summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Display default values in usage messageKen Raeburn2011-07-011-4/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25008 dc483132-0cff-0310-8789-dd5450dbe970
* make dependEzra Peisach2011-07-0113-111/+98
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25007 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typo in preauth plugin krb5.conf docsGreg Hudson2011-06-291-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25001 dc483132-0cff-0310-8789-dd5450dbe970
* Get static linking working again, mostlyGreg Hudson2011-06-288-53/+57
| | | | | | | | | | | | | | | | | | | Static linking (#6510) broke when lockout support was added because the DB2 plugin became dependent on libkadm5srv_mit for XDR functions. Also, static linking was extensively broken in combination with LDAP support. Fix these problems. Afer these fixes, the test suite fails in the FAST tests because there's no static build support for dynamic preauth plugins, which means there's no encrypted challenge. (And unlike the pkinit tests, the test suite doesn't conditionalize on the presence of the encrypted challenge plugin, because we always build it.) This will fix itself if and when encrypted challenge becomes linked into the consumers, or static build support is added for preauth plugins. ticket: 6914 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24996 dc483132-0cff-0310-8789-dd5450dbe970
* Enable and fix warnings in util/gss-kernel-libGreg Hudson2011-06-277-18/+55
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24995 dc483132-0cff-0310-8789-dd5450dbe970
* Make kgss test processes run in lock-stepGreg Hudson2011-06-274-0/+42
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24994 dc483132-0cff-0310-8789-dd5450dbe970
* Add a missing call in t_kgss_user.cGreg Hudson2011-06-271-0/+1
| | | | | | | | | | The userland side of the gss kernel subset tests was missing a call to read_iov_token() at the end of the operation sequence. This mistake caused a race condition where the child could either exit successfully (if it finished send_iov_token() before the parent closed its end of the pipe) or could fail with an EPIPE error from write(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24993 dc483132-0cff-0310-8789-dd5450dbe970
* Document built-in modules for clpreauth/kdcpreauthGreg Hudson2011-06-261-8/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24991 dc483132-0cff-0310-8789-dd5450dbe970
* Make fewer db lookups in kadm5_create_principal_3Greg Hudson2011-06-241-19/+10
| | | | | | | | By creating the password history entry earlier in the function, we can avoid the need to look up the principal entry twice just to save a copy of the key data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24990 dc483132-0cff-0310-8789-dd5450dbe970
* Use zapfree in krb5_free_key_data_contents()Greg Hudson2011-06-241-6/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24989 dc483132-0cff-0310-8789-dd5450dbe970
* Don't destroy dst on error in krb5_cc_moveGreg Hudson2011-06-232-3/+1
| | | | | | | | Although destroying any partial contents of dst on error isn't a bad idea, invalidating the handle would be an incompatible change. So revert that part of r24754. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24988 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a minor memory leak in kadminGreg Hudson2011-06-231-10/+11
| | | | | | | | | kadmin_getprinc() was using the variable "canon" for two purposes. After r22785, canon wasn't freed between constructions, so the first value was leaked. Fix by using separate variables for separate strings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24987 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a minor memory leak in the pwqual loaderGreg Hudson2011-06-231-0/+1
| | | | | | | k5_pwqual_free_handles() wasn't freeing the container structure for each handle. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24986 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak introduced in r24969Greg Hudson2011-06-231-0/+1
| | | | | | | The new context field plugin_base_dir wasn't being freed on context deletion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24985 dc483132-0cff-0310-8789-dd5450dbe970
* Fix multiple libkdb_ldap memory leaksGreg Hudson2011-06-234-43/+40
| | | | | | | | | | | | | | | | | * krb5_ldap_policydn_to_name wasn't freeing rdn, and was using the wrong function to free dn, in the HAVE_LDAP_STR2DN CASE. * populate_krb5_db_entry wasn't freeing the tl_data generated from ber_tl_data. * populate_krb5_db_entry was using the wrong function to free a password policy when finding pw_max_life. * krb5_ldap_put_principal wasn't freeing ber_tl_data. * krb5_update_tl_kadm_data had a bad contract. Change the contract to be more like krb5_dbe_update_mod_princ_data and simplify its memory management. ticket: 6924 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24984 dc483132-0cff-0310-8789-dd5450dbe970
* Document clpreauth/kdcpreauth module configurationGreg Hudson2011-06-231-0/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24982 dc483132-0cff-0310-8789-dd5450dbe970
* Separate license and non-license comment in kpropdGreg Hudson2011-06-231-2/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24979 dc483132-0cff-0310-8789-dd5450dbe970
* Use AI_ADDRCONFIG for more efficient getaddrinfoGreg Hudson2011-06-239-6/+11
| | | | | | | | | | | | | | | Add AI_ADDRCONFIG to the hint flags for every invocation of getaddrinfo which wasn't already using it. This is often the default behavior when no hints are specified, but we tend to specify hints a lot, so we have to say it ourselves. AI_ADDRCONFIG causes AAAA lookups to be skipped if the system has no public IPv6 interface addresses, usually saving a couple of DNS queries per getaddrinfo call and allowing DNS caching to be much more effective without the need for negative caching. ticket: 6923 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24978 dc483132-0cff-0310-8789-dd5450dbe970
* Work around glibc getaddrinfo PTR lookupsGreg Hudson2011-06-231-8/+1
| | | | | | | | | | | | | | | | | | | In krb5_sname_to_principal(), we always do a forward canonicalization using getaddrinfo() with AI_CANONNAME set. Then, we do a reverse canonicalization with getnameinfo() if rdns isn't set to false in libdefaults. Current glibc (tested with eglibc 2.11.1) has the arguably buggy behavior of doing PTR lookups in getaddrinfo() to get the canonical name, if hints.ai_family is set to something other than AF_UNSPEC. This behavior defeats the ability to turn off rdns. Work around this behavior by using AF_UNSPEC in krb5_sname_to_principal() from the start, instead of starting with AF_INET and falling back. Specify AI_ADDRCONFIG to avoid AAAA lookups on hosts with no IPv6 addresses. ticket: 6922 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24977 dc483132-0cff-0310-8789-dd5450dbe970
* Use AI_ADDRCONFIG unconditionally in kpropdGreg Hudson2011-06-231-5/+1
| | | | | | | fake-addrinfo.h ensures that AI_ADDRCONFIG is defined, so we don't need #ifdef tests when we use it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24976 dc483132-0cff-0310-8789-dd5450dbe970
* Cosmetic fixes to preauth_plugin.h from Linus NordbergGreg Hudson2011-06-221-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24975 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the build and doxygen markupZhanna Tsitkov2011-06-221-6/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24974 dc483132-0cff-0310-8789-dd5450dbe970
* Formatting and editorial pass over krb5.hin doxygen markupGreg Hudson2011-06-221-2356/+2482
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24973 dc483132-0cff-0310-8789-dd5450dbe970
* Document that e_data can be used by KDB modules internallyGreg Hudson2011-06-201-0/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24972 dc483132-0cff-0310-8789-dd5450dbe970
* Convert preauth_plugin.h to new plugin frameworkGreg Hudson2011-06-1728-1333/+1224
| | | | | | | | | | | | | | | | | | | | | | | | The preauth plugin interface was introduced in 1.6 but was never made a public API. In preparation for making it public in 1.10, convert it to use the new plugin framework. This will require changes to any existing preauth plugins. A number of symbols were renamed for namespace cleanliness, and abstract types were introduced for module data and module per-request data for better type safety. On the consumer end (preauth2.c and kdc_preauth.c), this is a pretty rough conversion. Eventually we should create proper consumer APIs with module handles, and the flat lists of preauth types should hold pointers to module handles rather than copies of the vtables. The built-in preauth type handlers should then be converted to built-in module providers linked into the consumer code (as should encrypted challenge, since it has no external dependencies). None of this will impact the provider API for preauth plugins, so it can wait. ticket: 6921 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24970 dc483132-0cff-0310-8789-dd5450dbe970
* Add k5_plugin_register_dyn internal APIGreg Hudson2011-06-177-31/+91
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24969 dc483132-0cff-0310-8789-dd5450dbe970
* ANSIfy the remaining K&R functions in lib/gssapi/genericGreg Hudson2011-06-132-26/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24968 dc483132-0cff-0310-8789-dd5450dbe970
* Fix old-style GSSRPC authenticationGreg Hudson2011-06-131-3/+10
| | | | | | | | | | | | | | | r24147 (ticket #6746) made libgssrpc ignorant of the remote address of the kadmin socket, even when it's IPv4. This made old-style GSSAPI authentication fail because it uses the wrong channel bindings. Fix this problem by making clnttcp_create() get the remote address from the socket using getpeername() if the caller doesn't provide it and it's an IPv4 address. ticket: 6920 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24967 dc483132-0cff-0310-8789-dd5450dbe970
* Handle invalid intervals in lockout-related kadmin parametersGreg Hudson2011-06-101-8/+18
| | | | | | ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24966 dc483132-0cff-0310-8789-dd5450dbe970
* Set LC_MESSAGES to "C" in tests which run commandsGreg Hudson2011-06-103-0/+8
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24964 dc483132-0cff-0310-8789-dd5450dbe970
* Add setlocale() calls to main functionsGreg Hudson2011-06-1014-2/+14
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24963 dc483132-0cff-0310-8789-dd5450dbe970
* Generating mit-krb5 pot fileGreg Hudson2011-06-101-1/+7826
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24962 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-1094-1999/+2205
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Add localization support to com_errGreg Hudson2011-06-1012-18/+113
| | | | | | | | | | | | | | | | * Add compile_et arguments --textdomain and --localedir. * Store text domain and localedir at the end of error tables. * error_message() calls dgettext if the table has a text domain. * add_error_table() calls bindtextdomain if the table has a localedir. * Define N_() as no-op in generated source and mark up error messages. * When using system compile_et, test for --textdomain support. * Use --textdomain option when available. * Run xgettext over generated sources in compile_et rule. * Translate com_err results in krb5int_get_error() if com_err won't. ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24960 dc483132-0cff-0310-8789-dd5450dbe970
* Add localization infrastructureGreg Hudson2011-06-1011-9/+98
| | | | | | | | | Adds build system logic, translation macros in k5-platform.h, and bindtextdomain calls in libkrb5 initialization. ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24959 dc483132-0cff-0310-8789-dd5450dbe970
* Remove static error table list in built-in com_errGreg Hudson2011-06-052-69/+32
| | | | | | | | | | _et_list has been private to error_message.c since March 2004, and since nothing in that file ever added entries to it, it is always NULL. As it's not doing any good, get rid of it, and rename the dynamic error table list to "et_list", along with its type. Also remove some old lclint annotations. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24947 dc483132-0cff-0310-8789-dd5450dbe970
* Restore fallback non-referral TGS request to same realmGreg Hudson2011-06-031-12/+10
| | | | | | | | | | | | | | | MIT krb5 1.2 and earlier KDCs reject TGS requests if the canonicalize bit is set. Prior to 1.9, we used to handle this by making a non-referral fallback request on any error, but the rewrite in 1.9 mistakenly changed the behavior so that fallback requests are only made if the original request used the referral realm and the fallback realm is different from the default realm. Restore the old behavior. ticket: 6917 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24946 dc483132-0cff-0310-8789-dd5450dbe970
* Restore krb5_get_credentials caching for referral requestsGreg Hudson2011-05-261-0/+5
| | | | | | | | | | | | | | | The krb5_get_credentials() rewrite for IAKERB accidentally omitted the final step of restoring the requested realm in the output credentials. As a result, referral entries are not cached, and the caller sees the actual realm in (*out_creds)->server instead of the referral realm as before. Fix this in complete() by swapping ctx->req_server into ctx->reply_creds->server. ticket: 6916 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24945 dc483132-0cff-0310-8789-dd5450dbe970
* Don't assume principal components are C strings in klist -sGreg Hudson2011-05-251-5/+4
| | | | | | ticket: 6915 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24944 dc483132-0cff-0310-8789-dd5450dbe970
* Fix multiple tl-data updates over ipropGreg Hudson2011-05-221-35/+8
| | | | | | | | | | | | | krb5_dbe_update_tl_data() accepts a single read-only tl-data entry, but ulog_conv_2dbentry() expects it to process a full list. Fix ulog_conv_2dbentry() to call krb5_db2_update_tl_data() on each entry individually, simplifying its memory management in the process. ticket: 6913 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24937 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r5233 and mark get_age as deprecated in the DAL documentation.Greg Hudson2011-05-202-19/+6
| | | | | | | | We do not need to check reply retransmissions for staleness any more than TCP needs to. A genuinely new request will have a different nonce. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24936 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation for krb5_c_ and sensauth API.Zhanna Tsitkov2011-05-192-534/+328
| | | | | | Also, removed the second declaration of krb5_c_string_to_key_with_params() from string_to_key.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24935 dc483132-0cff-0310-8789-dd5450dbe970
* In mk_rd_cred if recv_subkey in the authentication context is NULL and the ↵Zhanna Tsitkov2011-05-161-23/+42
| | | | | | decryption with the session key fails, do not try to decrypt the message with the session key again. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24934 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation for krb5_rd_ APIZhanna Tsitkov2011-05-161-168/+161
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24933 dc483132-0cff-0310-8789-dd5450dbe970
* Document the lockout-related options in kadmin (modprinc -unlock andGreg Hudson2011-05-161-0/+21
| | | | | | | | | | addpol/modpol -maxfailure, -failurecountinterval, and -lockoutduration), in the man page and in admin.texinfo. Based on text submitted by shawn.emery@oracle.com. ticket: 6910 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24932 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin, try using get_date() for lockout-related duration inputs toGreg Hudson2011-05-161-6/+17
| | | | | | | | | | | modpol and addpol, but still allow bare numbers of seconds since that's what we took in 1.8 and 1.9. Use strdur() to display lockout-related durations in getpol. Reported by shawn.emery@oracle.com. ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24931 dc483132-0cff-0310-8789-dd5450dbe970
* Link t_kgss_kernel against libkrb5support since parts of libkgss useGreg Hudson2011-05-151-2/+3
| | | | | | | | zap(), which creates a dependency with non-gcc compilers. ticket: 6909 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24930 dc483132-0cff-0310-8789-dd5450dbe970
* Use hmac-md5 checksum for PA-FOR-USER padataGreg Hudson2011-05-141-8/+2
| | | | | | | | | | | | | | The MS-S4U documentation specifies that hmac-md5 be used for PA-FOR-USER checksums; we were using the mandatory checksum type for the key. Although some other checksum types appear to be allowed by Active Directory KDCs, Richard Silverman reports that md5-des is not one of them, causing S4U2Self requests to fail for DES keys. ticket: 6912 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24929 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation for PAC API. Moved PAC type definitions into krb5.hinZhanna Tsitkov2011-05-132-8/+106
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24928 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation for krb5_mk_ functionsZhanna Tsitkov2011-05-121-176/+190
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24927 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 22:36:03 +0000