Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-06-02 | Add utility function to return IP address as string | Jakub Hrozek | 1 | -9/+2 | |
2011-06-02 | Add online callback only once for TGT renewal | Sumit Bose | 1 | -25/+44 | |
2011-05-20 | Rename label in expand_ccname_template | Jakub Hrozek | 1 | -17/+17 | |
The label was named fail but used also in success cases. | |||||
2011-05-12 | Use a temporary memory context in expand_ccname_template | Jakub Hrozek | 1 | -20/+33 | |
2011-05-05 | Added some kerberos functions for building on RHEL5 | Jan Zeleny | 1 | -2/+2 | |
2011-05-04 | Do not leak pcre context | Jakub Hrozek | 1 | -0/+12 | |
2011-05-02 | Return pam data to the renewal item if renewal fails | Sumit Bose | 1 | -4/+9 | |
A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running. | |||||
2011-04-29 | Fix bad password caching when using automatic TGT renewal | Stephen Gallagher | 1 | -3/+12 | |
Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856 | |||||
2011-04-25 | Allow new option to specify principal for FAST | Jan Zeleny | 3 | -4/+55 | |
https://fedorahosted.org/sssd/ticket/700 | |||||
2011-04-25 | Extend and move function for finding principal in keytab | Jan Zeleny | 1 | -80/+2 | |
The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code. | |||||
2011-04-19 | Always generate kpasswdinfo file | Stephen Gallagher | 1 | -2/+1 | |
Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd. | |||||
2011-03-08 | Remove unused sysdb_attrs object | Jan Zeleny | 1 | -8/+0 | |
2011-02-22 | Check ccache file for renewable TGTs at startup | Sumit Bose | 3 | -0/+241 | |
2011-02-18 | Remove renewal item if it is not re-added | Sumit Bose | 1 | -1/+34 | |
2010-12-21 | Fix potential NULL-dereference in krb5_auth_done() | Sumit Bose | 1 | -3/+3 | |
https://fedorahosted.org/sssd/ticket/745 | |||||
2010-12-20 | Serialize requests of the same user in the krb5 provider | Sumit Bose | 4 | -0/+239 | |
2010-12-20 | Fixes for automatic ticket renewal | Sumit Bose | 4 | -44/+100 | |
- do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes | |||||
2010-12-14 | Fix incorrect return value on failure in check_and_export_options() | Sumit Bose | 1 | -0/+1 | |
https://fedorahosted.org/sssd/ticket/722 | |||||
2010-12-08 | Fix build issue with older Kerberos library | Sumit Bose | 1 | -2/+2 | |
2010-12-07 | Replace krb5_kdcip by krb5_server in LDAP provider | Sumit Bose | 2 | -7/+10 | |
2010-12-07 | Add support for FAST in krb5 provider | Sumit Bose | 5 | -13/+344 | |
2010-12-07 | Refactor krb5_child to make helpers more flexible | Sumit Bose | 1 | -20/+36 | |
2010-12-03 | Allow krb5 lifetime values without a unit | Sumit Bose | 1 | -36/+65 | |
2010-12-03 | Add support for automatic Kerberos ticket renewal | Sumit Bose | 7 | -1/+420 | |
2010-12-03 | krb5_child returns TGT lifetime | Sumit Bose | 3 | -0/+57 | |
2010-12-03 | Add krb5_lifetime option | Sumit Bose | 3 | -2/+38 | |
2010-12-03 | Add krb5_renewable_lifetime option | Sumit Bose | 3 | -2/+42 | |
2010-12-03 | Check authtok type for krb5 auth and chpass | Sumit Bose | 1 | -0/+12 | |
2010-12-03 | Add a renew task to krb5_child | Sumit Bose | 1 | -0/+87 | |
2010-12-03 | Send authtok_type to krb5_child | Sumit Bose | 2 | -2/+6 | |
2010-12-01 | Allow protocol fallback for SRV queries | Jakub Hrozek | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/691 | |||||
2010-11-04 | Call krb5_child to check access permissions | Sumit Bose | 1 | -4/+121 | |
2010-11-04 | Make handle_child_* request public | Sumit Bose | 3 | -325/+429 | |
I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit. | |||||
2010-11-04 | Add krb5_kuserok() access check to krb5_child | Sumit Bose | 1 | -17/+73 | |
2010-11-04 | Make krb5_setup() public | Sumit Bose | 3 | -6/+8 | |
2010-11-04 | Add krb5_get_simple_upn() | Sumit Bose | 3 | -6/+30 | |
2010-11-04 | Add infrastructure for Kerberos access provider | Sumit Bose | 4 | -26/+184 | |
2010-11-04 | Store krb5 auth context for other targets | Sumit Bose | 1 | -1/+2 | |
2010-11-01 | Fix two return value checks | Sumit Bose | 1 | -2/+2 | |
2010-11-01 | Fix incorrect free of req in krb5_auth.c | Stephen Gallagher | 1 | -1/+1 | |
2010-10-19 | Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip. | Jan Zeleny | 3 | -2/+48 | |
For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543 | |||||
2010-10-13 | Initialize kerberos service for GSSAPI | Jakub Hrozek | 2 | -1/+7 | |
2010-09-28 | Suppress some 'may be used uninitialized' warnings | Sumit Bose | 1 | -6/+12 | |
Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c. | |||||
2010-09-23 | Use new MIT krb5 API for better password expiration warnings | Sumit Bose | 1 | -0/+51 | |
2010-09-08 | Dead assignments cleanup in providers code | Jan Zeleny | 1 | -1/+0 | |
Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586 | |||||
2010-09-02 | Fixed potential comparison of undefined variable | Jan Zeleny | 1 | -0/+1 | |
If the allocation on line 678 failed, the value of ret was undefined in following comparison. ENOMEM is now assigned before the comparison. Ticket: #578 | |||||
2010-06-30 | Add dns_discovery_domain option | Jakub Hrozek | 1 | -1/+1 | |
The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479 | |||||
2010-06-16 | Standardize on correct spelling of "principal" for krb5 | Stephen Gallagher | 2 | -4/+4 | |
https://fedorahosted.org/sssd/ticket/542 | |||||
2010-06-14 | Remove krb5_changepw_principal option | Jakub Hrozek | 4 | -42/+22 | |
Fixes: #531 | |||||
2010-06-10 | Properly handle read() and write() throughout the SSSD | Stephen Gallagher | 1 | -7/+18 | |
We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output. |