aboutsummaryrefslogtreecommitdiff
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2010-07-21Addendum to r24200: fix kdb5_ldap_util call site ofGreg Hudson1-1/+1
krb5_ldap_lib_init. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24201 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-21Revert the part of r24157 which added the dal_version argument to theGreg Hudson5-13/+7
init_library interface. Instead use the already existing maj_ver field of the DAL vtable to detect incompatibilities. Since maj_ver is a short int, use an incrementing number instead of a date for the major version. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24200 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-20Get the kdb_hdb module to compile again. Probably still buggy,Greg Hudson4-293/+161
particularly around the master key logic. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24193 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-19In kdb5_util's kdb5_ldap_create(), add back the assignment ofGreg Hudson1-0/+1
rblock.key which was erroneously removed in r24162. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24192 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-15Add check_allowed_to_delegate to the DAL with a corresponding libkdb5Greg Hudson10-161/+40
API, replacing the last method (CHECK_ALLOWED_TO_DELEGATE) of db_invoke. Remove db_invoke since it no longer has any methods. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24189 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-15Add refresh_config to the DAL with a corresponding libkdb5 API,Greg Hudson2-0/+2
replacing the REFRESH_POLICY method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-13Addendum to r24185: make audit_as_req return void, since it's anGreg Hudson5-11/+11
informational method and we're not going to do anything with the result. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-13Add audit_as_req to the DAL with a corresponding libkdb5 API,Greg Hudson9-48/+36
replacing the AUDIT_AS_REQ method of db_invoke. Remove the AUDIT_TGS_REQ method of db_invoke without adding a replacement, as there was no KDC support for it. (It can be added at a later time if necessary.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-13Add check_policy_as and check_policy_tgs to the DAL table withGreg Hudson9-52/+50
corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and CHECK_POLICY_TGS methods of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-12Add check_transited_realms to the DAL table with a correspondingGreg Hudson2-1/+2
libkdb5 API, replacing the CHECK_TRANSITED_REALMS method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24183 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-12Add sign_authdata to the DAL table with a corresponding libkdb5 API,Greg Hudson2-1/+2
replacing the SIGN_AUTH_DATA method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-09Addendum to r24180: make sure osa_adb_get_policy sets its outputGreg Hudson1-0/+1
parameter in all cases, per coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24181 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-09Improve output variable handling of osa_adb_get_policy() in the db2Greg Hudson1-19/+20
KDB module, and close some unlikely memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24180 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-08Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modulesGreg Hudson1-25/+1
should return in-realm aliases. Set it where appropriate, and use it in the LDAP module instead of intuiting the result based on other flags. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-06Remove count parameters from get_principal, put_principal,Greg Hudson17-836/+736
free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-04Follow-on to r24168: in kdb5_ldap_util, indirect throughGreg Hudson1-5/+5
krb5_db_store_master_key instead of using the (now removed) default implementation directly. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24174 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03Use KRB5_PLUGIN_OP_NOTSUPP uniformly as the error code for operationsGreg Hudson2-2/+2
not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03Remove return value from void functionKen Raeburn1-1/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24169 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove store_master_key from the DAL table, and implementGreg Hudson2-2/+1
krb5_store_master_key in terms of krb5_store_master_key_list. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24168 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Make krb5_db_free_principal and krb5_db_free_mkey_list return void.Greg Hudson5-9/+9
Remove the stale prototype for krb5_db_free_master_key. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2-2/+1
libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove db_ and similar prefixes from DAL function names, forGreg Hudson8-190/+168
consistency. Follow suit inside the DB2 and LDAP modules. (No change to the caller-facing libkdb5 APIs.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson1-12/+8
just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove setup_master_key_name from the DAL table as it was not usedGreg Hudson2-2/+1
ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24163 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove the set_master_key and get_master_key DAL interfaces and theirGreg Hudson10-169/+22
corresponding libkdb5 APIs, as they were not productively used. In kdb5_ldap_util, stop using the realm data's mkey field as a container to communicate the master key to static helper functions, since the field no longer exists. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Follow-up to r24157: return correctly from krb5_ldap_lib_init() ifGreg Hudson1-0/+1
there is no version mismatch. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24161 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Follow-on to r24157: pass KRB5_KDB_DAL_VERSION to krb5_ldap_lib_init()Greg Hudson1-1/+1
in kdb5_ldap_util.c. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24160 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove errcode_2_string and release_errcode_string from the DAL table,Greg Hudson4-22/+0
and stop using them in kdb5.c. Modules can simply set error messages in the krb5 context on error. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24159 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove db_supported_realms and db_free_supported_realms from the DALGreg Hudson5-28/+0
table, and remove the corresponding libkdb5 interfaces (which don't seem to have been in the library export table). ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24158 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02DAL improvementsGreg Hudson3-4/+8
Add KRB5_KDB_API_VERSION to allow callers to adjust to incompatible changes in libkdb; to be kept in sync with the libkdb major version, which is bumped to 5 in anticipation of other changes. Add KRB5_KDB_DAL_VERSION to allow database modules to detect when they are mismatched with the KDB version. Since KDB modules are often developed concurrently with trunk code, this is defined to be the date of the last incompatible DAL change. The DAL version is passed to the init_library DAL function; the module should check it against the value of KRB5_KDB_DAL_VERSION it was compiled with and return KRB5_KDB_DBTYPE_MISMATCH if it doesn't match. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24157 dc483132-0cff-0310-8789-dd5450dbe970
2010-06-14In PKINIT, notice if DH_compute_key() returns a value less than theGreg Hudson1-2/+18
buffer size, and pad it on the left if so. ticket: 6738 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24137 dc483132-0cff-0310-8789-dd5450dbe970
2010-06-14Adjust the PKINIT DH debugging code:Greg Hudson1-7/+8
* Use %p and void * for pointers instead of %x and int * Don't call the computed symmetric key the "secret key" since that's easily confused with the private key g^x. * Print the private key when printing DH parameters, instead of the q value (not even sure what they is). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24136 dc483132-0cff-0310-8789-dd5450dbe970
2010-06-07make dependGreg Hudson5-179/+189
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-16Update dependenciesKen Raeburn1-14/+14
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24041 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-10Add lockout-related performance tuning variablesGreg Hudson6-39/+124
The account lockout feature of krb5 1.8 came at a cost in database accesses for principals requiring preauth, even if lockout is not used. Add dbmodules variables disable_last_success and disable_lockout for the DB2 and LDAP back ends, allowing the admin to recover the lost performance at the cost of new functionality. (Unrelated documentation fix: document database_name as a DB2-specific dbmodules variable instead of the realm variable it used to be.) ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24003 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-10Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAPGreg Hudson1-22/+29
In krb5_ldap_put_principal, use krb5_get_attributes_mask to determine whether krbLoginFailedCount existed on the entry when it was retrieved. If it didn't exist, don't try to use LDAP_MOD_INCREMENT, and don't assert an old value when not using LDAP_MOD_INCREMENT. Also, create the krbLoginFailedCount attribute when creating new entries. This allows us to use LDAP_MOD_INCREMENT during the first failed login (if the server supports it), avoiding a race condition. ticket: 6718 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24002 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-05General code consistency pass in kdb_db2.c.Greg Hudson1-136/+56
Removes some pointless null checks. Frees the DB context when a DB is finalized. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23973 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-04Adjust for removal of krb5_ldap_set_option in r23965Tom Yu1-1/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23972 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-04Remove a stray comment from r23966Greg Hudson1-1/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23967 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-04Refactor the kdb_db2.c code which processes db_args and profileGreg Hudson2-305/+134
variables to configure a DB context, to avoid repeating that code three times in open/create/destroy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23966 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-04Remove krb5_db_set_option and the associated DAL entry. It was notGreg Hudson6-60/+0
used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23965 dc483132-0cff-0310-8789-dd5450dbe970
2010-03-25Straighten the if-ladder in encrypted challenge's process_preauth,Greg Hudson1-7/+6
making it clearer that control drops through if one of the first couple of steps fails. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23836 dc483132-0cff-0310-8789-dd5450dbe970
2010-02-20Update dependenciesKen Raeburn4-33/+46
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23740 dc483132-0cff-0310-8789-dd5450dbe970
2010-02-20Move array decl from mixed within code down into the block where it'sKen Raeburn1-8/+11
actually used, for C90 compliance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23739 dc483132-0cff-0310-8789-dd5450dbe970
2010-02-20Update export list for 2007 plugin interface changeKen Raeburn1-2/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23738 dc483132-0cff-0310-8789-dd5450dbe970
2010-02-20Move array decl from mixed within code down into the block where it'sKen Raeburn1-8/+11
actually used, for C90 compliance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23737 dc483132-0cff-0310-8789-dd5450dbe970
2010-02-19Make plugins/cksum_body more likely to build, and remove the empty srcGreg Hudson1-2/+2
directory within. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23736 dc483132-0cff-0310-8789-dd5450dbe970
2010-02-03Fix greet_server buildGreg Hudson1-1/+1
Fix the export list for the greet_server plugin. ticket: 6654 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23694 dc483132-0cff-0310-8789-dd5450dbe970
2010-01-27Update the LDAP dependencies for r23674Greg Hudson2-132/+161
ticket: 6649 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23675 dc483132-0cff-0310-8789-dd5450dbe970
2010-01-27Get rid of kdb_ext.h and allow out-of-tree KDB pluginsGreg Hudson4-18/+13
Move the contents of kdb_ext.h into kdb.h, since there is no meaningful "extensions" category of DB interfaces now that this stuff is in our tree. Allows out-of-tree KDB plugins to be built since we install kdb.h. ticket: 6649 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23674 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-09-08 05:02:45 +0000