aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-09-25prototype for gss_krb5_import_credlhoward/import-credLuke Howard1-0/+7
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24347 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-23Clarify the determiniation of the initiator principal name whenLuke Howard1-16/+29
acquiring credentials git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24339 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-23Rename gssspi_set_cred_option to gss_set_cred_optionLuke Howard4-22/+52
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24338 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-29initialize output credential in gss_krb5_import_credLuke Howard1-0/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24276 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-29set minor status to krb5 error codeLuke Howard1-1/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24275 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-29cleanupLuke Howard1-2/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24273 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-29Initial implementation of gss_krb5_import_credLuke Howard14-274/+581
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24272 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-29branch for gss_krb5_import_credLuke Howard0-0/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24267 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-27Add plugin.o to T_ETYPES_OBJS because init_ctx.o needs it nowTom Yu1-1/+1
ticket: 6763 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24264 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-27New plugin infrastructureGreg Hudson8-0/+549
Merge domain-independent plugin framework code from branches/plugins2, leaving out the password quality interface. ticket: 6763 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24263 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-26Add an expansion error table for libkrb5, since krb5_err.et is fullGreg Hudson4-11/+55
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24258 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-25rd_req_decoded: clarify behavior in commentSam Hartman1-1/+8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24257 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-25Revise the profile include design so that included files areGreg Hudson4-18/+57
syntactically independent of parent files. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24256 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-24Correct a commentGreg Hudson1-2/+2
ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24255 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-24In the LDAP KDB module's populate_krb5_db_entry, fix the checks forGreg Hudson1-2/+2
the KDB_PRINC_EXPIRE_TIME_ATTR and KDB_PWD_EXPIRE_TIME_ATTR flags so that they properly succeed when the flags are set. Bug report from Rob Crittenden, patch from nalin@redhat.com. ticket: 6762 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24254 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-24add profile include supportGreg Hudson5-14/+180
Add support for "include" and "includedir" directives in profile files. See http://k5wiki.kerberos.org/wiki/Projects/Profile_Includes for more details. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24253 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-23Fail properly when profile can't be accessedGreg Hudson1-4/+9
Make profile_init() return EACCESS or EPERM if one of those errors was encountered when failing to open any of the specified profile files. This causes krb5_init_os_context() to fail properly when krb5.conf is unreadable, instead of treating that situation like a nonexistent krb5.conf. The library will continue to soldier on if one profile file is readable and another is not. This is deliberate as of r14116, whether or not it's a good idea. ticket: 6760 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24250 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-19Allow krb5_gss_register_acceptor_identity to unset keytab nameGreg Hudson2-10/+8
krb5_gss_register_acceptor_identity sets a mutex-locked global (not thread-specific) variable containing a keytab name. This change allows the variable to be unset by passing a null value. A more elegant long-term solution to the problem is Heimdal's gss_krb5_import_cred function. ticket: 6758 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24242 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-12Add GIC option for password/account expiration callbackGreg Hudson8-24/+273
Add a new GIC option to specify a callback to receive password and account expiration times found in an AS reply. See also: http://k5wiki.kerberos.org/wiki/Projects/Password_expiration_API ticket: 6755 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24241 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-12In AS replies, set the key-expiration field to the minimum of accountGreg Hudson1-1/+12
and password expiration time as specified in RFC 4120. Reported by Mary Cushion <mary@eiger.demon.co.uk>. ticket: 2032 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24240 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-12Correct the documentation for the start_kadmind keyword in k5test.pyGreg Hudson1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24239 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-12Remove two unused source files in lib/gssapi/genericGreg Hudson2-118/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24238 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-10Move the password expiry warning code out ofGreg Hudson1-84/+92
krb5_get_init_creds_password() into a helper function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24237 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-26Use xdr_int32 instead of xdr_u_int in xdr_krb5_enctype(), sinceGreg Hudson1-1/+1
enctypes are signed 32-bit values. Wire representation does not change. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24211 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-26Fix XDR decoding of large values in xdr_u_intGreg Hudson1-1/+1
Our ancient RPC value internally decodes 32-bit wire values into a signed long, which is then casted to the appropriate type. xdr_u_int() contains a check intended to catch wire values that don't fit into a u_int on platforms with 16-ints, but on platforms with 64-bit longs it was failing on values of 2^31 or larger because the sign-extended value appeared larger than UINT_MAX. Fix the check by casting the value to uint32_t before comparing. This bug, in combination with a poor choice of types in kadm_rpc_xdr.c's xdr_krb5_enctype(), prevented negative enctype values from being transported properly in kadmin's change_password command result. ticket: 6753 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24210 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-21Addendum to r24200: fix kdb5_ldap_util call site ofGreg Hudson1-1/+1
krb5_ldap_lib_init. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24201 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-21Revert the part of r24157 which added the dal_version argument to theGreg Hudson7-20/+19
init_library interface. Instead use the already existing maj_ver field of the DAL vtable to detect incompatibilities. Since maj_ver is a short int, use an incrementing number instead of a date for the major version. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24200 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-20Get the kdb_hdb module to compile again. Probably still buggy,Greg Hudson4-293/+161
particularly around the master key logic. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24193 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-19In kdb5_util's kdb5_ldap_create(), add back the assignment ofGreg Hudson1-0/+1
rblock.key which was erroneously removed in r24162. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24192 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-19Allow Microsoft HMAC-MD5 checksum types to use non-RC4 keysGreg Hudson2-4/+6
In PAC signatures, the hmac-md5 checksum type can be used with AES keys. Make this work by removing the enc field from the hmac-md5 and md5-hmac checksum types, and adding a check in krb5int_hmacmd5_checksum() for a null key or a key which is longer than the hash block size (64 bytes for MD5). The checksum algorithm only uses the key bits; it does invoke the cipher. The checksum type names are kind of wrong, but we'll leave them alone for compatibility. The descriptions are updated. ticket: 6751 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24191 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-19In the DAL documentation, describe how a module can supply referralGreg Hudson1-1/+4
encrypted padata. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24190 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-15Add check_allowed_to_delegate to the DAL with a corresponding libkdb5Greg Hudson14-236/+72
API, replacing the last method (CHECK_ALLOWED_TO_DELEGATE) of db_invoke. Remove db_invoke since it no longer has any methods. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24189 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-15Addendum to r24182: Fix a comment referencing the db_invokeGreg Hudson1-4/+2
SIGN_DB_AUTHDATA method. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24188 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-15Add refresh_config to the DAL with a corresponding libkdb5 API,Greg Hudson6-9/+25
replacing the REFRESH_POLICY method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-13Addendum to r24185: make audit_as_req return void, since it's anGreg Hudson8-33/+24
informational method and we're not going to do anything with the result. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-13Add audit_as_req to the DAL with a corresponding libkdb5 API,Greg Hudson13-103/+77
replacing the AUDIT_AS_REQ method of db_invoke. Remove the AUDIT_TGS_REQ method of db_invoke without adding a replacement, as there was no KDC support for it. (It can be added at a later time if necessary.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-13Add check_policy_as and check_policy_tgs to the DAL table withGreg Hudson14-174/+156
corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and CHECK_POLICY_TGS methods of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-12Add check_transited_realms to the DAL table with a correspondingGreg Hudson6-40/+40
libkdb5 API, replacing the CHECK_TRANSITED_REALMS method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24183 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-12Add sign_authdata to the DAL table with a corresponding libkdb5 API,Greg Hudson8-116/+111
replacing the SIGN_AUTH_DATA method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-09Addendum to r24180: make sure osa_adb_get_policy sets its outputGreg Hudson1-0/+1
parameter in all cases, per coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24181 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-09Improve output variable handling of osa_adb_get_policy() in the db2Greg Hudson1-19/+20
KDB module, and close some unlikely memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24180 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-08Fix a memory leak in libkadm5clnt's get_init_creds()Greg Hudson1-4/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24179 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-08Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modulesGreg Hudson5-36/+20
should return in-realm aliases. Set it where appropriate, and use it in the LDAP module instead of intuiting the result based on other flags. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-07Add a missing break in the parsing of krb5kdc's -P option. ReportedGreg Hudson1-0/+1
by nalin@redhat.com. ticket: 6750 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24176 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-06Remove count parameters from get_principal, put_principal,Greg Hudson45-2504/+1908
free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-04Follow-on to r24168: in kdb5_ldap_util, indirect throughGreg Hudson1-5/+5
krb5_db_store_master_key instead of using the (now removed) default implementation directly. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24174 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03In kdb5.c, simplify the code for getting the profile config sectionGreg Hudson1-93/+54
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24173 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03Remove assertions for non-nullity of init_module and fini_module inGreg Hudson1-3/+0
kdb5.c for consistency with other uses of mandatory vtable functions. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24172 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03Make the APIs for iterate, get_master_key_list, set_master_key_list,Greg Hudson3-62/+24
and promote_db return KRB5_PLUGIN_OP_NOTSUPP if the KDB module does not implement them, avoiding the need for stub default implementations. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24171 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03Use KRB5_PLUGIN_OP_NOTSUPP uniformly as the error code for operationsGreg Hudson7-35/+33
not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-08-15 03:01:19 +0000