summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* In k5_pwqual_load(), if the last vtable initializer fails, return 0Greg Hudson2010-09-041-0/+1
| | | | | | and not its exit value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24290 dc483132-0cff-0310-8789-dd5450dbe970
* Fix output argument ordering and handling in k5_pwqual_load()Greg Hudson2010-09-033-7/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24289 dc483132-0cff-0310-8789-dd5450dbe970
* Prevent a double free in k5_pwqual_load()Greg Hudson2010-09-031-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24288 dc483132-0cff-0310-8789-dd5450dbe970
* clean up memory leak and potential unused variable in crypto testsEzra Peisach2010-09-032-0/+5
| | | | | | | | | | t_prf.c: Ensure prfsz is set before use (not exercised in current tests) t_short.c: Fix memory leak ticket: 6769 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24287 dc483132-0cff-0310-8789-dd5450dbe970
* Properly search for MANDATORY-FOR-KDC authdata elements. Reported byGreg Hudson2010-09-021-1/+1
| | | | | | | | | | Mike Roszkowski. ticket: 6764 tags: pullup target_version: 1.8.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24286 dc483132-0cff-0310-8789-dd5450dbe970
* Password quality pluggable interfaceGreg Hudson2010-09-0119-367/+988
| | | | | | | | | | | Merge branches/plugins2 to trunk. Adds a password quality pluggable interface described in this project page: http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface ticket: 6765 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24284 dc483132-0cff-0310-8789-dd5450dbe970
* Make the new profile tcl tests work with tcl 8.3Greg Hudson2010-08-311-4/+4
| | | | | | ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24282 dc483132-0cff-0310-8789-dd5450dbe970
* Make relative plugin module paths be interpreted as relative toGreg Hudson2010-08-301-2/+35
| | | | | | | | LIBDIR/krb5/plugins. ticket: 6763 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24277 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a resource leak in the profile include supportGreg Hudson2010-08-291-5/+8
| | | | | | ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24274 dc483132-0cff-0310-8789-dd5450dbe970
* Add simple automated tests for account lockout supportGreg Hudson2010-08-292-0/+49
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24269 dc483132-0cff-0310-8789-dd5450dbe970
* Fix an account lockout error-handling regression by converting theGreg Hudson2010-08-291-11/+23
| | | | | | | result of krb5_db_check_policy_as/tgs from a krb5_error_code to a protocol error number. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24268 dc483132-0cff-0310-8789-dd5450dbe970
* Add plugin.o to T_ETYPES_OBJS because init_ctx.o needs it nowTom Yu2010-08-271-1/+1
| | | | | | ticket: 6763 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24264 dc483132-0cff-0310-8789-dd5450dbe970
* New plugin infrastructureGreg Hudson2010-08-278-0/+549
| | | | | | | | | Merge domain-independent plugin framework code from branches/plugins2, leaving out the password quality interface. ticket: 6763 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24263 dc483132-0cff-0310-8789-dd5450dbe970
* Add an expansion error table for libkrb5, since krb5_err.et is fullGreg Hudson2010-08-264-11/+55
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24258 dc483132-0cff-0310-8789-dd5450dbe970
* rd_req_decoded: clarify behavior in commentSam Hartman2010-08-251-1/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24257 dc483132-0cff-0310-8789-dd5450dbe970
* Revise the profile include design so that included files areGreg Hudson2010-08-253-16/+54
| | | | | | | | syntactically independent of parent files. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24256 dc483132-0cff-0310-8789-dd5450dbe970
* Correct a commentGreg Hudson2010-08-241-2/+2
| | | | | | ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24255 dc483132-0cff-0310-8789-dd5450dbe970
* In the LDAP KDB module's populate_krb5_db_entry, fix the checks forGreg Hudson2010-08-241-2/+2
| | | | | | | | | | the KDB_PRINC_EXPIRE_TIME_ATTR and KDB_PWD_EXPIRE_TIME_ATTR flags so that they properly succeed when the flags are set. Bug report from Rob Crittenden, patch from nalin@redhat.com. ticket: 6762 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24254 dc483132-0cff-0310-8789-dd5450dbe970
* add profile include supportGreg Hudson2010-08-244-14/+166
| | | | | | | | | | Add support for "include" and "includedir" directives in profile files. See http://k5wiki.kerberos.org/wiki/Projects/Profile_Includes for more details. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24253 dc483132-0cff-0310-8789-dd5450dbe970
* Fail properly when profile can't be accessedGreg Hudson2010-08-231-4/+9
| | | | | | | | | | | | | | | | Make profile_init() return EACCESS or EPERM if one of those errors was encountered when failing to open any of the specified profile files. This causes krb5_init_os_context() to fail properly when krb5.conf is unreadable, instead of treating that situation like a nonexistent krb5.conf. The library will continue to soldier on if one profile file is readable and another is not. This is deliberate as of r14116, whether or not it's a good idea. ticket: 6760 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24250 dc483132-0cff-0310-8789-dd5450dbe970
* Allow krb5_gss_register_acceptor_identity to unset keytab nameGreg Hudson2010-08-192-10/+8
| | | | | | | | | | | | | krb5_gss_register_acceptor_identity sets a mutex-locked global (not thread-specific) variable containing a keytab name. This change allows the variable to be unset by passing a null value. A more elegant long-term solution to the problem is Heimdal's gss_krb5_import_cred function. ticket: 6758 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24242 dc483132-0cff-0310-8789-dd5450dbe970
* Add GIC option for password/account expiration callbackGreg Hudson2010-08-128-24/+273
| | | | | | | | | | | | Add a new GIC option to specify a callback to receive password and account expiration times found in an AS reply. See also: http://k5wiki.kerberos.org/wiki/Projects/Password_expiration_API ticket: 6755 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24241 dc483132-0cff-0310-8789-dd5450dbe970
* In AS replies, set the key-expiration field to the minimum of accountGreg Hudson2010-08-121-1/+12
| | | | | | | | | and password expiration time as specified in RFC 4120. Reported by Mary Cushion <mary@eiger.demon.co.uk>. ticket: 2032 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24240 dc483132-0cff-0310-8789-dd5450dbe970
* Correct the documentation for the start_kadmind keyword in k5test.pyGreg Hudson2010-08-121-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24239 dc483132-0cff-0310-8789-dd5450dbe970
* Remove two unused source files in lib/gssapi/genericGreg Hudson2010-08-122-118/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24238 dc483132-0cff-0310-8789-dd5450dbe970
* Move the password expiry warning code out ofGreg Hudson2010-08-101-84/+92
| | | | | | krb5_get_init_creds_password() into a helper function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24237 dc483132-0cff-0310-8789-dd5450dbe970
* Use xdr_int32 instead of xdr_u_int in xdr_krb5_enctype(), sinceGreg Hudson2010-07-261-1/+1
| | | | | | | enctypes are signed 32-bit values. Wire representation does not change. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24211 dc483132-0cff-0310-8789-dd5450dbe970
* Fix XDR decoding of large values in xdr_u_intGreg Hudson2010-07-261-1/+1
| | | | | | | | | | | | | | | | | | | Our ancient RPC value internally decodes 32-bit wire values into a signed long, which is then casted to the appropriate type. xdr_u_int() contains a check intended to catch wire values that don't fit into a u_int on platforms with 16-ints, but on platforms with 64-bit longs it was failing on values of 2^31 or larger because the sign-extended value appeared larger than UINT_MAX. Fix the check by casting the value to uint32_t before comparing. This bug, in combination with a poor choice of types in kadm_rpc_xdr.c's xdr_krb5_enctype(), prevented negative enctype values from being transported properly in kadmin's change_password command result. ticket: 6753 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24210 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24200: fix kdb5_ldap_util call site ofGreg Hudson2010-07-211-1/+1
| | | | | | | | krb5_ldap_lib_init. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24201 dc483132-0cff-0310-8789-dd5450dbe970
* Revert the part of r24157 which added the dal_version argument to theGreg Hudson2010-07-217-20/+19
| | | | | | | | | | | init_library interface. Instead use the already existing maj_ver field of the DAL vtable to detect incompatibilities. Since maj_ver is a short int, use an incrementing number instead of a date for the major version. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24200 dc483132-0cff-0310-8789-dd5450dbe970
* Get the kdb_hdb module to compile again. Probably still buggy,Greg Hudson2010-07-204-293/+161
| | | | | | | | particularly around the master key logic. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24193 dc483132-0cff-0310-8789-dd5450dbe970
* In kdb5_util's kdb5_ldap_create(), add back the assignment ofGreg Hudson2010-07-191-0/+1
| | | | | | | | rblock.key which was erroneously removed in r24162. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24192 dc483132-0cff-0310-8789-dd5450dbe970
* Allow Microsoft HMAC-MD5 checksum types to use non-RC4 keysGreg Hudson2010-07-192-4/+6
| | | | | | | | | | | | | | | | | | In PAC signatures, the hmac-md5 checksum type can be used with AES keys. Make this work by removing the enc field from the hmac-md5 and md5-hmac checksum types, and adding a check in krb5int_hmacmd5_checksum() for a null key or a key which is longer than the hash block size (64 bytes for MD5). The checksum algorithm only uses the key bits; it does invoke the cipher. The checksum type names are kind of wrong, but we'll leave them alone for compatibility. The descriptions are updated. ticket: 6751 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24191 dc483132-0cff-0310-8789-dd5450dbe970
* In the DAL documentation, describe how a module can supply referralGreg Hudson2010-07-191-1/+4
| | | | | | encrypted padata. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24190 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_allowed_to_delegate to the DAL with a corresponding libkdb5Greg Hudson2010-07-1514-236/+72
| | | | | | | | | API, replacing the last method (CHECK_ALLOWED_TO_DELEGATE) of db_invoke. Remove db_invoke since it no longer has any methods. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24189 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24182: Fix a comment referencing the db_invokeGreg Hudson2010-07-151-4/+2
| | | | | | | | | SIGN_DB_AUTHDATA method. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24188 dc483132-0cff-0310-8789-dd5450dbe970
* Add refresh_config to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-156-9/+25
| | | | | | | | | replacing the REFRESH_POLICY method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24185: make audit_as_req return void, since it's anGreg Hudson2010-07-138-33/+24
| | | | | | | | | | informational method and we're not going to do anything with the result. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
* Add audit_as_req to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-1313-103/+77
| | | | | | | | | | | | replacing the AUDIT_AS_REQ method of db_invoke. Remove the AUDIT_TGS_REQ method of db_invoke without adding a replacement, as there was no KDC support for it. (It can be added at a later time if necessary.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_policy_as and check_policy_tgs to the DAL table withGreg Hudson2010-07-1314-174/+156
| | | | | | | | | | corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and CHECK_POLICY_TGS methods of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_transited_realms to the DAL table with a correspondingGreg Hudson2010-07-126-40/+40
| | | | | | | | | libkdb5 API, replacing the CHECK_TRANSITED_REALMS method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24183 dc483132-0cff-0310-8789-dd5450dbe970
* Add sign_authdata to the DAL table with a corresponding libkdb5 API,Greg Hudson2010-07-128-116/+111
| | | | | | | | | replacing the SIGN_AUTH_DATA method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24180: make sure osa_adb_get_policy sets its outputGreg Hudson2010-07-091-0/+1
| | | | | | parameter in all cases, per coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24181 dc483132-0cff-0310-8789-dd5450dbe970
* Improve output variable handling of osa_adb_get_policy() in the db2Greg Hudson2010-07-091-19/+20
| | | | | | KDB module, and close some unlikely memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24180 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in libkadm5clnt's get_init_creds()Greg Hudson2010-07-081-4/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24179 dc483132-0cff-0310-8789-dd5450dbe970
* Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modulesGreg Hudson2010-07-085-36/+20
| | | | | | | | | | | should return in-realm aliases. Set it where appropriate, and use it in the LDAP module instead of intuiting the result based on other flags. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
* Add a missing break in the parsing of krb5kdc's -P option. ReportedGreg Hudson2010-07-071-0/+1
| | | | | | | | | | by nalin@redhat.com. ticket: 6750 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24176 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-0645-2504/+1908
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-on to r24168: in kdb5_ldap_util, indirect throughGreg Hudson2010-07-041-5/+5
| | | | | | | | | | krb5_db_store_master_key instead of using the (now removed) default implementation directly. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24174 dc483132-0cff-0310-8789-dd5450dbe970
* In kdb5.c, simplify the code for getting the profile config sectionGreg Hudson2010-07-031-93/+54
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24173 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-02 07:28:20 +0000