Age | Commit message (Collapse) | Author | Files | Lines |
|
Remove the stale prototype for krb5_db_free_master_key.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
|
|
libkdb5 interface. Callers can (and mostly already do) use
krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create,
tests/verify, and kdb5_util dump to do so.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
|
|
consistency. Follow suit inside the DB2 and LDAP modules. (No change
to the caller-facing libkdb5 APIs.)
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
|
|
just use the krb5_dbe prefix.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24163 dc483132-0cff-0310-8789-dd5450dbe970
|
|
corresponding libkdb5 APIs, as they were not productively used. In
kdb5_ldap_util, stop using the realm data's mkey field as a container
to communicate the master key to static helper functions, since the
field no longer exists.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
|
|
there is no version mismatch.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24161 dc483132-0cff-0310-8789-dd5450dbe970
|
|
in kdb5_ldap_util.c.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24160 dc483132-0cff-0310-8789-dd5450dbe970
|
|
and stop using them in kdb5.c. Modules can simply set error messages
in the krb5 context on error.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24159 dc483132-0cff-0310-8789-dd5450dbe970
|
|
table, and remove the corresponding libkdb5 interfaces (which don't
seem to have been in the library export table).
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24158 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Add KRB5_KDB_API_VERSION to allow callers to adjust to incompatible
changes in libkdb; to be kept in sync with the libkdb major version,
which is bumped to 5 in anticipation of other changes.
Add KRB5_KDB_DAL_VERSION to allow database modules to detect when they
are mismatched with the KDB version. Since KDB modules are often
developed concurrently with trunk code, this is defined to be the date
of the last incompatible DAL change. The DAL version is passed to the
init_library DAL function; the module should check it against the value
of KRB5_KDB_DAL_VERSION it was compiled with and return
KRB5_KDB_DBTYPE_MISMATCH if it doesn't match.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24157 dc483132-0cff-0310-8789-dd5450dbe970
|
|
explicitly (with AI_ADDRCONFIG specified where available, to avoid
IPv6 on hosts with no IPv6 interface) and then fall back to IPv4.
Only set IPV6_V6ONLY on the listener socket if the resulting address
is IPv6.
Note: we have mostly confirmed that OpenBSD does not have dual-stack
support, meaning that it would be better to open separate IPv4 and
IPv6 listener sockets, as we do in krb5kdc and kadmind.
Unfortunately, the complicated iprop retry-and-backoff logic makes
this less than straightforward.
ticket: 6686
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24156 dc483132-0cff-0310-8789-dd5450dbe970
|
|
happens to coincide with what setup_a_rpc_listener does.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24153 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24152 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24151 dc483132-0cff-0310-8789-dd5450dbe970
|
|
argument to bind(), causing it to fail on Solaris.
ticket: 6746
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24148 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Make gssrpc work over IPv6 TCP sockets provided that the client
creates and connects/binds the sockets and doesn't query their
addresses or use bindresvport(). Make kadmin work within those
constraints and handle IPv6. Specific changes:
* Make svctcp_create() able to extract the port from an IPv6 socket,
using a new helper function getport().
* Make clnttcp_create() handle a null raddr value if *sockp is set.
* Make kadm5_get_service_name() use getaddrinfo() to canonicalize the
admin server name.
* Make libkadm5clnt's init_any() responsible for connecting its socket
using a new helper function connect_to_server(), which uses
getaddrinfo instead of gethostbyname. Pass a null address to
clnttcp_create().
* Make libapputil's net-server.c set up IPv6 as well as IPv4 listener
ports for RPC connections.
* Adjust the error code expected in a libkadm5 unit test.
ticket: 6746
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24147 dc483132-0cff-0310-8789-dd5450dbe970
|
|
particular, avoid the use of library namespace prefixes for static
helper functions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24146 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24145 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24144 dc483132-0cff-0310-8789-dd5450dbe970
|
|
around uninitialized values.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24143 dc483132-0cff-0310-8789-dd5450dbe970
|
|
util_context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24142 dc483132-0cff-0310-8789-dd5450dbe970
|
|
use util_context for some reason), which didn't work with the LDAP
back end because LDAP doesn't recognize KRB5_KDB_SRV_TYPE_OTHER. As a
minimal fix, change that to KRB5_KDB_SRV_TYPE_ADMIN to be consistent
with open_db_and_mkey()--see also r18736.
ticket: 6345
target_version: 1.8.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24141 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6744
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24140 dc483132-0cff-0310-8789-dd5450dbe970
|
|
gss_krb5int_lib_init was adding the generic GSS error table (again)
instead of the krb5 error table, which could lead to crashes on
library unload. This bug was introduced in krb5 1.7; the fix is also
applicable there.
Patch from Leonardo Chiquitto <leonardo.lists@gmail.com>.
ticket: 6745
target_version: 1.8.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24139 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Running "make check" while offline or on a firewalled network may
result in failure in lib/krb5/os because the invocation of
t_locate_kdc requires that the DNS servers for ATHENA.MIT.EDU be
reachable. Autodetect DNS utilities "dig" and "nslookup", and use
them to check for existence of the known-good DNS name. Also
parameterize the test so that the known-good DNS name can be
overridden on the make command line.
ticket: 6744
target_version: 1.8.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24138 dc483132-0cff-0310-8789-dd5450dbe970
|
|
buffer size, and pad it on the left if so.
ticket: 6738
target_version: 1.8.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24137 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* Use %p and void * for pointers instead of %x and int
* Don't call the computed symmetric key the "secret key" since
that's easily confused with the private key g^x.
* Print the private key when printing DH parameters, instead of the
q value (not even sure what they is).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24136 dc483132-0cff-0310-8789-dd5450dbe970
|
|
when setting up krb5_address structures. kpropd still only binds to
one socket to avoid the need for a select() loop, so we turn off
IPV6_V6ONLY on that socket to ensure that IPv4 connections will still
be accepted.
Based on a patch from Michael Stapelberg <michael@stapelberg.de>.
ticket: 6686
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24134 dc483132-0cff-0310-8789-dd5450dbe970
|
|
was ifdef'd out fifteen years ago in r5464.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24133 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(it's exactly the same).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24132 dc483132-0cff-0310-8789-dd5450dbe970
|
|
conflict.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24126 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24125 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24124 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kadmin's ktadd (and ktrem) displays WRFILE:/etc/krb5.keytab whenever
it uses the default keytab, even if the default has been overridden
(e.g. by KRB5_KTNAME). Use krb5_kt_get_name to get the correct name
of the default cache instead of displaying the string we think was
used to open it.
ticket: 6740
target_version: 1.8.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24123 dc483132-0cff-0310-8789-dd5450dbe970
|
|
description. Affects klist -e, kdb5_util list_mkeys, kdb5_util stash
(error message), kadmin getprinc, kadmin ktadd, and ktutil list -e.
ticket: 5014
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24122 dc483132-0cff-0310-8789-dd5450dbe970
|
|
the message wrap/unwrap functions in the krb5 GSS mech. Heimdal
doesn't do it, and it generally results in poor app behavior when a
ticket expires. In exchange, it doesn't provide much security benefit
since it's not enforced across the board--for example, ssh sessions
can persist beyond ticket expiration time since they don't use GSS to
wrap payload data.
(This is a continuation of r24120, which should have contained the
changes to all four files.)
ticket: 6739
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24121 dc483132-0cff-0310-8789-dd5450dbe970
|
|
the message wrap/unwrap functions in the krb5 GSS mech. Heimdal
doesn't do it, and it generally results in poor app behavior when a
ticket expires. In exchange, it doesn't provide much security benefit
since it's not enforced across the board--for example, ssh sessions
can persist beyond ticket expiration time since they don't use GSS to
wrap payload data.
ticket: 6739
target_version: 1.8.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24120 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Add trace logging infrastructure code, enabled by the KRB5_TRACE
environment variable or the API functions krb5_set_trace_callback()
or krb5_set_trace_filename(). As a start, add tracing events for:
* AS-REQ client code, including FAST and preauth
* TGS-REQ client code
* AP-REQ and AP-REP code (client and server)
* sendto_kdc
* Selected ccache operations
* Selected keytab operations
ticket: 6737
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24118 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Add an API to return the input name, or optionally the shortest alias,
of an enctype. Similar to krb5_enctype_to_string() which returns a
description.
ticket: 6736
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24117 dc483132-0cff-0310-8789-dd5450dbe970
|
|
with the krb5_cc_remove_cred call in krb5_cc_store_cred.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24110 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24109 dc483132-0cff-0310-8789-dd5450dbe970
|
|
is no S4U2Proxy authdata.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24107 dc483132-0cff-0310-8789-dd5450dbe970
|
|
by r15736 when we added the master_kdc profile variable.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24106 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24105 dc483132-0cff-0310-8789-dd5450dbe970
|
|
can be retrieved after they've scrolled away.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24103 dc483132-0cff-0310-8789-dd5450dbe970
|
|
When FAST negotiation is performed against an older KDC
(rep->enc_part2->flags & TKT_FLG_ENC_PA_REP not set),
krb5int_fast_verify_nego did not set the value of *fast_avail, causing
stack garbage to be used in init_creds_step_reply. Initialize
*fast_avail at the beginning of the function per coding practices.
ticket: 6734
target_version: 1.8.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24102 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24101 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24100 dc483132-0cff-0310-8789-dd5450dbe970
|