diff options
author | Matt Rogers <mrogers@redhat.com> | 2017-02-28 15:55:24 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2017-03-23 13:11:09 -0400 |
commit | b619ce84470519bea65470be3263cd85fba94f57 (patch) | |
tree | 697178fa4f7eb7c1b2e1ccb6de6503fb7cf7ad13 /src/tests/Makefile.in | |
parent | 7027788ae6adbd06d5a16de6ee62e489a4dca68b (diff) | |
download | krb5-b619ce84470519bea65470be3263cd85fba94f57.zip krb5-b619ce84470519bea65470be3263cd85fba94f57.tar.gz krb5-b619ce84470519bea65470be3263cd85fba94f57.tar.bz2 |
Add certauth pluggable interface
Add the header include/krb5/certauth_plugin.h, defining a pluggable
interface to control authorization of PKINIT client certificates.
Add the "pkinit_san" and "pkinit_eku" builtin certauth modules and
related PKINIT crypto X.509 helper functions. Add authorize_cert() as
the entry function for certauth plugin module checks called in
pkinit_server_verify_padata(). Modify kdcpreauth_moddata to hold the
list of certauth module handles, and load the modules when the PKINIT
kdcpreauth server plugin is initialized. Change
crypto_retrieve_X509_sans() to return ENOENT when no SAN is found.
Add test modules in plugins/certauth/test. Create t_certauth.py with
basic certauth tests. Add plugin interface documentation in
doc/plugindev/certauth.rst and doc/admin/krb5_conf.rst.
[ghudson@mit.edu: simplified code, edited docs]
ticket: 8561 (new)
Diffstat (limited to 'src/tests/Makefile.in')
-rw-r--r-- | src/tests/Makefile.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index 219d973..d20d748 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -171,6 +171,7 @@ check-pytests: unlockiter $(RUNPYTEST) $(srcdir)/t_preauth.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_princflags.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_tabdump.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_certauth.py $(PYTESTFLAGS) clean: $(RM) adata etinfo forward gcred hist hooks hrealm icinterleave icred |