summaryrefslogtreecommitdiff
path: root/src/sss_client
AgeCommit message (Collapse)AuthorFilesLines
2010-06-10Properly handle read() and write() throughout the SSSDStephen Gallagher2-1/+17
We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
2010-06-09Add a missing free()Sumit Bose1-0/+1
2010-06-09Avoid a potential double-freeSumit Bose1-0/+1
2010-05-26Handle Krb5 password expiration warningSumit Bose2-2/+18
2010-05-07Add retry option to pam_sssSumit Bose1-92/+147
2010-05-07Improve the offline authentication messageJakub Hrozek1-2/+2
2010-04-30Fix wrong return valueSumit Bose1-15/+14
If there was a failure during a password change a wrong return value was send back to the PAM stack.
2010-04-26Display a message if a password reset by root failsSumit Bose1-8/+198
2010-04-26Unset authentication tokens if password change failsSumit Bose1-27/+52
2010-04-16Use SO_PEERCRED on the PAM socketSumit Bose3-2/+95
This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
2010-04-16Revert "Add better checks on PAM socket"Sumit Bose1-122/+4
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
2010-03-25Allow arbitrary-length PAM messagesStephen Gallagher1-3/+20
The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432
2010-03-22Improvements for LDAP Password Policy supportRalf Haferkamp2-7/+98
Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
2010-03-15Fixed buffer alignment in exchange_credentials().George McCollister1-5/+9
buf needs to be 32 bit aligned on ARM. Also made the fix on the server side. Signed-off-by: George McCollister <George.McCollister@gmail.com>
2010-03-15Prompt for old password even when running as rootRalf Haferkamp1-2/+4
When changing an expired password (during e.g. login) the PAM module needs to prompt for the old password even when running as root.
2010-03-15Warn user about an expired passwordRalf Haferkamp1-1/+6
2010-03-11Add better checks on PAM socketSumit Bose1-4/+118
- check if the public socket belongs to root and has 0666 permissions - use a SCM_CREDENTIALS message if available
2010-03-08Fixed alignment problems in nss client/serverGeorge McCollister3-7/+32
I fixed a handful of alignment problems in sss_client and nss responder. Enumerating group and passwd with getgrent and getpwent now works correctly on ARM. Signed-off-by: George McCollister <georgem@novatech-llc.com>
2010-03-04Define _GNU_SOURCE in pam_sss.c.George McCollister1-0/+4
_GNU_SOURCE needs to be defined when using strndup. Signed-off-by: George McCollister <georgem@novatech-llc.com>
2010-02-23Handle expired passwords like other PAM modulesSumit Bose2-19/+51
So far we handled expired password during authentication. Other PAM modules typically detect expired password during account management and return PAM_NEW_AUTHTOK_REQD if the password is expired and should be changed. The PAM library then calls the change password routines. To meet these standards pam_sss is change accordingly. As a result it is now possible to update an expired password via ssh if sssd is running with PasswordAuthentication=yes. One drawback due to limitations of PAM is that the user now has to type his current password again before setting a new one.
2010-02-19Add documentation for PAM response messagesSumit Bose1-19/+200
2010-02-18Fix bad mergeStephen Gallagher2-0/+839
Merging ba8937d83675c7d69808d1d3df8f823afdc5ce2a left the COPYING and COPYING.LESSER files in the now-defunct sss_client directory. This patch moves them into the right location and fixes the spec file to look for them correctly.
2010-02-18Fix licensing issues for sss_clientStephen Gallagher5-30/+72
2010-02-18Build all manpages from a single locationStephen Gallagher1-97/+0
2010-02-18Rename server/ directory to src/Stephen Gallagher11-0/+3299
Also update BUILD.txt