summaryrefslogtreecommitdiff
path: root/src/providers/krb5/krb5_common.c
AgeCommit message (Collapse)AuthorFilesLines
2013-06-27Fix compilation warningJakub Hrozek1-1/+1
2013-06-27KRB5: guess UPN for subdomain usersJakub Hrozek1-11/+36
2013-06-10A new option krb5_use_kdcinfoJakub Hrozek1-12/+18
https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
2013-06-07Do not obfuscate calls with booleansJakub Hrozek1-7/+22
Instead of using boolean variables to denote whether the call is adding a primary or a secondary server, use a function wrapper that tells what it's doing by its name.
2013-05-31Set canonicalize flag if enterprise principals are usedSumit Bose1-1/+6
In contrast to MIT KDCs AD does not automatically canonicalize the enterprise principal in an AS request but requires the canonicalize flags to be set. To be on the safe side we always enable canonicalization if enterprise principals are used.
2013-01-02failover: Protect against empty host namesMichal Zidek1-1/+1
Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
2012-11-19Fix compare_principal_realm() checkSumit Bose1-9/+3
In case of a short UPN compare_principal_realm() erroneously returns an error.
2012-10-26Add new call find_or_guess_upn()Sumit Bose1-7/+20
With the current approach the upn was either a pointer to a const string in a ldb_message or a string created with the help of talloc. This new function always makes it a talloc'ed value. Additionally krb5_get_simple_upn() is enhanced to handle sub-domains as well.
2012-10-26krb5_auth: check if principal belongs to a different realmSumit Bose1-0/+31
Add a flag if the principal used for authentication does not belong to our realm. This can be used to act differently for users from other realms.
2012-09-17Failover: use _srv_ when no primary server is definedPavel Březina1-12/+3
https://fedorahosted.org/sssd/ticket/1521
2012-08-23Fix: IPv6 address with square brackets doesn't work.Michal Zidek1-1/+14
https://fedorahosted.org/sssd/ticket/1365
2012-08-15Duplicate detection in fail over did not work.Michal Zidek1-1/+6
https://fedorahosted.org/sssd/ticket/1472
2012-08-09SRV resolution for backup servers should not be permitted.Michal Zidek1-2/+9
https://fedorahosted.org/sssd/ticket/1463
2012-08-01Primary server support: krb5 adaptationJan Zeleny1-46/+89
This patch adds support for the primary server functionality into krb5 provider. No backup servers are added at the moment, just the basic support is in place.
2012-08-01Primary server support: basic support in failover codeJan Zeleny1-1/+1
Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
2012-07-06KRB5: Drop memctx parameter of krb5_try_kdcipStephen Gallagher1-10/+13
This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
2012-06-20Move some debug lines to new debug log levelsStef Walter1-3/+3
* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
2012-06-15KRB5: Auto-detect DIR cache support in configureStephen Gallagher1-1/+5
We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
2012-06-14Add support for storing credential caches in the DIR: back endJakub Hrozek1-5/+29
https://fedorahosted.org/sssd/ticket/974
2012-06-14Add a credential cache back end structureJakub Hrozek1-3/+9
To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
2012-04-20Convert read and write operations to sss_atomic_readJakub Hrozek1-16/+10
https://fedorahosted.org/sssd/ticket/1209
2012-03-28Put dp_option maps in their own fileStephen Gallagher1-18/+1
There is no functional change due to this patch.
2012-03-01IPA: Set the DNS discovery domain to match ipa_domainStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/1217
2011-12-19Securely set umask when using mkstempStephen Gallagher1-0/+3
Coverity 12394, 12395, 12396, 12397 and 12398
2011-11-22Fixed unchecked value of setenv() in check_and_export_options()Jan Zeleny1-2/+5
https://fedorahosted.org/sssd/ticket/1080
2011-11-02Add support to request canonicalization on krb AS requestsJan Zeleny1-1/+8
https://fedorahosted.org/sssd/ticket/957
2011-07-21Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek1-1/+1
2011-07-13Remove unused krb5_service structure memberJakub Hrozek1-4/+1
2011-07-11Escape IP address in kdcinfoJakub Hrozek1-4/+26
https://fedorahosted.org/sssd/ticket/909
2011-06-15Switch resolver to using resolv_hostent and honor TTLJakub Hrozek1-1/+1
2011-06-02Add utility function to return IP address as stringJakub Hrozek1-9/+2
2011-04-25Allow new option to specify principal for FASTJan Zeleny1-1/+11
https://fedorahosted.org/sssd/ticket/700
2010-12-14Fix incorrect return value on failure in check_and_export_options()Sumit Bose1-0/+1
https://fedorahosted.org/sssd/ticket/722
2010-12-07Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose1-6/+8
2010-12-07Add support for FAST in krb5 providerSumit Bose1-2/+22
2010-12-03Allow krb5 lifetime values without a unitSumit Bose1-36/+65
2010-12-03Add support for automatic Kerberos ticket renewalSumit Bose1-1/+2
2010-12-03Add krb5_lifetime optionSumit Bose1-1/+21
2010-12-03Add krb5_renewable_lifetime optionSumit Bose1-1/+23
2010-12-01Allow protocol fallback for SRV queriesJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/691
2010-11-04Add krb5_get_simple_upn()Sumit Bose1-0/+25
2010-10-19Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny1-1/+44
For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek1-1/+1
2010-09-28Suppress some 'may be used uninitialized' warningsSumit Bose1-6/+12
Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
2010-06-30Add dns_discovery_domain optionJakub Hrozek1-1/+1
The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
2010-06-14Remove krb5_changepw_principal optionJakub Hrozek1-27/+0
Fixes: #531
2010-06-10Properly handle read() and write() throughout the SSSDStephen Gallagher1-7/+18
We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
2010-05-27Refactor krb5 SIGTERM handler installationSumit Bose1-0/+33
2010-05-27Add callback to remove krb5 info files when going offlineSumit Bose1-0/+97
2010-05-27Refactor krb5_finalize()Sumit Bose1-12/+27
generated by cgit (git 2.34.1) at 2024-11-17 01:51:19 +0000