summaryrefslogtreecommitdiffstats
path: root/src/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* Mark and reindent the pkinit plugin code, except for the header filesGreg Hudson2009-11-258-4813/+4815
| | | | | | which are kind of difficult. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23354 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent plugins, except for pkinit, which needs a littleGreg Hudson2009-11-2465-11371/+11089
| | | | | | cleanup first. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23353 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-2233-369/+365
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* Constrained delegation without PAC supportGreg Hudson2009-11-147-19/+115
| | | | | | | | | | | Merge Luke's users/lhoward/s4u2proxy branch to trunk. Implements a Heimdal-compatible mechanism for allowing constrained delegation without back-end support for PACs. Back-end support exists in LDAP only (via a new krbAllowedToDelegateTo attribute), not DB2. ticket: 6580 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23160 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-3180-477/+454
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Bump the accessor version number since we made changes.Greg Hudson2009-10-281-2/+2
| | | | | | | | Take the opportunity to regularize accessor field names (no krb5 or krb5int prefixes). Fix a test program which was still using krb5_hmac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23081 dc483132-0cff-0310-8789-dd5450dbe970
* Add variable DB_VERSION to Makefile.in. Generate deps so thatEzra Peisach2009-10-282-0/+44
| | | | | | configure will work. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23075 dc483132-0cff-0310-8789-dd5450dbe970
* Heimdal DB bridge plugin for KDC back endGreg Hudson2009-10-2711-0/+3930
| | | | | | | | | Merge Luke's users/lhoward/heimmig branch to trunk. Implements a KDC back-end plugin which interfaces to a Heimdal HDB plugin. ticket: 6578 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23073 dc483132-0cff-0310-8789-dd5450dbe970
* not try to free random stack garbage on errorEzra Peisach2009-10-251-0/+2
| | | | | | kdc_return_preauth: Set enc.ciphertext.data to null to ensure we do git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23040 dc483132-0cff-0310-8789-dd5450dbe970
* Account lockoutGreg Hudson2009-10-2522-78/+1122
| | | | | | | | | | | | Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
* Increment authdata SPI to V2 (V1 was experimental) to account for additionalLuke Howard2009-10-211-1/+1
| | | | | | krbtgt key parameter. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22959 dc483132-0cff-0310-8789-dd5450dbe970
* For naming extensions draft compliance, s/mspac:/urn:mspac:/Luke Howard2009-10-201-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22957 dc483132-0cff-0310-8789-dd5450dbe970
* Move destest to builtin/des, because it depends on overriding someTom Yu2009-10-104-118/+131
| | | | | | | | internals. Make depend. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
* Implement GSS naming extensions and authdata verificationGreg Hudson2009-10-098-0/+660
| | | | | | | | | Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
* In anticipation of a new version of OpenSSL 1.0.0, support renamed API: ↵Zhanna Tsitkov2009-10-081-1/+5
| | | | | | EVP_PKEY_decrypt -> EVP_PKEY_decrypt_old git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22871 dc483132-0cff-0310-8789-dd5450dbe970
* Re-run make depend without autoconf.h in the source treeGreg Hudson2009-09-161-4/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
* Create DB headers before recursing for "make depend" inGreg Hudson2009-09-161-1/+1
| | | | | | | | plugins/kdb/db2/libdb2, to restore the r22486 functionality ("make depend" in an unbuilt source tree) after r22572 (predictable "make depend" output for DB headers). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22774 dc483132-0cff-0310-8789-dd5450dbe970
* Supply canonical name if present in LDAP iterationGreg Hudson2009-09-031-5/+6
| | | | | | | | | | | | | In the presence of aliases, LDAP iteration was supplying the first principal it found within the expected realm, which is not necessarily the same as the canonical name. If the entry has a canonical name field, use that in preference to any of the principal names. ticket: 6557 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22710 dc483132-0cff-0310-8789-dd5450dbe970
* Supply LDAP service principal aliases to non-referrals clientsGreg Hudson2009-09-031-1/+25
| | | | | | | | | | | | In the LDAP back end, return aliases when the CLIENT_REFERRALS_ONLY flag isn't set (abusing that flag to recognize a client name lookup). Based on a patch from Luke Howard. ticket: 6556 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22708 dc483132-0cff-0310-8789-dd5450dbe970
* Rename db2 header files db.h and db-config.h in the source tree, soKen Raeburn2009-08-218-135/+89
| | | | | | | | | | | | | | | | | that there will always be only one version of each name in the include path (namely, the copy made in the build tree, or the generated db.h if not using the in-tree one). This should fix some minor problems with different dependency lists generated on different systems. Sort and uniquify dependency header names before doing substitutions, as well as after. Look for the db2 headers listed in sorted order. Don't copy db-ndbm.h into the build tree; let libdb2 find it from the source tree only. Update dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22572 dc483132-0cff-0310-8789-dd5450dbe970
* Minor code cleanups in pkinit plugin, mostly around malloc/freeGreg Hudson2009-08-187-262/+166
| | | | | | invocations. No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22534 dc483132-0cff-0310-8789-dd5450dbe970
* Check for null characters in pkinit cert fieldsGreg Hudson2009-08-101-0/+7
| | | | | | | | | | | When processing DNS names or MS UPNs in pkinit certs, disallow embedded null characters. ticket: 6542 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22516 dc483132-0cff-0310-8789-dd5450dbe970
* Narrow the contract of pkinit_client_profile by passing in the realmGreg Hudson2009-08-101-13/+14
| | | | | | instead of the whole request. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22515 dc483132-0cff-0310-8789-dd5450dbe970
* In pkinit_clnt.c, make private functions static. There and inGreg Hudson2009-08-102-118/+10
| | | | | | | | | pkinit_srv.c, only declare static functions when necessary for forward references (as is consistent with the other pkinit sources). Remove the empty functions pkinit_init_client_profile and pkinit_fini_client_profile. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22514 dc483132-0cff-0310-8789-dd5450dbe970
* Convert all uses of strtok() in libraries to strtok_r() for threadGreg Hudson2009-08-101-5/+5
| | | | | | safety. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22513 dc483132-0cff-0310-8789-dd5450dbe970
* Remove pkinit_identity_process_option, which wasn't doing anythingGreg Hudson2009-08-102-84/+19
| | | | | | | | besides picking a subsidiary function based on the (constant) input argument. Remove the associated constants from pkinit.h as well. No functional change. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22512 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the LDAP build, which was broken by the build reordering inGreg Hudson2009-08-071-3/+8
| | | | | | | | r22406. Build kdb5_util's getdate from the kadmin/cli getdate source, instead of borrowing the object file from the kadmin/cli build directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22501 dc483132-0cff-0310-8789-dd5450dbe970
* In ldap_create.c, remove four incorrect uses of krb5_set_error_messageGreg Hudson2009-06-171-10/+3
| | | | | | which resulted in obscured and confusing error diagnostics. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22412 dc483132-0cff-0310-8789-dd5450dbe970
* Restore limited support for static linkingGreg Hudson2009-06-0810-10/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add enough static linking support to run the test suite without shared libraries, to facilitate gcov and other kinds of instrumentation. The necessary changes include: * Undo some of the changes which removed static linking support, and cannibalize the defunct krb5_force_static conditional block in aclocal.m4. * Add --enable-static-only configure option. * For plugins, use a different symbol name for static and dynamic builds, via a macro in k5plugin.h. * Add build machinery for building static libraries for plugins (somewhat grotty due to the difference in names). * Move plugin subdirs earlier in SUBDIRS in src/Makefile.in. * Make the in-tree KDB5 plugins dependencies of libkdb5 in a static build (aclocal.m4 has to know what they are). * In kdb5.c, cannibalize the broken _KDB5_STATIC_LINK support to allow "loading" of statically linked plugin libraries. Preauth, authdata, locate, and GSSAPI plugins are not handled by this change, as they are not currently necessary to the test suite. Supporting GSSAPI plugins may be a bit tricky but the others should be straightforward if they become needed. $(STLIBEXT) changes from .a-nobuild to .a in a normal shared build as a result of these changes (except on AIX where aclocal.m4 changes it). This does not seem to be important as we avoid selecting the static library for building via other means. ticket: 6510 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22406 dc483132-0cff-0310-8789-dd5450dbe970
* Fix minor bug in r21269 - wrong field nameKen Raeburn2009-05-301-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22395 dc483132-0cff-0310-8789-dd5450dbe970
* Temporarily disable FAST PKINIT for 1.7 releaseGreg Hudson2009-05-252-0/+35
| | | | | | | | | | | | | There are protocol issues and implementation defects surrounding the combination of FAST an PKINIT currently. To avoid impacting the 1.7 scheduled and to avoid creating interoperability problems later, disable the combination until the problems are resolved. ticket: 6501 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22381 dc483132-0cff-0310-8789-dd5450dbe970
* Uninitialized variable may cause unpredictable behavior in kdc_verify_preauthZhanna Tsitkov2009-04-301-238/+239
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22294 dc483132-0cff-0310-8789-dd5450dbe970
* Merge fast branch at 22166 onto trunkSam Hartman2009-04-031-2/+1
| | | | | | ticket: 6436 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22167 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2009-03-312-30/+25
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22150 dc483132-0cff-0310-8789-dd5450dbe970
* Implement FAST from draft-ietf-krb-wg-preauth-frameworkSam Hartman2009-03-315-0/+505
| | | | | | | | | | | | Merge fast branch at 22146 onto trunk Implement the kerberos pre-authentication framework FAST feature per Projects/FAST on the wiki. ticket: 6436 Target_Version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r21880 which included k5-int.h in several pkinit source files.Greg Hudson2009-03-244-3/+20
| | | | | | | | Instead, move the pkinit-specific KRB5_CONF macros to pkinit.h, and add duplicate definitions of the non-pkinit-specific macros used by the pkinit code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22113 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2009-03-166-110/+143
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22098 dc483132-0cff-0310-8789-dd5450dbe970
* Add LDAP back end support for canonical name attributeGreg Hudson2009-03-154-7/+78
| | | | | | | | | | | | | Add a krbCanonicalName attribute to the schema. When looking up a principal, if the canonical name is set and does not match the requested name, then return the entry only if canonicalization was requested, and use the entry's canonical name. ticket: 6420 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22090 dc483132-0cff-0310-8789-dd5450dbe970
* Several small fixes to enable the migrate mkey commands to work properly ↵Will Fiveash2009-03-101-45/+0
| | | | | | | | | with a LDAP KDB. See the ticket for more details ticket: 6405 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22073 dc483132-0cff-0310-8789-dd5450dbe970
* Rename kdb_setup_lib_handle to krb5_db_setup_lib_handle and export it.Greg Hudson2009-03-101-8/+6
| | | | | | | | | | | | | Make kdb5_ldap_util work again by calling this function to set up dal_handle instead of using one with an uninitialized lib_handle. It is likely that kdb5_ldap_util will only function given a krb5.conf which specifies a realm with an LDAP database module as the default realm. Not sure if that was the case before. ticket: 6403 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22071 dc483132-0cff-0310-8789-dd5450dbe970
* include omitted system header string.hKen Raeburn2009-02-051-0/+1
| | | | | | | | | | | Sun cc warns about some of the string functions being undeclared in several source files. So, include string.h there. ticket: 6365 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21889 dc483132-0cff-0310-8789-dd5450dbe970
* Include k5-int.h in several pkinit source files, in order to defineGreg Hudson2009-02-043-1/+3
| | | | | | the KRB5_CONFIG symbols now used by those files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21880 dc483132-0cff-0310-8789-dd5450dbe970
* Use macros for config parametersZhanna Tsitkov2009-02-045-34/+34
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21879 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-025-10/+10
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* export new functionsKen Raeburn2009-01-311-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21850 dc483132-0cff-0310-8789-dd5450dbe970
* recode as more straight-line code to simplify analysisKen Raeburn2009-01-311-5/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21848 dc483132-0cff-0310-8789-dd5450dbe970
* Master Key Migration ProjectWill Fiveash2009-01-3012-31/+206
| | | | | | | | | | | | | | | Commit for the Master Key Migration Project. http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration This commit provides the ability to add a new master key (with an enctype differing from the current master key) to the master key principal and stash file and then migrate the encryption of existing principals long term keys to use the new master key. In addition deletion of master keys is provided. ticket: 6354 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
* hash db2 code breaks if st_blksize > 64kKen Raeburn2009-01-231-0/+2
| | | | | | | | | | | | | | | | | | | | | The hash db code assumes in places that the block size is no larger than 64K. There's a range check in the case where you don't have a file but provide initialization info. The btree code will cap the block size used at 64K. Apparently Sun's ZFS can report back a block size of 128K, causing the db2 tests to fail. Add such a cap to the hash db creation code. Note that our default configuration is to use the btree code when creating a new database, so it's unlikely that this will cause real-world problems unless someone went out of their way to specify use of the hash format. ticket: 6342 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21786 dc483132-0cff-0310-8789-dd5450dbe970
* Add some output parameter initializations n order to eliminate someGreg Hudson2009-01-231-0/+3
| | | | | | spurious Coverity defects. (Far from a comprehensive pass.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21782 dc483132-0cff-0310-8789-dd5450dbe970
* Oops. Don't include openssl install paths from my local machine.Ken Raeburn2009-01-051-19/+3
| | | | | | | | Thanks to Ezra for noticing so quickly. ticket: 6315 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21706 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 20:33:19 +0000