| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Add an adapted version of extended_com_err_fn from kinit to klist and
use it. In do_ccache(), rely on the ccache type to set a reasonable
message if krb5_cc_set_flags() or krb5_cc_get_principal() fails due to
a nonexistent or unreadable ccache, and don't confuse the user with
the name of the ccache operation that failed.
ticket: 7809
|
| |
|
|
|
|
|
|
|
|
|
| |
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make
sure to use DEFINES for local defines (not DEFS). Remove some other
unnecessary makefile content.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add tests for non-anonymous PKINIT:
* FILE: with no password
* FILE: with a password
* DIR: with no password
* DIR: with a password
* PKCS12: with no password
* PKCS12: with a password
* PKCS11: with a password, if soft-pkcs11.so is found via ctypes
[ghudson@mit.edu: reformatted to 79 columns; removed intermediate
success() calls]
|
|
|
|
| |
[ghudson@mit.edu: reformatted to limit lines to 79 columns]
|
|
|
|
|
| |
Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.
In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.
ticket: 7385
|
|
|
|
|
|
|
|
|
| |
Fix kpropd -S -t to actually exit after processing one connection (it
was breaking out of the switch statement, not the while loop). Use
the -t when invoking kpropd from the dejagnu test framework;
previously it was unnecessary because kpropd -S -d exited after one
connection. Clear up some confusion in the kprop.exp comments about
whether kpropd is expected to exit.
|
|
|
|
|
|
|
|
|
|
| |
The Camellia enctypes and cksumtypes have received IANA assignments.
Add #defines using those assignments to krb5.h, remove the CAMELLIA
conditional, and enable testing code as appropriate.
The Camellia draft has not received an RFC number yet, so there is no
Doxygen markup for the enctype and cksumtype #defines. That can be
added once the RFC number is known.
|
|
|
|
|
|
|
| |
Both the Python and dejagnu iprop tests are slow since they use sleeps
to give kpropd time to do its work (although we can fix this with some
work). Since the Python tests cover the same ground as the dejagnu
tests, we don't need both.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dejagnu tests create some persistent acl files containing
hostname-derived principal names. These can get out of date if the
host has changed names since the last time the dejagnu tests were run,
causing failures (notably in iprop.exp). To avoid this problem,
change the dejagnu tests to always create new acl files for each test
run.
ticket: 7200 (new)
tags: pullup
target_version: 1.10.3
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bite the bullet and pass LC_ALL to setlocale() instead of just
LC_MESSAGES. Calls to setlocale() itself were introduced in
fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but
only for LC_MESSAGES since only localized strings were needed
and that was the most conservative option.
However, klist, kadmin, and kinit (and perhaps others) would benefit
from localized formats for times (i.e., LC_TIME). If potentially
localized data is being sent on the wire, that is a bug that should
be fixed. No such bugs are found with the current test suite, so we
are comfortable enabling LC_ALL at this time.
ticket: 7192
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default client keytab is intended to be used to automatically
acquire initial credentials for client applications. The current
hardcoded default is a placeholder, and will likely change before
1.11.
Add test framework settings to ensure that a system default client
keytab doesn't interfere with tests, and to allow tests to be written
to deliberately use the default client keytab.
Add documentation about keytabs to the concepts section of the RST
docs, and describe the default client keytab there.
ticket: 7188 (new)
|
|
|
|
|
|
|
|
|
| |
Instead, use $(BUILDTOP)/plugins as the plugin base for tests. For
each real plugin module, create a link in the parent directory if
we're doing a shared-library build--so built KDB modules can be found
in plugins/kdb, preauth modules in plugins/preauth, etc..
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25436 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
By making an entry for $hostname in [domain_realm], we can relax the
requirement that the canonicalized local hostname must have a parent
domain. This makes the test suite work more easily on Fedora.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25124 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The preauth plugin interface was introduced in 1.6 but was never made
a public API. In preparation for making it public in 1.10, convert it
to use the new plugin framework. This will require changes to any
existing preauth plugins.
A number of symbols were renamed for namespace cleanliness, and
abstract types were introduced for module data and module per-request
data for better type safety.
On the consumer end (preauth2.c and kdc_preauth.c), this is a pretty
rough conversion. Eventually we should create proper consumer APIs
with module handles, and the flat lists of preauth types should hold
pointers to module handles rather than copies of the vtables. The
built-in preauth type handlers should then be converted to built-in
module providers linked into the consumer code (as should encrypted
challenge, since it has no external dependencies). None of this will
impact the provider API for preauth plugins, so it can wait.
ticket: 6921
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24970 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 6918
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24964 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
verbiage in Makefile.in files. For correctness of output, every
Makefile.in mydir= definition is changed to use $(S) instead of /.
ticket: 6826
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not
compiled in by default since we don't have enctype assignments yet.
ticket: 6822
target_verion: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
(it would set up the user to run kpropd in the master environment
instead of the slave environment). Make it more useful.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24516 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24509 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a credentials cache is available, use it as an armor cache to enable FAST negotiation for kpasswd. This requires an attacker to attack both the user's long-term key for the old password as well as the ticket used for the armor cache in order to attack the password change. Depending on how the armor ticket is obtained, this may provide limited value. However, it provides users an easy option if they are concerned about their current password. Users can kinit with one principal to help protect changing the password of another principal.
* krb5_get_init_creds_opt_set_fast_ccache: new API to set fast ccache based on a krb5_ccache object rather than a resolvable string
* kpasswd: always open the current credential cache even if not needed
for determining the principal. If the cache has tickets, use it as
an armor cache.
* tests/dejagnu/krb-standalone/kadmin.exp: Arrange to test new code path
ticket: 6786
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24359 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
assignments for Camellia-CCM enctypes or cksumtypes yet, they are
disabled in a default build. They can be made available by defining
(via CPPFLAGS) local-use enctype numbers for the enctypes and
cksumtypes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24295 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
it in simple.exp in the dejagnu test suite instead of sleeping.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23936 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
the sentinel lines printed by krb5kdc and kadmind to detect when the
listening sockets are ready.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23935 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
use it in gssapi.exp in the dejagnu test suite instead of sleeping.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23934 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
common in networking code. Silences a Coverity defect.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23916 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
by ticket renewal. Add a test case.
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490
Thanks to Joel Johnson and Brian Almeida for the reports.
ticket: 6702
target_version: 1.8.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23912 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
running programs out of the build tree during python-based tests.
Also updates shilb.conf to set RUN_VARS to make it easier to generate
this sort of thing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23905 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23838 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
util/k5test.py: Fix incorrect variable used
tests/dejagnu/t_inetd.c: Flush stdout after outputting "Ready!"
tests/dejagnu/Makefile.in: Always compile t_inetd - even in runtest is not
present
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23773 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* localhostname from get_hostname was unused.
* database_name is no longer used except (misleadingly) in kdb5_util
output.
* admin_database_name and admin_database_lockfile are no longer used.
* default_domain is only used for v4->v5 principal conversion, which
isn't tested.
* libkadm5's init-v2.exp had a copy of get_hostname; domain and
localhostname from it were unused.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23759 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
* check_date was only used by the application tests.
* touch was never used.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23745 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* RLOGIN, RLOGIN_FLAGS, ROOT_PROMPT, ROOT_SHELL, check_k5login,
restore_kerberos_env, setup_root_shell, setup_root_shell_noremote,
setup_wrapper: No longer used now that the applications are in a
separate tree.
* v4_compatible_enctype: No longer used with krb4 support gone.
* tail1, krb_exit: Apparently never used.
* KERBEROS_SERVER: Added long ago in r5686 and removed shortly after
in r5695, but the test suite support for it never got excised.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23744 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
kinit, instead of hanging.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23661 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 6624
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23605 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement tests for anonymous pkinit. A certificate and private key
are checked in; these tests will stop working in 2023.
Note that r23602 needs to be pulled up before this ticket.
ticket: 6624
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23604 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
distinguished from kinit's.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23601 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Set allow_weak_crypto=false by default. Set default master key
enctype to sha256. Adjust test suite to compensate.
ticket: 6621
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Because a new principal is added to the database, the iprop test
expected output is updated.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23580 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
kdc_supported_enctypes does nothing. Remove all mention of it from
documentation and test suites.
ticket: 6620
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23578 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23569 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
pid file match pid of executable.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23566 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
fake install. Not yet tested, except to verify that it doesn't break
the existing test suite.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23532 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23394 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configure script:
$(SRCTOP) --> $(top_srcdir)
$(srcdir)/$(thisconfigdir) --> $(top_srcdir)
$(thisconfigdir) --> $(BUILDTOP)
$(myfulldir) --> $(mydir)
ticket: 6583
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove libpty, gssftp, telnet, and the bsd applications from the
source tree, build system, and tests.
Docs still need to be updated to remove mentions of the applications.
The build system should be simplified now that we're down to one
configure script and don't need some of the functionality currently in
aclocal.m4.
ticket: 6583
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23305 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
non-replicated attributes: last_success, last_failed and fail_auth_count.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23149 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|