summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5/krb5_common.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix formating of variables with type: ssize_tLukas Slebodnik2013-09-111-2/+2
|
* Fix formating of variables with type: longLukas Slebodnik2013-09-111-1/+1
|
* krb5: Remove unused ccache backend infrastructureSimo Sorce2013-09-091-38/+14
| | | | | | | | Remove struct sss_krb5_cc_be and the remaining functions that reference it as they are all unused now. Resolves: https://fedorahosted.org/sssd/ticket/2061
* krb5: move template check to initializzationSimo Sorce2013-09-091-0/+17
| | | | | | | | | | | | The randomized template check realy only makes sense for the FILE ccache which is the only one that normally needs to use randomizing chars. Also it is better to warn the admin early rather than to warn 'when it is too late'. So move the check at initialization time when we determine what the template actually is. Resolves: https://fedorahosted.org/sssd/ticket/2061
* krb5: Fetch ccname template from krb5.confStephen Gallagher2013-08-281-8/+91
| | | | | | | | | | | | | In order to use the same defaults in all system daemons that needs to know how to generate or search for ccaches we introduce ode here to take advantage of the new option called default_ccache_name provided by libkrb5. If set this variable we establish the same default for all programs that surce it out of krb5.conf therefore providing a consistent experience across the system. Related: https://fedorahosted.org/sssd/ticket/2036
* krb5_common: Refactor to use a talloc temp contextSimo Sorce2013-08-281-12/+28
| | | | | | | | In preparation for handling some more allocations in the following patches and fixes a curent memleak on the opts struct. Related: https://fedorahosted.org/sssd/ticket/2036
* KRB5: Add support for KEYRING cache typeStephen Gallagher2013-08-271-0/+5
| | | | https://fedorahosted.org/sssd/ticket/2036
* KRB5: Add new #define for collection cache typesStephen Gallagher2013-08-221-2/+2
| | | | | | Kerberos now supports multiple types of collection caches, not just DIR: caches. We should add a macro for generic collection behavior and use that where appropriate.
* Add mising argument required by format stringLukas Slebodnik2013-07-191-2/+3
|
* Fix compilation warningJakub Hrozek2013-06-271-1/+1
|
* KRB5: guess UPN for subdomain usersJakub Hrozek2013-06-271-11/+36
|
* A new option krb5_use_kdcinfoJakub Hrozek2013-06-101-12/+18
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
* Do not obfuscate calls with booleansJakub Hrozek2013-06-071-7/+22
| | | | | | Instead of using boolean variables to denote whether the call is adding a primary or a secondary server, use a function wrapper that tells what it's doing by its name.
* Set canonicalize flag if enterprise principals are usedSumit Bose2013-05-311-1/+6
| | | | | | | In contrast to MIT KDCs AD does not automatically canonicalize the enterprise principal in an AS request but requires the canonicalize flags to be set. To be on the safe side we always enable canonicalization if enterprise principals are used.
* failover: Protect against empty host namesMichal Zidek2013-01-021-1/+1
| | | | | | | | | | Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
* Fix compare_principal_realm() checkSumit Bose2012-11-191-9/+3
| | | | | In case of a short UPN compare_principal_realm() erroneously returns an error.
* Add new call find_or_guess_upn()Sumit Bose2012-10-261-7/+20
| | | | | | | | | With the current approach the upn was either a pointer to a const string in a ldb_message or a string created with the help of talloc. This new function always makes it a talloc'ed value. Additionally krb5_get_simple_upn() is enhanced to handle sub-domains as well.
* krb5_auth: check if principal belongs to a different realmSumit Bose2012-10-261-0/+31
| | | | | | Add a flag if the principal used for authentication does not belong to our realm. This can be used to act differently for users from other realms.
* Failover: use _srv_ when no primary server is definedPavel Březina2012-09-171-12/+3
| | | | https://fedorahosted.org/sssd/ticket/1521
* Fix: IPv6 address with square brackets doesn't work.Michal Zidek2012-08-231-1/+14
| | | | https://fedorahosted.org/sssd/ticket/1365
* Duplicate detection in fail over did not work.Michal Zidek2012-08-151-1/+6
| | | | https://fedorahosted.org/sssd/ticket/1472
* SRV resolution for backup servers should not be permitted.Michal Zidek2012-08-091-2/+9
| | | | https://fedorahosted.org/sssd/ticket/1463
* Primary server support: krb5 adaptationJan Zeleny2012-08-011-46/+89
| | | | | | This patch adds support for the primary server functionality into krb5 provider. No backup servers are added at the moment, just the basic support is in place.
* Primary server support: basic support in failover codeJan Zeleny2012-08-011-1/+1
| | | | | | | | Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
* KRB5: Drop memctx parameter of krb5_try_kdcipStephen Gallagher2012-07-061-10/+13
| | | | | | | | | | | | | | | | This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
* Move some debug lines to new debug log levelsStef Walter2012-06-201-3/+3
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* KRB5: Auto-detect DIR cache support in configureStephen Gallagher2012-06-151-1/+5
| | | | | | We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
* Add support for storing credential caches in the DIR: back endJakub Hrozek2012-06-141-5/+29
| | | | https://fedorahosted.org/sssd/ticket/974
* Add a credential cache back end structureJakub Hrozek2012-06-141-3/+9
| | | | | | To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
* Convert read and write operations to sss_atomic_readJakub Hrozek2012-04-201-16/+10
| | | | https://fedorahosted.org/sssd/ticket/1209
* Put dp_option maps in their own fileStephen Gallagher2012-03-281-18/+1
| | | | There is no functional change due to this patch.
* IPA: Set the DNS discovery domain to match ipa_domainStephen Gallagher2012-03-011-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1217
* Securely set umask when using mkstempStephen Gallagher2011-12-191-0/+3
| | | | Coverity 12394, 12395, 12396, 12397 and 12398
* Fixed unchecked value of setenv() in check_and_export_options()Jan Zeleny2011-11-221-2/+5
| | | | https://fedorahosted.org/sssd/ticket/1080
* Add support to request canonicalization on krb AS requestsJan Zeleny2011-11-021-1/+8
| | | | https://fedorahosted.org/sssd/ticket/957
* Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek2011-07-211-1/+1
|
* Remove unused krb5_service structure memberJakub Hrozek2011-07-131-4/+1
|
* Escape IP address in kdcinfoJakub Hrozek2011-07-111-4/+26
| | | | https://fedorahosted.org/sssd/ticket/909
* Switch resolver to using resolv_hostent and honor TTLJakub Hrozek2011-06-151-1/+1
|
* Add utility function to return IP address as stringJakub Hrozek2011-06-021-9/+2
|
* Allow new option to specify principal for FASTJan Zeleny2011-04-251-1/+11
| | | | https://fedorahosted.org/sssd/ticket/700
* Fix incorrect return value on failure in check_and_export_options()Sumit Bose2010-12-141-0/+1
| | | | https://fedorahosted.org/sssd/ticket/722
* Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose2010-12-071-6/+8
|
* Add support for FAST in krb5 providerSumit Bose2010-12-071-2/+22
|
* Allow krb5 lifetime values without a unitSumit Bose2010-12-031-36/+65
|
* Add support for automatic Kerberos ticket renewalSumit Bose2010-12-031-1/+2
|
* Add krb5_lifetime optionSumit Bose2010-12-031-1/+21
|
* Add krb5_renewable_lifetime optionSumit Bose2010-12-031-1/+23
|
* Allow protocol fallback for SRV queriesJakub Hrozek2010-12-011-1/+1
| | | | https://fedorahosted.org/sssd/ticket/691
* Add krb5_get_simple_upn()Sumit Bose2010-11-041-0/+25
|
generated by cgit (git 2.34.1) at 2024-05-27 10:29:04 +0000