summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2010-05-07Fix memory hierarchy in the ipa timerulesJakub Hrozek1-4/+4
2010-05-07Split pam_data utilities into a separate fileSumit Bose3-35/+62
2010-05-07Improve the offline authentication messageJakub Hrozek1-2/+2
2010-05-07Make krb5_kpasswd available for any krb5 providerStephen Gallagher3-1/+5
Previously, the option krb5_kpasswd was only available if 'chpass_provider = krb5' was specified explicitly. Now it will be available also if 'auth_provider = krb5'. This option was also missing from the IPA options, so I have added it there as well
2010-05-07Use all available servers in LDAP providerJakub Hrozek3-14/+91
2010-05-07Fix segfault in GSSAPI reconnect codeStephen Gallagher2-57/+41
Also clean up some duplicated code into a single common routine sdap_account_info_common_done()
2010-05-03Fix a wrong return value in IPA HBACSumit Bose1-2/+2
2010-05-03Avoid freeing sdap_handle too earlySimo Sorce2-18/+46
Prevent freeing the sdap_handle by failing in the destructor if we are trying to recurse.
2010-05-03Better handle sdap_handle memory from callers.Simo Sorce7-42/+144
Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event.
2010-05-03Fix uninitialized variableJakub Hrozek1-0/+1
2010-04-30Add dns_resolver_timeout optionStephen Gallagher7-2/+34
We had a hard-coded timeout of five seconds for DNS lookups in the async resolver. This patch adds an option 'dns_resolver_timeout' to specify this value (Default: 5)
2010-04-30Fix wrong return valueSumit Bose1-15/+14
If there was a failure during a password change a wrong return value was send back to the PAM stack.
2010-04-30Silence warnings with -O2Jakub Hrozek3-12/+26
2010-04-30Support SRV servers in failoverJakub Hrozek5-60/+551
Adds a new failover API call fo_add_srv_server that allows the caller to specify a server that is later resolved into a list of specific servers using SRV requests. Also adds a new failover option that specifies how often should the servers resolved from SRV query considered valid until we need a refresh. The "real" servers to connect to are returned to the user as usual, using the fo_resolve_service_{send,recv} calls. Make SRV resolution work with c-ares 1.6
2010-04-30Remove freed server_common entities from listJakub Hrozek1-1/+24
2010-04-30Sort SRV replies according to RFC 2782Jakub Hrozek3-0/+336
RFC 2782 defines a way to sort replies to a SRV query. In short, the algorithm sorts all replies by priority and then does a weight-based selection for every priority level. For details, please see the sections "Usage rules" for overview of the algorithm and section "The 'Weight' field" for description on the weight selection.
2010-04-26Display a message if a password reset by root failsSumit Bose4-8/+235
2010-04-26Unset authentication tokens if password change failsSumit Bose1-27/+52
2010-04-26Make the handling of fd events opaqueSumit Bose6-184/+280
Depending on the version of the OpenLDAP libraries we use two different schemes to find the file descriptor of the connection to the LDAP server. This patch removes the related ifdefs from the main code and introduces helper functions which can handle the specific cases.
2010-04-26Do not mark a request as failed twiceJakub Hrozek1-1/+0
2010-04-26Treat server names as case-insensitive in failover codeJakub Hrozek1-2/+2
2010-04-26Fix a potential memory violationSumit Bose1-2/+4
If read() returns with errno set to EINTR -1 is added to total_len.
2010-04-26Set LDAP_OPT_RESTART for all LDAP connectionsSumit Bose1-7/+7
2010-04-16Avoid accessing half-deallocated memory when using talloc_zfree macro.eindenbom1-1/+5
The correct memory deallocation sequence is: - clear pointer to memory first - then deallocate memory
2010-04-16Make ID provider init functions clearerStephen Gallagher4-11/+11
Using sssm_*_init() as the name of the initialization function for identity providers was a holdover from earlier development when we thought we would only have a single "provider" entry in the config file. As we have now separated out the initialization functions for auth, chpass and access, we should rename sssm_*_init() to sssm_*_id_init() for a cleaner interface.
2010-04-16Give information about ldap_schema in the sample configStephen Gallagher1-0/+7
Resolves: https://fedorahosted.org/sssd/ticket/438
2010-04-16Use SO_PEERCRED on the PAM socketSumit Bose6-3/+162
This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
2010-04-16Revert "Add better checks on PAM socket"Sumit Bose4-274/+5
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
2010-04-15Updating ES translationHéctor Daniel Cabrera1-144/+129
2010-04-14Fix warning in sysdb-tests.cStephen Gallagher1-8/+0
When we converted to the synchronous sysdb interface, the synchronous-simulating function test_loop() became unnecessary, but we forgot to remove it.
2010-04-14Remove unused configure macroStephen Gallagher1-1/+0
2010-04-12Update Polish translationPiotr Drąg1-20/+16
2010-04-12Update Ukrainian translationYuri Chornoivan1-18/+19
2010-04-12Fix merge error for sss_userdel.cStephen Gallagher1-21/+1
2010-04-12Update translations for master branchStephen Gallagher14-1996/+2694
2010-04-12tools: remove creation of event_contextSimo Sorce10-47/+3
Since the sysdb is now synchronous and creates its own event context we don't need an explicit event context anymore in the tools.
2010-04-12Make groupshow synchronous.Simo Sorce1-310/+105
I tried to convert this code as mechanically as possible from the previously existing code. I am not sure it works right, and it will probably recurse infinetly as circular group memberships are admitted in sysdb. The original code had the same issues. This code should be probably discarded and redone from scratch.
2010-04-12sysydb: Finally stop using a common event contextSimo Sorce10-30/+14
This commit completes the migration to a synchronous sysdb
2010-04-12sysdb: remove remaining traces of sysdb_handleSimo Sorce11-237/+1
2010-04-12sysdb: remove obsolete helpers from sysdbSimo Sorce2-158/+0
2010-04-12sysdb: convert sysdb_initgroupsSimo Sorce3-318/+166
2010-04-12Adjust fill_pwent and fill_grentSimo Sorce1-13/+13
fill_pwent should return the number of users actually processed. Otherwise in case of a recoverable error we may end up skipping a large chunk of users. fill_grent doesn't need to distinguish between number of entries and number of groups to process since we started adding memberuid. Remove remnants that are not useful anymore.
2010-04-12sysdb: convert sysdb_enumgrentSimo Sorce4-249/+147
2010-04-12sysdb: convert sysdb_enumpwentSimo Sorce4-259/+144
2010-04-12sysdb: convert sysdb_get_user_attrSimo Sorce6-293/+160
2010-04-12sysdb: convert sysdb_getgrgidSimo Sorce4-263/+160
2010-04-12sysdb: convert sysdb_getgrnamSimo Sorce10-394/+253
2010-04-12sysdb: convert sysdb_getpwuidSimo Sorce4-265/+146
2010-04-12sysdb: convert sysdb_getpwnamSimo Sorce12-623/+415
2010-04-12sysdb: add automatic transactions where neededSimo Sorce1-7/+47
Only functions that do multiple operations need explicit transactions as ldb_add/ldb_modify/ldb_delete already start transactions automatically intenrally.