Age | Commit message (Collapse) | Author | Files | Lines |
|
init_library interface. Instead use the already existing maj_ver
field of the DAL vtable to detect incompatibilities. Since maj_ver
is a short int, use an incrementing number instead of a date for the
major version.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24200 dc483132-0cff-0310-8789-dd5450dbe970
|
|
API, replacing the last method (CHECK_ALLOWED_TO_DELEGATE) of
db_invoke. Remove db_invoke since it no longer has any methods.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24189 dc483132-0cff-0310-8789-dd5450dbe970
|
|
replacing the REFRESH_POLICY method of db_invoke.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
|
|
informational method and we're not going to do anything with the
result.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
|
|
replacing the AUDIT_AS_REQ method of db_invoke. Remove the
AUDIT_TGS_REQ method of db_invoke without adding a replacement, as
there was no KDC support for it. (It can be added at a later time if
necessary.)
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
|
|
corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and
CHECK_POLICY_TGS methods of db_invoke.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
|
|
libkdb5 API, replacing the CHECK_TRANSITED_REALMS method of db_invoke.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24183 dc483132-0cff-0310-8789-dd5450dbe970
|
|
replacing the SIGN_AUTH_DATA method of db_invoke.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
|
|
free_principal, delete_principal, and get_policy. Make get_principal
allocate the DB entry container. Fold krb5_db_get_principal_ext into
krb5_db_get_principal.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24173 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kdb5.c for consistency with other uses of mandatory vtable functions.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24172 dc483132-0cff-0310-8789-dd5450dbe970
|
|
and promote_db return KRB5_PLUGIN_OP_NOTSUPP if the KDB module does
not implement them, avoiding the need for stub default
implementations.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24171 dc483132-0cff-0310-8789-dd5450dbe970
|
|
not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was
used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.)
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_store_master_key in terms of krb5_store_master_key_list.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24168 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Remove the stale prototype for krb5_db_free_master_key.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
|
|
libkdb5 interface. Callers can (and mostly already do) use
krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create,
tests/verify, and kdb5_util dump to do so.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
|
|
consistency. Follow suit inside the DB2 and LDAP modules. (No change
to the caller-facing libkdb5 APIs.)
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
|
|
just use the krb5_dbe prefix.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
|
|
corresponding libkdb5 APIs, as they were not productively used. In
kdb5_ldap_util, stop using the realm data's mkey field as a container
to communicate the master key to static helper functions, since the
field no longer exists.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
|
|
and stop using them in kdb5.c. Modules can simply set error messages
in the krb5 context on error.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24159 dc483132-0cff-0310-8789-dd5450dbe970
|
|
table, and remove the corresponding libkdb5 interfaces (which don't
seem to have been in the library export table).
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24158 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Add KRB5_KDB_API_VERSION to allow callers to adjust to incompatible
changes in libkdb; to be kept in sync with the libkdb major version,
which is bumped to 5 in anticipation of other changes.
Add KRB5_KDB_DAL_VERSION to allow database modules to detect when they
are mismatched with the KDB version. Since KDB modules are often
developed concurrently with trunk code, this is defined to be the date
of the last incompatible DAL change. The DAL version is passed to the
init_library DAL function; the module should check it against the value
of KRB5_KDB_DAL_VERSION it was compiled with and return
KRB5_KDB_DBTYPE_MISMATCH if it doesn't match.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24157 dc483132-0cff-0310-8789-dd5450dbe970
|
|
used.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23965 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_dbe_lookup_mkvno assumes an mkvno of 1 for entries with no
explicit tl_data. We've seen at least one pre-1.7 KDB with a master
kvno of 0, violating this assumption. Fix this as follows:
* krb5_dbe_lookup_mkvno outputs 0 instead of 1 if no tl_data exists.
* A new function krb5_dbe_get_mkvno translates this 0 value to the
minimum version number in the mkey_list. (krb5_dbe_lookup_mkvno
cannot do this as it doesn't take the mkey_list as a parameter.)
* Call sites to krb5_dbe_lookup_mkvno are converted to
krb5_dbe_get_mkvno, except for an LDAP case where it is acceptable
to store 0 if the mkvno is unknown.
ticket: 6650
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23676 dc483132-0cff-0310-8789-dd5450dbe970
|
|
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Merge Luke's users/lhoward/heimmig branch to trunk. Implements a
KDC back-end plugin which interfaces to a Heimdal HDB plugin.
ticket: 6578
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23073 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22408 dc483132-0cff-0310-8789-dd5450dbe970
|
|
in r17612.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22407 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Add enough static linking support to run the test suite without shared
libraries, to facilitate gcov and other kinds of instrumentation. The
necessary changes include:
* Undo some of the changes which removed static linking support,
and cannibalize the defunct krb5_force_static conditional block
in aclocal.m4.
* Add --enable-static-only configure option.
* For plugins, use a different symbol name for static and dynamic
builds, via a macro in k5plugin.h.
* Add build machinery for building static libraries for plugins
(somewhat grotty due to the difference in names).
* Move plugin subdirs earlier in SUBDIRS in src/Makefile.in.
* Make the in-tree KDB5 plugins dependencies of libkdb5 in a static
build (aclocal.m4 has to know what they are).
* In kdb5.c, cannibalize the broken _KDB5_STATIC_LINK support to
allow "loading" of statically linked plugin libraries.
Preauth, authdata, locate, and GSSAPI plugins are not handled by this
change, as they are not currently necessary to the test suite.
Supporting GSSAPI plugins may be a bit tricky but the others should be
straightforward if they become needed.
$(STLIBEXT) changes from .a-nobuild to .a in a normal shared build as
a result of these changes (except on AIX where aclocal.m4 changes it).
This does not seem to be important as we avoid selecting the static
library for building via other means.
ticket: 6510
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22406 dc483132-0cff-0310-8789-dd5450dbe970
|
|
with a LDAP KDB. See the ticket for more details
ticket: 6405
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22073 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Make kdb5_ldap_util work again by calling this function to set up
dal_handle instead of using one with an uninitialized lib_handle.
It is likely that kdb5_ldap_util will only function given a krb5.conf
which specifies a realm with an LDAP database module as the default
realm. Not sure if that was the case before.
ticket: 6403
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22071 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Ken R. told me that Coverity found several potential memleaks introduced
by the mkey migration project. This addresses those leaks and tweaks
the code formatting in a few places.
ticket: 6371
Version_Reported: 1.7
Target_Version: 1.7
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21900 dc483132-0cff-0310-8789-dd5450dbe970
|
|
back
The ticket contains the details.
ticket: 6361
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21884 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21879 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Commit for the Master Key Migration Project.
http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration
This commit provides the ability to add a new master key (with an
enctype differing from the current master key) to the master key
principal and stash file and then migrate the encryption of existing
principals long term keys to use the new master key. In addition
deletion of master keys is provided.
ticket: 6354
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
|
|
char* and calls free.
Replace most uses, outside of the LDAP KDB plugin, which doesn't build
on my test system of the moment because of version dependencies. Add
one explicit cast to make the change warning-neutral (under gcc 4.0.1
on Mac OS X 10.5.6).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21812 dc483132-0cff-0310-8789-dd5450dbe970
|
|
spurious Coverity defects. (Far from a comprehensive pass.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21782 dc483132-0cff-0310-8789-dd5450dbe970
|
|
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Fix a number of warnning suggesting parenthesis.
Fix a signed/unsigned warning.
Update dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21627 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6200
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6200
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20901 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Note, this is the commit for the associated Krb Consortium project:
Projects/Masterkey Keytab Stash
ticket: 194
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20661 dc483132-0cff-0310-8789-dd5450dbe970
|
|
simpler
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20620 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Changed temporary variables to use const char *
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20494 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465 dc483132-0cff-0310-8789-dd5450dbe970
|
|
and change uses to not cast all the time. Also rename it from
db_context to dal_handle, since one of the fields in the pointed-to
structure is also called db_context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20348 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20322 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ENOMEM explicitly instead of reading it from errno. This may make
static analysis tools less confused about when we return zero vs
nonzero values.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20313 dc483132-0cff-0310-8789-dd5450dbe970
|
|
output buffer is allocated according to the size of data to be
written, or snprintf otherwise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
|
|
being null function pointers.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18633 dc483132-0cff-0310-8789-dd5450dbe970
|