Cross Reference: /sssd/src/providers/krb5/krb5_renew

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*$[^(]+)\((.*?)$\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

History log of /sssd/src/providers/krb5/krb5_renew_tgt.c
Revision	Date	Author	Comments Expand
5a299e7c9f634ae86c9bd7e0a1e681aed79de6b5	07-Jul-2016	Jakub Hrozek <jhrozek@redhat.com>	KRB5: Rely on sysdb names for the renewal task The domain name is part of the domain name, so we can parse it from there instead of relying on DN components. Reviewed-by: Sumit Bose <sbose@redhat.com> krb5_renew_tgt.c
01ec08efd0e166ac6f390f8627c6d08dcc63ccc4	06-Jul-2015	Jakub Hrozek <jhrozek@redhat.com>	KRB5: Add and use krb5_auth_queue_send to queue requests by default Resolves: https://fedorahosted.org/sssd/ticket/2701 Previously, only the krb5 provides used to queue requests, which resulted in concurrent authentication requests stepping on one another. This patch queues requests by default. Reviewed-by: Sumit Bose <sbose@redhat.com> /sssd/Makefile.am /sssd/src/providers/ipa/ipa_auth.c krb5_auth.c krb5_auth.h krb5_delayed_online_authentication.c krb5_renew_tgt.c krb5_wait_queue.c /sssd/src/tests/cmocka/test_krb5_wait_queue.c
45aeb924ec3ac448bb8d174a5cc061ed98b147c7	18-Nov-2014	Jakub Hrozek <jhrozek@redhat.com>	KRB5: Move ccache-related functions to krb5_ccache.c Add a new module krb5_ccache.c that contains all ccache-related operations. The only user of this module shall be krb5_child.c as the other modules will run unprivileged and accessing the ccache requires either privileges of root or the ccache owner. Related: https://fedorahosted.org/sssd/ticket/2370 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> /sssd/Makefile.am krb5_auth.c krb5_auth.h krb5_ccache.c krb5_ccache.h krb5_child.c krb5_common.h krb5_renew_tgt.c krb5_utils.c krb5_utils.h /sssd/src/tests/krb5_child-test.c /sssd/src/tests/krb5_utils-tests.c
83bf46f4066e3d5e838a32357c201de9bd6ecdfd	12-Feb-2014	Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>	Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '.[hc]' DEBUG . \| while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG\|DEBUG_PAM_DATA\|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s, ) ( \s ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> /sssd/src/confdb/confdb.c /sssd/src/confdb/confdb_setup.c /sssd/src/db/sysdb.c /sssd/src/db/sysdb_ops.c /sssd/src/db/sysdb_ranges.c /sssd/src/db/sysdb_search.c /sssd/src/db/sysdb_upgrade.c /sssd/src/monitor/monitor.c /sssd/src/monitor/monitor_netlink.c /sssd/src/monitor/monitor_sbus.c /sssd/src/providers/data_provider_be.c /sssd/src/providers/data_provider_callbacks.c /sssd/src/providers/data_provider_fo.c /sssd/src/providers/data_provider_opts.c /sssd/src/providers/dp_auth_util.c /sssd/src/providers/dp_pam_data_util.c /sssd/src/providers/fail_over.c /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_auth.c /sssd/src/providers/ipa/ipa_common.c /sssd/src/providers/ipa/ipa_hbac_common.c /sssd/src/providers/ipa/ipa_hbac_hosts.c /sssd/src/providers/ipa/ipa_hbac_rules.c /sssd/src/providers/ipa/ipa_hbac_services.c /sssd/src/providers/ipa/ipa_hbac_users.c /sssd/src/providers/ipa/ipa_id.c /sssd/src/providers/ipa/ipa_init.c /sssd/src/providers/ipa/ipa_netgroups.c krb5_access.c krb5_auth.c krb5_child.c krb5_child_handler.c krb5_common.c krb5_delayed_online_authentication.c krb5_init.c krb5_init_shared.c krb5_renew_tgt.c krb5_utils.c krb5_wait_queue.c /sssd/src/providers/ldap/ldap_auth.c /sssd/src/providers/ldap/ldap_child.c /sssd/src/providers/ldap/ldap_common.c /sssd/src/providers/ldap/ldap_id.c /sssd/src/providers/ldap/ldap_id_cleanup.c /sssd/src/providers/ldap/ldap_id_netgroup.c /sssd/src/providers/ldap/ldap_init.c /sssd/src/providers/ldap/sdap.c /sssd/src/providers/ldap/sdap_access.c /sssd/src/providers/ldap/sdap_async.c /sssd/src/providers/ldap/sdap_async_connection.c /sssd/src/providers/ldap/sdap_async_enum.c /sssd/src/providers/ldap/sdap_async_groups.c /sssd/src/providers/ldap/sdap_async_initgroups.c /sssd/src/providers/ldap/sdap_async_initgroups_ad.c /sssd/src/providers/ldap/sdap_async_netgroups.c /sssd/src/providers/ldap/sdap_async_users.c /sssd/src/providers/ldap/sdap_child_helpers.c /sssd/src/providers/ldap/sdap_fd_events.c /sssd/src/providers/ldap/sdap_id_op.c /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_child.c /sssd/src/providers/proxy/proxy_id.c /sssd/src/providers/proxy/proxy_init.c /sssd/src/providers/proxy/proxy_netgroup.c /sssd/src/resolv/async_resolv.c /sssd/src/responder/common/negcache.c /sssd/src/responder/common/responder_cmd.c /sssd/src/responder/common/responder_common.c /sssd/src/responder/common/responder_dp.c /sssd/src/responder/nss/nsssrv.c /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/nss/nsssrv_netgroup.c /sssd/src/responder/nss/nsssrv_private.h /sssd/src/responder/nss/nsssrv_services.c /sssd/src/responder/pam/pam_LOCAL_domain.c /sssd/src/responder/pam/pamsrv.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/responder/pam/pamsrv_dp.c /sssd/src/sbus/sbus_client.c /sssd/src/sbus/sssd_dbus_common.c /sssd/src/sbus/sssd_dbus_connection.c /sssd/src/sbus/sssd_dbus_server.c /sssd/src/tests/auth-tests.c /sssd/src/tests/files-tests.c /sssd/src/tests/resolv-tests.c /sssd/src/tests/sysdb-tests.c /sssd/src/tests/sysdb_ssh-tests.c /sssd/src/tools/selinux.c /sssd/src/tools/sss_cache.c /sssd/src/tools/sss_groupadd.c /sssd/src/tools/sss_groupdel.c /sssd/src/tools/sss_groupmod.c /sssd/src/tools/sss_groupshow.c /sssd/src/tools/sss_sync_ops.c /sssd/src/tools/sss_useradd.c /sssd/src/tools/sss_userdel.c /sssd/src/tools/sss_usermod.c /sssd/src/tools/tools_util.c /sssd/src/tools/tools_util.h /sssd/src/util/check_and_open.c /sssd/src/util/child_common.c /sssd/src/util/crypto/nss/nss_obfuscate.c /sssd/src/util/crypto/nss/nss_util.c /sssd/src/util/debug.c /sssd/src/util/find_uid.c /sssd/src/util/nscd.c /sssd/src/util/signal.c /sssd/src/util/sss_krb5.c /sssd/src/util/sss_ldap.c /sssd/src/util/user_info_msg.c /sssd/src/util/usertools.c /sssd/src/util/util.c
a3c8390d19593b1e5277d95bfb4ab206d4785150	12-Feb-2014	Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>	Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '.[hc]' DEBUG . \| while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\STDIN); $text=~s#(\bDEBUG\s\([^(]+)\((.?)\)\s\)\s;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> /sssd/src/confdb/confdb.c /sssd/src/confdb/confdb_setup.c /sssd/src/db/sysdb.c /sssd/src/db/sysdb_autofs.c /sssd/src/db/sysdb_idmap.c /sssd/src/db/sysdb_ops.c /sssd/src/db/sysdb_ranges.c /sssd/src/db/sysdb_search.c /sssd/src/db/sysdb_selinux.c /sssd/src/db/sysdb_services.c /sssd/src/db/sysdb_ssh.c /sssd/src/db/sysdb_subdomains.c /sssd/src/db/sysdb_sudo.c /sssd/src/db/sysdb_upgrade.c /sssd/src/monitor/monitor.c /sssd/src/monitor/monitor_netlink.c /sssd/src/monitor/monitor_sbus.c /sssd/src/providers/ad/ad_access.c /sssd/src/providers/ad/ad_common.c /sssd/src/providers/ad/ad_domain_info.c /sssd/src/providers/ad/ad_dyndns.c /sssd/src/providers/ad/ad_id.c /sssd/src/providers/ad/ad_init.c /sssd/src/providers/ad/ad_srv.c /sssd/src/providers/ad/ad_subdomains.c /sssd/src/providers/data_provider_be.c /sssd/src/providers/data_provider_callbacks.c /sssd/src/providers/data_provider_fo.c /sssd/src/providers/data_provider_opts.c /sssd/src/providers/dp_auth_util.c /sssd/src/providers/dp_dyndns.c /sssd/src/providers/dp_pam_data_util.c /sssd/src/providers/dp_ptask.c /sssd/src/providers/dp_refresh.c /sssd/src/providers/fail_over.c /sssd/src/providers/fail_over_srv.c /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_auth.c /sssd/src/providers/ipa/ipa_autofs.c /sssd/src/providers/ipa/ipa_common.c /sssd/src/providers/ipa/ipa_config.c /sssd/src/providers/ipa/ipa_dyndns.c /sssd/src/providers/ipa/ipa_hbac_common.c /sssd/src/providers/ipa/ipa_hbac_hosts.c /sssd/src/providers/ipa/ipa_hbac_rules.c /sssd/src/providers/ipa/ipa_hbac_services.c /sssd/src/providers/ipa/ipa_hbac_users.c /sssd/src/providers/ipa/ipa_hostid.c /sssd/src/providers/ipa/ipa_hosts.c /sssd/src/providers/ipa/ipa_id.c /sssd/src/providers/ipa/ipa_idmap.c /sssd/src/providers/ipa/ipa_init.c /sssd/src/providers/ipa/ipa_netgroups.c /sssd/src/providers/ipa/ipa_s2n_exop.c /sssd/src/providers/ipa/ipa_selinux.c /sssd/src/providers/ipa/ipa_selinux_maps.c /sssd/src/providers/ipa/ipa_srv.c /sssd/src/providers/ipa/ipa_subdomains.c /sssd/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd/src/providers/ipa/ipa_subdomains_id.c /sssd/src/providers/ipa/ipa_sudo.c krb5_access.c krb5_auth.c krb5_become_user.c krb5_child.c krb5_child_handler.c krb5_common.c krb5_delayed_online_authentication.c krb5_init.c krb5_init_shared.c krb5_renew_tgt.c krb5_utils.c krb5_wait_queue.c /sssd/src/providers/ldap/ldap_access.c /sssd/src/providers/ldap/ldap_auth.c /sssd/src/providers/ldap/ldap_child.c /sssd/src/providers/ldap/ldap_common.c /sssd/src/providers/ldap/ldap_id.c /sssd/src/providers/ldap/ldap_id_cleanup.c /sssd/src/providers/ldap/ldap_id_enum.c /sssd/src/providers/ldap/ldap_id_netgroup.c /sssd/src/providers/ldap/ldap_id_services.c /sssd/src/providers/ldap/ldap_init.c /sssd/src/providers/ldap/sdap.c /sssd/src/providers/ldap/sdap_access.c /sssd/src/providers/ldap/sdap_async.c /sssd/src/providers/ldap/sdap_async_autofs.c /sssd/src/providers/ldap/sdap_async_connection.c /sssd/src/providers/ldap/sdap_async_enum.c /sssd/src/providers/ldap/sdap_async_groups.c /sssd/src/providers/ldap/sdap_async_groups_ad.c /sssd/src/providers/ldap/sdap_async_initgroups.c /sssd/src/providers/ldap/sdap_async_initgroups_ad.c /sssd/src/providers/ldap/sdap_async_nested_groups.c /sssd/src/providers/ldap/sdap_async_netgroups.c /sssd/src/providers/ldap/sdap_async_services.c /sssd/src/providers/ldap/sdap_async_sudo.c /sssd/src/providers/ldap/sdap_async_sudo_hostinfo.c /sssd/src/providers/ldap/sdap_async_sudo_timer.c /sssd/src/providers/ldap/sdap_async_users.c /sssd/src/providers/ldap/sdap_autofs.c /sssd/src/providers/ldap/sdap_child_helpers.c /sssd/src/providers/ldap/sdap_dyndns.c /sssd/src/providers/ldap/sdap_fd_events.c /sssd/src/providers/ldap/sdap_id_op.c /sssd/src/providers/ldap/sdap_idmap.c /sssd/src/providers/ldap/sdap_range.c /sssd/src/providers/ldap/sdap_refresh.c /sssd/src/providers/ldap/sdap_reinit.c /sssd/src/providers/ldap/sdap_sudo.c /sssd/src/providers/ldap/sdap_sudo_cache.c /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_child.c /sssd/src/providers/proxy/proxy_id.c /sssd/src/providers/proxy/proxy_init.c /sssd/src/providers/proxy/proxy_netgroup.c /sssd/src/providers/proxy/proxy_services.c /sssd/src/providers/simple/simple_access.c /sssd/src/providers/simple/simple_access_check.c /sssd/src/resolv/async_resolv.c /sssd/src/resolv/async_resolv_utils.c /sssd/src/responder/autofs/autofssrv.c /sssd/src/responder/autofs/autofssrv_cmd.c /sssd/src/responder/autofs/autofssrv_dp.c /sssd/src/responder/common/negcache.c /sssd/src/responder/common/responder_cmd.c /sssd/src/responder/common/responder_common.c /sssd/src/responder/common/responder_dp.c /sssd/src/responder/common/responder_get_domains.c /sssd/src/responder/nss/nsssrv.c /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/nss/nsssrv_mmap_cache.c /sssd/src/responder/nss/nsssrv_netgroup.c /sssd/src/responder/nss/nsssrv_private.h /sssd/src/responder/nss/nsssrv_services.c /sssd/src/responder/pac/pacsrv.c /sssd/src/responder/pac/pacsrv_cmd.c /sssd/src/responder/pac/pacsrv_utils.c /sssd/src/responder/pam/pam_LOCAL_domain.c /sssd/src/responder/pam/pam_helpers.c /sssd/src/responder/pam/pamsrv.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/responder/pam/pamsrv_dp.c /sssd/src/responder/ssh/sshsrv.c /sssd/src/responder/ssh/sshsrv_cmd.c /sssd/src/responder/ssh/sshsrv_dp.c /sssd/src/responder/sudo/sudosrv.c /sssd/src/responder/sudo/sudosrv_cmd.c /sssd/src/responder/sudo/sudosrv_dp.c /sssd/src/responder/sudo/sudosrv_get_sudorules.c /sssd/src/responder/sudo/sudosrv_query.c /sssd/src/sbus/sbus_client.c /sssd/src/sbus/sssd_dbus_common.c /sssd/src/sbus/sssd_dbus_connection.c /sssd/src/sbus/sssd_dbus_server.c /sssd/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd/src/tests/auth-tests.c /sssd/src/tests/cmocka/test_dyndns.c /sssd/src/tests/cmocka/test_fqnames.c /sssd/src/tests/cmocka/test_nss_srv.c /sssd/src/tests/cmocka/test_utils.c /sssd/src/tests/common_dom.c /sssd/src/tests/common_tev.c /sssd/src/tests/debug-tests.c /sssd/src/tests/files-tests.c /sssd/src/tests/krb5_child-test.c /sssd/src/tests/resolv-tests.c /sssd/src/tests/simple_access-tests.c /sssd/src/tests/sysdb-tests.c /sssd/src/tests/sysdb_ssh-tests.c /sssd/src/tools/files.c /sssd/src/tools/selinux.c /sssd/src/tools/sss_cache.c /sssd/src/tools/sss_debuglevel.c /sssd/src/tools/sss_groupadd.c /sssd/src/tools/sss_groupdel.c /sssd/src/tools/sss_groupmod.c /sssd/src/tools/sss_groupshow.c /sssd/src/tools/sss_seed.c /sssd/src/tools/sss_sync_ops.c /sssd/src/tools/sss_useradd.c /sssd/src/tools/sss_userdel.c /sssd/src/tools/sss_usermod.c /sssd/src/tools/tools_mc_util.c /sssd/src/tools/tools_util.c /sssd/src/tools/tools_util.h /sssd/src/util/authtok.c /sssd/src/util/backup_file.c /sssd/src/util/check_and_open.c /sssd/src/util/child_common.c /sssd/src/util/crypto/libcrypto/crypto_base64.c /sssd/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd/src/util/crypto/nss/nss_obfuscate.c /sssd/src/util/crypto/nss/nss_util.c /sssd/src/util/debug.c /sssd/src/util/domain_info_utils.c /sssd/src/util/find_uid.c /sssd/src/util/nscd.c /sssd/src/util/server.c /sssd/src/util/signal.c /sssd/src/util/sss_ini.c /sssd/src/util/sss_krb5.c /sssd/src/util/sss_krb5.h /sssd/src/util/sss_ldap.c /sssd/src/util/sss_nss.c /sssd/src/util/sss_selinux.c /sssd/src/util/sss_ssh.c /sssd/src/util/sss_tc_utf8.c /sssd/src/util/user_info_msg.c /sssd/src/util/usertools.c /sssd/src/util/util.c /sssd/src/util/util.h /sssd/src/util/util_lock.c /sssd/src/util/well_known_sids.c
764aa04ee92dbbd0d1eca6703294135eb97fda6d	23-Sep-2013	Sumit Bose <sbose@redhat.com>	krb5: save canonical upn to sysdb If the returned TGT contains a different user principal name (upn) than used in the request, i.e. the upn was canonicalized, we currently save it to sysdb into the same attribute where the upn coming from an LDAP server is stored as well. This means the canonical upn might be overwritten when the user data is re-read from the LDAP server. To avoid this this patch add a new attribute to sysdb where the canonical upn is stored and makes sure it is used when available. Fixes https://fedorahosted.org/sssd/ticket/2060 /sssd/src/db/sysdb.h krb5_access.c krb5_auth.c krb5_renew_tgt.c krb5_utils.c
0e65abe5cf2abf5d4b431cf6bd161b419f07901d	11-Sep-2013	Lukas Slebodnik <lslebodn@redhat.com>	Fix formating of variables with type: size_t /sssd/src/db/sysdb_autofs.c /sssd/src/db/sysdb_ops.c /sssd/src/db/sysdb_search.c /sssd/src/providers/ad/ad_srv.c /sssd/src/providers/fail_over_srv.c /sssd/src/providers/ipa/ipa_config.c /sssd/src/providers/ipa/ipa_idmap.c /sssd/src/providers/ipa/ipa_netgroups.c /sssd/src/providers/ipa/ipa_selinux.c /sssd/src/providers/ipa/ipa_selinux_maps.c /sssd/src/providers/ipa/ipa_srv.c /sssd/src/providers/ipa/ipa_subdomains_ext_groups.c krb5_child.c krb5_child_handler.c krb5_renew_tgt.c /sssd/src/providers/ldap/ldap_child.c /sssd/src/providers/ldap/ldap_id_cleanup.c /sssd/src/providers/ldap/sdap_access.c /sssd/src/providers/ldap/sdap_async_autofs.c /sssd/src/providers/ldap/sdap_async_groups.c /sssd/src/providers/ldap/sdap_async_groups_ad.c /sssd/src/providers/ldap/sdap_async_initgroups.c /sssd/src/providers/ldap/sdap_async_initgroups_ad.c /sssd/src/providers/ldap/sdap_async_nested_groups.c /sssd/src/providers/ldap/sdap_async_netgroups.c /sssd/src/providers/ldap/sdap_async_services.c /sssd/src/providers/ldap/sdap_async_sudo.c /sssd/src/providers/ldap/sdap_async_users.c /sssd/src/providers/ldap/sdap_child_helpers.c /sssd/src/providers/simple/simple_access_check.c /sssd/src/responder/nss/nsssrv_mmap_cache.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/util/child_common.c
80a874555d8b2737827bb150133ba70a83c65bb7	27-Jun-2013	Jakub Hrozek <jhrozek@redhat.com>	KRB5: guess UPN for subdomain users krb5_access.c krb5_auth.c krb5_common.c krb5_common.h krb5_renew_tgt.c krb5_utils.c krb5_utils.h
9acfb09f7969a69f58bd45c856b01700541853ca	02-Apr-2013	Lukas Slebodnik <lslebodn@redhat.com>	Making the authtok structure really opaque. Definition of structure sss_auth_token was removed from header file authtok.h and there left only declaration of this structure. Therefore only way how to use this structure is to use accessory function from same header file. To creating new empty authotok can only be used newly created function sss_authtok_new(). TALLOC context was removed from copy and setter functions, because pointer to stuct sss_auth_token is used as a memory context. All declaration of struct sss_auth_token variables was replaced with pointer to this structure and related changes was made in source code. Function copy_pam_data can copy from argument src which was dynamically allocated with function create_pam_data() or zero initialized struct pam_data allocated on stack. https://fedorahosted.org/sssd/ticket/1830 /sssd/src/providers/data_provider.h /sssd/src/providers/dp_auth_util.c /sssd/src/providers/dp_pam_data_util.c /sssd/src/providers/ipa/ipa_auth.c krb5_auth.c krb5_child.c krb5_child_handler.c krb5_delayed_online_authentication.c krb5_renew_tgt.c /sssd/src/providers/ldap/ldap_auth.c /sssd/src/providers/ldap/sdap_async_connection.c /sssd/src/providers/proxy/proxy.h /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_child.c /sssd/src/responder/pam/pam_LOCAL_domain.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/tests/krb5_child-test.c /sssd/src/util/authtok.c /sssd/src/util/authtok.h
9f37bb2012faa136ef7c1f9fe93689ce2be85637	13-Mar-2013	Ondrej Kos <okos@redhat.com>	Fix initialization of multiple variables /sssd/src/db/sysdb_search.c /sssd/src/providers/ipa/ipa_hbac_common.c /sssd/src/providers/ipa/ipa_s2n_exop.c krb5_child_handler.c krb5_renew_tgt.c /sssd/src/providers/ldap/sdap_async_groups.c /sssd/src/providers/ldap/sdap_async_initgroups.c
df0596ec12bc5091608371e2977f3111241e8caf	21-Jan-2013	Simo Sorce <simo@redhat.com>	Remove sysdb as a be context structure member The sysdb context is already available through the 'domain' structure. /sssd/src/providers/data_provider_be.c /sssd/src/providers/dp_backend.h /sssd/src/providers/ipa/ipa_auth.c /sssd/src/providers/ipa/ipa_hostid.c /sssd/src/providers/ipa/ipa_id.c /sssd/src/providers/ipa/ipa_selinux.c /sssd/src/providers/ipa/ipa_subdomains.c krb5_access.c krb5_auth.c krb5_renew_tgt.c /sssd/src/providers/ldap/ldap_auth.c /sssd/src/providers/ldap/ldap_common.c /sssd/src/providers/ldap/ldap_id.c /sssd/src/providers/ldap/ldap_id_cleanup.c /sssd/src/providers/ldap/ldap_id_enum.c /sssd/src/providers/ldap/ldap_id_netgroup.c /sssd/src/providers/ldap/ldap_id_services.c /sssd/src/providers/ldap/sdap_async_initgroups.c /sssd/src/providers/ldap/sdap_async_services.c /sssd/src/providers/ldap/sdap_async_sudo.c /sssd/src/providers/ldap/sdap_autofs.c /sssd/src/providers/ldap/sdap_idmap.c /sssd/src/providers/ldap/sdap_sudo.c /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_id.c /sssd/src/providers/simple/simple_access.c /sssd/src/providers/simple/simple_access.h
64af76e2bef2565caa9738f675c108a4b3789237	10-Jan-2013	Simo Sorce <simo@redhat.com>	Change pam data auth tokens. Use the new authtok abstraction and interfaces throught the code. /sssd/Makefile.am /sssd/src/db/sysdb_ops.c /sssd/src/providers/data_provider.h /sssd/src/providers/dp_auth_util.c /sssd/src/providers/dp_pam_data_util.c /sssd/src/providers/ipa/ipa_auth.c krb5_auth.c krb5_child.c krb5_child_handler.c krb5_delayed_online_authentication.c krb5_renew_tgt.c /sssd/src/providers/ldap/ldap_auth.c /sssd/src/providers/ldap/sdap_async.c /sssd/src/providers/ldap/sdap_async.h /sssd/src/providers/ldap/sdap_async_connection.c /sssd/src/providers/proxy/proxy.h /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_child.c /sssd/src/responder/pam/pam_LOCAL_domain.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/tests/krb5_child-test.c
10c50d237d6e3137499fcfaa5a804e6712e002ee	20-Dec-2012	Sumit Bose <sbose@redhat.com>	krb5 tgt renewal: fix usage of ldb_dn_get_component_val() For some reason I was under the impression that the DN components are counted backwards in libldb. This patch corrects this. krb5_renew_tgt.c
964628ab89229e9266adc5f4f8a26222734788b7	26-Oct-2012	Sumit Bose <sbose@redhat.com>	Use find_or_guess_upn() where needed krb5_access.c krb5_auth.c krb5_auth.h krb5_renew_tgt.c /sssd/src/tests/krb5_child-test.c /sssd/src/tests/krb5_utils-tests.c
28269b2c1fa38e4579853b7afbe30381a8ab8912	26-Oct-2012	Sumit Bose <sbose@redhat.com>	check_ccache_files: search sub-domains as well If sssd is configured to renew Kerberos tickets automatically ticket of sub-domain uses should be renewed as well. krb5_renew_tgt.c
8a1738f9379a1b8fb5c95c3df649e014ff5a1434	15-Aug-2011	Jan Zeleny <jzeleny@redhat.com>	sysdb refactoring: deleted domain variables in sysdb API The patch also updates code using modified functions. Tests have also been adjusted. /sssd/src/db/sysdb.c /sssd/src/db/sysdb.h /sssd/src/db/sysdb_ops.c /sssd/src/db/sysdb_search.c /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_auth.c /sssd/src/providers/ipa/ipa_hbac_common.c /sssd/src/providers/ipa/ipa_hbac_hosts.c /sssd/src/providers/ipa/ipa_hbac_services.c /sssd/src/providers/ipa/ipa_hbac_users.c krb5_access.c krb5_auth.c krb5_renew_tgt.c /sssd/src/providers/ldap/ldap_auth.c /sssd/src/providers/ldap/ldap_common.c /sssd/src/providers/ldap/ldap_id.c /sssd/src/providers/ldap/ldap_id_cleanup.c /sssd/src/providers/ldap/ldap_id_enum.c /sssd/src/providers/ldap/ldap_id_netgroup.c /sssd/src/providers/ldap/sdap_access.c /sssd/src/providers/ldap/sdap_async_accounts.c /sssd/src/providers/ldap/sdap_async_netgroups.c /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_id.c /sssd/src/providers/proxy/proxy_netgroup.c /sssd/src/providers/simple/simple_access.c /sssd/src/python/pysss.c /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/nss/nsssrv_netgroup.c /sssd/src/responder/pam/pam_LOCAL_domain.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/tests/sysdb-tests.c /sssd/src/tools/sss_cache.c /sssd/src/tools/sss_groupdel.c /sssd/src/tools/sss_groupmod.c /sssd/src/tools/sss_groupshow.c /sssd/src/tools/sss_sync_ops.c /sssd/src/tools/sss_sync_ops.h /sssd/src/tools/sss_useradd.c /sssd/src/tools/sss_userdel.c /sssd/src/tools/sss_usermod.c /sssd/src/tools/tools_util.c
7591a7368078c2b4cde744ede431260fd663903a	02-Jun-2011	Sumit Bose <sbose@redhat.com>	Add online callback only once for TGT renewal krb5_renew_tgt.c
08c427fc3cdec58b670de02a6c39d2ec4d753050	02-May-2011	Sumit Bose <sbose@redhat.com>	Return pam data to the renewal item if renewal fails A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running. krb5_renew_tgt.c
318f12c90208971a5b6d3574f0026601161d81c7	22-Feb-2011	Sumit Bose <sbose@redhat.com>	Check ccache file for renewable TGTs at startup krb5_renew_tgt.c krb5_utils.c krb5_utils.h
cc0f97794926a426ee82df343dc223c9648ed064	18-Feb-2011	Sumit Bose <sbose@redhat.com>	Remove renewal item if it is not re-added krb5_renew_tgt.c
589dd0f6600515926e4e514442c62366db0a62b3	20-Dec-2010	Sumit Bose <sbose@redhat.com>	Fixes for automatic ticket renewal - do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes krb5_auth.c krb5_auth.h krb5_child.c krb5_renew_tgt.c
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8	03-Dec-2010	Sumit Bose <sbose@redhat.com>	Add support for automatic Kerberos ticket renewal /sssd/Makefile.am /sssd/src/config/SSSDConfig.py /sssd/src/config/SSSDConfigTest.py /sssd/src/config/etc/sssd.api.d/sssd-krb5.conf /sssd/src/man/sssd-krb5.5.xml /sssd/src/providers/ipa/ipa_common.c /sssd/src/providers/ipa/ipa_common.h krb5_auth.c krb5_auth.h krb5_child_handler.c krb5_common.c krb5_common.h krb5_init.c krb5_renew_tgt.c