aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-10-06Fix typolhoward/sasl-gs2Greg Hudson1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24435 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-06Style policeGreg Hudson7-57/+66
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24434 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-30merge r24267:24387 into gs2-saslLuke Howard259-3745/+11756
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24388 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-30initialize credential to NULLLuke Howard1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24386 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-30dump mechanism attributes, cleanupLuke Howard1-6/+70
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24385 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-29plug leakLuke Howard1-1/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24383 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-29reformatLuke Howard1-1/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24382 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-29dump naming attributes in sample serverLuke Howard1-2/+91
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24373 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-29gss_set_neg_mechs() supportLuke Howard1-7/+32
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24372 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-29Check for out of memory when generating SASL nameLuke Howard2-13/+23
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24371 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-28back out r24362 for now, it's not related to GS2Luke Howard1-19/+5
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24368 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-27make gss_store_cred() a NOOP if copying to same ccacheLuke Howard1-5/+19
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24362 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-27Use IAKERB header for all IAKERB messagesLuke Howard4-4/+16
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24358 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-25make arguments optional for RFC 5587Luke Howard3-8/+23
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24354 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-25All RFC 5801 arguments are optionalLuke Howard4-29/+32
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24353 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-25cleanupLuke Howard1-2/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24352 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-25API is published in RFC 5801, so move to gssapi.hLuke Howard2-18/+20
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24351 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-25Implement RFC 5587Luke Howard11-8/+685
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24350 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-25prototype for gss_krb5_import_credLuke Howard1-0/+7
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24346 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-25More work on SASL naming; add testsLuke Howard5-7/+139
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24345 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-25fix some more bugs in krb5/spnego sasl name implLuke Howard2-6/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24344 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-25Fix nits in krb5/spnego SASL mappingLuke Howard3-7/+9
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24343 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-25Allow mech to return GSS_S_BAD_MECH when inquiring SASL mappingLuke Howard1-1/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24342 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-24gss_inquire_saslname_for_mech/gss_inquire_mech_for_saslname implementationLuke Howard9-4/+349
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24341 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-24branch for SASL GS2Luke Howard0-0/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/sasl-gs2@24340 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-23Clarify the determiniation of the initiator principal name whenLuke Howard1-16/+29
acquiring credentials git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24339 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-23Rename gssspi_set_cred_option to gss_set_cred_optionLuke Howard4-22/+52
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24338 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-29initialize output credential in gss_krb5_import_credLuke Howard1-0/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24276 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-29set minor status to krb5 error codeLuke Howard1-1/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24275 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-29cleanupLuke Howard1-2/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24273 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-29Initial implementation of gss_krb5_import_credLuke Howard14-274/+581
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24272 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-29branch for gss_krb5_import_credLuke Howard0-0/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/import-cred@24267 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-27Add plugin.o to T_ETYPES_OBJS because init_ctx.o needs it nowTom Yu1-1/+1
ticket: 6763 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24264 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-27New plugin infrastructureGreg Hudson8-0/+549
Merge domain-independent plugin framework code from branches/plugins2, leaving out the password quality interface. ticket: 6763 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24263 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-26Add an expansion error table for libkrb5, since krb5_err.et is fullGreg Hudson4-11/+55
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24258 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-25rd_req_decoded: clarify behavior in commentSam Hartman1-1/+8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24257 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-25Revise the profile include design so that included files areGreg Hudson4-18/+57
syntactically independent of parent files. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24256 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-24Correct a commentGreg Hudson1-2/+2
ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24255 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-24In the LDAP KDB module's populate_krb5_db_entry, fix the checks forGreg Hudson1-2/+2
the KDB_PRINC_EXPIRE_TIME_ATTR and KDB_PWD_EXPIRE_TIME_ATTR flags so that they properly succeed when the flags are set. Bug report from Rob Crittenden, patch from nalin@redhat.com. ticket: 6762 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24254 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-24add profile include supportGreg Hudson5-14/+180
Add support for "include" and "includedir" directives in profile files. See http://k5wiki.kerberos.org/wiki/Projects/Profile_Includes for more details. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24253 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-23Fail properly when profile can't be accessedGreg Hudson1-4/+9
Make profile_init() return EACCESS or EPERM if one of those errors was encountered when failing to open any of the specified profile files. This causes krb5_init_os_context() to fail properly when krb5.conf is unreadable, instead of treating that situation like a nonexistent krb5.conf. The library will continue to soldier on if one profile file is readable and another is not. This is deliberate as of r14116, whether or not it's a good idea. ticket: 6760 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24250 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-19Allow krb5_gss_register_acceptor_identity to unset keytab nameGreg Hudson2-10/+8
krb5_gss_register_acceptor_identity sets a mutex-locked global (not thread-specific) variable containing a keytab name. This change allows the variable to be unset by passing a null value. A more elegant long-term solution to the problem is Heimdal's gss_krb5_import_cred function. ticket: 6758 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24242 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-12Add GIC option for password/account expiration callbackGreg Hudson8-24/+273
Add a new GIC option to specify a callback to receive password and account expiration times found in an AS reply. See also: http://k5wiki.kerberos.org/wiki/Projects/Password_expiration_API ticket: 6755 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24241 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-12In AS replies, set the key-expiration field to the minimum of accountGreg Hudson1-1/+12
and password expiration time as specified in RFC 4120. Reported by Mary Cushion <mary@eiger.demon.co.uk>. ticket: 2032 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24240 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-12Correct the documentation for the start_kadmind keyword in k5test.pyGreg Hudson1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24239 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-12Remove two unused source files in lib/gssapi/genericGreg Hudson2-118/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24238 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-10Move the password expiry warning code out ofGreg Hudson1-84/+92
krb5_get_init_creds_password() into a helper function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24237 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-26Use xdr_int32 instead of xdr_u_int in xdr_krb5_enctype(), sinceGreg Hudson1-1/+1
enctypes are signed 32-bit values. Wire representation does not change. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24211 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-26Fix XDR decoding of large values in xdr_u_intGreg Hudson1-1/+1
Our ancient RPC value internally decodes 32-bit wire values into a signed long, which is then casted to the appropriate type. xdr_u_int() contains a check intended to catch wire values that don't fit into a u_int on platforms with 16-ints, but on platforms with 64-bit longs it was failing on values of 2^31 or larger because the sign-extended value appeared larger than UINT_MAX. Fix the check by casting the value to uint32_t before comparing. This bug, in combination with a poor choice of types in kadm_rpc_xdr.c's xdr_krb5_enctype(), prevented negative enctype values from being transported properly in kadmin's change_password command result. ticket: 6753 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24210 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-21Addendum to r24200: fix kdb5_ldap_util call site ofGreg Hudson1-1/+1
krb5_ldap_lib_init. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24201 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-08-15 03:02:48 +0000