summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Add kadmin ACL enforcement testsGreg Hudson2012-04-262-0/+351
| | | | | | | | | Add a Python script to test the enforcement of kadm5.acl specifications, including wildcards and restrictions. ticket: 7097 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25828 dc483132-0cff-0310-8789-dd5450dbe970
* Allow clearpolicy restriction for kadmin addprincGreg Hudson2012-04-261-4/+5
| | | | | | | | | | Although the kadmin client never generates a KADM5_POLICY_CLR mask bit with addprinc, the bit will be set if a kadm5.acl line imposes the -clearpolicy restriction. Relax the sanity checking in kadm5_create_principal_3 to allow KADM5_POLICY_CLR as long as KADM5_POLICY is not also set. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25827 dc483132-0cff-0310-8789-dd5450dbe970
* Add k5test.py helpers for running kadminGreg Hudson2012-04-262-11/+32
| | | | | | | | Add K5Realm.prep_kadmin() to create a ccache and K5Realm.run_kadmin() to run a kadmin query using it. Modify t_stringattr.py to use these helpers instead of its own. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25826 dc483132-0cff-0310-8789-dd5450dbe970
* Flip the default of start_kadmind in k5test.pyGreg Hudson2012-04-2621-40/+35
| | | | | | | Very few Python tests need kadmind, so it makes more sense to have to turn it on than to have to turn it off. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25825 dc483132-0cff-0310-8789-dd5450dbe970
* Minor cleanup (mostly to remove the "Contents" section titles)Zhanna Tsitkov2012-04-255-22/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25824 dc483132-0cff-0310-8789-dd5450dbe970
* Use "agogo" HTML theme (with some modifications) for the Sphinx ↵Zhanna Tsitkov2012-04-253-9/+112
| | | | | | documentation. Do not show the ReST source files git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25823 dc483132-0cff-0310-8789-dd5450dbe970
* Clear preauth use counts for each AS requestGreg Hudson2012-04-251-0/+1
| | | | | | | | | | | | | Initialize use_count fields in krb5_preauth_request_context_init, which is invoked before each AS request. Previously they were initialized only in krb5_init_preauth_context, which is only invoked once per krb5 library context. ticket: 7119 target_version: 1.10.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25822 dc483132-0cff-0310-8789-dd5450dbe970
* Add KRB5_TRACE test caseGreg Hudson2012-04-241-1/+19
| | | | | | | | | In t_general.py, run kinit with KRB5_TRACE enabled and make sure we see some basic strings in the resulting file. ticket: 7113 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25821 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust t_general.py organizationGreg Hudson2012-04-241-21/+21
| | | | | | | | | Move some tests out of the multipass_realms loop since they aren't enctype-dependent. Fix the success message not to mention kvno wrapping. Don't start kadmind in the multipass_realms loop since we don't use it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25820 dc483132-0cff-0310-8789-dd5450dbe970
* Try all history keys to decrypt password historyGreg Hudson2012-04-246-46/+186
| | | | | | | | | | | | | A database created prior to 1.3 will have multiple password history keys, and kadmin prior to 1.8 won't necessarily choose the first one. So if there are multiple keys, we have to try them all. If none of the keys can decrypt a password history entry, don't fail the password change operation; it's not worth it without positive evidence of password reuse. ticket: 7099 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25819 dc483132-0cff-0310-8789-dd5450dbe970
* Use etypes from keytab in krb5_gic_keytabGreg Hudson2012-04-193-1/+128
| | | | | | | | | | | When getting initial credentials with a keytab, filter the list of request enctypes based on the keys in the keytab. Based on a patch from Stef Walter. ticket: 2131 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25818 dc483132-0cff-0310-8789-dd5450dbe970
* Unify krb5_get_init_creds_keytab code pathsGreg Hudson2012-04-194-15/+55
| | | | | | | | | | | Use krb5_init_creds_set_keytab in krb5_get_init_creds_keytab, so that processing added to the former will be used by the latter. This is slightly awkward because of the way we do the use_master fallback, in that we have to duplicate some of krb5int_get_init_creds. Based on a patch from Stef Walter. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25817 dc483132-0cff-0310-8789-dd5450dbe970
* Return kinit output in k5test's K5Realm.kinitGreg Hudson2012-04-191-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25816 dc483132-0cff-0310-8789-dd5450dbe970
* Add keytab kinit test casesGreg Hudson2012-04-193-11/+30
| | | | | | | | | | Create a test script for keytab-related tests. Move the kvno wrapping test there from t_general.py, and augment it to better match what's in standalone.exp. Add tests for kinit with keytab, including kinit with the most-preferred enctype missing from the keytab (which currently fails). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25815 dc483132-0cff-0310-8789-dd5450dbe970
* Add Doxygen markup to API functions that were introduced in 1.9 releaseZhanna Tsitkov2012-04-191-0/+26
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25814 dc483132-0cff-0310-8789-dd5450dbe970
* Edit resources pageGreg Hudson2012-04-171-10/+11
| | | | | | | Improve description of kerberos and krbcore. Remove trailing whitespace throughout. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25813 dc483132-0cff-0310-8789-dd5450dbe970
* Rename mitresources.rst to resources.rstGreg Hudson2012-04-172-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25812 dc483132-0cff-0310-8789-dd5450dbe970
* Translate @version Doxygen markup into rst formatZhanna Tsitkov2012-04-173-0/+33
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25811 dc483132-0cff-0310-8789-dd5450dbe970
* Add Doxygen markup to API functions that were introduced in 1.10 releaseZhanna Tsitkov2012-04-171-0/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25810 dc483132-0cff-0310-8789-dd5450dbe970
* Added MIT resources documentZhanna Tsitkov2012-04-172-8/+49
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25809 dc483132-0cff-0310-8789-dd5450dbe970
* Allow preauth mechs to work with clock skewGreg Hudson2012-04-178-29/+124
| | | | | | | | | | | | | | | Add a clpreauth callback which gets the time of day using an offset determined by the preauth-required error, and use it in encrypted timestamp and encrypted challenge. This timestamp is not necessarily authenticated, but the security consequences for those preauth mechs are minor (and can be mitigated by turning off kdc_timesync on clients). Based on a patch from Stef Walter. ticket: 7114 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25808 dc483132-0cff-0310-8789-dd5450dbe970
* Add clock skew testsGreg Hudson2012-04-174-1/+49
| | | | | | | Add a KDC option (-T) to run with a time offset, and use that to test kdc_timesync behavior. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25807 dc483132-0cff-0310-8789-dd5450dbe970
* Correct kdc_timesync documentationGreg Hudson2012-04-171-7/+7
| | | | | | | kdc_timesync is read from the profile as an integer, not a boolean; go back to documenting it that way. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25806 dc483132-0cff-0310-8789-dd5450dbe970
* Document kadm5_hook chpass randomize-key behaviorGreg Hudson2012-04-161-0/+1
| | | | | | | kadmind's randkey operation invokes the kadm5_hook chpass method with a null newpass parameter, which wasn't documented. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25805 dc483132-0cff-0310-8789-dd5450dbe970
* Fix documention of unconfigured rsthml buildTom Yu2012-04-111-1/+1
| | | | | | | It's necessary to specify srcdir=. on the command line when building rsthtml in an unconfigured tree. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25804 dc483132-0cff-0310-8789-dd5450dbe970
* Fix trace logging initializationGreg Hudson2012-04-051-1/+1
| | | | | | | | Reported by stefw@gnome.org. ticket: 7112 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25803 dc483132-0cff-0310-8789-dd5450dbe970
* Fix app tag choices for decoding EncASRepPartGreg Hudson2012-04-051-1/+1
| | | | | | | | | | When decoding an AS-REP enc part, we should accept app tags 26 (the bogus one we generate) and 25 (the correct value). We were accepting 26 and 24. Bug report and fix by stefw@gnome.org. ticket: 7111 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25802 dc483132-0cff-0310-8789-dd5450dbe970
* Fix password reuse check with cpw -keepoldGreg Hudson2012-04-041-0/+3
| | | | | | | | | | | | | | | | | When we check for password reuse, only compare keys with the most recent kvno against history entries, or else we will always fail with -keepold. This bug primarily affects rollover of cross-realm TGT principals, which typically use password-derived keys and may have an associated password policy such as "default". Bug report and candidate fix (taken with a slight modification) by Nicolas Williams. ticket: 7110 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25801 dc483132-0cff-0310-8789-dd5450dbe970
* If trace logging facility is enabled, report misconfiguration errors ↵Zhanna Tsitkov2012-04-022-29/+51
| | | | | | | | encountered while initializing krb5 library context ticket: 7091 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25800 dc483132-0cff-0310-8789-dd5450dbe970
* Make cross-TGT key rollover work from AD to MITGreg Hudson2012-04-022-45/+175
| | | | | | | | | | | | | | | | | Active Directory always issues cross-realm tickets without a kvno, which we see as kvno 0. When we see that, try the highest kvno (as we already do) and then a few preceding kvnos so that key rollover of the AD->MIT cross TGT can work. Add new helpers kdc_rd_ap_req, which takes the place of a couple of steps from kdc_process_tgs_req, and find_server_key, which takes the place of some of the end steps of kdc_get_server_key. Code changes by Nicolas Williams. Test cases by me. ticket: 7109 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25799 dc483132-0cff-0310-8789-dd5450dbe970
* Edit RST docs on building RST docsGreg Hudson2012-03-311-5/+7
| | | | | | | Fix a couple of grammar errors noted by Ben Kaduk, and elaborate a little bit on why generated man pages are checked into the repository. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25798 dc483132-0cff-0310-8789-dd5450dbe970
* Fix data handling in rd_req_decoded_optGreg Hudson2012-03-311-3/+3
| | | | | | | | | We shouldn't peer at trans->tr_contents.data[0] if trans->tr_contents.length is 0, even if the data field is non-null. Harmless as long as the ASN.1 decoder uses null data fields for empty krb5_data values, but still wrong. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25797 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid malloc(0) in ASN.1 bytestring decodeGreg Hudson2012-03-311-0/+2
| | | | | | | In k5_asn1_decode_bytestring, just leave *str_out as NULL if len is 0, instead of calling malloc(0) and possibly returning a spurious ENOMEM. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25796 dc483132-0cff-0310-8789-dd5450dbe970
* Add doc target with configured path substitutionsGreg Hudson2012-03-283-3/+44
| | | | | | | | | | Add a new target "substhtml" in src/doc to create HTML documentation with configured paths, suitable for installation by an OS package. The build target generates a file named paths.py containing the directory substitutions, copies it into the rst_composite directory, and instructs conf.py to use it with the "pathsubs" tag. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25795 dc483132-0cff-0310-8789-dd5450dbe970
* Use reference substitutions for paths in docsGreg Hudson2012-03-286-25/+27
| | | | | | | | | | | | For the default doc build (used for the web site and release tarball), substitute path variables with links to the paths table in mitK5defaults.rst, using symbolic names for the link text. The substitution of kdcdir for man pages is slightly altered as a side-effect of this commit. Regenerate the man pages to match. The rendered man pages are unchanged. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25794 dc483132-0cff-0310-8789-dd5450dbe970
* Edit defaults page in documentationGreg Hudson2012-03-283-94/+63
| | | | | | | | Eliminate unused values and OS-specific stuff. Reformat tables. Add a path substitution for sysconfdir to be used in the default config file path. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25793 dc483132-0cff-0310-8789-dd5450dbe970
* Move rstman build target to man directoryGreg Hudson2012-03-284-29/+25
| | | | | | | rstman makes more sense in man than in doc, so move it there. Remove the rstman target from the top-level doc Makefile to avoid confusion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25792 dc483132-0cff-0310-8789-dd5450dbe970
* Automate RST HTML generation with doxygen infoGreg Hudson2012-03-2811-1790/+83
| | | | | | | | | In src/doc/Makefile.in, create an "rsthtml" target for generating release tarball/web site HTML docs in doc/rst_html. For now, eliminate support for the bridge to the Doxygen HTML output; just generate XML output with Doxygen and convert it to RST format. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25791 dc483132-0cff-0310-8789-dd5450dbe970
* Fix up gssapi_ext.h Doxygen markup somewhatGreg Hudson2012-03-271-8/+10
| | | | | | | | * Bring formatting for gss_userok and gss_authorize_localname into conformance. * Bring parameter markup for gss_localname into conformance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25790 dc483132-0cff-0310-8789-dd5450dbe970
* Fix up krb5.hin Doxygen markup somewhatGreg Hudson2012-03-271-21/+34
| | | | | | | | | | * Put everything in an enclosing group, so it gets captured even without EXTRACT_ALL. * Make sure there's documentation for all constants referenced by other markup. * Fix references to the PAC constants. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25789 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5-send-pr man pageGreg Hudson2012-03-244-441/+0
| | | | | | | | | | The license on the krb5-send-pr man page was incompatible with the rest of our documentation, and the content is questionably up to date (krb5-send-pr still exists, but we don't use GNATS any more, and free-form mail to krb5-bugs is equally acceptable at this point). Get rid of it for now. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25788 dc483132-0cff-0310-8789-dd5450dbe970
* Remove references to the "feedback" and the original source of the document ↵Zhanna Tsitkov2012-03-2315-91/+0
| | | | | | (such as Kerberos V5 Installation Guide etc) in the rst files git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25787 dc483132-0cff-0310-8789-dd5450dbe970
* Install path-substituted man pagesGreg Hudson2012-03-2348-6506/+7242
| | | | | | | | | | | | | | Introduce src/doc/Makefile.in, which will eventually subsume doc/Makefile (but will still pull sources from doc). In the rstman target there, create man pages with symbolic path references (like @SBINDIR@). In man/Makefile.in, substitute the path references with the configured paths before installing. Man pages generated from RST source are now checked into the source tree under the name filename.man. This lets us use a single implicit .man.sub rule for the path substitutions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25786 dc483132-0cff-0310-8789-dd5450dbe970
* Miscellaneous small edits to RST docsGreg Hudson2012-03-223-13/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25785 dc483132-0cff-0310-8789-dd5450dbe970
* Use substitutions in RST docsGreg Hudson2012-03-2216-92/+91
| | | | | | | Create an rst_epilog variable defining substitutions for pathnames and default enctypes, and use them in the RST source files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25784 dc483132-0cff-0310-8789-dd5450dbe970
* Suppress some gcc uninitialized variable warningsGreg Hudson2012-03-223-3/+5
| | | | | | | | ticket: 7107 gcc 4.6.2 reportedly finds some spurious maybe-uninitialized warnings. Suppress them. Patch from Eray Aslan with some adjustment. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25783 dc483132-0cff-0310-8789-dd5450dbe970
* Describe trace logging in troubleshooting docsGreg Hudson2012-03-211-0/+27
| | | | | | | Add a section to the troubleshooting page in the RST documentation describing how to use trace logging and giving sample output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25782 dc483132-0cff-0310-8789-dd5450dbe970
* Only store master mey list in DAL handleGreg Hudson2012-03-2118-151/+118
| | | | | | | | | | | | | | r24314 (#6778) created a hybrid owernship model for the master key list, with one virtual copy stored in the DAL handle and one provided to the caller of krb5_db_fetch_mkey_list. Replace this with a model where only the DAL handle owns the list, and a caller can get access to an alias pointer with a new function krb5_db_mkey_list_alias(). Functions which previously accepted the master key list as an input parameter now expect to find it in the DAL handle. Patch by Will Fiveash <will.fiveash@oracle.com>. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25781 dc483132-0cff-0310-8789-dd5450dbe970
* Move supported enc/salt type docs to kdc.conf(5)Greg Hudson2012-03-207-87/+86
| | | | | | | | Remove enc_types.rst and move its contents into kdc.conf(5). Adjust references so that man page readers can find the section in the kdc.conf man page. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25780 dc483132-0cff-0310-8789-dd5450dbe970
* Do not insert a timestamp into manpages and Sphinx main pageZhanna Tsitkov2012-03-192-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25779 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 23:00:28 +0000