summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove assertions for non-nullity of init_module and fini_module inGreg Hudson2010-07-031-3/+0
| | | | | | | | | kdb5.c for consistency with other uses of mandatory vtable functions. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24172 dc483132-0cff-0310-8789-dd5450dbe970
* Make the APIs for iterate, get_master_key_list, set_master_key_list,Greg Hudson2010-07-033-62/+24
| | | | | | | | | | and promote_db return KRB5_PLUGIN_OP_NOTSUPP if the KDB module does not implement them, avoiding the need for stub default implementations. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24171 dc483132-0cff-0310-8789-dd5450dbe970
* Use KRB5_PLUGIN_OP_NOTSUPP uniformly as the error code for operationsGreg Hudson2010-07-037-35/+33
| | | | | | | | | | not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
* Remove return value from void functionKen Raeburn2010-07-031-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24169 dc483132-0cff-0310-8789-dd5450dbe970
* Remove store_master_key from the DAL table, and implementGreg Hudson2010-07-026-52/+7
| | | | | | | | | krb5_store_master_key in terms of krb5_store_master_key_list. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24168 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_db_free_principal and krb5_db_free_mkey_list return void.Greg Hudson2010-07-027-25/+18
| | | | | | | | | Remove the stale prototype for krb5_db_free_master_key. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
* Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2010-07-0212-152/+22
| | | | | | | | | | | libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
* Remove db_ and similar prefixes from DAL function names, forGreg Hudson2010-07-0210-303/+279
| | | | | | | | | | consistency. Follow suit inside the DB2 and LDAP modules. (No change to the caller-facing libkdb5 APIs.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-0220-190/+145
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
* Remove setup_master_key_name from the DAL table as it was not usedGreg Hudson2010-07-023-8/+1
| | | | | | | ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24163 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the set_master_key and get_master_key DAL interfaces and theirGreg Hudson2010-07-0218-269/+24
| | | | | | | | | | | | corresponding libkdb5 APIs, as they were not productively used. In kdb5_ldap_util, stop using the realm data's mkey field as a container to communicate the master key to static helper functions, since the field no longer exists. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-up to r24157: return correctly from krb5_ldap_lib_init() ifGreg Hudson2010-07-021-0/+1
| | | | | | | | there is no version mismatch. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24161 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-on to r24157: pass KRB5_KDB_DAL_VERSION to krb5_ldap_lib_init()Greg Hudson2010-07-021-1/+1
| | | | | | | | in kdb5_ldap_util.c. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24160 dc483132-0cff-0310-8789-dd5450dbe970
* Remove errcode_2_string and release_errcode_string from the DAL table,Greg Hudson2010-07-026-141/+29
| | | | | | | | | | and stop using them in kdb5.c. Modules can simply set error messages in the krb5 context on error. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24159 dc483132-0cff-0310-8789-dd5450dbe970
* Remove db_supported_realms and db_free_supported_realms from the DALGreg Hudson2010-07-027-76/+1
| | | | | | | | | | table, and remove the corresponding libkdb5 interfaces (which don't seem to have been in the library export table). ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24158 dc483132-0cff-0310-8789-dd5450dbe970
* DAL improvementsGreg Hudson2010-07-027-8/+25
| | | | | | | | | | | | | | | | | | | Add KRB5_KDB_API_VERSION to allow callers to adjust to incompatible changes in libkdb; to be kept in sync with the libkdb major version, which is bumped to 5 in anticipation of other changes. Add KRB5_KDB_DAL_VERSION to allow database modules to detect when they are mismatched with the KDB version. Since KDB modules are often developed concurrently with trunk code, this is defined to be the date of the last incompatible DAL change. The DAL version is passed to the init_library DAL function; the module should check it against the value of KRB5_KDB_DAL_VERSION it was compiled with and return KRB5_KDB_DBTYPE_MISMATCH if it doesn't match. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24157 dc483132-0cff-0310-8789-dd5450dbe970
* In kpropd, when getting a wildcard address to listen on, try IPv6Greg Hudson2010-07-011-11/+32
| | | | | | | | | | | | | | | | | explicitly (with AI_ADDRCONFIG specified where available, to avoid IPv6 on hosts with no IPv6 interface) and then fall back to IPv4. Only set IPV6_V6ONLY on the listener socket if the resulting address is IPv6. Note: we have mostly confirmed that OpenBSD does not have dual-stack support, meaning that it would be better to open separate IPv4 and IPv6 listener sockets, as we do in krb5kdc and kadmind. Unfortunately, the complicated iprop retry-and-backoff logic makes this less than straightforward. ticket: 6686 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24156 dc483132-0cff-0310-8789-dd5450dbe970
* Factor out a common socket creation sequence in net-server.c, whichGreg Hudson2010-06-301-116/+67
| | | | | | happens to coincide with what setup_a_rpc_listener does. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24153 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate warnings in net-server.cGreg Hudson2010-06-301-8/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24152 dc483132-0cff-0310-8789-dd5450dbe970
* Improve coding style conformance in net-server.cGreg Hudson2010-06-301-131/+155
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24151 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a bug in r24147 where svctcp_create() was passing the wrong lengthGreg Hudson2010-06-261-1/+1
| | | | | | | | argument to bind(), causing it to fail on Solaris. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24148 dc483132-0cff-0310-8789-dd5450dbe970
* Make kadmin work over IPv6Greg Hudson2010-06-267-45/+147
| | | | | | | | | | | | | | | | | | | | | | | | Make gssrpc work over IPv6 TCP sockets provided that the client creates and connects/binds the sockets and doesn't query their addresses or use bindresvport(). Make kadmin work within those constraints and handle IPv6. Specific changes: * Make svctcp_create() able to extract the port from an IPv6 socket, using a new helper function getport(). * Make clnttcp_create() handle a null raddr value if *sockp is set. * Make kadm5_get_service_name() use getaddrinfo() to canonicalize the admin server name. * Make libkadm5clnt's init_any() responsible for connecting its socket using a new helper function connect_to_server(), which uses getaddrinfo instead of gethostbyname. Pass a null address to clnttcp_create(). * Make libapputil's net-server.c set up IPv6 as well as IPv4 listener ports for RPC connections. * Adjust the error code expected in a libkadm5 unit test. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24147 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust function names and declarations in libkadm5's client_init.c; inGreg Hudson2010-06-251-149/+95
| | | | | | | particular, avoid the use of library namespace prefixes for static helper functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24146 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify the iprop conditionalization of _kadm5_init_any()Greg Hudson2010-06-251-25/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24145 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some dead code in kdb5_stash() left behind by r24142Greg Hudson2010-06-221-9/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24144 dc483132-0cff-0310-8789-dd5450dbe970
* In kprop's sockaddr2krbaddr(), fill in addr.magic to avoid copyingGreg Hudson2010-06-221-0/+1
| | | | | | around uninitialized values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24143 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate a bunch of duplicated code in kdb5_stash() by usingGreg Hudson2010-06-211-41/+3
| | | | | | util_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24142 dc483132-0cff-0310-8789-dd5450dbe970
* kdb5_stash() contains its own kdb5_db_open() call (because it doesn'tGreg Hudson2010-06-211-1/+1
| | | | | | | | | | | | | use util_context for some reason), which didn't work with the LDAP back end because LDAP doesn't recognize KRB5_KDB_SRV_TYPE_OTHER. As a minimal fix, change that to KRB5_KDB_SRV_TYPE_ADMIN to be consistent with open_db_and_mkey()--see also r18736. ticket: 6345 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24141 dc483132-0cff-0310-8789-dd5450dbe970
* Make OFFLINE!=no work againTom Yu2010-06-211-6/+9
| | | | | | ticket: 6744 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24140 dc483132-0cff-0310-8789-dd5450dbe970
* Add correct error table when initializing gss-krb5Greg Hudson2010-06-211-1/+1
| | | | | | | | | | | | | | | gss_krb5int_lib_init was adding the generic GSS error table (again) instead of the krb5 error table, which could lead to crashes on library unload. This bug was introduced in krb5 1.7; the fix is also applicable there. Patch from Leonardo Chiquitto <leonardo.lists@gmail.com>. ticket: 6745 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24139 dc483132-0cff-0310-8789-dd5450dbe970
* only test t_locate_kdc if known-good DNS name is presentTom Yu2010-06-182-6/+25
| | | | | | | | | | | | | | | | Running "make check" while offline or on a firewalled network may result in failure in lib/krb5/os because the invocation of t_locate_kdc requires that the DNS servers for ATHENA.MIT.EDU be reachable. Autodetect DNS utilities "dig" and "nslookup", and use them to check for existence of the known-good DNS name. Also parameterize the test so that the known-good DNS name can be overridden on the make command line. ticket: 6744 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24138 dc483132-0cff-0310-8789-dd5450dbe970
* In PKINIT, notice if DH_compute_key() returns a value less than theGreg Hudson2010-06-141-2/+18
| | | | | | | | | | buffer size, and pad it on the left if so. ticket: 6738 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24137 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust the PKINIT DH debugging code:Greg Hudson2010-06-141-7/+8
| | | | | | | | | | * Use %p and void * for pointers instead of %x and int * Don't call the computed symmetric key the "secret key" since that's easily confused with the private key g^x. * Print the private key when printing DH parameters, instead of the q value (not even sure what they is). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24136 dc483132-0cff-0310-8789-dd5450dbe970
* Use getaddrinfo() in kprop and kpropd, and recognize IPv6 addressesGreg Hudson2010-06-115-162/+191
| | | | | | | | | | | | | when setting up krb5_address structures. kpropd still only binds to one socket to avoid the need for a select() loop, so we turn off IPV6_V6ONLY on that socket to ensure that IPv4 connections will still be accepted. Based on a patch from Michael Stapelberg <michael@stapelberg.de>. ticket: 6686 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24134 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the code for krb5_append_addresses(), which was never used andGreg Hudson2010-06-111-58/+0
| | | | | | was ifdef'd out fifteen years ago in r5464. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24133 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate actx_copy_addr in auth_con.c; use krb5_copy_addr insteadGreg Hudson2010-06-111-23/+6
| | | | | | (it's exactly the same). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24132 dc483132-0cff-0310-8789-dd5450dbe970
* In yarrow.c, undefine k5-trace.h's TRACE before defining it to avoid aGreg Hudson2010-06-101-0/+1
| | | | | | conflict. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24126 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unused (as of yet) trace macro definitionsGreg Hudson2010-06-101-10/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24125 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a couple of minor defects in trace.cGreg Hudson2010-06-101-3/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24124 dc483132-0cff-0310-8789-dd5450dbe970
* kadmin ktadd may display wrong name of default keytabGreg Hudson2010-06-082-4/+7
| | | | | | | | | | | | | | kadmin's ktadd (and ktrem) displays WRFILE:/etc/krb5.keytab whenever it uses the default keytab, even if the default has been overridden (e.g. by KRB5_KTNAME). Use krb5_kt_get_name to get the correct name of the default cache instead of displaying the string we think was used to open it. ticket: 6740 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24123 dc483132-0cff-0310-8789-dd5450dbe970
* When we display enctypes, display the input name rather than theGreg Hudson2010-06-086-9/+10
| | | | | | | | | description. Affects klist -e, kdb5_util list_mkeys, kdb5_util stash (error message), kadmin getprinc, kadmin ktadd, and ktutil list -e. ticket: 5014 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24122 dc483132-0cff-0310-8789-dd5450dbe970
* Stop checking the current time against the context expiration time inGreg Hudson2010-06-083-29/+3
| | | | | | | | | | | | | | | | the message wrap/unwrap functions in the krb5 GSS mech. Heimdal doesn't do it, and it generally results in poor app behavior when a ticket expires. In exchange, it doesn't provide much security benefit since it's not enforced across the board--for example, ssh sessions can persist beyond ticket expiration time since they don't use GSS to wrap payload data. (This is a continuation of r24120, which should have contained the changes to all four files.) ticket: 6739 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24121 dc483132-0cff-0310-8789-dd5450dbe970
* Stop checking the current time against the context expiration time inGreg Hudson2010-06-081-14/+0
| | | | | | | | | | | | | | | the message wrap/unwrap functions in the krb5 GSS mech. Heimdal doesn't do it, and it generally results in poor app behavior when a ticket expires. In exchange, it doesn't provide much security benefit since it's not enforced across the board--for example, ssh sessions can persist beyond ticket expiration time since they don't use GSS to wrap payload data. ticket: 6739 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24120 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-0754-1996/+2181
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Trace loggingGreg Hudson2010-06-0724-89/+965
| | | | | | | | | | | | | | | | Add trace logging infrastructure code, enabled by the KRB5_TRACE environment variable or the API functions krb5_set_trace_callback() or krb5_set_trace_filename(). As a start, add tracing events for: * AS-REQ client code, including FAST and preauth * TGS-REQ client code * AP-REQ and AP-REP code (client and server) * sendto_kdc * Selected ccache operations * Selected keytab operations ticket: 6737 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24118 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_enctype_to_name() APIGreg Hudson2010-06-044-3/+32
| | | | | | | | | | Add an API to return the input name, or optionally the shortest alias, of an enctype. Similar to krb5_enctype_to_string() which returns a description. ticket: 6736 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24117 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_cc_set_config, don't call krb5_cc_remove_cred; it's redundantGreg Hudson2010-05-281-4/+0
| | | | | | with the krb5_cc_remove_cred call in krb5_cc_store_cred. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24110 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-05-282-15/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24109 dc483132-0cff-0310-8789-dd5450dbe970
* From Luke: make copies of S4U2Proxy authdata modules work when thereGreg Hudson2010-05-281-1/+1
| | | | | | is no S4U2Proxy authdata. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24107 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the get_masters logic in locate_srv_conf_1 which was orphanedGreg Hudson2010-05-272-63/+11
| | | | | | by r15736 when we added the master_kdc profile variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24106 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-02 13:31:57 +0000