| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per project http://k5wiki.kerberos.org/wiki/Projects/Audit
The purpose of this project is to create an Audit infrastructure to monitor
security related events on the KDC.
The following events are targeted in the initial version:
- startup and shutdown of the KDC;
- AS_REQ and TGS_REQ exchanges. This includes client address and port, KDC
request and request ID, KDC reply, primary and derived ticket and their
ticket IDs, second ticket ID, cross-realm referral, was ticket renewed and
validated, local policy violation and protocol constraints, and KDC status
message.
Ticket ID is introduced to allow to link tickets to their initial TGT at any
stage of the Kerberos exchange. For the purpose of this project it is a private
to KDC ticket ID: each successfully created ticket is hashed and recorded
into audit log. The administrators can correlate the primary and derived
ticket IDs after the fact.
Request ID is a randomly generated alpha-numeric string. Using this ID an
administrator can easily correlate multiple audit events related to a single
request. It should be informative both in cases when the request is sent to
multiple KDCs, or to the same KDC multiple times.
For the purpose of testing and demo of the Audit, the JSON based modules are
implemented: "test" and "simple" audit modules respectively.
The file plugins/audit/j_dict.h is a dictionary used in this implememtations.
The new Audit system is build-time enabled and run-time pluggable.
[kaduk@mit.edu: remove potential KDC crashes, minor reordering]
ticket: 7712
target_version: 1.12
|
|
|
|
|
|
|
|
|
|
|
|
| |
We know when we're going to generate debug symbols, so only attempt
to install them when we know they should be present.
This eliminates the need to tell make to ignore errors from the shell
on these steps.
ticket: 7317
tags: pullup
target_version: 1.11.4
|
|
|
|
|
|
|
|
|
|
| |
Create a test module for the hostrealm interface, a harness to call
the realm mapping functions and display their results, and a Python
script to exercise the functionality of the interface and each module
(except the dns module, which we cannot easily test since it relies on
TXT records in the public DNS).
ticket: 7687
|
|
|
|
|
|
|
|
|
|
| |
This plugin implements the proposal for providing OTP support by
proxying requests to RADIUS. Details can be found inside the
provided documentation as well as on the project page.
http://k5wiki.kerberos.org/wiki/Projects/OTPOverRADIUS
ticket: 7678
|
|
|
|
|
|
|
|
|
|
| |
Create a test module for the pwqual interface, and script to exercise
the built-in and test modules through kadmin.local. Also create a
test harness to display the order of pwqual modules for the current
configuration, and use it to test the plugin module ordering
guarantees.
ticket: 7665
|
|
|
|
|
|
|
|
|
| |
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make
sure to use DEFINES for local defines (not DEFS). Remove some other
unnecessary makefile content.
|
|
|
|
|
|
|
|
| |
Create a test module, program, and script to exercise the
krb5_aname_to_localname and krb5_k5userok functions as well as the
localauth pluggable interface.
ticket: 7583
|
|
|
|
|
|
|
|
|
|
|
| |
Add seven data files for pkg-config, corresponding to the five modules
supported by krb5-config. For krb5 and krb5-gssapi, we also provide
mit- versions for callers desiring to distinguish between our
implementation and Heimdal's.
Based on a patch from Stef Walter <stefw@gnome.org>.
ticket: 7529 (new)
|
|
|
|
|
|
| |
In preparation for adding a bunch of pkg-config data files, move
krb5-config into a new source tree subdirectory containing tools we
provide as outputs to other build systems.
|
|
|
|
|
|
| |
The old man pages are gone, so we can't install them anymore.
Also clean up install and install-unix targets that were installing
the old man pages by hand.
|
|
|
|
|
|
|
| |
We generate man pages from RST sources now; they are checked into
the tree in src/man/.
The gen-manpages directory is no longer needed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It has been unloved and broken repeatedly for many years, requiring
updating of several variables whenever new directories are added
and similar tedia. It was originally intended to avoid the need
for Unix utilities on Windows, but Microsoft provides the Utilities
and SDK for UNIX-based Applications which is enough rope to do a
native build.
Leave behind a warning message to anyone who does try to build the
target.
Clean up some now-unused infrastructure in the build system.
ticket: 7367 (new)
|
|
|
|
|
|
| |
NT is long-gone; we don't need to keep a special-case error message
around telling people not to use it.
Clean out the unneeded code from the Makefile.in
|
|
|
|
|
|
|
| |
It's been a long time since systems were limited to 8.3 format
for file names. No one should be thinking to try and build this
target, and if they do, we don't need a custom error message anymore.
Clean out the unneeded code from the Makefile.in.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note that windows/wshelper/* was removed from the list, as it doesn't
exist.
The kerbsrc.zip target is slated for removal, but attempt to make it
more correct before removing it should it need to be revived.
Submitted by: Blaine Elzey blaine.elzey at alcatel-lucent.com
ticket: 7364 (new)
|
|
|
|
|
|
|
|
|
|
|
|
| |
When NODEBUG is defined and DEBUG_SYMBOL is not, no pdbs are generated.
This should not cause make install to fail.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7316 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: Squash commits, a couple of grammar fixes, and also turn
a few instances of "Leash" into "MIT Kerberos". Trim trailing whitespace
and other whitespace tweaks to pass the commit hooks.]
ticket: 7300 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
|
|
|
|
|
|
| |
ticket: 7230 (new)
target_version: 1.10.3
tags: pullup
|
|
|
|
|
|
|
|
|
| |
In src/doc/Makefile.in, create an "rsthtml" target for generating
release tarball/web site HTML docs in doc/rst_html. For now,
eliminate support for the bridge to the Doxygen HTML output; just
generate XML output with Doxygen and convert it to RST format.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25791 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce src/doc/Makefile.in, which will eventually subsume
doc/Makefile (but will still pull sources from doc). In the rstman
target there, create man pages with symbolic path references (like
@SBINDIR@). In man/Makefile.in, substitute the path references with
the configured paths before installing.
Man pages generated from RST source are now checked into the source
tree under the name filename.man. This lets us use a single implicit
.man.sub rule for the path substitutions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25786 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Install sphinx-generated manpages. Original nroff manpages remain for
reference until proofreading is complete. Modify
doc/rst_source/conf.py to better deal with shadow manpages -- sphinx
will now build k5login.5 instead of .k5login.5, and kadmin.1 instead
of both kadmin.1 and kadmin.local.8.
Proofreaders should ensure that the original nroff manpages (and
associated Makefile rules) are deleted once their reST format
equivalents have been proofread.
ticket: 7064
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7050
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25579 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7050
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25577 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7050
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25574 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7050
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25546 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25437 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Instead, use $(BUILDTOP)/plugins as the plugin base for tests. For
each real plugin module, create a link in the parent directory if
we're doing a shared-library build--so built KDB modules can be found
in plugins/kdb, preauth modules in plugins/preauth, etc..
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25436 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Allow "make testrealm CROSSNUM=N" to make N fully-connected realms for
cross-realm testing convenience.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25435 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25361 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Apply exclusions to "make reindent" as well, to fully exclude some
files from whitespace cleanups. Add fnmatch.c to exclusions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25345 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updates to leash Makefile.in to make it link on Windows 64
Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
leash link fixes: fix mfc library and fix path to wshelper
MFC100D.lib for mscv2010; util\wshelper instead of windows\wshelper
Add ver.rc for leash
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25339 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25335 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains allocator methods for use with mechanisms and mechglues for
allocations that must be made in one module but freed in another. On
windows, an allocation made in one module cannot safely be freed in
another using the usual c runtime malloc/free; runtime dll mismatch
will cause heap corruption in that case. But it is safe to instead
directly use HeapAlloc()/HeapFree() specifying the default process
heap. For now, this header is not public. If it becomes public
strncpy will need to be used instead of strlcpy.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25330 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Install mit2ms.exe, leashdll, kfwlogon, kswithc, export .libs.
Also some tabs/spaces fixup.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25280 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25277 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Moved wshelper from windows to util to fix build order dependencies.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25273 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25268 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25267 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
From: Alexey Melnikov <alexey.melnikov@isode.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25245 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Since it has no external dependencies, split up encrypted preauth into
clpreauth and kdcpreauth chunks and link them directly into the
consumers.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25227 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Windows
Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25204 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25139 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Also clean the built message catalogs in "make clean".
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25112 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25082 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Static linking (#6510) broke when lockout support was added because
the DB2 plugin became dependent on libkadm5srv_mit for XDR functions.
Also, static linking was extensively broken in combination with LDAP
support. Fix these problems.
Afer these fixes, the test suite fails in the FAST tests because
there's no static build support for dynamic preauth plugins, which
means there's no encrypted challenge. (And unlike the pkinit tests,
the test suite doesn't conditionalize on the presence of the encrypted
challenge plugin, because we always build it.) This will fix itself
if and when encrypted challenge becomes linked into the consumers, or
static build support is added for preauth plugins.
ticket: 6914
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24996 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Adds build system logic, translation macros in k5-platform.h, and
bindtextdomain calls in libkrb5 initialization.
ticket: 6918
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24959 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
recently added standards for copyright and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24694 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
enc_provider, for consistency with string-to-key and the place of
implementation (other enc_provider functions are implemented in the
back end, but random-to-key handlers are in krb). Use a single
handler for non-DES/DES3 enctypes since it's always just directly
copying the bits. Collapse the three implementations (des, des3, and
direct) into random_to_key.c, as they're very short, and eliminate the
lib/crypto/krb/rand2key directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24669 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24660 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24657 dc483132-0cff-0310-8789-dd5450dbe970
|