summaryrefslogtreecommitdiff
path: root/src/responder/pam/pamsrv_cmd.c
AgeCommit message (Collapse)AuthorFilesLines
2011-12-21sss_get_cased_name utility functionJakub Hrozek1-2/+2
2011-12-20PAM: make initgroups timeout work across multiple clientsStephen Gallagher1-4/+40
Instead of timing out the initgroups lookup on a per-cctx basis, we will maintain a hash table of recently-seen users and use this instead. This will allow SSSD to handle user's logging into multiple services simultaneously more graciously, as well as playing nicer with SSH (which makes calls to PAM both before and after a fork). https://fedorahosted.org/sssd/ticket/1063
2011-12-16Use the case sensitivity flag in respondersJakub Hrozek1-2/+6
2011-12-16Canonicalize username in PAM providerJakub Hrozek1-0/+27
2011-12-16Responders: Split getting domain by name into separate functionJakub Hrozek1-5/+2
2011-12-05Ignore NULL-terminator when checking UTF8-validityStephen Gallagher1-1/+1
Glib fails if the NULL-terminator is included when a length is specified.
2011-11-29RESPONDER: Refactor DP requests into tevent_req styleStephen Gallagher1-11/+48
2011-11-18RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher1-0/+5
2011-08-15sysdb refactoring: memory context deletedJan Zeleny1-3/+2
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny1-6/+4
The patch also updates code using modified functions. Tests have also been adjusted.
2011-08-04Revert "Allow LDAP to decide when an expiration warning is warranted"Stephen Gallagher1-4/+3
This reverts commit b0b9c38dfce3e3ccbfaa4d00fdf2ea08a70d41a6.
2011-08-01Allow LDAP to decide when an expiration warning is warrantedStephen Gallagher1-3/+4
Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it.
2011-04-08Fix unchecked return values of pam_add_responseJakub Hrozek1-4/+12
https://fedorahosted.org/sssd/ticket/798
2011-02-21Perform initgroups lookups for all domainsStephen Gallagher1-3/+5
Previously, we were setting the client context PAM lookup timeout after the first domain replied. However, if the user wasn't a member of the first domain, their information wasn't being updated. This patch ensures that we only set this timeout after the user has been found or all domains were searched.
2011-01-21Perform initgroups lookup for PAMStephen Gallagher1-1/+3
Previously we were only looking up the user, but we need to make sure that all groups are available for use by access providers.
2011-01-19Use DEFAULT_PAM_VERBOSITY if config value cannot be retrievedSumit Bose1-1/+1
2011-01-19Add pam_pwd_expiration_warning config optionSumit Bose1-12/+47
2011-01-11Validate user supplied size of data itemsSumit Bose1-76/+75
Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
2010-12-22Update the ID cache for any PAM requestStephen Gallagher1-8/+11
Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749
2010-12-22Ensure ID is checked in all domains for PAMStephen Gallagher1-0/+2
Previously, this was initialized to zero, so the first domain in the list wouldn't be checked for ID updates in pam_check_user_search. This initializes the first domain to check the provider.
2010-12-14Eliminate possible NULL-dereference in pam_check_user_searchStephen Gallagher1-0/+7
https://fedorahosted.org/sssd/ticket/719
2010-12-03Add support for server-side pam response messagesSumit Bose1-0/+2
2010-11-15Introduce pam_verbosity config optionSumit Bose1-11/+90
Currently we display all PAM messages generated by sssd to the user. But only some of them are important and others are just some useful information. This patch introduces a new option to the PAM responder which controls what kind of messages are displayed. As an example the 'Authenticated with cached credentials' message is used. This message is only displayed if pam_verbosity=1 or if there is an expire date.
2010-11-15Avoid long long in messages to PAM client use int64_tSumit Bose1-7/+7
2010-06-17Honor filter_users in PAMStephen Gallagher1-7/+17
2010-05-26Add support for delayed kinit if offlineSumit Bose1-1/+1
If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
2010-04-12sysdb: convert sysdb_getpwnamSimo Sorce1-219/+118
2010-04-12Remove remaining use of sysdb_transaction_sendSimo Sorce1-133/+9
2010-04-12sysdb: convert sysdb_cache_authSimo Sorce1-47/+39
2010-04-12sysdb: convert sysdb_set_entry/user/group_attrSimo Sorce1-21/+3
2010-02-23Store lastLogin attribute when authenticating onlineJakub Hrozek1-0/+5
2010-02-19Remove unneeded items from struct pam_dataSumit Bose1-18/+0
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+1181
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-06-29 00:06:11 +0000