summaryrefslogtreecommitdiff
path: root/sss_client/pam_sss.c
AgeCommit message (Collapse)AuthorFilesLines
2010-02-02Warn the user if authentication happens offlineSumit Bose1-0/+82
2010-02-01Improve logging of pam_sssSumit Bose1-9/+46
To avoid unnecessary messages in the log files of the system we only send log messages for PAM modules type which are explicitly handled by sssd. Furthermore only the authentication modules sends a log message when the operation was successful. All other modules only sends a message if an error occurs. This patch should fix bz556534.
2010-02-01Avoid 'PAM' at the beginning of define and enum namesSumit Bose1-27/+28
2010-02-01Rename PAM_USER_INFO to PAM_SYSTEM_INFOSumit Bose1-2/+2
2010-01-22Pointers to non 32 bit aligned data were being cast to uint32_t *George McCollister1-27/+38
uint32_t pointers must point to 32 bit aligned data on ARM. Instead of padding the data to force it into alignment I altered the code to memcpy the data to an aligned location. I'd appreciate any and all feedback especially on whether I took the best approach. pam_test_client auth and pam_test_client acct now work on my armeb-xscale-linux-gnueabi target. Signed-off-by: George McCollister <georgem@opteron.novatech-llc.com>
2009-12-18Handle chauthtok with PAM_PRELIM_CHECK separatelySumit Bose1-1/+1
If pam_sm_chauthtok is called with the flag PAM_PRELIM_CHECK set we generate a separate call to the sssd to validate the old password before asking for a new password and sending the change password request.
2009-11-06Clean up unused dependenciesStephen Gallagher1-1/+0
2009-10-14use old password if available during password changeSumit Bose1-8/+9
- if the password is reset by root we do not ask for a password during PAM_PRELIM_CHECK. But if there is one available during PAM_UPDATE_AUTHTOK we will use it, because now we are in an expired password dialog.
2009-10-08add syslog message similar to pam_unixSumit Bose1-2/+14
2009-10-05ask for new password if password is expiredSumit Bose1-7/+40
2009-10-05move password handling into subroutinesSumit Bose1-71/+117
2009-09-14make cli_pid mandatory and increase version number of pam protocolSumit Bose1-2/+2
2009-09-14remove unused client locale from PAM protocolSumit Bose1-19/+0
2009-09-14Let the PAM client send its PIDSumit Bose1-9/+34
- the client sends the PID as uint32_t and sssd will use uint32_t too - fix a possible type issue where a uint32_t is sent as int32 in internal dbus communication
2009-09-11Add copyright noticesJakub Hrozek1-0/+20
Fixes: #138
2009-08-27do not show server messages to userSumit Bose1-5/+0
2009-07-22cleanup of pam_sssSumit Bose1-250/+241
- make pam_sss work with pam_cracklib and similar pam modules - clean up the if-&&-else-|| jungle to make clear what is happening
2009-07-03Cleanup warnings in client and server codeSimo Sorce1-2/+2
2009-07-02added kerberos backend with tevent_req event handlingSumit Bose1-1/+1
2009-06-25Implement _pam_overwrite_n(n,x) for older systemsStephen Gallagher1-0/+1
OSes based on older versions of the PAM development libraries lack the _pam_overwrite_n(n,x) macro. This patch copies the Fedora 11 pam-devel-1.0.91-6 implementation into an SSSD private header. This affects RHEL5 and SUSE10.
2009-06-02Don't mix strdup and static stringsSimo Sorce1-1/+1
2009-05-26Initial gettext framework for sss_clientsStephen Gallagher1-1/+7
2009-05-17Build fixesSimo Sorce1-0/+2
Comment out unused function in pam_sss Add missing configure.ac to common/ini
2009-05-15added new pam client protocolSumit Bose1-2/+136
2009-05-08added syslog support to pam_sssSumit Bose1-5/+40
2009-05-08cleanup and fixes for pam_sssSumit Bose1-190/+352
- if PAM_USER==root return PAM_USER_UNKNOWN - pam_sss now can handle to following options: - use_first_pass: forces the module to use a previous stacked modules password and will never prompt the user - use_authtok: when password changing enforce the module to set the new password to the one provided by a previously stacked password module - forward_pass: store the passwords collected by the module as pam items for modules called later in the stack
2009-04-29Fix IndentationSimo Sorce1-88/+89
2009-04-29reuse authtok which is already in the pam stackSumit Bose1-2/+22
2009-04-23allow to forward the authtok to other pam modulesSumit Bose1-0/+16
Other pam modules which are called after pam_sss might want to reuse the given password so that the user is not bothered with multiple password prompt. When pam_sss is configured with the option 'forward_pass' it will use pam_set_item to safe the password for other pam modules.
2009-03-25Fix compilation error due to implicit castStephen Gallagher1-2/+2
2009-03-20added response type PAM_ENV_ITEM and integrated response data into dbus messagesSumit Bose1-0/+32
2009-03-10Remove unexisting left over headerSimo Sorce1-1/+0
Also bump up the version as this error prevented a successful build of 0.2.0
2009-03-10added generic PAM return messages and a false login delaySumit Bose1-15/+59
2009-03-05added password reset by rootSumit Bose1-9/+33
2009-03-02first version of LOCAL pam backendSumit Bose1-0/+6
2009-02-24Add PAM clientSumit Bose1-0/+324
Also rename nss_client to sss_client and reuse the same pipe protocol for both the NSS and PAM client libraries. Signed-off-by: Simo Sorce <ssorce@redhat.com>