summaryrefslogtreecommitdiffstats
path: root/src/slave
Commit message (Collapse)AuthorAgeFilesLines
* Policy extensions + new policy: allowed ks typesNicolas Williams2012-07-301-1/+1
| | | | | | | | | | | | | | | | | This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new)
* Allow using locales when gettext is absentBen Kaduk2012-07-063-0/+3
| | | | | | | | | | | Previously, if configure did not detect dgettext(), we disabled anything that smelled like localization, inadvertently including setlocale(). Now that we use setlocale(LC_ALL, ""), we have localized dates available as well as messages, so we should not disable calls to setlocale() any more. Since the routines from locale.h are only used in a relatively small number of places, just include the header directly in those files and remove it from k5-platform.h.
* Enable all localizations in main functionsBen Kaduk2012-07-063-3/+3
| | | | | | | | | | | | | | | Bite the bullet and pass LC_ALL to setlocale() instead of just LC_MESSAGES. Calls to setlocale() itself were introduced in fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but only for LC_MESSAGES since only localized strings were needed and that was the most conservative option. However, klist, kadmin, and kinit (and perhaps others) would benefit from localized formats for times (i.e., LC_TIME). If potentially localized data is being sent on the wire, that is a bug that should be fixed. No such bugs are found with the current test suite, so we are comfortable enabling LC_ALL at this time. ticket: 7192
* Suppress some gcc uninitialized variable warningsGreg Hudson2012-03-221-2/+3
| | | | | | | | ticket: 7107 gcc 4.6.2 reportedly finds some spurious maybe-uninitialized warnings. Suppress them. Patch from Eray Aslan with some adjustment. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25783 dc483132-0cff-0310-8789-dd5450dbe970
* Require IPv6 supportKen Raeburn2012-02-281-3/+1
| | | | | | | | | | | | | | The configure-time options to enable and disable IPv6 support have been deprecated for some time, but the checks for OS support were kept. This removes those checks, and unconditionally compiles in the IPv6 support. There was a configure-time test to see if the macro INET6 needed to be defined in order to enable (visibility of) OS support for IPv6, which was needed on an IRIX system we tested with. That check is retained, but the revised code is untested on IRIX. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25719 dc483132-0cff-0310-8789-dd5450dbe970
* install sphinx-generated manpagesTom Yu2012-01-091-1/+4
| | | | | | | | | | | | | | | | | Install sphinx-generated manpages. Original nroff manpages remain for reference until proofreading is complete. Modify doc/rst_source/conf.py to better deal with shadow manpages -- sphinx will now build k5login.5 instead of .k5login.5, and kadmin.1 instead of both kadmin.1 and kadmin.local.8. Proofreaders should ensure that the original nroff manpages (and associated Makefile rules) are deleted once their reST format equivalents have been proofread. ticket: 7064 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970
* Man page spelling corrections from ville.skytta@iki.fiGreg Hudson2011-10-021-1/+1
| | | | | | ticket: 6968 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25290 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-041-11/+11
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* make-dependKen Raeburn2011-08-201-25/+25
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25108 dc483132-0cff-0310-8789-dd5450dbe970
* Always include fake-addrinfo.h when using getaddrinfo and friendsKen Raeburn2011-07-012-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25011 dc483132-0cff-0310-8789-dd5450dbe970
* Separate license and non-license comment in kpropdGreg Hudson2011-06-231-2/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24979 dc483132-0cff-0310-8789-dd5450dbe970
* Use AI_ADDRCONFIG for more efficient getaddrinfoGreg Hudson2011-06-231-0/+1
| | | | | | | | | | | | | | | Add AI_ADDRCONFIG to the hint flags for every invocation of getaddrinfo which wasn't already using it. This is often the default behavior when no hints are specified, but we tend to specify hints a lot, so we have to say it ourselves. AI_ADDRCONFIG causes AAAA lookups to be skipped if the system has no public IPv6 interface addresses, usually saving a couple of DNS queries per getaddrinfo call and allowing DNS caching to be much more effective without the need for negative caching. ticket: 6923 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24978 dc483132-0cff-0310-8789-dd5450dbe970
* Use AI_ADDRCONFIG unconditionally in kpropdGreg Hudson2011-06-231-5/+1
| | | | | | | fake-addrinfo.h ensures that AI_ADDRCONFIG is defined, so we don't need #ifdef tests when we use it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24976 dc483132-0cff-0310-8789-dd5450dbe970
* Add setlocale() calls to main functionsGreg Hudson2011-06-103-1/+3
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24963 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-102-126/+120
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-095-16/+11
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-251-12/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]Tom Yu2011-02-091-4/+4
| | | | | | | | | | | When operating in standalone mode and not doing iprop, don't return from do_standalone() if the child exits with abnormal status. ticket: 6859 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24621 dc483132-0cff-0310-8789-dd5450dbe970
* Read KDC profile settings in kpropdGreg Hudson2010-11-161-1/+3
| | | | | | | | | | | kpropd can modify the KDB with ulog_replay(), so it should read the KDC profile settings in case the KDB configuration is in there. ticket: 6820 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24519 dc483132-0cff-0310-8789-dd5450dbe970
* Handle referral realm in kprop client principalGreg Hudson2010-11-161-3/+17
| | | | | | | | | | | | | | | kprop uses krb5_sname_to_principal() to determine its client principal. If the local hostname cannot be mapped to a realm based on the profile's domain_realm section, krb5_sname_to_principal() will (as of 1.6) return a principal with the referral realm (""), which does not work in a client principal. Handle this by substituting the default realm. ticket: 6819 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24518 dc483132-0cff-0310-8789-dd5450dbe970
* Fix adjustment of counterKen Raeburn2010-10-231-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24477 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-081-9/+20
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* In kpropd, when getting a wildcard address to listen on, try IPv6Greg Hudson2010-07-011-11/+32
| | | | | | | | | | | | | | | | | explicitly (with AI_ADDRCONFIG specified where available, to avoid IPv6 on hosts with no IPv6 interface) and then fall back to IPv4. Only set IPV6_V6ONLY on the listener socket if the resulting address is IPv6. Note: we have mostly confirmed that OpenBSD does not have dual-stack support, meaning that it would be better to open separate IPv4 and IPv6 listener sockets, as we do in krb5kdc and kadmind. Unfortunately, the complicated iprop retry-and-backoff logic makes this less than straightforward. ticket: 6686 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24156 dc483132-0cff-0310-8789-dd5450dbe970
* In kprop's sockaddr2krbaddr(), fill in addr.magic to avoid copyingGreg Hudson2010-06-221-0/+1
| | | | | | around uninitialized values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24143 dc483132-0cff-0310-8789-dd5450dbe970
* Use getaddrinfo() in kprop and kpropd, and recognize IPv6 addressesGreg Hudson2010-06-115-162/+191
| | | | | | | | | | | | | when setting up krb5_address structures. kpropd still only binds to one socket to avoid the need for a select() loop, so we turn off IPV6_V6ONLY on that socket to ensure that IPv4 connections will still be accepted. Based on a patch from Michael Stapelberg <michael@stapelberg.de>. ticket: 6686 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24134 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-071-14/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate some uses of variables as format strings. Based on a patchGreg Hudson2010-05-032-3/+3
| | | | | | | | from Guillaume Rousse <Guillaume.Rousse@inria.fr>. ticket: 6714 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23963 dc483132-0cff-0310-8789-dd5450dbe970
* Adapted patch from Jason Rogers. It wasn't complete, so this commitTom Yu2010-04-231-9/+28
| | | | | | | | | | | | | fixes the other instances of the 64-bit problem. Also fix krb5_deltat_to_str(), which would previously always return an empty string. ticket: 6698 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23928 dc483132-0cff-0310-8789-dd5450dbe970
* Use krb5_free_default_realm instead of free on the results ofEzra Peisach2009-12-311-2/+2
| | | | | | krb5_get_default_realm(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23555 dc483132-0cff-0310-8789-dd5450dbe970
* Fix spelling and hyphen errors in man pagesRuss Allbery2009-12-311-1/+1
| | | | | | | | | | | Fix spelling errors in man pages detected by Debian's Lintian program. Also escape some -'s that are intended to be literal ASCII dashes and not Unicode hyphens so that groff won't change them into true hyphens. ticket: 6616 component: krb5-doc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23554 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-222-46/+44
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* Reformat some open-paren issues. Remove kprop.c and kpropd.c fromTom Yu2009-11-062-1933/+1906
| | | | | | exclusions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23140 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyle; make reindentTom Yu2009-11-063-295/+298
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23136 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-313-70/+70
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Account lockoutGreg Hudson2009-10-252-13/+41
| | | | | | | | | | | | Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
* Move destest to builtin/des, because it depends on overriding someTom Yu2009-10-101-9/+11
| | | | | | | | internals. Make depend. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
* Implement s4u extensionsGreg Hudson2009-09-131-18/+26
| | | | | | | | | Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
* Modify kadm5 initializers to accept krb5 contextsGreg Hudson2009-08-171-2/+3
| | | | | | | | | | Add krb5_context parameters to all kadm5 initialization functions. This allows extended error information to be retrieved by the caller when an error is returned. ticket: 6547 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22527 dc483132-0cff-0310-8789-dd5450dbe970
* libkdb5 now depends on libgssrpc. So when linking kpropd, specifyGreg Hudson2009-06-081-2/+2
| | | | | | | | $(KDB5_LIB) before $(KADMCLNT_LIBS) to get the link order right. Unimportant for dynamic linking in most environments, but relevant for static linking. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22405 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-024-18/+18
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* move generated dependencies out of Makefile.inKen Raeburn2009-01-052-61/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Move automatically-generated dependencies into separate files in the source tree, and take the data out of Makefile.in. Keep the "make depend" rules for stripping out the dependencies from Makefile.in, in case some optional directories were missed, but everything that builds on my UNIX build has been converted. (Converting a directory just requires creating an empty "deps" file so that config.status can build the makefile, and then later running "make depend" in that directory to get the correct content for it.) Change configure scripts to incorporate the "deps" file when building each Makefile. This change requires the existence of a file "deps" in each source directory where we build a makefile, even if there are no sources for which to compute dependencies; a switch to GNU make would let us conditionalize that, but we can assess that later. Update dependencies for the generate Makefile itself to list the deps file. This will also require some minor tweaking of the Windows build, to make it incorporate the new deps file. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
* Change kpropd_com_err_proc to prototype style, add format attributeKen Raeburn2008-12-301-5/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21637 dc483132-0cff-0310-8789-dd5450dbe970
* If full resync fails, go into backoff modeKen Raeburn2008-12-301-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21636 dc483132-0cff-0310-8789-dd5450dbe970
* Handle a number of warnings - including missing prototype,Ezra Peisach2008-12-291-19/+8
| | | | | | | paraenthesis in conditionals, unused function removal, unused variable removal. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21621 dc483132-0cff-0310-8789-dd5450dbe970
* Some cleanup from Shawn Emery: Use INITIAL_TIMER macros instead ofKen Raeburn2008-12-221-1/+2
| | | | | | hardcoding values; reset 'gfd' when turning off the alarm. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21563 dc483132-0cff-0310-8789-dd5450dbe970
* Improvements from Shawn Emery: an extra-verbose modeKen Raeburn2008-12-221-12/+275
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21562 dc483132-0cff-0310-8789-dd5450dbe970
* Convert many uses of sprintf to snprintf or asprintfGreg Hudson2008-12-012-16/+14
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21258 dc483132-0cff-0310-8789-dd5450dbe970
* Shawn's fix for some iprop bugs, with some tweaksKen Raeburn2008-12-011-13/+100
| | | | | | | | | Adds an alarm while waiting for kprop connection or authentication in iprop mode; on timeout, close down the active file descriptor to force us to bail out and return to the iprop main loop (which may try a full resync again next time around). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21204 dc483132-0cff-0310-8789-dd5450dbe970
* fix tiny overrunKen Raeburn2008-11-241-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21183 dc483132-0cff-0310-8789-dd5450dbe970
* Log more info if ulog_replay fails. Correctly use supplied keytab nameKen Raeburn2008-11-171-5/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21131 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-11-16 00:07:06 +0000