakub Hrozek1-23/+16
2010-10-13Add KDC to the list of LDAP optionsJakub Hrozek4-1/+4
2010-10-13Return all group members from getgr(nam|gid)Ralf Haferkamp1-12/+374
getgrnam()/getgrgid() should return all group members instead of only those which have already been cached (in sysdb). To achieve this every member that is currently not in the cache is looked up via LDAP and saved to the cache.
2010-10-13Shortcut for save_group() to accept sysdb DNs as member attributesRalf Haferkamp1-4/+19
Addtional parameter "populate_members" for save_group() and save_groups() to indicate that the "member" attribute of the groups is populated with sysdb DNs of the members (instead of LDAP DNs).
2010-10-13Rename index to idxSumit Bose1-4/+4
This patch suppresses a 'shadows a global declaration' warning.
2010-10-08Disable events on ldap fd when offline.Jan Zeleny1-2/+4
Erase events on LDAP socket when backend is offline and an event appears on the socket. Normally this would lead to infinite loop, because event is present on the fd, but instead of being processed, an error log is written and the program continues to wait for the event. Ticket: #599
2010-10-04Return offline instead of errorStephen Gallagher1-1/+2
When the failover code returns that there are no available servers while we are marked offline, we were returning an error to the PAM authentication code. Instead, we should return success with a result value of SDAP_UNAVAIL so that the PAM responder will mark the domain offline and attempt offline authentication.
2010-09-28Suppress some 'may be used uninitialized' warningsSumit Bose3-8/+14
Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
2010-09-23Use new MIT krb5 API for better password expiration warningsSumit Bose1-0/+51
2010-09-23Save all data to sysdb in one transactionSumit Bose1-222/+131
2010-09-23Handle host objects like other objectsSumit Bose2-129/+183
2010-09-22Request the correct attribute nameJakub Hrozek1-1/+1
2010-09-22Request all group attributes during initgroups processingStephen Gallagher2-5/+7
We tried to be too clever and only requested the name of the group, but we require the objectClass to validate the results. https://fedorahosted.org/sssd/ticket/622
2010-09-15Check if control is supported before using it.Simo Sorce4-14/+39
2010-09-15Revert "Make ldap bind asynchronous"Jakub Hrozek7-1219/+167
This reverts 56d8d19ac9d857580a233d8264e851883b883c67
2010-09-15Store rootdse supported features in sdap_handlerSumit Bose7-63/+112
2010-09-08Dead assignments cleanup in providers codeJan Zeleny6-20/+9
Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
2010-09-08Deobfuscate password in back endsJakub Hrozek1-7/+52
When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.
2010-09-07Fixed small issue in memory context hierarchyJan Zeleny1-1/+1
In fail_over.c, there was a small bug causing subrequest to have wrong parent memory context. This patch fixes it.
2010-09-07Cleaned some dead assignmentsJan Zeleny2-15/+13
Two needless assignments were deleted, two were complemented with code checking function results. Ticket: #582
2010-09-02Fixed uninialized value in proxy_id providerJan Zeleny1-0/+2
In function get_pw_name when allocation of memory fails, there were two codepaths which could cause printing of undefined value. This patch fixes both cases. Ticket: #580
2010-09-02Fixed printing of undefined value in sdap_async_accounts.cJan Zeleny1-1/+1
If sysdb_attrs_get_el() call failed in function sdap_save_group(), it would result in printing an undefined value of variable name. This is now fixed by initializing the variable. Ticket: #579
2010-09-02Fixed potential comparison of undefined variableJan Zeleny1-0/+1
If the allocation on line 678 failed, the value of ret was undefined in following comparison. ENOMEM is now assigned before the comparison. Ticket: #578
2010-09-02Initialized return value in dp_copy_options()Jan Zeleny1-1/+1
In the very unlikely case dp_copy_options was called with num_options == 0, the return value as well as the left operand of comparison on line 214 would be undefined. Ticket: #577
2010-09-02Fix wrong return value in HBAC time rules evaluationJakub Hrozek1-0/+1
Fixes: #584
2010-09-02Make ldap bind asynchronousMartin Nagy7-167/+1219
Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
2010-09-02Properly handle errors from a password change operationStephen Gallagher1-8/+14
2010-08-24Treat a zero-length password as a failureStephen Gallagher1-0/+7
Some LDAP servers allow binding with blank passwords. We should not allow a blank password to authenticate the SSSD.
2010-08-04Fix chpass operations with LDAP providerStephen Gallagher1-0/+1
The initial verification of the old password was returning an error because we were not explicitly setting dp_err to DP_ERR_SUCCESS and it was initialized earlier in the function to DP_ERR_FATAL.
2010-08-03Clean up initgroups processing for RFC2307Stephen Gallagher1-11/+89
Instead of recursively updating all users of each group the user being queried belongs to, just add or remove membership for the requested user. Fixes https://fedorahosted.org/sssd/ticket/478
2010-08-03Return proper error value when SRV lookup failsJakub Hrozek1-1/+1
Fixes: #587
2010-08-03Fix check_time_rule() return value on failureJakub Hrozek1-1/+1
The value returned in the 'done:' label was always EOK which is wrong as any parsing errors are not returned to the caller. Fixes: #583
2010-08-03be_pam_handler(): Fix potential NULL dereferenceStephen Gallagher1-1/+2
2010-08-03Validate keytab at startupJakub Hrozek2-48/+19
In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556
2010-08-03Fix getting default realm in the ldap childJakub Hrozek1-1/+10
2010-07-23Fix IPA access backend handling of obsolete and missing HBAC entries:eindenbom1-9/+68
- Ticket #567: Fix removal of obsolete HBAC host, rules and service records from sysdb. - Ticket #565: When no HBAC host record is found return PAM_PERM_DENIED instead of PAM_SYSTEM_ERROR.
2010-07-23Do not treat missing HBAC rules as an errorSumit Bose1-0/+5
2010-07-09Log TLS errors to syslogStephen Gallagher2-1/+23
Also adds support for detecting LDAPS errors by adding a check for SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
2010-07-09Add syslog messages for LDAP GSSAPI bindStephen Gallagher1-2/+58
We will now emit a level 0 debug message on keytab errors, and also write to the syslog (LOG_DAEMON)
2010-07-09Use netlink to detect going onlineJakub Hrozek1-0/+20
Integrates libnl to detect adding routes. When a route is added, the offline status of all back ends is reset. This patch adds no heuristics to detect whether back end went offline. Fixes: #456
2010-07-09Eliminate delayed sdap_handle destruction after fail-over retry.eindenbom1-9/+6
2010-07-09Remove remainder of now unused global LDAP connection handle.eindenbom4-188/+1
2010-07-09Use new LDAP connection framework in IPA dynamic DNS forwarder.eindenbom3-45/+126
2010-07-09Use new LDAP connection framework in IPA access backend.eindenbom3-308/+308