summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add k5_plugin_register_dyn internal APIGreg Hudson2011-06-177-31/+91
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24969 dc483132-0cff-0310-8789-dd5450dbe970
* ANSIfy the remaining K&R functions in lib/gssapi/genericGreg Hudson2011-06-132-26/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24968 dc483132-0cff-0310-8789-dd5450dbe970
* Fix old-style GSSRPC authenticationGreg Hudson2011-06-131-3/+10
| | | | | | | | | | | | | | | r24147 (ticket #6746) made libgssrpc ignorant of the remote address of the kadmin socket, even when it's IPv4. This made old-style GSSAPI authentication fail because it uses the wrong channel bindings. Fix this problem by making clnttcp_create() get the remote address from the socket using getpeername() if the caller doesn't provide it and it's an IPv4 address. ticket: 6920 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24967 dc483132-0cff-0310-8789-dd5450dbe970
* Handle invalid intervals in lockout-related kadmin parametersGreg Hudson2011-06-101-8/+18
| | | | | | ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24966 dc483132-0cff-0310-8789-dd5450dbe970
* Start building PDF docs by defaultTom Yu2011-06-101-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24965 dc483132-0cff-0310-8789-dd5450dbe970
* Set LC_MESSAGES to "C" in tests which run commandsGreg Hudson2011-06-103-0/+8
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24964 dc483132-0cff-0310-8789-dd5450dbe970
* Add setlocale() calls to main functionsGreg Hudson2011-06-1014-2/+14
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24963 dc483132-0cff-0310-8789-dd5450dbe970
* Generating mit-krb5 pot fileGreg Hudson2011-06-101-1/+7826
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24962 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-1094-1999/+2205
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Add localization support to com_errGreg Hudson2011-06-1012-18/+113
| | | | | | | | | | | | | | | | * Add compile_et arguments --textdomain and --localedir. * Store text domain and localedir at the end of error tables. * error_message() calls dgettext if the table has a text domain. * add_error_table() calls bindtextdomain if the table has a localedir. * Define N_() as no-op in generated source and mark up error messages. * When using system compile_et, test for --textdomain support. * Use --textdomain option when available. * Run xgettext over generated sources in compile_et rule. * Translate com_err results in krb5int_get_error() if com_err won't. ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24960 dc483132-0cff-0310-8789-dd5450dbe970
* Add localization infrastructureGreg Hudson2011-06-1011-9/+98
| | | | | | | | | Adds build system logic, translation macros in k5-platform.h, and bindtextdomain calls in libkrb5 initialization. ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24959 dc483132-0cff-0310-8789-dd5450dbe970
* Remove static error table list in built-in com_errGreg Hudson2011-06-052-69/+32
| | | | | | | | | | _et_list has been private to error_message.c since March 2004, and since nothing in that file ever added entries to it, it is always NULL. As it's not doing any good, get rid of it, and rename the dynamic error table list to "et_list", along with its type. Also remove some old lclint annotations. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24947 dc483132-0cff-0310-8789-dd5450dbe970
* Restore fallback non-referral TGS request to same realmGreg Hudson2011-06-031-12/+10
| | | | | | | | | | | | | | | MIT krb5 1.2 and earlier KDCs reject TGS requests if the canonicalize bit is set. Prior to 1.9, we used to handle this by making a non-referral fallback request on any error, but the rewrite in 1.9 mistakenly changed the behavior so that fallback requests are only made if the original request used the referral realm and the fallback realm is different from the default realm. Restore the old behavior. ticket: 6917 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24946 dc483132-0cff-0310-8789-dd5450dbe970
* Restore krb5_get_credentials caching for referral requestsGreg Hudson2011-05-261-0/+5
| | | | | | | | | | | | | | | The krb5_get_credentials() rewrite for IAKERB accidentally omitted the final step of restoring the requested realm in the output credentials. As a result, referral entries are not cached, and the caller sees the actual realm in (*out_creds)->server instead of the referral realm as before. Fix this in complete() by swapping ctx->req_server into ctx->reply_creds->server. ticket: 6916 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24945 dc483132-0cff-0310-8789-dd5450dbe970
* Don't assume principal components are C strings in klist -sGreg Hudson2011-05-251-5/+4
| | | | | | ticket: 6915 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24944 dc483132-0cff-0310-8789-dd5450dbe970
* Fix multiple tl-data updates over ipropGreg Hudson2011-05-221-35/+8
| | | | | | | | | | | | | krb5_dbe_update_tl_data() accepts a single read-only tl-data entry, but ulog_conv_2dbentry() expects it to process a full list. Fix ulog_conv_2dbentry() to call krb5_db2_update_tl_data() on each entry individually, simplifying its memory management in the process. ticket: 6913 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24937 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r5233 and mark get_age as deprecated in the DAL documentation.Greg Hudson2011-05-202-19/+6
| | | | | | | | We do not need to check reply retransmissions for staleness any more than TCP needs to. A genuinely new request will have a different nonce. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24936 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation for krb5_c_ and sensauth API.Zhanna Tsitkov2011-05-192-534/+328
| | | | | | Also, removed the second declaration of krb5_c_string_to_key_with_params() from string_to_key.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24935 dc483132-0cff-0310-8789-dd5450dbe970
* In mk_rd_cred if recv_subkey in the authentication context is NULL and the ↵Zhanna Tsitkov2011-05-161-23/+42
| | | | | | decryption with the session key fails, do not try to decrypt the message with the session key again. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24934 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation for krb5_rd_ APIZhanna Tsitkov2011-05-161-168/+161
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24933 dc483132-0cff-0310-8789-dd5450dbe970
* Document the lockout-related options in kadmin (modprinc -unlock andGreg Hudson2011-05-162-0/+42
| | | | | | | | | | addpol/modpol -maxfailure, -failurecountinterval, and -lockoutduration), in the man page and in admin.texinfo. Based on text submitted by shawn.emery@oracle.com. ticket: 6910 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24932 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin, try using get_date() for lockout-related duration inputs toGreg Hudson2011-05-161-6/+17
| | | | | | | | | | | modpol and addpol, but still allow bare numbers of seconds since that's what we took in 1.8 and 1.9. Use strdur() to display lockout-related durations in getpol. Reported by shawn.emery@oracle.com. ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24931 dc483132-0cff-0310-8789-dd5450dbe970
* Link t_kgss_kernel against libkrb5support since parts of libkgss useGreg Hudson2011-05-151-2/+3
| | | | | | | | zap(), which creates a dependency with non-gcc compilers. ticket: 6909 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24930 dc483132-0cff-0310-8789-dd5450dbe970
* Use hmac-md5 checksum for PA-FOR-USER padataGreg Hudson2011-05-141-8/+2
| | | | | | | | | | | | | | The MS-S4U documentation specifies that hmac-md5 be used for PA-FOR-USER checksums; we were using the mandatory checksum type for the key. Although some other checksum types appear to be allowed by Active Directory KDCs, Richard Silverman reports that md5-des is not one of them, causing S4U2Self requests to fail for DES keys. ticket: 6912 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24929 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation for PAC API. Moved PAC type definitions into krb5.hinZhanna Tsitkov2011-05-132-8/+106
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24928 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation for krb5_mk_ functionsZhanna Tsitkov2011-05-121-176/+190
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24927 dc483132-0cff-0310-8789-dd5450dbe970
* Add more missing headers in kernel subset directory. Hopefully theGreg Hudson2011-05-112-91/+101
| | | | | | | | whole set this time. ticket: 6909 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24926 dc483132-0cff-0310-8789-dd5450dbe970
* Reference libraries from the build tree when linking andGreg Hudson2011-05-111-0/+1
| | | | | | | | t_kgss_kernel. ticket: 6909 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24925 dc483132-0cff-0310-8789-dd5450dbe970
* Add more missing headers in kernel subset directoryGreg Hudson2011-05-102-84/+109
| | | | | | ticket: 6909 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24924 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the header list for the kernel subset directoryGreg Hudson2011-05-102-32/+38
| | | | | | ticket: 6909 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24923 dc483132-0cff-0310-8789-dd5450dbe970
* fix regression in r24853: PAC no longer exposedLuke Howard2011-05-091-1/+1
| | | | | | | | Windows PAC is not AD-KDCIssued, rather it is signed with the long-term service session key (or user-to-user key). Advertise this correctly in the internal authorization data SPI. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24922 dc483132-0cff-0310-8789-dd5450dbe970
* Kernel subsetGreg Hudson2011-05-0913-2/+1496
| | | | | | | | | | | Add a directory containing a "kernel subset" (context import and message functions only) of the gss-krb5 library, with a test framework to exercise the functionality and indicate when unknown dependencies creep in. ticket: 6909 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24921 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation for krb5_init_creds_ function familyZhanna Tsitkov2011-05-091-18/+112
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24920 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid calling gss_release_buffer() from the message-processing codeGreg Hudson2011-05-092-15/+6
| | | | | | in lib/gssapi/krb5. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24919 dc483132-0cff-0310-8789-dd5450dbe970
* Use internal crypto functions directly from util_crypt.c, avoiding aGreg Hudson2011-05-092-19/+4
| | | | | | dependency on the accessor. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24918 dc483132-0cff-0310-8789-dd5450dbe970
* Delete sec context properly in gss_krb5_export_lucid_sec_contextGreg Hudson2011-05-091-1/+1
| | | | | | | | | | | | | Since r21690, gss_krb5_export_lucid_sec_context() has been passing a union context to krb5_gss_delete_sec_context(), causing a crash as the krb5 routine attempts to interpret a union context structure as a krb5 GSS context. Call the mechglue gss_delete_sec_context instead. ticket: 6908 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24917 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation: added usage example for krb5_tkt_creds family, ↵Zhanna Tsitkov2011-05-052-91/+160
| | | | | | removed "(unused)" string from the comments and other cleanup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24913 dc483132-0cff-0310-8789-dd5450dbe970
* API documentation: added a usage example for krb5_verify_init_creds function ↵Zhanna Tsitkov2011-05-031-0/+28
| | | | | | family git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24912 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate a redundant initialization in cm_init_selstate() inGreg Hudson2011-05-031-1/+0
| | | | | | sendto_kdc.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24911 dc483132-0cff-0310-8789-dd5450dbe970
* Updated API documentation with the comments mostly related to verify and ↵Zhanna Tsitkov2011-05-031-250/+172
| | | | | | convert routines git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24910 dc483132-0cff-0310-8789-dd5450dbe970
* modernize doc/Makefile somewhatTom Yu2011-05-021-2/+3
| | | | | | | | | | Modernize doc/Makefile somewhat so that it can run more usefully on modern non-Athena machines. ticket: 6906 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24909 dc483132-0cff-0310-8789-dd5450dbe970
* Add poll support to sendto_kdc.c so that it can work in processes withGreg Hudson2011-05-026-136/+276
| | | | | | | | | | large numbers of open files. Move krb5int_cm_call_select() to a separate file so that the poll support doesn't interfere with net-server.c's continuing use of select. ticket: 6905 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24908 dc483132-0cff-0310-8789-dd5450dbe970
* r24899 moved the declarations of krb5int_mk_chpw_req and relatedGreg Hudson2011-05-021-29/+0
| | | | | | | | | | functions from k5-int.h to int-proto.h. The removal of those declarations from k5-int.h was accidentally omitted from the commit; commit it now. ticket: 6893 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24907 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation of krb5_copy_ , krb5_free_ and krb5_kt_ functionsZhanna Tsitkov2011-05-011-191/+206
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24906 dc483132-0cff-0310-8789-dd5450dbe970
* Updated the documentation for API related to the credentials caches and ↵Zhanna Tsitkov2011-04-281-137/+140
| | | | | | their collections git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24905 dc483132-0cff-0310-8789-dd5450dbe970
* Properly release resources in krb5_copy_authenticator()Zhanna Tsitkov2011-04-281-3/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24904 dc483132-0cff-0310-8789-dd5450dbe970
* The MIT krb5 and Heimdal implementations ofGreg Hudson2011-04-271-23/+6
| | | | | | | | | | | | | gss_krb5_export_lucid_sec_context error on version arguments other than 1, so the version negotiation described in the function documentation would not be backward-compatible. Change the docs so that the caller can assume the returned structure is of the requested version, but the caller will be responsible for retrying with lower version numbers on error. (Unfortunately, Heimdal and MIT return different error codes, and MIT's is in a currently-unpublished header, so we can't document the error code for unknown versions.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24903 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_os_init_context compile again after r24901Greg Hudson2011-04-271-11/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24902 dc483132-0cff-0310-8789-dd5450dbe970
* Remove worthless call to krb5_cc_set_default_name in krb5_os_init_contextZhanna Tsitkov2011-04-271-3/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24901 dc483132-0cff-0310-8789-dd5450dbe970
* Correctly set the expiration field of impersonated credentials inGreg Hudson2011-04-251-1/+1
| | | | | | | | | kg_compose_deleg_cred(), so we can find them in the cache in init_sec_context. From aberry@likewise.com. ticket: 6902 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24900 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-07-04 18:39:08 +0000