summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Add no-op macro for ngettext for non-NLS buildsGreg Hudson2012-05-091-0/+1
| | | | | | | r25857 (#7128) uses ngettext, which means we need a no-op macro for it when we're building without NLS support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25859 dc483132-0cff-0310-8789-dd5450dbe970
* Constify get_init_creds string input paramsGreg Hudson2012-05-096-15/+17
| | | | | | | | | | | | The get_init_creds functions take read-only string input parameters for passwords and initial ticket services. Make these const char * parameters instead of just char * parameters, for caller convenience. Reported by rra@stanford.edu. ticket: 7121 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25858 dc483132-0cff-0310-8789-dd5450dbe970
* Add API to interpret changepw result stringsGreg Hudson2012-05-0910-14/+399
| | | | | | | | | | | | | Active Directory returns structured policy information in the nominally UTF-8 result string field of a password change reply. Add a new API krb5_chpw_message() to convert a result string into a displayable message, interpreting policy information if present. Patch from stefw@gnome.org with changes. ticket: 7128 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25857 dc483132-0cff-0310-8789-dd5450dbe970
* Constify krb5int_utf8_normalize input parameterGreg Hudson2012-05-092-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25856 dc483132-0cff-0310-8789-dd5450dbe970
* First pass at PKINIT client trace logsGreg Hudson2012-05-084-25/+156
| | | | | | Trace basic decisions about PKINIT client protocol processing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25855 dc483132-0cff-0310-8789-dd5450dbe970
* Improve traced error messages from PKINIT clientGreg Hudson2012-05-082-2/+9
| | | | | | | | If we have no configured PKINIT client identity, or if we fail to create a certificate chain, set a reasonable error code (not EINVAL or ENOMEM) and a useful error message to appear in trace log output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25854 dc483132-0cff-0310-8789-dd5450dbe970
* Improve display of error code 0 in trace outputGreg Hudson2012-05-081-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25853 dc483132-0cff-0310-8789-dd5450dbe970
* Use variadic macros to simplify k5-trace.hGreg Hudson2012-05-082-216/+221
| | | | | | | Also fix the facility to make it possible to trace log without including k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25852 dc483132-0cff-0310-8789-dd5450dbe970
* Process param/defname node for "#define". Zhanna Tsitkov2012-05-053-4/+27
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25851 dc483132-0cff-0310-8789-dd5450dbe970
* For typedef documents in Sphinx do not add short description to the titlesZhanna Tsitkov2012-05-052-30/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25850 dc483132-0cff-0310-8789-dd5450dbe970
* Add generalized definition of krb5_ui_4 and krb5_int32 to the documentation ↵Zhanna Tsitkov2012-05-053-1/+24
| | | | | | for better cross-referencing. Do not include internal structure krb5_cc_ops into Sphinx documentation git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25849 dc483132-0cff-0310-8789-dd5450dbe970
* Modernize style in vfy_increds.cGreg Hudson2012-05-031-96/+104
| | | | | | | Make vfy_increds.c consistently use newer coding conventions. Also add a copyright statement. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25848 dc483132-0cff-0310-8789-dd5450dbe970
* Make verify_init_creds work with existing ccacheGreg Hudson2012-05-031-7/+0
| | | | | | | | | | | As the file ccache implementation currently stands, we don't want to turn off TC_OPENCLOSE on a file cache we're writing to, or it will be opened read-only and stores to it will fail. Reported by Russ Allbery. ticket: 5126 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25847 dc483132-0cff-0310-8789-dd5450dbe970
* The new version of Doxygen (1.7.6.1) produces different xml output around ↵Zhanna Tsitkov2012-05-031-1/+3
| | | | | | the <initializer> node. Adopt the script to the change. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25846 dc483132-0cff-0310-8789-dd5450dbe970
* Try all host keys by default in vfy_incredsGreg Hudson2012-05-035-90/+239
| | | | | | | | | | | | | | | Factor out the core code of krb5_verify_init_creds into a helper, add new helper functions to retrieve the list of unique host principals from a keytab, and make krb5_verify_init_creds drive the helper once per host principal. Augment the test harness and test cases to better test the new behavior. Add a k5test method to retrieve an NFS principal for the test realm for the sake of the new test cases. ticket: 7125 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25845 dc483132-0cff-0310-8789-dd5450dbe970
* In sn2princ, getaddrinfo without AI_ADDRCONFIGGreg Hudson2012-05-031-1/+1
| | | | | | | | | | | | | | | | | | When canonicalizing a principal, use AI_CANONNAME alone in the hint flags for getaddrinfo, for two reasons. First, it works around a gnu libc bug where getaddrinfo does a PTR lookup for the canonical name (we tried to work around this in r24977 bug the addition of AI_ADDRCONFIG caused the same problem as the use of AF_INET). Second, an IPv4-only host should be able create a principal for an IPv6-only host even if it can't contact the host. This does result in extra AAAA queries in the common case (IPv4-only host contacting IPv4-only service), which is unfortunate. But we need to leave that optimization up to the platform at this point. ticket: 7124 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25844 dc483132-0cff-0310-8789-dd5450dbe970
* Clarify profile pluggable interface documentationGreg Hudson2012-05-022-3/+11
| | | | | | | Explain how profile plugin modules integrate with libkrb5, since it's a bit different than usual. Also fix a broken note. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25843 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify krb5_do_preauthGreg Hudson2012-04-301-48/+33
| | | | | | | | Now that krb5_do_preauth has many fewer moving parts, simplify its flow control. Also remove an unused output parameter from run_preauth_plugins. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25842 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of built-in preauth types tableGreg Hudson2012-04-301-103/+53
| | | | | | | | Turn the last two entries of the pa_types table into helper functions which we invoke before the loop. Then, get rid of the part of the loop which consults the pa_types table. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25841 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify preauth2 helper functions using reallocGreg Hudson2012-04-301-45/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25840 dc483132-0cff-0310-8789-dd5450dbe970
* Use correct name-type in TGS-REQs for 2008R2 RODCsTom Yu2012-04-272-12/+19
| | | | | | | | | | | | | | | | | Correctly set the name-type for the TGS principals to KRB5_NT_SRV_INST in TGS-REQs. (Previously, only AS-REQs had the name-type set in this way.) Windows Server 2008 R2 read-only domain controllers (RODCs) insist on having the correct name-type for the TGS principal in TGS-REQs as well as AS-REQs, at least for the TGT-forwarding case. Thanks to Sebastian Galiano for reporting this bug and helping with testing. ticket: 7120 target_version: 1.10.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25839 dc483132-0cff-0310-8789-dd5450dbe970
* Split up and fix get_etype_infoGreg Hudson2012-04-271-66/+83
| | | | | | | | The addition of afs3-salt processing in get_etype_info made it overly large, so split out the pw-salt/afs3-salt processing into a separate function. Also fix two dumb bugs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25838 dc483132-0cff-0310-8789-dd5450dbe970
* Stop using SALT_TYPE_AFS_LENGTHGreg Hudson2012-04-2710-54/+51
| | | | | | | | | | | | In krb5_init_creds_ctx and krb5_clpreauth_rock_st, use a boolean to track whether we're still using the default salt instead of overloading salt.length. In preauth2.c, process afs3 salt values like we would in krb5int_des_string_to_key, and set an s2kparams indicator instead of overloading salt.length. Also use an s2kparams indicator in kdb_cpw.c's add_key_pwd. Remove the s2k code to handle overloaded salt lengths, except for a sanity check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25837 dc483132-0cff-0310-8789-dd5450dbe970
* Fix TRACE_PREAUTH_SALT format stringGreg Hudson2012-04-271-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25836 dc483132-0cff-0310-8789-dd5450dbe970
* Draft initial credentials API documentationTom Yu2012-04-272-0/+60
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25835 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor client etype-info handling in preauth2.cGreg Hudson2012-04-271-134/+78
| | | | | | | Pull etype-info2, etype-info, pw-salt, and afs3-salt handling out of the pa_types loop into a new helper function get_etype_info(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25834 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure null termination of AFS saltsGreg Hudson2012-04-271-1/+1
| | | | | | | | | | | Use krb5int_copy_data_contents_add0 when copying a pa-pw-salt or pa-afs3-salt value in pa_salt(). If it's an afs3-salt, we're going to throw away the length and use strcspn in krb5int_des_string_to_key, which isn't safe if the value is unterminated. ticket: 2545 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25833 dc483132-0cff-0310-8789-dd5450dbe970
* Make it easier to test SAM-2 client codeGreg Hudson2012-04-266-120/+407
| | | | | | | | | | | | | Add a method to the securid_sam2 plugin, built with alternate compile-time flags, which supplies a plain-text challenge to the client to be used as the OTP value. This lets us manually exercise the SAM-2 client code and a little bit of the KDC code. securid_make_sam_challenge_2_and_cksum is moved into the method- independent code and renamed. get_securid_edata_2 has its sc2b parameter removed as it was not used by the caller. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25832 dc483132-0cff-0310-8789-dd5450dbe970
* Convert SAM-2 preauth mechanism to a moduleGreg Hudson2012-04-264-371/+442
| | | | | | | Move the last real preauth mechanism, SAM-2, from the pa_types table to a built-in module. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25831 dc483132-0cff-0310-8789-dd5450dbe970
* Remove orphaned Apple PKINIT supportGreg Hudson2012-04-2618-4898/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25830 dc483132-0cff-0310-8789-dd5450dbe970
* Rearrange navigation buttons in the HTML headerZhanna Tsitkov2012-04-261-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25829 dc483132-0cff-0310-8789-dd5450dbe970
* Add kadmin ACL enforcement testsGreg Hudson2012-04-262-0/+351
| | | | | | | | | Add a Python script to test the enforcement of kadm5.acl specifications, including wildcards and restrictions. ticket: 7097 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25828 dc483132-0cff-0310-8789-dd5450dbe970
* Allow clearpolicy restriction for kadmin addprincGreg Hudson2012-04-261-4/+5
| | | | | | | | | | Although the kadmin client never generates a KADM5_POLICY_CLR mask bit with addprinc, the bit will be set if a kadm5.acl line imposes the -clearpolicy restriction. Relax the sanity checking in kadm5_create_principal_3 to allow KADM5_POLICY_CLR as long as KADM5_POLICY is not also set. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25827 dc483132-0cff-0310-8789-dd5450dbe970
* Add k5test.py helpers for running kadminGreg Hudson2012-04-262-11/+32
| | | | | | | | Add K5Realm.prep_kadmin() to create a ccache and K5Realm.run_kadmin() to run a kadmin query using it. Modify t_stringattr.py to use these helpers instead of its own. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25826 dc483132-0cff-0310-8789-dd5450dbe970
* Flip the default of start_kadmind in k5test.pyGreg Hudson2012-04-2621-40/+35
| | | | | | | Very few Python tests need kadmind, so it makes more sense to have to turn it on than to have to turn it off. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25825 dc483132-0cff-0310-8789-dd5450dbe970
* Minor cleanup (mostly to remove the "Contents" section titles)Zhanna Tsitkov2012-04-255-22/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25824 dc483132-0cff-0310-8789-dd5450dbe970
* Use "agogo" HTML theme (with some modifications) for the Sphinx ↵Zhanna Tsitkov2012-04-253-9/+112
| | | | | | documentation. Do not show the ReST source files git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25823 dc483132-0cff-0310-8789-dd5450dbe970
* Clear preauth use counts for each AS requestGreg Hudson2012-04-251-0/+1
| | | | | | | | | | | | | Initialize use_count fields in krb5_preauth_request_context_init, which is invoked before each AS request. Previously they were initialized only in krb5_init_preauth_context, which is only invoked once per krb5 library context. ticket: 7119 target_version: 1.10.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25822 dc483132-0cff-0310-8789-dd5450dbe970
* Add KRB5_TRACE test caseGreg Hudson2012-04-241-1/+19
| | | | | | | | | In t_general.py, run kinit with KRB5_TRACE enabled and make sure we see some basic strings in the resulting file. ticket: 7113 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25821 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust t_general.py organizationGreg Hudson2012-04-241-21/+21
| | | | | | | | | Move some tests out of the multipass_realms loop since they aren't enctype-dependent. Fix the success message not to mention kvno wrapping. Don't start kadmind in the multipass_realms loop since we don't use it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25820 dc483132-0cff-0310-8789-dd5450dbe970
* Try all history keys to decrypt password historyGreg Hudson2012-04-246-46/+186
| | | | | | | | | | | | | A database created prior to 1.3 will have multiple password history keys, and kadmin prior to 1.8 won't necessarily choose the first one. So if there are multiple keys, we have to try them all. If none of the keys can decrypt a password history entry, don't fail the password change operation; it's not worth it without positive evidence of password reuse. ticket: 7099 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25819 dc483132-0cff-0310-8789-dd5450dbe970
* Use etypes from keytab in krb5_gic_keytabGreg Hudson2012-04-193-1/+128
| | | | | | | | | | | When getting initial credentials with a keytab, filter the list of request enctypes based on the keys in the keytab. Based on a patch from Stef Walter. ticket: 2131 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25818 dc483132-0cff-0310-8789-dd5450dbe970
* Unify krb5_get_init_creds_keytab code pathsGreg Hudson2012-04-194-15/+55
| | | | | | | | | | | Use krb5_init_creds_set_keytab in krb5_get_init_creds_keytab, so that processing added to the former will be used by the latter. This is slightly awkward because of the way we do the use_master fallback, in that we have to duplicate some of krb5int_get_init_creds. Based on a patch from Stef Walter. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25817 dc483132-0cff-0310-8789-dd5450dbe970
* Return kinit output in k5test's K5Realm.kinitGreg Hudson2012-04-191-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25816 dc483132-0cff-0310-8789-dd5450dbe970
* Add keytab kinit test casesGreg Hudson2012-04-193-11/+30
| | | | | | | | | | Create a test script for keytab-related tests. Move the kvno wrapping test there from t_general.py, and augment it to better match what's in standalone.exp. Add tests for kinit with keytab, including kinit with the most-preferred enctype missing from the keytab (which currently fails). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25815 dc483132-0cff-0310-8789-dd5450dbe970
* Add Doxygen markup to API functions that were introduced in 1.9 releaseZhanna Tsitkov2012-04-191-0/+26
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25814 dc483132-0cff-0310-8789-dd5450dbe970
* Edit resources pageGreg Hudson2012-04-171-10/+11
| | | | | | | Improve description of kerberos and krbcore. Remove trailing whitespace throughout. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25813 dc483132-0cff-0310-8789-dd5450dbe970
* Rename mitresources.rst to resources.rstGreg Hudson2012-04-172-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25812 dc483132-0cff-0310-8789-dd5450dbe970
* Translate @version Doxygen markup into rst formatZhanna Tsitkov2012-04-173-0/+33
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25811 dc483132-0cff-0310-8789-dd5450dbe970
* Add Doxygen markup to API functions that were introduced in 1.10 releaseZhanna Tsitkov2012-04-171-0/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25810 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 03:59:49 +0000