summaryrefslogtreecommitdiff
path: root/src/providers/krb5
AgeCommit message (Collapse)AuthorFilesLines
2011-06-02Add utility function to return IP address as stringJakub Hrozek1-9/+2
2011-06-02Add online callback only once for TGT renewalSumit Bose1-25/+44
2011-05-20Rename label in expand_ccname_templateJakub Hrozek1-17/+17
The label was named fail but used also in success cases.
2011-05-12Use a temporary memory context in expand_ccname_templateJakub Hrozek1-20/+33
2011-05-05Added some kerberos functions for building on RHEL5Jan Zeleny1-2/+2
2011-05-04Do not leak pcre contextJakub Hrozek1-0/+12
2011-05-02Return pam data to the renewal item if renewal failsSumit Bose1-4/+9
A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running.
2011-04-29Fix bad password caching when using automatic TGT renewalStephen Gallagher1-3/+12
Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
2011-04-25Allow new option to specify principal for FASTJan Zeleny3-4/+55
https://fedorahosted.org/sssd/ticket/700
2011-04-25Extend and move function for finding principal in keytabJan Zeleny1-80/+2
The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code.
2011-04-19Always generate kpasswdinfo fileStephen Gallagher1-2/+1
Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd.
2011-03-08Remove unused sysdb_attrs objectJan Zeleny1-8/+0
2011-02-22Check ccache file for renewable TGTs at startupSumit Bose3-0/+241
2011-02-18Remove renewal item if it is not re-addedSumit Bose1-1/+34
2010-12-21Fix potential NULL-dereference in krb5_auth_done()Sumit Bose1-3/+3
https://fedorahosted.org/sssd/ticket/745
2010-12-20Serialize requests of the same user in the krb5 providerSumit Bose4-0/+239
2010-12-20Fixes for automatic ticket renewalSumit Bose4-44/+100
- do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
2010-12-14Fix incorrect return value on failure in check_and_export_options()Sumit Bose1-0/+1
https://fedorahosted.org/sssd/ticket/722
2010-12-08Fix build issue with older Kerberos librarySumit Bose1-2/+2
2010-12-07Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose2-7/+10
2010-12-07Add support for FAST in krb5 providerSumit Bose5-13/+344
2010-12-07Refactor krb5_child to make helpers more flexibleSumit Bose1-20/+36
2010-12-03Allow krb5 lifetime values without a unitSumit Bose1-36/+65
2010-12-03Add support for automatic Kerberos ticket renewalSumit Bose7-1/+420
2010-12-03krb5_child returns TGT lifetimeSumit Bose3-0/+57
2010-12-03Add krb5_lifetime optionSumit Bose3-2/+38
2010-12-03Add krb5_renewable_lifetime optionSumit Bose3-2/+42
2010-12-03Check authtok type for krb5 auth and chpassSumit Bose1-0/+12
2010-12-03Add a renew task to krb5_childSumit Bose1-0/+87
2010-12-03Send authtok_type to krb5_childSumit Bose2-2/+6
2010-12-01Allow protocol fallback for SRV queriesJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/691
2010-11-04Call krb5_child to check access permissionsSumit Bose1-4/+121
2010-11-04Make handle_child_* request publicSumit Bose3-325/+429
I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
2010-11-04Add krb5_kuserok() access check to krb5_childSumit Bose1-17/+73
2010-11-04Make krb5_setup() publicSumit Bose3-6/+8
2010-11-04Add krb5_get_simple_upn()Sumit Bose3-6/+30
2010-11-04Add infrastructure for Kerberos access providerSumit Bose4-26/+184
2010-11-04Store krb5 auth context for other targetsSumit Bose1-1/+2
2010-11-01Fix two return value checksSumit Bose1-2/+2
2010-11-01Fix incorrect free of req in krb5_auth.cStephen Gallagher1-1/+1
2010-10-19Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny3-2/+48
For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek2-1/+7
2010-09-28Suppress some 'may be used uninitialized' warningsSumit Bose1-6/+12
Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
2010-09-23Use new MIT krb5 API for better password expiration warningsSumit Bose1-0/+51
2010-09-08Dead assignments cleanup in providers codeJan Zeleny1-1/+0
Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
2010-09-02Fixed potential comparison of undefined variableJan Zeleny1-0/+1
If the allocation on line 678 failed, the value of ret was undefined in following comparison. ENOMEM is now assigned before the comparison. Ticket: #578
2010-06-30Add dns_discovery_domain optionJakub Hrozek1-1/+1
The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
2010-06-16Standardize on correct spelling of "principal" for krb5Stephen Gallagher2-4/+4
https://fedorahosted.org/sssd/ticket/542
2010-06-14Remove krb5_changepw_principal optionJakub Hrozek4-42/+22
Fixes: #531
2010-06-10Properly handle read() and write() throughout the SSSDStephen Gallagher1-7/+18
We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.