summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5/krb5_common.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix compare_principal_realm() checkSumit Bose2012-11-201-9/+3
| | | | | In case of a short UPN compare_principal_realm() erroneously returns an error.
* Add new call find_or_guess_upn()Sumit Bose2012-11-051-7/+20
| | | | | | | | | With the current approach the upn was either a pointer to a const string in a ldb_message or a string created with the help of talloc. This new function always makes it a talloc'ed value. Additionally krb5_get_simple_upn() is enhanced to handle sub-domains as well.
* krb5_auth: check if principal belongs to a different realmSumit Bose2012-11-051-0/+31
| | | | | | Add a flag if the principal used for authentication does not belong to our realm. This can be used to act differently for users from other realms.
* Failover: use _srv_ when no primary server is definedPavel Březina2012-09-171-12/+3
| | | | https://fedorahosted.org/sssd/ticket/1521
* Fix: IPv6 address with square brackets doesn't work.Michal Zidek2012-08-231-1/+14
| | | | https://fedorahosted.org/sssd/ticket/1365
* Duplicate detection in fail over did not work.Michal Zidek2012-08-151-1/+6
| | | | https://fedorahosted.org/sssd/ticket/1472
* SRV resolution for backup servers should not be permitted.Michal Zidek2012-08-091-2/+9
| | | | https://fedorahosted.org/sssd/ticket/1463
* Primary server support: krb5 adaptationJan Zeleny2012-08-011-46/+89
| | | | | | This patch adds support for the primary server functionality into krb5 provider. No backup servers are added at the moment, just the basic support is in place.
* Primary server support: basic support in failover codeJan Zeleny2012-08-011-1/+1
| | | | | | | | Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
* KRB5: Drop memctx parameter of krb5_try_kdcipStephen Gallagher2012-07-061-10/+13
| | | | | | | | | | | | | | | | This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
* Move some debug lines to new debug log levelsStef Walter2012-06-201-3/+3
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* KRB5: Auto-detect DIR cache support in configureStephen Gallagher2012-06-151-1/+5
| | | | | | We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
* Add support for storing credential caches in the DIR: back endJakub Hrozek2012-06-141-5/+29
| | | | https://fedorahosted.org/sssd/ticket/974
* Add a credential cache back end structureJakub Hrozek2012-06-141-3/+9
| | | | | | To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
* Convert read and write operations to sss_atomic_readJakub Hrozek2012-04-201-16/+10
| | | | https://fedorahosted.org/sssd/ticket/1209
* Put dp_option maps in their own fileStephen Gallagher2012-03-281-18/+1
| | | | There is no functional change due to this patch.
* IPA: Set the DNS discovery domain to match ipa_domainStephen Gallagher2012-03-011-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1217
* Securely set umask when using mkstempStephen Gallagher2011-12-191-0/+3
| | | | Coverity 12394, 12395, 12396, 12397 and 12398
* Fixed unchecked value of setenv() in check_and_export_options()Jan Zeleny2011-11-221-2/+5
| | | | https://fedorahosted.org/sssd/ticket/1080
* Add support to request canonicalization on krb AS requestsJan Zeleny2011-11-021-1/+8
| | | | https://fedorahosted.org/sssd/ticket/957
* Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek2011-07-211-1/+1
|
* Remove unused krb5_service structure memberJakub Hrozek2011-07-131-4/+1
|
* Escape IP address in kdcinfoJakub Hrozek2011-07-111-4/+26
| | | | https://fedorahosted.org/sssd/ticket/909
* Switch resolver to using resolv_hostent and honor TTLJakub Hrozek2011-06-151-1/+1
|
* Add utility function to return IP address as stringJakub Hrozek2011-06-021-9/+2
|
* Allow new option to specify principal for FASTJan Zeleny2011-04-251-1/+11
| | | | https://fedorahosted.org/sssd/ticket/700
* Fix incorrect return value on failure in check_and_export_options()Sumit Bose2010-12-141-0/+1
| | | | https://fedorahosted.org/sssd/ticket/722
* Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose2010-12-071-6/+8
|
* Add support for FAST in krb5 providerSumit Bose2010-12-071-2/+22
|
* Allow krb5 lifetime values without a unitSumit Bose2010-12-031-36/+65
|
* Add support for automatic Kerberos ticket renewalSumit Bose2010-12-031-1/+2
|
* Add krb5_lifetime optionSumit Bose2010-12-031-1/+21
|
* Add krb5_renewable_lifetime optionSumit Bose2010-12-031-1/+23
|
* Allow protocol fallback for SRV queriesJakub Hrozek2010-12-011-1/+1
| | | | https://fedorahosted.org/sssd/ticket/691
* Add krb5_get_simple_upn()Sumit Bose2010-11-041-0/+25
|
* Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny2010-10-191-1/+44
| | | | | | | | For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
* Initialize kerberos service for GSSAPIJakub Hrozek2010-10-131-1/+1
|
* Suppress some 'may be used uninitialized' warningsSumit Bose2010-09-281-6/+12
| | | | | Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
* Add dns_discovery_domain optionJakub Hrozek2010-06-301-1/+1
| | | | | | | | | | | | The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
* Remove krb5_changepw_principal optionJakub Hrozek2010-06-141-27/+0
| | | | Fixes: #531
* Properly handle read() and write() throughout the SSSDStephen Gallagher2010-06-101-7/+18
| | | | | | | We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
* Refactor krb5 SIGTERM handler installationSumit Bose2010-05-271-0/+33
|
* Add callback to remove krb5 info files when going offlineSumit Bose2010-05-271-0/+97
|
* Refactor krb5_finalize()Sumit Bose2010-05-271-12/+27
|
* Revert "Create kdcinfo and kpasswdinfo file at startup"Sumit Bose2010-05-271-40/+1
| | | | This reverts commit f3c31d11bf365eb6a79c4f698667915a4c81eeb7.
* Add support for delayed kinit if offlineSumit Bose2010-05-261-1/+2
| | | | | | | If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
* New version of IPA auth and password migrationSumit Bose2010-05-161-2/+2
| | | | | | | | | The current version modified some global structures to be able to use Kerberos and LDAP authentication during the IPA password migration. This new version only uses tevent requests. Additionally the ipaMigrationEnabled attribute is read from the IPA server to see if password migration is allowed or not.
* Use service discovery in backendsJakub Hrozek2010-05-071-0/+21
| | | | | | | | | Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
* Create kdcinfo and kpasswdinfo file at startupSumit Bose2010-05-071-1/+40
|
* Clean up kdcinfo and kpasswdinfo files when exitingStephen Gallagher2010-05-071-0/+40
|
generated by cgit (git 2.34.1) at 2024-04-26 16:10:02 +0000