summaryrefslogtreecommitdiff
path: root/src/providers/krb5/krb5_auth.c
AgeCommit message (Collapse)AuthorFilesLines
2012-06-29KRB5: Initialize the credential cache type properlyStephen Gallagher1-0/+11
We weren't guaranteeing that the cctype-specific callbacks were initialized before using them. This bug only presented itself for users who were logging in without a ccacheFile attribute in the LDB (for example, first-time logins).
2012-06-14Add a credential cache back end structureJakub Hrozek1-101/+92
To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
2012-06-14Split parse_krb5_child_response so it can be reusedJakub Hrozek1-119/+27
krb5-child-test will be another consumer. It also makes the code more readable by splitting a huge function.
2012-05-07Only reset kpasswd server status when performing a chpass operationJakub Hrozek1-2/+3
https://fedorahosted.org/sssd/ticket/1316
2012-05-04Modify behavior of pam_pwd_expiration_warningJan Zeleny1-4/+27
New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider.
2012-03-08Detect cycle in the fail over on subsequent resolve requests onlyJakub Hrozek1-17/+15
2012-03-06Only do one cycle when resolving a serverJakub Hrozek1-7/+12
https://fedorahosted.org/sssd/ticket/1214
2012-01-06Do not call krb5_child when changing passwords and provider went offlineJakub Hrozek1-1/+11
https://fedorahosted.org/sssd/ticket/1131
2011-12-21Honor case sensitive flag when creating the ccname templateJakub Hrozek1-1/+3
2011-12-19Move child_common routines to utilStephen Gallagher1-1/+1
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-7/+2
2011-08-15sysdb refactoring: memory context deletedJan Zeleny1-4/+3
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny1-9/+7
The patch also updates code using modified functions. Tests have also been adjusted.
2011-06-15Fix two typosSumit Bose1-2/+3
2011-06-15Delete cached ccache file if password is expiredSumit Bose1-8/+63
2011-04-29Fix bad password caching when using automatic TGT renewalStephen Gallagher1-3/+12
Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
2011-04-19Always generate kpasswdinfo fileStephen Gallagher1-2/+1
Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd.
2011-03-08Remove unused sysdb_attrs objectJan Zeleny1-8/+0
2010-12-21Fix potential NULL-dereference in krb5_auth_done()Sumit Bose1-3/+3
https://fedorahosted.org/sssd/ticket/745
2010-12-20Serialize requests of the same user in the krb5 providerSumit Bose1-0/+22
2010-12-20Fixes for automatic ticket renewalSumit Bose1-18/+27
- do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
2010-12-07Add support for FAST in krb5 providerSumit Bose1-5/+7
2010-12-03Add support for automatic Kerberos ticket renewalSumit Bose1-0/+18
2010-12-03krb5_child returns TGT lifetimeSumit Bose1-0/+21
2010-11-04Make handle_child_* request publicSumit Bose1-319/+12
I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
2010-11-04Make krb5_setup() publicSumit Bose1-3/+2
2010-11-04Add krb5_get_simple_upn()Sumit Bose1-6/+3
2010-11-04Add infrastructure for Kerberos access providerSumit Bose1-26/+78
2010-11-01Fix two return value checksSumit Bose1-2/+2
2010-11-01Fix incorrect free of req in krb5_auth.cStephen Gallagher1-1/+1
2010-09-02Fixed potential comparison of undefined variableJan Zeleny1-0/+1
If the allocation on line 678 failed, the value of ret was undefined in following comparison. ENOMEM is now assigned before the comparison. Ticket: #578
2010-05-26Fix handling of ccache file when going offlineSumit Bose1-32/+75
The ccache file was removed too early if system is offline but the backend was not already marked offline. Now we remove the ccache file only if the successfully got a new one and it is not the same as the old one.
2010-05-26Add support for delayed kinit if offlineSumit Bose1-26/+50
If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
2010-05-26Handle Krb5 password expiration warningSumit Bose1-119/+73
2010-05-26Try all servers during Kerberos authJakub Hrozek1-23/+104
The Kerberos backend would previously try only the first server and if it was unreachable, it immediatelly went offline.
2010-05-16Properly set up SIGCHLD handlersStephen Gallagher1-0/+6
Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
2010-05-16Make Kerberos authentication a tevent_reqSumit Bose1-214/+339
To allow other providers to include Kerberos authentication the main part is put into a tevent request.
2010-04-26Display a message if a password reset by root failsSumit Bose1-0/+7
2010-04-12sysdb: convert sysdb_get_user_attrSimo Sorce1-38/+13
2010-04-12Remove remaining use of sysdb_transaction_sendSimo Sorce1-103/+49
2010-04-12sysdb: convert sysdb_cache_passwordSimo Sorce1-29/+8
2010-04-12sysdb: convert sysdb_set_entry/user/group_attrSimo Sorce1-23/+4
2010-03-25Allow arbitrary-length PAM messagesStephen Gallagher1-1/+1
The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432
2010-03-12Add krb5_kpasswd optionSumit Bose1-9/+76
2010-03-11Add expandable sequences to krb5_ccachedirSumit Bose1-2/+11
As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
2010-03-04Add forgotten \n in DEBUG statementsMartin Nagy1-1/+1
Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.
2010-03-03Improve safe alignment buffer handling macrosSimo Sorce1-16/+17
Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.
2010-02-19Remove unneeded items from struct pam_dataSumit Bose1-16/+30
2010-02-19Send Kerberos environment after password changeSumit Bose1-1/+1
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+1193
Also update BUILD.txt