summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Rename doc subdirectoriesBen Kaduk2012-11-141-7/+8
| | | | | | | | | | | | | | | | | | | | We like these names better, and they match the PDF document filenames. admins -> admin appldev -> appdev users -> user and catch up where the names are used elsewhere. The relay/ directory has been removed, with its contents moved to the top level in build_this.rst and a new about.rst. The section headers for kadmind, krb5kdc, sserver, kpasswd, kswitch, and sclient are misdetected as conflict markers. bigredbutton: whitespace ticket: 7433 tags: pullup
* Make glue for building PDFsBen Kaduk2012-11-141-0/+26
| | | | | | | | | | | sphinx-build's latex output engine creates a subdirectory with various latex files, and a Makefile. The generated Makefile assumes gmake, which we do not. The logic needed in this makefile is rather simple, so we just include it in src/doc/Makefile.in, even if we do need a rather complicated shell expression to work in the subdirectory. ticket: 7433 tags: pullup
* Use main conf.py for NOTICETom Yu2012-11-141-15/+4
| | | | | | | | | | Generate the NOTICE file using the main conf.py, by using a special tag when invoking sphinx-build. While here, add notice.txt to the list of files removed by make clean. ticket: 7433 tags: pullup
* Generate and use version.py for SphinxTom Yu2012-11-143-4/+37
| | | | | | | | | | | | Sphinx's idea of the version number appears in the man pages and compiled PDF documents, and shows up as metadata in the generated HTML sources. Extract the version information from the master source (patchlevel.h) into a form usable by Sphinx. ticket: 7433 tags: pullup
* Regenerate kdc.conf.man to pick up CamelliaBen Kaduk2012-11-141-0/+18
| | | | | | | | We recently added documentation of the Camellia enctypes; rebuild the in-tree man page to pick them up. ticket: 7439 tags: pullup
* Make kdb5_util dump work with LDAP againGreg Hudson2012-11-121-1/+2
| | | | | | | | | | | The LDAP module doesn't support locking. There's code to ignore this in load but not in dump. dump used to only lock for iprop dumps, but now locks all the time after e65a16d898f3a686525e83661f4fd86c76e27bbf (#7384), causing it to fail with LDAP. ticket: 7445 (new) target_version: 1.11 tags: pullup
* Correctly document krb5_unparse_name_extGreg Hudson2012-10-251-7/+13
| | | | | | ticket: 7431 target_version: 1.11 tags: pullup
* Always rebuild rst_composite in src/docGreg Hudson2012-10-251-3/+3
| | | | | | | | Avoid using "rst_composite" as the target name for building the rst_composite directory, since we can't give it proper dependencies. Instead use the target name "composite", which (like "html", "clean", etc.) doesn't correspond to the name of a file or directory created by the build rules.
* Don't leak new fields of krb5_init_creds_contextGreg Hudson2012-10-241-0/+2
| | | | | | | | | Release the cc_config_in and cc_config_out fields of a krb5_init_creds_context when freeing the context. ticket: 7428 (new) target_version: 1.11 tags: pullup
* Don't save empty cc_config_out in ccacheGreg Hudson2012-10-244-1/+11
| | | | | | | | | | Add an internal json function to make it easier to detect if an object is empty, and use it to avoid creating a ccache config entry for preauth module config data if there isn't any to save. ticket: 7427 (new) target_version: 1.11 tags: pullup
* Quiet down two noisy test programsGreg Hudson2012-10-232-4/+0
|
* Revert last trace.c changeGreg Hudson2012-10-231-1/+1
| | | | The fencepost error was illusory.
* Add loop() kdcpreauth methodNathaniel McCallum2012-10-234-5/+34
| | | | | | | | [ghudson@mit.edu: avoid verto.h header dependency; minor fixes] ticket: 7426 (new) target_version: 1.11 tags: pullup
* Fix verto_ctx declaration in preauth_plugin.hGreg Hudson2012-10-231-1/+1
| | | | | | ticket: 7425 (new) target_version: 1.11 tags: pullup
* Only record real selected preauth typeGreg Hudson2012-10-231-3/+3
| | | | | | | | | Move where we record the selected preauth type so that we never record an informational preauth type, only a real one. ticket: 7422 (new) target_version: 1.11 tags: pullup
* Correct typo in krb5_rd_req documentationGreg Hudson2012-10-231-1/+1
| | | | ticket: 7421
* Print tilde characters as-is in trace outputGreg Hudson2012-10-231-1/+1
| | | | | | ticket: 7420 (new) target_version: 1.11 tags: pullup
* Alter responder function signature for consistencyGreg Hudson2012-10-232-5/+5
| | | | | | | | | | For the responder callback signature, put the closure argument just after the context, and use KRB5_CALLCONV. These changes make the signature consistent with most other libkrb5 callbacks. ticket: 7419 (new) target_version: 1.11 tags: pullup
* Don't use PA_PSEUDO in pkinit client codeGreg Hudson2012-10-221-1/+1
| | | | | PA_PSEUDO only has meaning for kdcpreauth modules. Don't use it in the flags method of the pkinit clpreauth module.
* Add dependencies for some test programsGreg Hudson2012-10-214-3/+77
| | | | | | | | | | Some recently added test programs under lib/krb5 didn't have their source files added to the appropriate Makefile.in variables, and weren't getting dependencies as a result. ticket: 7418 (new) target_version: 1.11 tags: pullup
* Improve C style checkingGreg Hudson2012-10-191-22/+34
| | | | | | | | | * Avoid space-before-paren false positives on some function pointer declarations by checking the identifier for simple type names. * Check for space before close parenthesis. * Check (carefully) for asymmetric spaces around binary operators. * Handle nesting when checking for 2+ line flow control bodies. * Check for asymmetric bracing around else statements.
* Don't expose binary format in preauth otpNathaniel McCallum2012-10-192-2/+2
| | | | | | ticket: 7417 (new) target_version: 1.11 tags: pullup
* Use config storage for client OTP token selectionNalin Dahyabhai2012-10-181-0/+90
| | | | | | | | | | * Save the vendor name of the token we used to create the challenge. * If we saved the name of a token vendor previously, prune out any tokeninfos which contain different vendor names. ticket: 7416 (new) target_version: 1.11 tags: pullup
* Fix sam2 client preauth after salt changesGreg Hudson2012-10-181-2/+3
| | | | | | | | | | Commit bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41 altered the internal contracts relating to salts, but neglected to adjust the sam2 preauth code to match. Do that now. ticket: 7415 (new) target_version: 1.11 tags: pullup
* Update versioning for krb5-1.12-prereleaseTom Yu2012-10-171-1/+1
| | | | | Now that krb5-1.11 is branched, the master branch is krb5-1.12-prerelease.
* make dependGreg Hudson2012-10-172-39/+41
|
* Regenerate mit-krb5.potGreg Hudson2012-10-171-1349/+1504
|
* Regen kswitch.1 from RST sourcesBen Kaduk2012-10-171-5/+5
| | | | To pick up the section/subsection correction for SYNOPSIS.
* Use config storage for client identity selectionNalin Dahyabhai2012-10-178-40/+403
| | | | | | | | * Keep track of the names of client identities when we load them. * Store the client identity we just used when we create or retry a client request. * If we read a client identity from the configuration, treat it like the KDC does: pick the "this is it, there is no other" logic branch.
* Add "pa_config_data" configuration to ccachesNalin Dahyabhai2012-10-176-48/+200
| | | | | | | | | | | * Read a "pa_config_data" item from an in_ccache, if provided, and add a callback which client preauth plugins can use to retrieve a string value from it that's keyed by a string. * Add a callback which client preauth plugins can use to provide string key/value pairs to be stored in the ccache. * Moves the definition of (struct krb5_clpreauth_rock_st) from k5-int.h to init_creds_ctx.h to try to reduce the number of files that will need to include k5-json.h to understand k5_json_value.
* Regen kinit.man from RST sourcesBen Kaduk2012-10-171-0/+14
| | | | To pick up the -I option.
* Make rules for missing man/catpagesBen Kaduk2012-10-171-0/+11
| | | | | | | Add the make rules to install the subfiles as man and cat pages, missed in the previous commit. Also correct the omission of catpages for the server binaries.
* Install missing man pagesBen Kaduk2012-10-171-4/+5
| | | | | Add kadm5.acl, sserver, and sclient to MANSUBS so that we will install them in the normal build process.
* Remove install-oldmanBen Kaduk2012-10-1720-72/+0
| | | | | | The old man pages are gone, so we can't install them anymore. Also clean up install and install-unix targets that were installing the old man pages by hand.
* Remove KRB5_DB_LOCKMODE_DONTBLOCK from kdb.hGreg Hudson2012-10-161-2/+0
| | | | It's wasn't used and wasn't implemented.
* Use blocking locks for policy DBGreg Hudson2012-10-161-19/+6
| | | | | | | In the db2 kdb module, use blocking locks for the policy DB as well as the principal DB. ticket: 7359
* Test in_ccache and pa_types functionalityNalin Dahyabhai2012-10-168-6/+416
| | | | | | | | | * Add a krb5int_build_conf_principals() function to allow our get/set code to directly prune out duplicate config entries. * Verify that when we specify a pa_type, it affects whether or not we will use a particular preauth plugin. * Verify that we correctly save the KDC's preauth type number, that we tried to answer, to the out_ccache.
* Add "pa_type" configuration to ccachesNalin Dahyabhai2012-10-164-0/+97
| | | | | | | | | | | | | | * When producing preauth data, keep track of the type of padata in the KDC's list of acceptable types which prompted the module to produce padata. * After obtaining credentials, store that value as a "pa_type" configuration item in the out_ccache. * Read that allowed preauth type from an in_ccache, if possible. * If we have an allowed preauth type, only call "real" modules that handle that value when filling in responder items and producing a client request. ticket: 7414 (new)
* Add an input ccache get_init_creds optionNalin Dahyabhai2012-10-166-26/+93
| | | | | | | | Add a krb5_get_init_creds_opt_set_in_ccache() function. An input ccache may hold configuration data which the client libraries can use to influence their decisions. ticket: 7413 (new)
* Regenerate man pagesBen Kaduk2012-10-1623-1054/+525
| | | | | | | Catch up to the RST content updates. Lots of .sp vertical space macros are removed, and the output engine spelles "restructuredText" correctly, now.
* Check in kadm5.acl.manBen Kaduk2012-10-161-0/+234
| | | | Somehow this man page was overlooked, previously.
* Remove nroff man pagesBen Kaduk2012-10-1636-6149/+2
| | | | | | | We generate man pages from RST sources now; they are checked into the tree in src/man/. The gen-manpages directory is no longer needed.
* More RST rename follow-upBen Kaduk2012-10-162-4/+4
| | | | | | Update conf.py for paths to man page sources and update make rules for building the man pages. Correct README files for the location of the sources.
* Avoid bit shifting in krb5.h constantsGreg Hudson2012-10-161-5/+5
| | | | | | Our traditional practice is to use hex integer literals for flag bits. Bit shifting can be dangerous because shifting into the sign bit is undefined. Convert existing bit shift expressions to hex literals.
* Handle concat OTP responder caseNathaniel McCallum2012-10-162-8/+20
|
* make dependTom Yu2012-10-155-57/+100
|
* Don't unparse principal names in process_tgs_req()Tom Yu2012-10-153-88/+104
|
* Refactor process_tgs_req() 2nd-ticket handlingTom Yu2012-10-151-95/+144
| | | | | Refactor some of the second-ticket handling and session key generation out of process_tgs_req().
* Clean up domain->realm referralsTom Yu2012-10-154-144/+91
| | | | | | | Clean up domain->realm referrals by breaking prep_reprocess_tgs_req() into smaller functions. Give the resulting functions more descriptive names. Also delete an unnecessary and almost exact copy of krb5_get_host_realm().
* Refactor process_tgs_req() service princ searchTom Yu2012-10-151-101/+91
| | | | | | The service principal database entry search logic in process_tgs_req() was excessively complex, containing questionable uses of "goto", along with deeply nested control flow. Refactor it into smaller functions.
generated by cgit (git 2.34.1) at 2025-09-17 13:12:34 +0000