summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* Cleanup: Remove unused parametersJakub Hrozek2011-11-221-7/+2
|
* Add support to request canonicalization on krb AS requestsJan Zeleny2011-11-023-1/+25
| | | | https://fedorahosted.org/sssd/ticket/957
* Multiline macro cleanupJakub Hrozek2011-09-281-1/+1
| | | | | | | | | | This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
* DEBUG timestamps offer higher precisionPavel Březina2011-09-081-0/+2
| | | | | | | https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf
* New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina2011-08-251-1/+3
| | | | | | | | | | | | | | | | | | | | | Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
* New DEBUG facility - conversionPavel Březina2011-08-251-0/+2
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
* sysdb refactoring: memory context deletedJan Zeleny2011-08-151-4/+3
| | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-153-13/+10
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek2011-07-211-1/+1
|
* Remove unused krb5_service structure memberJakub Hrozek2011-07-132-5/+1
|
* Escape IP address in kdcinfoJakub Hrozek2011-07-111-4/+26
| | | | https://fedorahosted.org/sssd/ticket/909
* Switch resolver to using resolv_hostent and honor TTLJakub Hrozek2011-06-151-1/+1
|
* Fix two typosSumit Bose2011-06-151-2/+3
|
* Delete cached ccache file if password is expiredSumit Bose2011-06-151-8/+63
|
* Add utility function to return IP address as stringJakub Hrozek2011-06-021-9/+2
|
* Add online callback only once for TGT renewalSumit Bose2011-06-021-25/+44
|
* Rename label in expand_ccname_templateJakub Hrozek2011-05-201-17/+17
| | | | The label was named fail but used also in success cases.
* Use a temporary memory context in expand_ccname_templateJakub Hrozek2011-05-121-20/+33
|
* Added some kerberos functions for building on RHEL5Jan Zeleny2011-05-051-2/+2
|
* Do not leak pcre contextJakub Hrozek2011-05-041-0/+12
|
* Return pam data to the renewal item if renewal failsSumit Bose2011-05-021-4/+9
| | | | | | | | | A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running.
* Fix bad password caching when using automatic TGT renewalStephen Gallagher2011-04-291-3/+12
| | | | Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
* Allow new option to specify principal for FASTJan Zeleny2011-04-253-4/+55
| | | | https://fedorahosted.org/sssd/ticket/700
* Extend and move function for finding principal in keytabJan Zeleny2011-04-251-80/+2
| | | | | | | | The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code.
* Always generate kpasswdinfo fileStephen Gallagher2011-04-191-2/+1
| | | | | Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd.
* Remove unused sysdb_attrs objectJan Zeleny2011-03-081-8/+0
|
* Check ccache file for renewable TGTs at startupSumit Bose2011-02-223-0/+241
|
* Remove renewal item if it is not re-addedSumit Bose2011-02-181-1/+34
|
* Fix potential NULL-dereference in krb5_auth_done()Sumit Bose2010-12-211-3/+3
| | | | https://fedorahosted.org/sssd/ticket/745
* Serialize requests of the same user in the krb5 providerSumit Bose2010-12-204-0/+239
|
* Fixes for automatic ticket renewalSumit Bose2010-12-204-44/+100
| | | | | | - do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
* Fix incorrect return value on failure in check_and_export_options()Sumit Bose2010-12-141-0/+1
| | | | https://fedorahosted.org/sssd/ticket/722
* Fix build issue with older Kerberos librarySumit Bose2010-12-081-2/+2
|
* Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose2010-12-072-7/+10
|
* Add support for FAST in krb5 providerSumit Bose2010-12-075-13/+344
|
* Refactor krb5_child to make helpers more flexibleSumit Bose2010-12-071-20/+36
|
* Allow krb5 lifetime values without a unitSumit Bose2010-12-031-36/+65
|
* Add support for automatic Kerberos ticket renewalSumit Bose2010-12-037-1/+420
|
* krb5_child returns TGT lifetimeSumit Bose2010-12-033-0/+57
|
* Add krb5_lifetime optionSumit Bose2010-12-033-2/+38
|
* Add krb5_renewable_lifetime optionSumit Bose2010-12-033-2/+42
|
* Check authtok type for krb5 auth and chpassSumit Bose2010-12-031-0/+12
|
* Add a renew task to krb5_childSumit Bose2010-12-031-0/+87
|
* Send authtok_type to krb5_childSumit Bose2010-12-032-2/+6
|
* Allow protocol fallback for SRV queriesJakub Hrozek2010-12-011-1/+1
| | | | https://fedorahosted.org/sssd/ticket/691
* Call krb5_child to check access permissionsSumit Bose2010-11-041-4/+121
|
* Make handle_child_* request publicSumit Bose2010-11-043-325/+429
| | | | | | I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
* Add krb5_kuserok() access check to krb5_childSumit Bose2010-11-041-17/+73
|
* Make krb5_setup() publicSumit Bose2010-11-043-6/+8
|
* Add krb5_get_simple_upn()Sumit Bose2010-11-043-6/+30
|
generated by cgit (git 2.34.1) at 2024-05-17 21:08:40 +0000