summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5/krb5_child.c
Commit message (Collapse)AuthorAgeFilesLines
* Cast uid_t to unsigned long long in DEBUG messagesJakub Hrozek2012-07-101-3/+3
|
* Print based on pointer contents not addressJakub Hrozek2012-07-101-1/+3
|
* heimdal: use sss_krb5_princ_realm to access realmRambaldi2012-07-091-4/+11
|
* Revert commit 4c157ecedd52602f75574605ef48d0c48e9bfbe8Stef Walter2012-07-061-21/+0
| | | | | | | | * This broke corner cases when used with default_tkt_types = des-cbc-crc and DES enabled on an AD domain. * This is fixed in kerberos instead, in a more correct way and in a way which we cannot replicate.
* KRB5: Some logging enhancements for krb5_childStephen Gallagher2012-07-061-6/+13
|
* KRB5: Auto-detect DIR cache support in configureStephen Gallagher2012-06-151-0/+8
| | | | | | We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
* Use Kerberos context in KRB5_DEBUGJakub Hrozek2012-06-141-45/+40
| | | | | Passing Kerberos context to sss_krb5_get_error_message will allow us to get better error messages.
* Add support for storing credential caches in the DIR: back endJakub Hrozek2012-06-141-30/+198
| | | | https://fedorahosted.org/sssd/ticket/974
* Provide more debugging in krb5_child and ldap_childJakub Hrozek2012-06-141-13/+65
| | | | https://fedorahosted.org/sssd/ticket/1225
* Two small krb5_child fixesJakub Hrozek2012-06-141-3/+10
| | | | | * Allocation check was missing * a DEBUG statement overwrote errno
* added DEBUG messages to krb5_child and ldap_childNick Guay2012-05-311-3/+12
|
* Limit krb5_get_init_creds_keytab() to etypes in keytabStef Walter2012-05-071-0/+21
| | | | | | | | | * Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375
* Remove erroneous failure message in find_principal_in_keytabStef Walter2012-05-071-1/+3
| | | | | * When it's actually a failure, then the callers will print a message. Fine tune this.
* If canon'ing principals, write ccache with updated default principalStef Walter2012-05-041-2/+6
| | | | | | | | | | | * When calling krb5_get_init_creds_keytab() with krb5_get_init_creds_opt_set_canonicalize() the credential principal can get updated. * Create the cache file with the correct default credential. * LDAP GSSAPI SASL would fail due to the mismatched credentials before this patch. https://bugzilla.redhat.com/show_bug.cgi?id=811518
* Convert read and write operations to sss_atomic_readJakub Hrozek2012-04-201-30/+21
| | | | https://fedorahosted.org/sssd/ticket/1209
* Clean up log messages about keytab_nameStephen Gallagher2012-04-051-2/+4
| | | | | | | | | There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288
* krb5_child: set debugging soonerJakub Hrozek2012-03-061-12/+18
|
* KRB5: Add syslog messages for Kerberos failuresStephen Gallagher2012-01-311-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1137
* Add compatibility layer for Heimdal Kerberos implementationStephen Gallagher2011-12-221-4/+6
|
* Securely set umask when using mkstempStephen Gallagher2011-12-191-0/+3
| | | | Coverity 12394, 12395, 12396, 12397 and 12398
* Move child_common routines to utilStephen Gallagher2011-12-191-1/+1
|
* Add support to request canonicalization on krb AS requestsJan Zeleny2011-11-021-0/+15
| | | | https://fedorahosted.org/sssd/ticket/957
* Multiline macro cleanupJakub Hrozek2011-09-281-1/+1
| | | | | | | | | | This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
* DEBUG timestamps offer higher precisionPavel Březina2011-09-081-0/+2
| | | | | | | https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf
* New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina2011-08-251-1/+3
| | | | | | | | | | | | | | | | | | | | | Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
* New DEBUG facility - conversionPavel Březina2011-08-251-0/+2
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
* Added some kerberos functions for building on RHEL5Jan Zeleny2011-05-051-2/+2
|
* Allow new option to specify principal for FASTJan Zeleny2011-04-251-3/+42
| | | | https://fedorahosted.org/sssd/ticket/700
* Extend and move function for finding principal in keytabJan Zeleny2011-04-251-80/+2
| | | | | | | | The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code.
* Fixes for automatic ticket renewalSumit Bose2010-12-201-2/+15
| | | | | | - do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
* Fix build issue with older Kerberos librarySumit Bose2010-12-081-2/+2
|
* Add support for FAST in krb5 providerSumit Bose2010-12-071-4/+309
|
* Refactor krb5_child to make helpers more flexibleSumit Bose2010-12-071-20/+36
|
* krb5_child returns TGT lifetimeSumit Bose2010-12-031-0/+29
|
* Add krb5_lifetime optionSumit Bose2010-12-031-1/+15
|
* Add krb5_renewable_lifetime optionSumit Bose2010-12-031-1/+17
|
* Check authtok type for krb5 auth and chpassSumit Bose2010-12-031-0/+12
|
* Add a renew task to krb5_childSumit Bose2010-12-031-0/+87
|
* Send authtok_type to krb5_childSumit Bose2010-12-031-0/+2
|
* Add krb5_kuserok() access check to krb5_childSumit Bose2010-11-041-17/+73
|
* Make krb5_setup() publicSumit Bose2010-11-041-3/+3
|
* Use new MIT krb5 API for better password expiration warningsSumit Bose2010-09-231-0/+51
|
* Dead assignments cleanup in providers codeJan Zeleny2010-09-081-1/+0
| | | | | | | Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
* Standardize on correct spelling of "principal" for krb5Stephen Gallagher2010-06-161-3/+3
| | | | https://fedorahosted.org/sssd/ticket/542
* Remove krb5_changepw_principal optionJakub Hrozek2010-06-141-12/+22
| | | | Fixes: #531
* Add a missing initializerSumit Bose2010-06-091-1/+1
|
* Initialize pam_data in Kerberos child.Sumit Bose2010-06-061-1/+1
|
* Handle Krb5 password expiration warningSumit Bose2010-05-261-55/+122
|
* Allow arbitrary-length PAM messagesStephen Gallagher2010-03-251-19/+6
| | | | | | | | | The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432
* Add krb5_kpasswd optionSumit Bose2010-03-121-0/+7
|
generated by cgit (git 2.34.1) at 2024-05-13 11:51:59 +0000