Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Convert read and write operations to sss_atomic_read | Jakub Hrozek | 2012-04-20 | 2 | -46/+31 |
| | | | | https://fedorahosted.org/sssd/ticket/1209 | ||||
* | Clean up log messages about keytab_name | Stephen Gallagher | 2012-04-05 | 1 | -2/+4 |
| | | | | | | | | | There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288 | ||||
* | Add terminator for dp_option | Stephen Gallagher | 2012-03-28 | 1 | -1/+2 |
| | |||||
* | Put dp_option maps in their own file | Stephen Gallagher | 2012-03-28 | 2 | -18/+47 |
| | | | | There is no functional change due to this patch. | ||||
* | Detect cycle in the fail over on subsequent resolve requests only | Jakub Hrozek | 2012-03-08 | 1 | -17/+15 |
| | |||||
* | krb5_child: set debugging sooner | Jakub Hrozek | 2012-03-06 | 1 | -12/+18 |
| | |||||
* | Only do one cycle when resolving a server | Jakub Hrozek | 2012-03-06 | 1 | -7/+12 |
| | | | | https://fedorahosted.org/sssd/ticket/1214 | ||||
* | IPA: Set the DNS discovery domain to match ipa_domain | Stephen Gallagher | 2012-03-01 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/1217 | ||||
* | KRB5: Add syslog messages for Kerberos failures | Stephen Gallagher | 2012-01-31 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/1137 | ||||
* | Do not call krb5_child when changing passwords and provider went offline | Jakub Hrozek | 2012-01-06 | 1 | -1/+11 |
| | | | | https://fedorahosted.org/sssd/ticket/1131 | ||||
* | Add compatibility layer for Heimdal Kerberos implementation | Stephen Gallagher | 2011-12-22 | 2 | -8/+12 |
| | |||||
* | Honor case sensitive flag when creating the ccname template | Jakub Hrozek | 2011-12-21 | 3 | -5/+17 |
| | |||||
* | Securely set umask when using mkstemp | Stephen Gallagher | 2011-12-19 | 2 | -0/+6 |
| | | | | Coverity 12394, 12395, 12396, 12397 and 12398 | ||||
* | Move child_common routines to util | Stephen Gallagher | 2011-12-19 | 5 | -5/+5 |
| | |||||
* | Set more strict permissions on keyring | Simo Sorce | 2011-11-22 | 1 | -1/+1 |
| | | | | | We want to confine access to the keyring to the current process and not let root easily peek into the keyring contents. | ||||
* | Fixed unchecked value of setenv() in check_and_export_options() | Jan Zeleny | 2011-11-22 | 1 | -2/+5 |
| | | | | https://fedorahosted.org/sssd/ticket/1080 | ||||
* | Cleanup: Remove unused parameters | Jakub Hrozek | 2011-11-22 | 1 | -7/+2 |
| | |||||
* | Add support to request canonicalization on krb AS requests | Jan Zeleny | 2011-11-02 | 3 | -1/+25 |
| | | | | https://fedorahosted.org/sssd/ticket/957 | ||||
* | Multiline macro cleanup | Jakub Hrozek | 2011-09-28 | 1 | -1/+1 |
| | | | | | | | | | | This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again. | ||||
* | DEBUG timestamps offer higher precision | Pavel Březina | 2011-09-08 | 1 | -0/+2 |
| | | | | | | | https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf | ||||
* | New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0 | Pavel Březina | 2011-08-25 | 1 | -1/+3 |
| | | | | | | | | | | | | | | | | | | | | | Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level); | ||||
* | New DEBUG facility - conversion | Pavel Březina | 2011-08-25 | 1 | -0/+2 |
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT) | ||||
* | sysdb refactoring: memory context deleted | Jan Zeleny | 2011-08-15 | 1 | -4/+3 |
| | | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well. | ||||
* | sysdb refactoring: deleted domain variables in sysdb API | Jan Zeleny | 2011-08-15 | 3 | -13/+10 |
| | | | | | The patch also updates code using modified functions. Tests have also been adjusted. | ||||
* | Rename fo_get_server_name to fo_get_server_str_name | Jakub Hrozek | 2011-07-21 | 1 | -1/+1 |
| | |||||
* | Remove unused krb5_service structure member | Jakub Hrozek | 2011-07-13 | 2 | -5/+1 |
| | |||||
* | Escape IP address in kdcinfo | Jakub Hrozek | 2011-07-11 | 1 | -4/+26 |
| | | | | https://fedorahosted.org/sssd/ticket/909 | ||||
* | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 2011-06-15 | 1 | -1/+1 |
| | |||||
* | Fix two typos | Sumit Bose | 2011-06-15 | 1 | -2/+3 |
| | |||||
* | Delete cached ccache file if password is expired | Sumit Bose | 2011-06-15 | 1 | -8/+63 |
| | |||||
* | Add utility function to return IP address as string | Jakub Hrozek | 2011-06-02 | 1 | -9/+2 |
| | |||||
* | Add online callback only once for TGT renewal | Sumit Bose | 2011-06-02 | 1 | -25/+44 |
| | |||||
* | Rename label in expand_ccname_template | Jakub Hrozek | 2011-05-20 | 1 | -17/+17 |
| | | | | The label was named fail but used also in success cases. | ||||
* | Use a temporary memory context in expand_ccname_template | Jakub Hrozek | 2011-05-12 | 1 | -20/+33 |
| | |||||
* | Added some kerberos functions for building on RHEL5 | Jan Zeleny | 2011-05-05 | 1 | -2/+2 |
| | |||||
* | Do not leak pcre context | Jakub Hrozek | 2011-05-04 | 1 | -0/+12 |
| | |||||
* | Return pam data to the renewal item if renewal fails | Sumit Bose | 2011-05-02 | 1 | -4/+9 |
| | | | | | | | | | A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running. | ||||
* | Fix bad password caching when using automatic TGT renewal | Stephen Gallagher | 2011-04-29 | 1 | -3/+12 |
| | | | | Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856 | ||||
* | Allow new option to specify principal for FAST | Jan Zeleny | 2011-04-25 | 3 | -4/+55 |
| | | | | https://fedorahosted.org/sssd/ticket/700 | ||||
* | Extend and move function for finding principal in keytab | Jan Zeleny | 2011-04-25 | 1 | -80/+2 |
| | | | | | | | | The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code. | ||||
* | Always generate kpasswdinfo file | Stephen Gallagher | 2011-04-19 | 1 | -2/+1 |
| | | | | | Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd. | ||||
* | Remove unused sysdb_attrs object | Jan Zeleny | 2011-03-08 | 1 | -8/+0 |
| | |||||
* | Check ccache file for renewable TGTs at startup | Sumit Bose | 2011-02-22 | 3 | -0/+241 |
| | |||||
* | Remove renewal item if it is not re-added | Sumit Bose | 2011-02-18 | 1 | -1/+34 |
| | |||||
* | Fix potential NULL-dereference in krb5_auth_done() | Sumit Bose | 2010-12-21 | 1 | -3/+3 |
| | | | | https://fedorahosted.org/sssd/ticket/745 | ||||
* | Serialize requests of the same user in the krb5 provider | Sumit Bose | 2010-12-20 | 4 | -0/+239 |
| | |||||
* | Fixes for automatic ticket renewal | Sumit Bose | 2010-12-20 | 4 | -44/+100 |
| | | | | | | - do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes | ||||
* | Fix incorrect return value on failure in check_and_export_options() | Sumit Bose | 2010-12-14 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/722 | ||||
* | Fix build issue with older Kerberos library | Sumit Bose | 2010-12-08 | 1 | -2/+2 |
| | |||||
* | Replace krb5_kdcip by krb5_server in LDAP provider | Sumit Bose | 2010-12-07 | 2 | -7/+10 |
| |