summaryrefslogtreecommitdiff
path: root/src/sss_client
AgeCommit message (Collapse)AuthorFilesLines
2012-01-18NSS: Add sss_readrep_copy_stringStephen Gallagher5-181/+131
There were many places in the client code where we were duplicating a loop to copy data in from the response buffer. This patch turns those loops into a function for easier maintenance and easier-to-read *readrep() routines.
2012-01-17Export libsss_sudo as a separate packageJakub Hrozek2-0/+27
2012-01-17SUDO Integration review issuesPavel Březina4-7/+8
2012-01-14NSS: Validate input string lengthsStephen Gallagher4-9/+32
Also fixes a return value bug where we were returning errno error codes instead of nss_status codes. Fixes https://fedorahosted.org/sssd/ticket/1135
2011-12-16SUDO Integration - pseudo client for testingPavel Březina1-0/+167
2011-12-16SUDO Integration - API for sudoPavel Březina4-0/+553
2011-12-16SUDO Integration - responderPavel Březina1-0/+3
2011-12-16SUDO integration - client common interfacePavel Březina2-0/+24
2011-12-08Fixed incorrect return code in PAM clientJan Zeleny1-1/+1
The original return code when SSSD was not running was system_err, now it is authinfo_unavail. https://fedorahosted.org/sssd/ticket/1011
2011-11-28sss_cli.h - fix: function declaration after the header guardPavel Březina1-2/+2
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-8/+2
2011-09-20Added quiet option to pam_sssPavel Březina1-5/+25
https://fedorahosted.org/sssd/ticket/894
2011-08-08Fixed implicit declaration of function 'time' in src/sss_client/common.c.Pavel Březina1-0/+1
2011-07-29sss_client: avoid leaking file descriptorsSimo Sorce1-0/+3
If a pam or nss module is dlcolse()d and unloaded we were leaking the file descriptor used to communicate to sssd in the process. Make sure the fucntion used to close the socket file descriptor is called on dlclose() Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
2011-05-23Import config.h earlierStephen Gallagher1-1/+1
On RHEL 5 and other older platforms, failing to set _GNU_SOURCE early would cause some functions - such as strndup() - to be unavailable.
2011-05-23Include string.h in sss_cli.hSumit Bose1-0/+1
Since memcpy() is used in sss_cli.h it should be declared here, too.
2011-05-23Set _GNU_SOURCE globallySumit Bose2-7/+1
2011-05-03clients: use poll instead of selectSimo Sorce1-9/+6
select is limited to fd numbers up to 1024, we need to use poll() here to avoid causing memory corruption in the calling process. Fixes: https://fedorahosted.org/sssd/ticket/861
2011-02-11Use neutral name for functions used by both pam and nssSimo Sorce3-49/+64
2011-02-08Check that the socket is really ours before attempting to close it.Simo Sorce1-13/+42
Fixes: https://fedorahosted.org/sssd/ticket/790
2010-12-17Fix wrong test in pam_sssSimo Sorce1-1/+1
2010-12-16Fix segfault for PAM_TEXT_INFO conversationsStephen Gallagher1-1/+1
2010-12-15Fix another possible memory leak in sss_nss_recv_rep()Sumit Bose1-8/+19
https://fedorahosted.org/sssd/ticket/723
2010-12-15Fix possible memory leak in do_pam_conversationSumit Bose1-16/+28
https://fedorahosted.org/sssd/ticket/731
2010-12-14Fix possible memory leak in sss_nss_recv_rep()Sumit Bose1-8/+13
https://fedorahosted.org/sssd/ticket/723
2010-12-14Fix improper bit manipulation in pam_sssSumit Bose1-1/+1
https://fedorahosted.org/sssd/ticket/715
2010-12-03Add a renew task to krb5_childSumit Bose1-1/+7
2010-11-22sss_client: make code thread-safeSimo Sorce5-58/+219
Add mutexes around nss operations and serialize them. This is necessary because nss operations may have global state. For pam it is sufficient to protect socket operations instead. As pam functions use only the provided pam handler. Fixes: https://fedorahosted.org/sssd/ticket/640
2010-11-15Fix incorrect type comparisonStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/657
2010-11-15Fix cast warning for pam_sss.cStephen Gallagher1-8/+11
2010-11-15Avoid long long in messages to PAM client use int64_tSumit Bose2-9/+9
2010-10-13Avoid a global variable in netgroup client.Sumit Bose2-38/+26
The structure which is used to store the result also provides elements to store a context for the netgroup enumeration call.
2010-10-13Add handling of nested netgroups to nss clientSumit Bose2-68/+109
2010-10-13Return NSS_STATUS_RETURN instead of NSS_STATUS_NOTFOUNDSumit Bose1-1/+1
NSS_STATUS_RETURN needs to be returned to glibc otherwise nested groups are not resolved by glibc.
2010-10-13Add support for netgroups to NSS sss_clientStephen Gallagher4-5/+364
2010-10-13Rename group.c and passwd.c for clarityStephen Gallagher2-0/+0
Prefixing group.c and passwd.c with "nss_" similar to the way the PAM client sources are prefixed with "pam_"
2010-10-13Add utility function sss_strnlen()Stephen Gallagher2-0/+34
This is useful for guaranteeing the size of an input buffer.
2010-07-23Allow sssd clients to reconnectSumit Bose1-4/+3
Currently the PAM and NSS client just return an error if there are problems on an open socket. This will lead to problems in long running programs like gdm if sssd is restarted, e.g. during an update. With this patch the socket is closed and reopened.
2010-06-14Potential memory leak in _nss_sss_*_r()Jakub Hrozek2-0/+5
Fixes: #516
2010-06-10Properly handle read() and write() throughout the SSSDStephen Gallagher2-1/+17
We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
2010-06-09Add a missing free()Sumit Bose1-0/+1
2010-06-09Avoid a potential double-freeSumit Bose1-0/+1
2010-05-26Handle Krb5 password expiration warningSumit Bose2-2/+18
2010-05-07Add retry option to pam_sssSumit Bose1-92/+147
2010-05-07Improve the offline authentication messageJakub Hrozek1-2/+2
2010-04-30Fix wrong return valueSumit Bose1-15/+14
If there was a failure during a password change a wrong return value was send back to the PAM stack.
2010-04-26Display a message if a password reset by root failsSumit Bose1-8/+198
2010-04-26Unset authentication tokens if password change failsSumit Bose1-27/+52
2010-04-16Use SO_PEERCRED on the PAM socketSumit Bose3-2/+95
This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
2010-04-16Revert "Add better checks on PAM socket"Sumit Bose1-122/+4
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.