summaryrefslogtreecommitdiff
path: root/src/sss_client/sss_cli.h
AgeCommit message (Collapse)AuthorFilesLines
2013-03-08Add support for krb5 1.11's responder callback.Nathaniel McCallum1-0/+3
krb5 1.11 adds support for a new method for responding to structured data queries. This method, called the responder, provides an alternative to the prompter interface. This patch adds support for this method. It takes the password and provides it via a responder instead of the prompter. In the case of OTP authentication, it also disables the caching of credentials (since the credentials are one-time only).
2012-10-12PAM: fix handling the client fd in pam destructorJakub Hrozek1-4/+4
* Protect the fd with a mutex when closing * Set it to a safe value after closing
2012-10-11PAM: close socket fd with pam_set_dataJakub Hrozek1-0/+2
https://fedorahosted.org/sssd/ticket/1569
2012-07-27Write SELinux config files in responder instead of PAM moduleJan Zeleny1-4/+0
2012-06-29sudo responder: change protocol version to 1Pavel Březina1-1/+1
2012-06-21PAC client: add basic support in common client codeSumit Bose1-0/+5
2012-06-21PAC responder: add the core functionalitySumit Bose1-0/+4
This adds support for parsing PAC and storing information contained within. In particular the user and all his memberships are stored. In case it is necessary, getgrgid() requests are sent to provider for group resolution.
2012-02-07SSH: Common client codeJan Cholasta1-0/+6
2012-02-07SSH: ResponderJan Cholasta1-0/+4
2012-02-06SELinux support in PAM responderJan Zeleny1-0/+4
2012-02-05AUTOFS: a client libraryJakub Hrozek1-0/+12
This is the library the autofs client is using. automounter dlopen()s the library so there is no header file, no pkgconfig file and the library is in the libsss_autofs package, not in -devel. The library provides the following interface: * _sss_setautomntent() - select the map for processing * _sss_getautomntent_r() - iterates through key/value pairs in the selected map. The key is usually the mount point, the value is mount information (server:/export) * _sss_getautomntbyname_r() - returns value for a specific key. * _sss_endautomntent() deselect a map, clean up
2012-01-30Fix sudo compilation on RHEL5Jakub Hrozek1-0/+1
2012-01-27SUDO Integration - responder command for cn=defaultsPavel Březina1-0/+1
https://fedorahosted.org/sssd/ticket/1143
2012-01-27NSS: Add client support for services (non-enumeration)Stephen Gallagher1-0/+22
2012-01-18NSS: Add sss_readrep_copy_stringStephen Gallagher1-0/+12
There were many places in the client code where we were duplicating a loop to copy data in from the response buffer. This patch turns those loops into a function for easier maintenance and easier-to-read *readrep() routines.
2012-01-14NSS: Validate input string lengthsStephen Gallagher1-0/+7
Also fixes a return value bug where we were returning errno error codes instead of nss_status codes. Fixes https://fedorahosted.org/sssd/ticket/1135
2011-12-16SUDO Integration - responderPavel Březina1-0/+3
2011-12-16SUDO integration - client common interfacePavel Březina1-0/+6
2011-11-28sss_cli.h - fix: function declaration after the header guardPavel Březina1-2/+2
2011-05-23Include string.h in sss_cli.hSumit Bose1-0/+1
Since memcpy() is used in sss_cli.h it should be declared here, too.
2011-02-11Use neutral name for functions used by both pam and nssSimo Sorce1-0/+1
2010-12-03Add a renew task to krb5_childSumit Bose1-1/+7
2010-11-22sss_client: make code thread-safeSimo Sorce1-0/+5
Add mutexes around nss operations and serialize them. This is necessary because nss operations may have global state. For pam it is sufficient to protect socket operations instead. As pam functions use only the provided pam handler. Fixes: https://fedorahosted.org/sssd/ticket/640
2010-11-15Avoid long long in messages to PAM client use int64_tSumit Bose1-3/+3
2010-10-13Add handling of nested netgroups to nss clientSumit Bose1-0/+5
2010-10-13Add support for netgroups to NSS sss_clientStephen Gallagher1-2/+2
2010-10-13Add utility function sss_strnlen()Stephen Gallagher1-0/+5
This is useful for guaranteeing the size of an input buffer.
2010-05-26Handle Krb5 password expiration warningSumit Bose1-1/+5
2010-04-16Use SO_PEERCRED on the PAM socketSumit Bose1-0/+11
This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
2010-03-22Improvements for LDAP Password Policy supportRalf Haferkamp1-7/+16
Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
2010-03-08Fixed alignment problems in nss client/serverGeorge McCollister1-0/+14
I fixed a handful of alignment problems in sss_client and nss responder. Enumerating group and passwd with getgrent and getpwent now works correctly on ARM. Signed-off-by: George McCollister <georgem@novatech-llc.com>
2010-02-23Handle expired passwords like other PAM modulesSumit Bose1-1/+20
So far we handled expired password during authentication. Other PAM modules typically detect expired password during account management and return PAM_NEW_AUTHTOK_REQD if the password is expired and should be changed. The PAM library then calls the change password routines. To meet these standards pam_sss is change accordingly. As a result it is now possible to update an expired password via ssh if sssd is running with PasswordAuthentication=yes. One drawback due to limitations of PAM is that the user now has to type his current password again before setting a new one.
2010-02-19Add documentation for PAM response messagesSumit Bose1-19/+200
2010-02-18Fix licensing issues for sss_clientStephen Gallagher1-8/+22
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+220
Also update BUILD.txt