summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Some related changes were already in, and I found a couple more to make:Ken Raeburn2006-12-223-13/+18
| | | | | | | | | | | | | | | | | | | | | | | * ldap_realm.c (ldap_filter_correct): Change string argument to char *. Delete length argument, which was always strlen of the string argument, and compute it locally, using size_t instead of (unsigned) int for length-related values. Update all calls. * ldap_realm.h (ldap_filter_correct): Updated declaration. * ldap_misc.c (remove_overlapping_subtrees): Add forward declaration. Make static. (is_principal_in_realm): Change local variable defrealmlen to size_t. (store_tl_data): Change local variable curr to point to unsigned char, since that's what the tl_data_contents array is declared as, and what the STORE16_INT macro is happier with. (krb5_ldap_get_reference_count): Make local variable i unsigned. ticket: 4453 target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19009 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): FixTom Yu2006-12-221-3/+4
| | | | | | | | ordering bug in previous patch. ticket: 5123 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19007 dc483132-0cff-0310-8789-dd5450dbe970
* don't split HTML output from makeinfoTom Yu2006-12-211-1/+1
| | | | | | | | | | | * doc/Makefile (HTML): To avoid generating excessively long filenames, don't split HTML output. ticket: new target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19002 dc483132-0cff-0310-8789-dd5450dbe970
* misc cleanups in admin guide ldap sectionsKen Raeburn2006-12-201-55/+98
| | | | | | | | | | | | | | | | | | | | There are a bunch of instances of incorrect punctuation, inconsistent use of @-commands with option names, typos in names of principal flags, and a couple spelling errors. I only fixed what I noticed; I haven't subjected the rest to careful review. Also, the long section names for eDirectory-specific documentation cause the tar files generated for snapshots (which include generated html docs) to reach the 100-character limit for file names in traditional tar format; GNU tar can create archives holding them, but older tar implementations cannot read the archives properly. So, several eDirectory-related section names have been shortened. ticket: new target: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19001 dc483132-0cff-0310-8789-dd5450dbe970
* Merge r18962 to trunk, with minor tweaks; ready to merge to 1.6 branchKen Raeburn2006-12-204-59/+52
| | | | | | | | | Changes fix up some sample names used, remove some options described from certain commands, and fix filling in man pages. ticket: 5116 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19000 dc483132-0cff-0310-8789-dd5450dbe970
* use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC in preauth2.cTom Yu2006-12-191-3/+3
| | | | | | | | | | | | * src/lib/krb5/krb/preauth2.c (krb5_do_preauth_tryagain): Use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18977 dc483132-0cff-0310-8789-dd5450dbe970
* don't pass null pointer to krb5_do_preauth_tryagain()Tom Yu2006-12-191-17/+24
| | | | | | | | | | | | | * src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): If the error isn't PREAUTH_NEEDED and preauth_to_use is null, return the error in err_reply, rather than attempting to pass a null pointer to krb5_do_preauth_tryagain(). ticket: new status: open target_version: 1.6 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18976 dc483132-0cff-0310-8789-dd5450dbe970
* ktfns.c (krb5_kt_get_entry): If the supplied server principal has an emptyKen Raeburn2006-12-191-1/+18
| | | | | | | | | realm name, replace it with the default realm, in a private copy. ticket: 5121 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18975 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_is_referral_realm now takes a pointer to const krb5_data, since it doesn'tKen Raeburn2006-12-192-2/+2
| | | | | | | | | modify it. ticket: 5121 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18974 dc483132-0cff-0310-8789-dd5450dbe970
* Use __extension__ if initializing by field name and using GCC in pre-C99 modeKen Raeburn2006-12-191-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18973 dc483132-0cff-0310-8789-dd5450dbe970
* (k5_mutex_lock_update_stats) [!DEBUG_THREADS_STATS && __GNUC__]: DeclareKen Raeburn2006-12-191-2/+3
| | | | | | | arguments with "unused" attribute. (k5_pthread_mutex_lock) [DEBUG_THREADS && __GNUC__]: Use __extension__. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18972 dc483132-0cff-0310-8789-dd5450dbe970
* export krb5_get_init_creds_opt_set_change_password_promptTom Yu2006-12-191-0/+1
| | | | | | ticket: 5090 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18970 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_rc_io_open_internal on error will call close(-1)Ezra Peisach2006-12-181-1/+3
| | | | | | | | | | | If there is an error in opening the replay cache - memory is freed, but close() is invoked with -1 (failure from open()). While technically, close() will return EBADF in such a case, and nothing bad will happen, valgrind picks up on this and provides an error... ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18961 dc483132-0cff-0310-8789-dd5450dbe970
* Inovke krb5_rc_close to shutdown cache - and check for memory leaksEzra Peisach2006-12-181-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18960 dc483132-0cff-0310-8789-dd5450dbe970
* Restore inadvertently deleted section. Minor editorial changesTom Yu2006-12-181-70/+127
| | | | | | ticket: 5027 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18957 dc483132-0cff-0310-8789-dd5450dbe970
* pull up r18933 to trunkTom Yu2006-12-181-55/+1158
| | | | | | | | | | | | | | | r18933@cathode-dark-space: rsavitha | 2006-12-08 04:37:01 -0500 ticket: new subject: admin guide changes for the LDAP backend Target_Version: 1.6 Tags: pullup Added LDAP backend related information to the admin guide ticket: 5027 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18956 dc483132-0cff-0310-8789-dd5450dbe970
* Add -clearpolicy to kadmin addprinc usageRuss Allbery2006-12-161-1/+1
| | | | | | | | | | | | | Add -clearpolicy to the usage message returned by kadmin when one types addprinc without any arguments. ticket: new Component: krb5-admin Version_Reported: 1.4.4 Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18955 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_init_creds_opt_set_change_password_promptJeffrey Altman2006-12-146-2/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | krb5_get_init_creds_opt_set_change_password_prompt is a new gic option that permits the prompter code to be skipped when the password has expired. This option is meant to be used by credential managers such as NetIDMgr and Kerberos.app that have their own built in password change dialogs. This patch adds the new function, exports it on Windows, and makes use of it within the Krb5 identity provider for NetIDMgr. The patch is written to ensure that no changes to the krb5_get_init_creds_opt structure are required and to ensure that the default behavior, prompting, is maintained. The export lists for UNIX and KFM must still be updated. The function prototype was committed as part of ticket 3642. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18954 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-12-131-17/+25
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18949 dc483132-0cff-0310-8789-dd5450dbe970
* Pull r18927 up to trunk, and tweak check for "history" principal nameKen Raeburn2006-12-131-165/+257
| | | | | | | | | | | to be a little more precise. Ready for pullup to 1.6 branch; make depend should be run. ticket: 5009 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18948 dc483132-0cff-0310-8789-dd5450dbe970
* set AUTOCONF_HEADERKen Raeburn2006-12-137-0/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18947 dc483132-0cff-0310-8789-dd5450dbe970
* pull r18926 up to trunk; ready for pullup to 1.6 branchKen Raeburn2006-12-132-6/+43
| | | | | | ticket: 5005 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18946 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-12-121-6/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18942 dc483132-0cff-0310-8789-dd5450dbe970
* a little more info on libpython loading issueKen Raeburn2006-12-121-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18941 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-12-124-52/+56
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18940 dc483132-0cff-0310-8789-dd5450dbe970
* Don't leak padata when looping for krb5_do_preauth_tryagain()Kevin Coffman2006-12-081-4/+4
| | | | | | | | | | | | | | * src/lib/krb5/krb/get_in_tkt.c: krb5_get_init_creds() Free any existing request.padata at the top of the loop calling krb5_do_preauth() and krb5_do_preauth_tryagain(). ticket: new component: krb5-libs Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18935 dc483132-0cff-0310-8789-dd5450dbe970
* build the trunk on Windows (again)Jeffrey Altman2006-12-085-15/+13
| | | | | | | | | | This revision corrects a number of missing or extraneous KRB5_CALLCONV symbols; exposes symbols for _WIN32; and avoids including headers that don't exist ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18932 dc483132-0cff-0310-8789-dd5450dbe970
* Undo revision 18930 which was not supposed to include thisJeffrey Altman2006-12-071-11/+1
| | | | | | | | file. ticket: 3642 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18931 dc483132-0cff-0310-8789-dd5450dbe970
* Modifications to support the generation and embedding Jeffrey Altman2006-12-0722-42/+91
| | | | | | | | | | | | of library manifests into generated EXEs and DLLs. Manifests are required for Windows XP and above when applications are built with Microsoft Visual Studio 2005 (aka VS8) or above. ticket: 3642 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18930 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_cc_remove should work for the CCAPIAlexandra Ellwood2006-12-056-111/+200
| | | | | | | | | | | | | | Implemented a working krb5_cc_remove for the CCAPI cache type. Added a private support function krb5_creds_compare() which checks if two krb5_creds are identical. This function should be needed by implementations of krb5_cc_remove for other ccache types. ticket: new owner: tlyu target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18923 dc483132-0cff-0310-8789-dd5450dbe970
* minor update to kdb5_util man page for LDAP pluginWill Fiveash2006-12-041-1/+8
| | | | | | | | | | I added some info to the kdb5_util man page regarding the LDAP plugin. ticket: new Target_Version: krb5-1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18919 dc483132-0cff-0310-8789-dd5450dbe970
* fix for kdb5_util load bug with dumps from a LDAP KDBWill Fiveash2006-12-041-7/+21
| | | | | | | | | | | | | I found a bug when I did a "kdb5_util load -update ldap-dump" where ldap-dump was a dump done from a LDAP based KDB. The issue is that this sort of dump contains principal_dn data which is not the case for a db2 KDB dump. ticket: new Target_Version: krb5-1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18918 dc483132-0cff-0310-8789-dd5450dbe970
* Make clean in lib/krb5/os does not clean test objsEzra Peisach2006-12-031-1/+1
| | | | | | | | | make clean failed to remove t_locate_kdc.o ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18915 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused prototype for krb5_find_config_filesEzra Peisach2006-12-031-2/+0
| | | | | | | | | The prototype for krb5_find_config_files() no longer is necessary as the function does not exist in the source tree anymore. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18914 dc483132-0cff-0310-8789-dd5450dbe970
* update for krb5-1.6-beta1Tom Yu2006-12-013-15/+102
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18904 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/ccache/cc_file.c: Adapted patch from RolandTom Yu2006-12-011-8/+24
| | | | | | | | | | | | Dowdeswell to avoid possible double-free conditions on certain errors. ticket: 4788 tags: pullup target_version: 1.6 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18897 dc483132-0cff-0310-8789-dd5450dbe970
* send a new request with the new padata returned by krb5_do_preauth_tryagain()Kevin Coffman2006-12-013-6/+5
| | | | | | | | | | | | | | | | | | | | | | Send another request containing the padata obtained from tryagain. * src/include/k5-int.h Update prototype * src/lib/krb5/krb/get_in_tkt.c Send pointer to the request.padata so krb5_do_preauth_tryagain() can update the request to be sent. * src/lib/krb5/krb/preauth2.c If a module returns modified padata, add it to the return_padata and return. ticket: new Component: krb5-libs Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18896 dc483132-0cff-0310-8789-dd5450dbe970
* Return edata from non-"PA_REQUIRED" preauth typesKevin Coffman2006-12-011-15/+47
| | | | | | | | | | | | | | | | | | * src/kdc/kdc_preauth.c (check_padata) Return e-data from any failing preauth module. Save the e-data and return value from the first failing module. If a subsequent module marked as PA_REQUIRED fails, return its e-data and error instead. * src/kdc/kdc_preauth.c (load_preauth_plugins) Quiet compiler warning by setting pointer to NULL. ticket: new Target_Version: 1.6 tags: pullup Component: krb5-kdc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18895 dc483132-0cff-0310-8789-dd5450dbe970
* bump minor versions due to API additionsTom Yu2006-12-012-2/+2
| | | | | | | ticket: 4689 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18894 dc483132-0cff-0310-8789-dd5450dbe970
* * src/kadmin/dbutil/dump.c (load_db): Open the dumpfile asTom Yu2006-12-011-1/+1
| | | | | | | | | read-only; we only get a shared lock, so no reason to open for writing for the sake of getting a lock. ticket: 3218 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18893 dc483132-0cff-0310-8789-dd5450dbe970
* * src/appl/telnet/libtelnet/kerberos5.c (kerberos5_send):Tom Yu2006-12-011-2/+4
| | | | | | | | | Conditionalize debugging printfs. ticket: 4941 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18892 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/vfy_increds.c (krb5_verify_init_creds): UseTom Yu2006-11-302-23/+5
| | | | | | | | | | | | | krb5_cc_new_unique(). * src/lib/gssapi/krb5/accept_sec_context.c: (rd_and_store_for_creds): Use krb5_cc_new_unique(). ticket: 4805 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18887 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/gc_via_tkt.c (check_reply_server): New functionTom Yu2006-11-301-20/+62
| | | | | | | | | | | | | | | to check server principal in reply. Ensures that the reply is self-consistent, allows rewrites if canonicalization is requested, and allows limited rewrites of TGS principals if canonicalization is not requested. (krb5_get_cred_via_tkt): Move server principal checks into check_reply_server(). ticket: 3322 target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18879 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/gc_frm_kdc.c: Also do style cleanup.Tom Yu2006-11-301-81/+124
| | | | | | | | | | | | | | | | | (krb5_get_cred_from_kdc_opt): If server principal was rewritten, fall back unless it was rewritten to a TGS principal. This fixes a bug when a MS AD rewrites the service principal into a single-component NETBIOS-style name. If we get a referral back to the immediately preceding realm, fall back to non-referral handling. This fixes the changepw failure. To prevent memory leaks, when falling back to non-referral handling, free any tgts previously obtained by the initial non-referral do_traversal() call. ticket: 4955 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18878 dc483132-0cff-0310-8789-dd5450dbe970
* Implemented CCAPI v3 specific ccache collection cursorJustin Anderson2006-11-293-3/+152
| | | | | | | | | | | | * src/lib/krb5/ccache/ccbase.c: Added CCAPI v3 entry to list of type cursors * src/lib/krb5/ccache/ccapi/stdcc.h: * src/lib/krb5/ccache/ccapi/stdcc.c: Implemented CCAPI v3 cursor functionality. ticket: 4739 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18877 dc483132-0cff-0310-8789-dd5450dbe970
* skip all modules in plugin if init function failsKevin Coffman2006-11-291-4/+16
| | | | | | | | | | | | | If the plugin initialization function fails, skip all modules in the plugin, not just the first. Also, print the error message from the plugin if supplied. ticket: new Target_Version: 1.6 Tags: pullup Component: krb5-kdc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18873 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_copy_data_contents shouldn't free memory it didn't allocateTom Yu2006-11-281-2/+0
| | | | | | | | | | | | * src/lib/krb5/krb/copy_data.c (krb5int_copy_data_contents): Don't free outdata on malloc failure; we didn't allocate outdata. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18865 dc483132-0cff-0310-8789-dd5450dbe970
* documentation updates for KFW 3.1Jeffrey Altman2006-11-2716-28/+152
| | | | | | | | | Documentation updates including new screen shots for KFW 3.1 ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18864 dc483132-0cff-0310-8789-dd5450dbe970
* KFW 3.1 commits for Final ReleaseJeffrey Altman2006-11-2214-62/+353
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | KfW 3.1 final (NetIDMgr 1.1.8.0) nidmgr32.dll (1.1.8.0) - When detecting IP address changes, wait for things to settle down before setting of the IP address change notification. krb5cred.dll (1.1.8.0) - Fixed the Kerberos 5 configuration dialog which didn't handle setting the default realm properly. Setting the default realm now sets the correct string in krb5.ini. - Changing the default realm now marks the relevant configuration node as dirty, and enabled the 'Apply' button. - Changing the 'renewable', 'forwardable' and 'addressless' checkboxes in the identity configuration panels now mark the relevant configuration nodes as dirty, and enables the 'Apply' button. - The location of the Kerberos 5 configuration file is now read-only in the Kerberos 5 configuration dialog. - Set the maximum number of characters for the edit controls in the configuration dialog. krb4cred.dll (1.1.8.0) - The location of the Kerberos 4 configuration files are now read-only in the Kerberos 4 configuration dialog. - Handles setting the ticket string. - Changing the ticket string now marks the relevant configuration node as dirty, and enables the 'Apply' button. - Fixed the plug-in initialization code to perform the initial ticket listing at the end of the initializaton process. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18863 dc483132-0cff-0310-8789-dd5450dbe970
* library fragments to front of lineSam Hartman2006-11-221-2/+2
| | | | | | | | | | * src/plugins/kdb/ldap/libkdb_ldap/Makefile.in: Fix fragments substitutions so the makefile works with autoconf 2.60 ticket: new target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18862 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 06:53:30 +0000