sssd.git/src/providers/krb5, branch nonroot-libcap sssd with jhrozek's patches UTIL: Move become_user outside krb5 tree 2014-10-07T11:48:04+00:00 Jakub Hrozek jhrozek@redhat.com 2014-07-26T10:46:26+00:00 21983497ff98e34e34f8a626fd0bba24831fd1b4 In order for several other SSSD processes to run as a non-root user, we need to move the functions to become another user to a shared space in our source tree. 
In order for several other SSSD processes to run as a non-root user, we
need to move the functions to become another user to a shared space in
our source tree.
Fix debug messages - trailing '.' 2014-09-29T16:15:01+00:00 Pavel Reichl preichl@redhat.com 2014-09-27T11:06:44+00:00 c683b8d730f4ec838244147d70a0275d53459aa5 Fix debug messages where '\n' was wrongly followed by '.'. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Fix debug messages where '\n' was wrongly followed by '.'.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
UTIL: rename find_subdomain_by_name 2014-07-22T07:40:08+00:00 Pavel Reichl preichl@redhat.com 2014-07-21T07:06:23+00:00 db18dda869bc6c52a41797b2066cf121cf10f49c The function was named "find_subdomain" yet it could find both main domain and subdomain. sed 's/find_subdomain_by_name/find_domain_by_name/' -i `find . -name "*.[ch]"` Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
The function was named "find_subdomain" yet it could find both main
domain and subdomain.

sed 's/find_subdomain_by_name/find_domain_by_name/' -i `find . -name "*.[ch]"`

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
KRB5: add missing debug-to-stderr option to krb5_child 2014-07-20T19:26:19+00:00 Sumit Bose sbose@redhat.com 2014-07-18T20:34:23+00:00 ee4ba51f2fcfc8d8b807c3de6eaac554281165d2 Without this option krb5_child cannot be run in interactive mode. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Without this option krb5_child cannot be run in interactive mode.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
KRB5: Go offline in case of generic error 2014-04-17T20:18:44+00:00 Pavel Reichl preichl@redhat.com 2014-04-17T12:31:17+00:00 dd3398f8cc5a80cd99546bfe9c500589b78a96f1 Resolves: https://fedorahosted.org/sssd/ticket/2313 
Resolves:
https://fedorahosted.org/sssd/ticket/2313
KRB: do not check ccache directory for GID 2014-04-17T08:31:14+00:00 Pavel Reichl reichl.pavel@gmail.com 2014-04-15T15:31:49+00:00 26ce47cc3e2003c30bae8206c3085f0814c9a842 






krb5_child: Fix use after free in debug message
2014-04-08T12:12:23+00:00

Lukas Slebodnik
lslebodn@redhat.com

2014-04-08T08:56:22+00:00

47bc2d6639c41da1e5bac37eb4af3559bbc0e10e

debug_prg_name is used in debug_fn and it was allocated under
talloc context "kr". The variable "kr" was removed before the last debug
messages in function main. It is very little change that it will be overridden.
It is possible to see this issue with exported environment variable
TALLOC_FREE_FILL=255

Reviewed-by: Sumit Bose <sbose@redhat.com>





debug_prg_name is used in debug_fn and it was allocated under
talloc context "kr". The variable "kr" was removed before the last debug
messages in function main. It is very little change that it will be overridden.
It is possible to see this issue with exported environment variable
TALLOC_FREE_FILL=255

Reviewed-by: Sumit Bose <sbose@redhat.com>







krb5_child: Remove unused krb5_context from set_changepw_options
2014-04-07T15:46:10+00:00

Lukas Slebodnik
lslebodn@redhat.com

2014-04-05T09:26:59+00:00

d2ea839a907ba6ee1fe44027d67b11b02593fc99

Reviewed-by: Pavel Reichl <preichl@redhat.com>





Reviewed-by: Pavel Reichl <preichl@redhat.com>







KRB5: Do not attempt to get a TGT after a password change using OTP
2014-03-26T08:56:23+00:00

Jakub Hrozek
jhrozek@redhat.com

2014-03-18T15:48:11+00:00

3983d81f461a4f17736a516eb595f54df4bf4336

https://fedorahosted.org/sssd/ticket/2271

The current krb5_child code attempts to get a TGT for the convenience of
the user using the new password after a password change operation.
However, an OTP should never be used twice, which means we can't perform
the kinit operation after chpass is finished. Instead, we only print a
PAM information instructing the user to log out and back in manually.

Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>





https://fedorahosted.org/sssd/ticket/2271

The current krb5_child code attempts to get a TGT for the convenience of
the user using the new password after a password change operation.
However, an OTP should never be used twice, which means we can't perform
the kinit operation after chpass is finished. Instead, we only print a
PAM information instructing the user to log out and back in manually.

Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>







krb5-child: add revert_changepw_options()
2014-03-21T22:06:26+00:00

Sumit Bose
sbose@redhat.com

2014-03-21T15:16:23+00:00

6bbff437dcea7e56d71cf119d1391be7264dfaf0

After changing the Kerberos password krb5-child will try to get a fresh
TGT with the new password. This patch tries to make sure the right gic
options are used.

Resolves: https://fedorahosted.org/sssd/ticket/2289

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>





After changing the Kerberos password krb5-child will try to get a fresh
TGT with the new password. This patch tries to make sure the right gic
options are used.

Resolves: https://fedorahosted.org/sssd/ticket/2289

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>