summaryrefslogtreecommitdiff
path: root/src/providers
AgeCommit message (Collapse)AuthorFilesLines
2010-09-02Make ldap bind asynchronousMartin Nagy7-167/+1219
Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
2010-09-02Properly handle errors from a password change operationStephen Gallagher1-8/+14
2010-08-24Treat a zero-length password as a failureStephen Gallagher1-0/+7
Some LDAP servers allow binding with blank passwords. We should not allow a blank password to authenticate the SSSD.
2010-08-04Fix chpass operations with LDAP providerStephen Gallagher1-0/+1
The initial verification of the old password was returning an error because we were not explicitly setting dp_err to DP_ERR_SUCCESS and it was initialized earlier in the function to DP_ERR_FATAL.
2010-08-03Clean up initgroups processing for RFC2307Stephen Gallagher1-11/+89
Instead of recursively updating all users of each group the user being queried belongs to, just add or remove membership for the requested user. Fixes https://fedorahosted.org/sssd/ticket/478
2010-08-03Return proper error value when SRV lookup failsJakub Hrozek1-1/+1
Fixes: #587
2010-08-03Fix check_time_rule() return value on failureJakub Hrozek1-1/+1
The value returned in the 'done:' label was always EOK which is wrong as any parsing errors are not returned to the caller. Fixes: #583
2010-08-03be_pam_handler(): Fix potential NULL dereferenceStephen Gallagher1-1/+2
2010-08-03Validate keytab at startupJakub Hrozek2-48/+19
In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556
2010-08-03Fix getting default realm in the ldap childJakub Hrozek1-1/+10
2010-07-23Fix IPA access backend handling of obsolete and missing HBAC entries:eindenbom1-9/+68
- Ticket #567: Fix removal of obsolete HBAC host, rules and service records from sysdb. - Ticket #565: When no HBAC host record is found return PAM_PERM_DENIED instead of PAM_SYSTEM_ERROR.
2010-07-23Do not treat missing HBAC rules as an errorSumit Bose1-0/+5
2010-07-09Log TLS errors to syslogStephen Gallagher2-1/+23
Also adds support for detecting LDAPS errors by adding a check for SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
2010-07-09Add syslog messages for LDAP GSSAPI bindStephen Gallagher1-2/+58
We will now emit a level 0 debug message on keytab errors, and also write to the syslog (LOG_DAEMON)
2010-07-09Use netlink to detect going onlineJakub Hrozek1-0/+20
Integrates libnl to detect adding routes. When a route is added, the offline status of all back ends is reset. This patch adds no heuristics to detect whether back end went offline. Fixes: #456
2010-07-09Eliminate delayed sdap_handle destruction after fail-over retry.eindenbom1-9/+6
2010-07-09Remove remainder of now unused global LDAP connection handle.eindenbom4-188/+1
2010-07-09Use new LDAP connection framework in IPA dynamic DNS forwarder.eindenbom3-45/+126
2010-07-09Use new LDAP connection framework in IPA access backend.eindenbom3-308/+308
2010-07-09Use new LDAP connection framework in LDAP access backend.eindenbom1-59/+73
2010-07-09Use new LDAP connection framework for LDAP user and group enumeration.eindenbom1-236/+131
2010-07-09Use new LDAP connection framework to get user account groups from LDAP.eindenbom1-108/+67
2010-07-09Use new LDAP connection framework to get group account info from LDAP.eindenbom2-37/+66
2010-07-09Use new LDAP connection framework to get user account info from LDAP.eindenbom2-38/+91
2010-07-09Add an interface to try next fail-over server after connection to the active ↵eindenbom5-45/+81
server was unexpectedly dropped.
2010-07-09LDAP connection usage tracking, sharing and failover retry framework.eindenbom6-0/+869
2010-07-09Added an interface to query number of configured (and currently resolved ↵eindenbom4-0/+40
through SRV records) failover servers.
2010-07-09GSSAPI ticket expiry time is returned from ldap_child and stored in ↵eindenbom6-17/+64
sdap_handle for future reference.
2010-06-30Add dns_discovery_domain optionJakub Hrozek6-27/+192
The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
2010-06-30Split proxy.c into smaller filesStephen Gallagher7-2518/+2599
proxy.c was growing too large to manage (and some graphical development tools could no longer open it because of memory limitations). This patch splits proxy.c into the following files: proxy_init.c: Setup routines for the plugin proxy_id.c: Functions to handle user and group lookups proxy_auth.c: Functions to handle PAM interactions proxy_common.c: Common utility routines
2010-06-30Rename proxy_ctx to proxy_id_ctx for clarityStephen Gallagher1-14/+15
2010-06-28Make RootDSE optionalStephen Gallagher2-3/+17
In violation of the standard, some LDAP servers control access to the RootDSE, thus preventing us from being able to read it before performing a bind. This patch will allow us to continue on if the RootDSE was inaccessible. All of the places that we use the return value of the RootDSE after this are already checked for NULL and use sane defaults if the RootDSE is unavailable
2010-06-28Add explicit requests for several operational attrsAlexander Gordeev1-1/+12
Operational attributes are not returned in searched requests unless explicitly requested according to RFC 4512 section 5.1. Therefore to get several standard attributes of root DSE we have to request for them. The requested attrs are: - altServer - namingContexts - supportedControl - supportedExtension - supportedFeatures - supportedLDAPVersion - supportedSASLMechanisms Signed-off-by: Alexander Gordeev <lasaine@lvk.cs.msu.su>
2010-06-28Fix SASL authenticationSumit Bose1-2/+2
2010-06-18Protect against segfault in remove_ldap_connection_callbacksStephen Gallagher1-1/+6
If sdap_mark_offline() is called before a live connection is established, sdap_fd_events could be NULL, causing a segfault when remove_ldap_connection_callbacks() attempts to free the sdap_fd_events->conncb https://fedorahosted.org/sssd/ticket/545
2010-06-18Fix return value from remove_connection_callback() destructorStephen Gallagher1-9/+2
ldap_get_option() can only fail if the option we're removing has already been removed. It is sufficient to log this and continue.
2010-06-16Standardize on correct spelling of "principal" for krb5Stephen Gallagher3-6/+6
https://fedorahosted.org/sssd/ticket/542
2010-06-14Don't segfault if ldap_access_filter is unspecifiedStephen Gallagher1-12/+13
https://fedorahosted.org/sssd/ticket/539
2010-06-14Remove krb5_changepw_principal optionJakub Hrozek6-44/+23
Fixes: #531
2010-06-10Eliminate unused variable from pc_init_timeout()Stephen Gallagher1-4/+0
https://fedorahosted.org/sssd/ticket/525
2010-06-10Check return code of hash_delete in proxy_child_destructorStephen Gallagher1-1/+7
We can't do much about an error here, but we should be reporting it. https://fedorahosted.org/sssd/ticket/534
2010-06-10Properly check that the timeout event was created for cleanup/enumStephen Gallagher2-2/+46
We need to make sure that if we didn't create the timeout, that we cancel the request so there's no chance of ending up with two enumerations/cleanups running simultaneously. We'll attempt to reschedule later, if possible. https://fedorahosted.org/sssd/ticket/524
2010-06-10Check the correct variable for NULL after creating timerStephen Gallagher1-1/+1
In several places, we were creating a new timer and assigning it to the tev variable, but then we were checking for NULL from the te variable (which, incidentally, is guaranteed never to be NULL in this situation) https://fedorahosted.org/sssd/ticket/523
2010-06-10Properly handle missing originalMemberOf entry in initgroupsStephen Gallagher1-0/+1
Failing to return after the tevent_req_post() here can result in a null-pointer dereference (along with other hard-to-track bugs) https://fedorahosted.org/sssd/ticket/507
2010-06-10Avoid potential NULL dereferenceStephen Gallagher1-3/+5
https://fedorahosted.org/sssd/ticket/506
2010-06-10Properly handle read() and write() throughout the SSSDStephen Gallagher1-7/+18
We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
2010-06-09Add a missing initializerSumit Bose1-1/+1
2010-06-09Allow ldap_access_filter values wrapped in parenthesesStephen Gallagher2-3/+21
2010-06-09Disable connection callbacks when going onlineStephen Gallagher3-0/+27
Under certain circumstances, the openldap libraries will continue internally trying to reconnect to a connection lost (as during a cable-pull test). We need to drop the reconnection callbacks when marking the backend offline in order to guarantee that they are not called with an invalid sdap_handle.
2010-06-09Fix Incorrect NULL check in get_server_common()Jakub Hrozek1-1/+1
Fixes: #518
generated by cgit (git 2.34.1) at 2024-06-28 19:45:21 +0000