summaryrefslogtreecommitdiff
path: root/src/providers
AgeCommit message (Collapse)AuthorFilesLines
2010-03-18Fix error message for ldap_start_tlsStephen Gallagher1-1/+1
2010-03-17Fix a series of memory leaks in the SBUSStephen Gallagher1-1/+5
2010-03-15Properly handle dbus send attempts on a closed connectionStephen Gallagher1-22/+1
dbus_connection_send_with_reply() will report success and return a NULL pending_reply when the connection is not open for communication. This patch creates a new wrapper around dbus_connection_send_with_reply() to properly detect this condition and report it as an error.
2010-03-15Fixed authentication check for CHAUTHTOK_PRELIMRalf Haferkamp1-1/+1
When changing passwords, treat SDAP_AUTH_PW_EXPIRED as a successful authentication in SSS_PAM_CHAUTHTOK_PRELIM.
2010-03-15Fixed check for expired passwordsRalf Haferkamp1-2/+4
When the user's password is expired it might also be indicated by the bind operation returning "INVALID_CREDENTIALS" with the ppolicy control's errorcode set to "PP_passwordExpired".
2010-03-12Add krb5_kpasswd optionSumit Bose7-32/+208
2010-03-11Write the IP address of the KDC to the kdcinfo fileSumit Bose2-19/+21
2010-03-11Add expandable sequences to krb5_ccachedirSumit Bose6-21/+292
As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
2010-03-08Add simple access providerSumit Bose2-0/+196
2010-03-08Reopen logs when SIGHUP is caughtJakub Hrozek1-0/+1
Upon receiving SIGHUP, the monitor signals all services to reopen their debug logs. It is also possible to signal individual services to reopen their particular files. Fixes: #332
2010-03-04Add forgotten \n in DEBUG statementsMartin Nagy2-2/+2
Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.
2010-03-03Improve safe alignment buffer handling macrosSimo Sorce4-49/+50
Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.
2010-03-03proxy: use correct _recv functionSimo Sorce1-1/+1
2010-02-25Fix check for values of expiration limitsJakub Hrozek1-1/+1
There were inconsistencies between what sssd.conf manpage said and what the code enforces.
2010-02-25Remove a check that was left behindJakub Hrozek1-7/+1
When refactoring talloc_asprintf calls a check was left behind that cased the backend to go offline immediately.
2010-02-23Better cleanup task handlingJakub Hrozek5-39/+242
Implements a different mechanism for cleanup task. Instead of just deleting expired entries, this patch adds a new option account_cache_expiration for domains. If an entry is expired and the last login was more days in the past that account_cache_expiration, the entry is deleted. Groups are deleted if they are expired and and no user references them (no user has memberof: attribute pointing at that group). The parameter account_cache_expiration is not LDAP-specific, so that other future backends might use the same timeout setting. Fixes: #391
2010-02-23Do not check entries during cleanup taskJakub Hrozek2-81/+59
Do not attempt to validate expired entries in cache, just delete them. Also increase the cache timeouts. Fixes: #331
2010-02-23Do not schedule enumeration after a cleanupJakub Hrozek1-2/+2
2010-02-23Handle expired passwords like other PAM modulesSumit Bose2-2/+2
So far we handled expired password during authentication. Other PAM modules typically detect expired password during account management and return PAM_NEW_AUTHTOK_REQD if the password is expired and should be changed. The PAM library then calls the change password routines. To meet these standards pam_sss is change accordingly. As a result it is now possible to update an expired password via ssh if sssd is running with PasswordAuthentication=yes. One drawback due to limitations of PAM is that the user now has to type his current password again before setting a new one.
2010-02-22Restrict family lookupsJakub Hrozek3-15/+84
Adds a new option that tells resolver which address family to prefer or use exclusively. Fixes: #404
2010-02-22Remove unnecessary domain parameter from PAM requestsStephen Gallagher2-28/+5
If we're sending a message to the backend, we already know which domain the request is targeting. Carrying this information is not useful and confuses the interface.
2010-02-22Remove unnecessary "domain" parameter from DP registrationStephen Gallagher3-7/+4
This was a holdover from when the DP and the providers were unique processes. The NSS and PAM registrations do not need to send the domain, as it is not ambiguous which one they are talking to.
2010-02-19Add documentation for PAM response messagesSumit Bose1-0/+69
2010-02-19Remove unneeded items from struct pam_dataSumit Bose6-69/+69
2010-02-19Send Kerberos environment after password changeSumit Bose1-1/+1
2010-02-18Fix licensing issues in SSSDStephen Gallagher1-0/+24
2010-02-18Rename server/ directory to src/Stephen Gallagher48-0/+24031
Also update BUILD.txt