summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* More RST rename follow-upBen Kaduk2012-10-165-32/+32
| | | | | | Update conf.py for paths to man page sources and update make rules for building the man pages. Correct README files for the location of the sources.
* Avoid bit shifting in krb5.h constantsGreg Hudson2012-10-161-5/+5
| | | | | | Our traditional practice is to use hex integer literals for flag bits. Bit shifting can be dangerous because shifting into the sign bit is undefined. Convert existing bit shift expressions to hex literals.
* Better doc the accepted values for kdc_timesyncZhanna Tsitkov2012-10-161-1/+1
|
* Modify MIT Kerberos Features documentZhanna Tsitkov2012-10-161-3/+4
|
* Handle concat OTP responder caseNathaniel McCallum2012-10-162-8/+20
|
* make dependTom Yu2012-10-155-57/+100
|
* Don't unparse principal names in process_tgs_req()Tom Yu2012-10-153-88/+104
|
* Refactor process_tgs_req() 2nd-ticket handlingTom Yu2012-10-151-95/+144
| | | | | Refactor some of the second-ticket handling and session key generation out of process_tgs_req().
* Clean up domain->realm referralsTom Yu2012-10-154-144/+91
| | | | | | | Clean up domain->realm referrals by breaking prep_reprocess_tgs_req() into smaller functions. Give the resulting functions more descriptive names. Also delete an unnecessary and almost exact copy of krb5_get_host_realm().
* Refactor process_tgs_req() service princ searchTom Yu2012-10-151-101/+91
| | | | | | The service principal database entry search logic in process_tgs_req() was excessively complex, containing questionable uses of "goto", along with deeply nested control flow. Refactor it into smaller functions.
* Move validate_tgs_request() to a separate fileTom Yu2012-10-154-334/+394
|
* Refactor validate_tgs_request()Tom Yu2012-10-151-199/+257
| | | | | | | Break validate_tgs_request() into smaller functions. Collect related checks into helper functions. As a result, some invalid requests with multiple problems can produce different error messages. This is probably not a problem for most situations.
* Move add_to_transited to a separate fileTom Yu2012-10-153-385/+420
| | | | | | | add_to_transited() is fairly large, and also fairly independent of the other contents of kdc_util.c. Move it into kdc_transit.c. Also simplifies the building of rtest by removing dependencies that kdc_util.c previously needed to satisfy undefined symbols.
* Move KDC PRNG reseed logic to a helper functionTom Yu2012-10-151-20/+29
|
* Eliminate some KDC globalsTom Yu2012-10-1515-327/+489
| | | | | | Make kdc_active_realm a local variable in every function that needs it. Pass it around in various state structures as needed. Keep the macros that reference its members remain for now.
* Don't use kdc_active_realm in kdc/rtest.cTom Yu2012-10-151-11/+9
| | | | | | | Too many parts of the KDC rely on the global variable kdc_active_realm. rtest.c doesn't actually need any of the KDC-specific information that's avaiable through kdc_active_realm, so delete references to it.
* Enforce TGS principals having 2 componentsTom Yu2012-10-151-9/+13
| | | | | | | RFC 4120 section 7.3 says that TGS principal names have two components. Make krb5_is_tgs_principal() and is_cross_tgs_principal() enforce this constraint. Code elsewhere in the KDC already checks for two components anyway.
* Catch up to RST move/renameBen Kaduk2012-10-154-32/+54
| | | | | | | | Change the make rules for the directory structure. Update the RST sources which include other RST sources for the loss of the krb_ prefix. ticket: 7409
* Massive reST content renameBen Kaduk2012-10-15102-0/+0
| | | | | | | | | | | All of rst_source/ is now just in doc/. The krb_ prefix is stripped from the document sub-directories. rst_tools are now just tools. The section headers of kadmind, krb5kdc, and sserver match as conflict markers. bigredbutton: whitespace ticket: 7409
* Whitespace cleanupBen Kaduk2012-10-1510-146/+146
| | | | Prior to a mass rename of the RST sources and utilities.
* Remove stale implement documentBen Kaduk2012-10-1513-1544/+0
| | | | | | | | As with the texinfo implementor's guide, it is sufficiently stale so as to be untrustworthy without verification. Content of this nature should live on k5wiki.kerberos.org. ticket: 7408
* Remove the last vestiges of the texinfo docsBen Kaduk2012-10-1511-12490/+0
| | | | | | | | | | | | | | We needed these last stragglers to build the NOTICE file at the root of the tree, but we now generate a notice.txt from reST. Man pages have been generated from reST for some time now, we no longer need scripts to turn them into HTML and ps, as those can be generated directly from the reST source. The Makefile only existed to serve the texinfo builds, so it goes away, too. (The tgz target appears to have been broken since 1996.) ticket: 7408
* Make rules for building NOTICE from RSTBen Kaduk2012-10-152-5/+108
| | | | | | | | | | | | | | | | | | | | Sphinx-build wants to scan over all the sources in the source dir, and its text output engine does not handle the spanning row cells used in some of our fancy tables, so it will crash if we attempt to generate text output from our full suite of documents. We could work around this by attempting to just compile the one source file as an additional argument to sphinx-build, but this seems to insist on producing an index.txt as well as a notice.txt. Furthermore, we cannot use the same conf.py as in rst_composite because the paths substitutions are not available with just the minimal contents of rst_notice. Make a copy and remove the irrelevant parts, for now, changing only the master_doc field as appropriate. For the HTML build, we use the standard |copy| macro from isonum.txt to get the unicode copyright symbol glyph, but for ASCII output we prefer to just use the literal "(C)". ticket: 7407
* Add notice.rstBen Kaduk2012-10-152-2/+1125
| | | | | | | | | | To replace the texinfo sources previously used to generate NOTICE. When compiled to HTML, compares well against the original NOTICE; use notice.rst in mitK5license.rst instead of using a literal include of the old NOTICE file. ticket: 7407
* Remove texinfo implementors guideBen Kaduk2012-10-152-1256/+0
| | | | | | | | | It is sufficiently old and unloved that nothing in it should be taken as truth without independent verification. Content of this nature should live on k5wiki.kerberos.org in the future. ticket: 7408
* Remove unused texinfo sourcesBen Kaduk2012-10-152-1775/+0
| | | | | | | Now that the users guide make rules are removed, some of the texinfo sources are not referenced from anywhere and can be safely removed. ticket: 7408
* Remove make glue for texinfo users guideBen Kaduk2012-10-151-35/+1
| | | | | | Towards removing the texinfo docs entirely. ticket: 7408
* Disconnect the texinfo users guide from the buildBen Kaduk2012-10-151-1/+1
| | | | | | | | | | | | | | | | | | Its content has been migrated to or superseded by the krb_users reST documentation. The texinfo document attempted to have a general introduction to Kerberos, but it is not quite suitable for the target audience of the user's guide and will be rewritten. A few portions of the texinfo document are simply no longer relevant and do not need to be migrated. In particular: The krb5-appl utilities are out of scope for this document, as they have been moved to a separate repository. Coverage of ksu may be brought back at a later time, though. The Kerberos Glossary will be expanded and handled separately. ticket: 7408
* Set pointers to NULL after freeing themZhanna Tsitkov2012-10-152-0/+2
|
* Bump libkdb5 API and DAL versionsGreg Hudson2012-10-152-3/+3
| | | | | | We made two sets of incompatible changes to the DAL and libkdb5 API during development for 1.11 (master key list simplification and policy extensions), so increment the appropriate version numbers.
* Wait for correct message in t_iprop.pyGreg Hudson2012-10-151-2/+1
| | | | | | | | | The message "Got incremental updates from the master" precedes actually replaying the updates on the slave. Instead look for "Incremental updates:" (the statistics message), which happens just after the updates are replayed. Also, we don't need to import time now that we're not sleeping.
* Add a -C flag to klist to also show config entriesNalin Dahyabhai2012-10-152-12/+60
|
* Use hex escaping for non-printable trace dataNalin Dahyabhai2012-10-151-3/+42
| | | | | | When adding {str}, {lenstr}, or {data} to trace output, scan for bytes which might be non-printable, and add them as hex-escaped versions of themselves if any are found.
* Export krb5_cc_move()Nalin Dahyabhai2012-10-152-0/+2
|
* Correct type mismatches for get_as_key callbacksNalin Dahyabhai2012-10-152-2/+4
|
* Handle anonymous-as-signed-data-with-no-signersNalin Dahyabhai2012-10-151-27/+28
| | | | | Update to generate and consume signed-data with no signer-info, which we need for anonymous PKINIT.
* Make sure that pkinit_octetstring_hkdf() inits NSSNalin Dahyabhai2012-10-151-0/+15
| | | | | Create an NSS context for use when performing KDF, so that the tests, which call into the function directly, will work.
* Don't try to free an uninitialized keyblockNalin Dahyabhai2012-10-151-2/+0
|
* Sanity-check loading keys and certs from PEM filesNalin Dahyabhai2012-10-151-0/+15
| | | | | Print a debug message if we're unable to locate the matching private key for a certificate when we've just loaded both of them from PEM files.
* Reset the prompt_types list after calling prompterNalin Dahyabhai2012-10-151-0/+1
| | | | | Reset the prompt_types list immediately after the prompter callback returns, as is done everywhere else.
* Add responder support to preauth_otpNathaniel McCallum2012-10-155-18/+707
|
* Migrate to non-destructive tokeninfo selectionNathaniel McCallum2012-10-151-148/+191
|
* Move forward tokeninfo filteringNathaniel McCallum2012-10-151-63/+81
|
* Move pa_data encoding into a separate functionNathaniel McCallum2012-10-151-39/+45
|
* Eliminate races in t_iprop.pyGreg Hudson2012-10-131-15/+31
| | | | | | | | | | | | | After we start kpropd, read about the initial full dump before making changes on the master. Avoid prodding kpropd for this read (by shifting responsibility for the initial prod to the caller) since kpropd doesn't sleep before its first request. When waiting for sync, note whether we got a full propagation and match that up with our expectations. Use a long polling interval so kpropd doesn't wake up on its own and confuse the test script with an extra incremental update.
* Don't use void * arithmetic in interposed_oidGreg Hudson2012-10-131-1/+2
|
* Make t_iprop.py faster and more robustGreg Hudson2012-10-123-32/+80
| | | | | | | | | | | | | | | Catch SIGUSR1 in iprop-mode kpropd so that we can use it to interrupt sleeps and make kpropd do an iprop request immediately. In k5test.py, add prod_kpropd and read_from_kpropd methods to allow test scripts to send a SIGUSR1 to kpropd and to read its stdout/stderr output; also allow the test script to specify additional arguments when starting kpropd. In t_iprop.py, start kpropd with -d and, instead of sleeping, read kpropd output until we see an indication that kpropd is in sync with the master. To avoid delays, prod kpropd before waiting for sync and after a completed full prop.
* Fix a couple of typosNalin Dahyabhai2012-10-121-2/+2
|
* Add responder support to preauth_encts/preauth_ecNathaniel McCallum2012-10-122-0/+26
|
* Add responder support to get_as_key()Nathaniel McCallum2012-10-129-9/+70
| | | | | This follows the design laid out on the project page: http://k5wiki.kerberos.org/wiki/Projects/Password_response_item
generated by cgit (git 2.34.1) at 2025-09-25 21:53:33 +0000