summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5/krb5_auth.c
Commit message (Collapse)AuthorAgeFilesLines
* KRB5: Initialize the credential cache type properlyStephen Gallagher2012-06-291-0/+11
| | | | | | | | | We weren't guaranteeing that the cctype-specific callbacks were initialized before using them. This bug only presented itself for users who were logging in without a ccacheFile attribute in the LDB (for example, first-time logins).
* Add a credential cache back end structureJakub Hrozek2012-06-141-101/+92
| | | | | | To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
* Split parse_krb5_child_response so it can be reusedJakub Hrozek2012-06-141-119/+27
| | | | | krb5-child-test will be another consumer. It also makes the code more readable by splitting a huge function.
* Only reset kpasswd server status when performing a chpass operationJakub Hrozek2012-05-071-2/+3
| | | | https://fedorahosted.org/sssd/ticket/1316
* Modify behavior of pam_pwd_expiration_warningJan Zeleny2012-05-041-4/+27
| | | | | | | | | | | | | | | | | | New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider.
* Detect cycle in the fail over on subsequent resolve requests onlyJakub Hrozek2012-03-081-17/+15
|
* Only do one cycle when resolving a serverJakub Hrozek2012-03-061-7/+12
| | | | https://fedorahosted.org/sssd/ticket/1214
* Do not call krb5_child when changing passwords and provider went offlineJakub Hrozek2012-01-061-1/+11
| | | | https://fedorahosted.org/sssd/ticket/1131
* Honor case sensitive flag when creating the ccname templateJakub Hrozek2011-12-211-1/+3
|
* Move child_common routines to utilStephen Gallagher2011-12-191-1/+1
|
* Cleanup: Remove unused parametersJakub Hrozek2011-11-221-7/+2
|
* sysdb refactoring: memory context deletedJan Zeleny2011-08-151-4/+3
| | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-151-9/+7
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Fix two typosSumit Bose2011-06-151-2/+3
|
* Delete cached ccache file if password is expiredSumit Bose2011-06-151-8/+63
|
* Fix bad password caching when using automatic TGT renewalStephen Gallagher2011-04-291-3/+12
| | | | Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
* Always generate kpasswdinfo fileStephen Gallagher2011-04-191-2/+1
| | | | | Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd.
* Remove unused sysdb_attrs objectJan Zeleny2011-03-081-8/+0
|
* Fix potential NULL-dereference in krb5_auth_done()Sumit Bose2010-12-211-3/+3
| | | | https://fedorahosted.org/sssd/ticket/745
* Serialize requests of the same user in the krb5 providerSumit Bose2010-12-201-0/+22
|
* Fixes for automatic ticket renewalSumit Bose2010-12-201-18/+27
| | | | | | - do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
* Add support for FAST in krb5 providerSumit Bose2010-12-071-5/+7
|
* Add support for automatic Kerberos ticket renewalSumit Bose2010-12-031-0/+18
|
* krb5_child returns TGT lifetimeSumit Bose2010-12-031-0/+21
|
* Make handle_child_* request publicSumit Bose2010-11-041-319/+12
| | | | | | I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
* Make krb5_setup() publicSumit Bose2010-11-041-3/+2
|
* Add krb5_get_simple_upn()Sumit Bose2010-11-041-6/+3
|
* Add infrastructure for Kerberos access providerSumit Bose2010-11-041-26/+78
|
* Fix two return value checksSumit Bose2010-11-011-2/+2
|
* Fix incorrect free of req in krb5_auth.cStephen Gallagher2010-11-011-1/+1
|
* Fixed potential comparison of undefined variableJan Zeleny2010-09-021-0/+1
| | | | | | If the allocation on line 678 failed, the value of ret was undefined in following comparison. ENOMEM is now assigned before the comparison. Ticket: #578
* Fix handling of ccache file when going offlineSumit Bose2010-05-261-32/+75
| | | | | | | The ccache file was removed too early if system is offline but the backend was not already marked offline. Now we remove the ccache file only if the successfully got a new one and it is not the same as the old one.
* Add support for delayed kinit if offlineSumit Bose2010-05-261-26/+50
| | | | | | | If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
* Handle Krb5 password expiration warningSumit Bose2010-05-261-119/+73
|
* Try all servers during Kerberos authJakub Hrozek2010-05-261-23/+104
| | | | | The Kerberos backend would previously try only the first server and if it was unreachable, it immediatelly went offline.
* Properly set up SIGCHLD handlersStephen Gallagher2010-05-161-0/+6
| | | | | | Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
* Make Kerberos authentication a tevent_reqSumit Bose2010-05-161-214/+339
| | | | | To allow other providers to include Kerberos authentication the main part is put into a tevent request.
* Display a message if a password reset by root failsSumit Bose2010-04-261-0/+7
|
* sysdb: convert sysdb_get_user_attrSimo Sorce2010-04-121-38/+13
|
* Remove remaining use of sysdb_transaction_sendSimo Sorce2010-04-121-103/+49
|
* sysdb: convert sysdb_cache_passwordSimo Sorce2010-04-121-29/+8
|
* sysdb: convert sysdb_set_entry/user/group_attrSimo Sorce2010-04-121-23/+4
|
* Allow arbitrary-length PAM messagesStephen Gallagher2010-03-251-1/+1
| | | | | | | | | The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432
* Add krb5_kpasswd optionSumit Bose2010-03-121-9/+76
|
* Add expandable sequences to krb5_ccachedirSumit Bose2010-03-111-2/+11
| | | | | | | As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
* Add forgotten \n in DEBUG statementsMartin Nagy2010-03-041-1/+1
| | | | | | Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.
* Improve safe alignment buffer handling macrosSimo Sorce2010-03-031-16/+17
| | | | | | | | | Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.
* Remove unneeded items from struct pam_dataSumit Bose2010-02-191-16/+30
|
* Send Kerberos environment after password changeSumit Bose2010-02-191-1/+1
|
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+1193
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-30 01:48:03 +0000