sssd.git/src/providers, branch refactor-fo sssd with jhrozek's patches heimdal: use sss_krb5_princ_realm to access realm 2012-07-09T12:41:19+00:00 Rambaldi gentoo@xs4me.net 2012-07-07T11:37:45+00:00 bb446567389e894bf4d64a9589606d1951ac7902 






Revert commit 4c157ecedd52602f75574605ef48d0c48e9bfbe8
2012-07-06T17:19:32+00:00

Stef Walter
stefw@gnome.org

2012-07-06T17:06:48+00:00

aa2c6f469414668e56aa03d5ba5cecde64bc713e

 * This broke corner cases when used with
      default_tkt_types = des-cbc-crc
   and DES enabled on an AD domain.
 * This is fixed in kerberos instead, in a more correct way
   and in a way which we cannot replicate.





 * This broke corner cases when used with
      default_tkt_types = des-cbc-crc
   and DES enabled on an AD domain.
 * This is fixed in kerberos instead, in a more correct way
   and in a way which we cannot replicate.







AD: Force case-insensitive operation in AD provider
2012-07-06T15:44:46+00:00

Stephen Gallagher
sgallagh@redhat.com

2012-07-06T00:44:24+00:00

346f41f1ede975cb2db0af570f5b454b9b306704












AD: use krb5_keytab for validation and GSSAPI
2012-07-06T15:44:46+00:00

Stephen Gallagher
sgallagh@redhat.com

2012-07-06T00:00:37+00:00

4e2d9fe30bf8b692972a9654c60d2d90ed355815

This simplifies configuration by eliminating the need to
specifiy both krb5_keytab and ldap_krb5_keytab if the keytab is
not located at /etc/krb5.keytab





This simplifies configuration by eliminating the need to
specifiy both krb5_keytab and ldap_krb5_keytab if the keytab is
not located at /etc/krb5.keytab







AD: Add AD access-control provider
2012-07-06T15:44:46+00:00

Stephen Gallagher
sgallagh@redhat.com

2012-07-02T14:34:52+00:00

a4cce2c98eedecb5d3b47da62104634cae268434

This patch adds support for checking whether a user is expired or
disabled in AD.





This patch adds support for checking whether a user is expired or
disabled in AD.







AD: Add AD auth and chpass providers
2012-07-06T15:44:45+00:00

Stephen Gallagher
sgallagh@redhat.com

2012-06-28T01:38:13+00:00

d92c50f6d75ae980b0d130134112a33e1584724c

These new providers take advantage of existing code for the KRB5
provider, providing sensible defaults for operating against an
Active Directory 2008 R2 or later server.





These new providers take advantage of existing code for the KRB5
provider, providing sensible defaults for operating against an
Active Directory 2008 R2 or later server.







AD: Add AD identity provider
2012-07-06T15:44:45+00:00

Stephen Gallagher
sgallagh@redhat.com

2012-03-27T01:41:28+00:00

effcbdb12c7ef892f1fd92a745cb33a08ca4ba30

This new identity provider takes advantage of existing code for
the LDAP provider, but provides sensible defaults for operating
against an Active Directory 2008 R2 or later server.





This new identity provider takes advantage of existing code for
the LDAP provider, but provides sensible defaults for operating
against an Active Directory 2008 R2 or later server.







LDAP: Rename user and group maps for AD
2012-07-06T15:44:45+00:00

Stephen Gallagher
sgallagh@redhat.com

2012-04-10T01:13:41+00:00

42aeb975864c3c3ba971fd04c61a1aaf6e69905b

This will eliminate ambiguity for the AD provider





This will eliminate ambiguity for the AD provider







KRB5: Create a common init routine for krb5_child options
2012-07-06T15:44:45+00:00

Stephen Gallagher
sgallagh@redhat.com

2012-06-27T18:07:05+00:00

3441d0c2d11aea0c39b009751a1898333c009674

This will reduce code duplication between the krb5, ipa and ad
providers





This will reduce code duplication between the krb5, ipa and ad
providers







KRB5: Drop memctx parameter of krb5_try_kdcip
2012-07-06T15:44:45+00:00

Stephen Gallagher
sgallagh@redhat.com

2012-06-27T13:59:57+00:00

69905bf968003216d444fc68d8597e139362f2e6

This function is not supposed to return any newly-allocated memory
directly. It was actually leaking the memory for krb5_servers if
krb5_kdcip was being used, though it was undetectable because it
was allocated on the provided memctx.

This patch removes the memctx parameter and allocates krb5_servers
temporarily on NULL and ensures that it is freed on all exit
conditions. It is not necessary to retain this memory, as
dp_opt_set_string() performs a talloc_strdup onto the appropriate
context internally.

It also updates the DEBUG messages for this function to the
appropriate new macro levels.





This function is not supposed to return any newly-allocated memory
directly. It was actually leaking the memory for krb5_servers if
krb5_kdcip was being used, though it was undetectable because it
was allocated on the provided memctx.

This patch removes the memctx parameter and allocates krb5_servers
temporarily on NULL and ensures that it is freed on all exit
conditions. It is not necessary to retain this memory, as
dp_opt_set_string() performs a talloc_strdup onto the appropriate
context internally.

It also updates the DEBUG messages for this function to the
appropriate new macro levels.