summaryrefslogtreecommitdiff
path: root/src/providers/krb5
AgeCommit message (Collapse)AuthorFilesLines
2011-11-22Set more strict permissions on keyringSimo Sorce1-1/+1
We want to confine access to the keyring to the current process and not let root easily peek into the keyring contents.
2011-11-22Fixed unchecked value of setenv() in check_and_export_options()Jan Zeleny1-2/+5
https://fedorahosted.org/sssd/ticket/1080
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-7/+2
2011-11-02Add support to request canonicalization on krb AS requestsJan Zeleny3-1/+25
https://fedorahosted.org/sssd/ticket/957
2011-09-28Multiline macro cleanupJakub Hrozek1-1/+1
This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
2011-09-08DEBUG timestamps offer higher precisionPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf
2011-08-25New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina1-1/+3
Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
2011-08-25New DEBUG facility - conversionPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
2011-08-15sysdb refactoring: memory context deletedJan Zeleny1-4/+3
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny3-13/+10
The patch also updates code using modified functions. Tests have also been adjusted.
2011-07-21Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek1-1/+1
2011-07-13Remove unused krb5_service structure memberJakub Hrozek2-5/+1
2011-07-11Escape IP address in kdcinfoJakub Hrozek1-4/+26
https://fedorahosted.org/sssd/ticket/909
2011-06-15Switch resolver to using resolv_hostent and honor TTLJakub Hrozek1-1/+1
2011-06-15Fix two typosSumit Bose1-2/+3
2011-06-15Delete cached ccache file if password is expiredSumit Bose1-8/+63
2011-06-02Add utility function to return IP address as stringJakub Hrozek1-9/+2
2011-06-02Add online callback only once for TGT renewalSumit Bose1-25/+44
2011-05-20Rename label in expand_ccname_templateJakub Hrozek1-17/+17
The label was named fail but used also in success cases.
2011-05-12Use a temporary memory context in expand_ccname_templateJakub Hrozek1-20/+33
2011-05-05Added some kerberos functions for building on RHEL5Jan Zeleny1-2/+2
2011-05-04Do not leak pcre contextJakub Hrozek1-0/+12
2011-05-02Return pam data to the renewal item if renewal failsSumit Bose1-4/+9
A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running.
2011-04-29Fix bad password caching when using automatic TGT renewalStephen Gallagher1-3/+12
Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
2011-04-25Allow new option to specify principal for FASTJan Zeleny3-4/+55
https://fedorahosted.org/sssd/ticket/700
2011-04-25Extend and move function for finding principal in keytabJan Zeleny1-80/+2
The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code.
2011-04-19Always generate kpasswdinfo fileStephen Gallagher1-2/+1
Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd.
2011-03-08Remove unused sysdb_attrs objectJan Zeleny1-8/+0
2011-02-22Check ccache file for renewable TGTs at startupSumit Bose3-0/+241
2011-02-18Remove renewal item if it is not re-addedSumit Bose1-1/+34
2010-12-21Fix potential NULL-dereference in krb5_auth_done()Sumit Bose1-3/+3
https://fedorahosted.org/sssd/ticket/745
2010-12-20Serialize requests of the same user in the krb5 providerSumit Bose4-0/+239
2010-12-20Fixes for automatic ticket renewalSumit Bose4-44/+100
- do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
2010-12-14Fix incorrect return value on failure in check_and_export_options()Sumit Bose1-0/+1
https://fedorahosted.org/sssd/ticket/722
2010-12-08Fix build issue with older Kerberos librarySumit Bose1-2/+2
2010-12-07Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose2-7/+10
2010-12-07Add support for FAST in krb5 providerSumit Bose5-13/+344
2010-12-07Refactor krb5_child to make helpers more flexibleSumit Bose1-20/+36
2010-12-03Allow krb5 lifetime values without a unitSumit Bose1-36/+65
2010-12-03Add support for automatic Kerberos ticket renewalSumit Bose7-1/+420
2010-12-03krb5_child returns TGT lifetimeSumit Bose3-0/+57
2010-12-03Add krb5_lifetime optionSumit Bose3-2/+38
2010-12-03Add krb5_renewable_lifetime optionSumit Bose3-2/+42
2010-12-03Check authtok type for krb5 auth and chpassSumit Bose1-0/+12
2010-12-03Add a renew task to krb5_childSumit Bose1-0/+87
2010-12-03Send authtok_type to krb5_childSumit Bose2-2/+6
2010-12-01Allow protocol fallback for SRV queriesJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/691
2010-11-04Call krb5_child to check access permissionsSumit Bose1-4/+121
2010-11-04Make handle_child_* request publicSumit Bose3-325/+429
I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
2010-11-04Add krb5_kuserok() access check to krb5_childSumit Bose1-17/+73