| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Quick facts section:
- restructure the Supported platforms section;
- do not tie KfW to 1.11 release;
- move references to GSS-API extensions to Feature list table.
In Feature list section:
- reformat the table;
- move PRNG and Pre-auth mechanisms into their own tables;
- clarify GS2 feature description;
- reference rfc6680 for GSS-API naming extensions.
Lowercase the words in the title of the document.
ticket: 7455
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The trace messages in krb5int_clean_hostname were outputting the
entire contents of the output buffer (mostly uninitialized garbage)
into the trace log. Since these messages were essentially redundant
with messages in the callers, and were arguably at too low of a level
to begin with, simply remove them.
ticket: 7459 (new)
target_version: 1.11
tags: pullup
|
| | |
|
| | |
|
| |
|
|
|
|
| |
ticket: 7453 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
Avoid using asterix characters in the documentation for
krb5_unparse_ext_name, since they get intepreted as markdown
punctuation when translated to RST.
ticket: 7452 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7451 (new)
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify ldap_filter_correct() to quote special characters for DN
strings as well as filters, since it is already used to quote a DN
string in krb5_ldap_name_to_policydn() and there's no harm in
over-quoting. In krb5_ldap_put_principal(), quote the unparsed
principal name for use in DNs we choose. In
krb5_ldap_create_password_policy(), use the policy name for the CN of
the policy entry instead of the (possibly quoted) first element of the
DN.
Adapted from a patch by Jim Shi <hanmao_shi@apple.com>.
ticket: 7296
|
| |
|
|
|
|
|
|
|
| |
We must check that 'kinit -t keytab' and 'kinit -i' successfully
produce tickets, and have the specified warning output.
ticket: 7218
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously, we would happily accept -i or -t name and do nothing
with it, if -k was not given. If the user is passing -i or -t, they
clearly want to use a keytab, so do so (but print a warning).
While here, enforce that only one of -t and -i is given.
ticket: 7218
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
| |
An RFC number has been assigned for the Camellia draft. Add Doxygen
markup to the enctype and cksumtype constants pointing to the
informational RFC.
|
| |
|
|
| |
grep -q isn't as portable as we would like, so don't use it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new tests kdbtest.c and t_kdb.py. Together these exercise most of
the code in the LDAP back end. kdbtest is also run against the DB2
module, which is mostly redundant with other tests, but does exercise
the lockout logic a little more thoroughly than t_lockout.py can.
To test the LDAP back end, we look for slapd and ldapadd binaries in
the path. The system slapd is sometimes constrained by AppArmor or
the like, which we can typically work around by making a copy of the
binary. slapd detaches before listening on its server socket (this
got better in 2.4.27 but still isn't perfect), so we unfortunately
have to use a one-second sleep in the slapd setup.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Now that the Camellia enctypes are in the default lists for
permitted_enctypes, default_tkt_enctypes, and default_tgs_enctypes,
regenerate the man page to reflect that change.
ticket: 7446
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add camellia256-cts-cmas and camellia128-cts-cmac to the default
permitted_enctypes, default_tkt_enctypes, and default_tgs_enctypes
lists, to simplify deployment of Camellia. The new enctypes still
aren't on supported_enctypes, so won't be in the set of long-term keys
for principals without administrator intervention.
ticket: 7446 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We try to restrict non-ASCII to names.
Python does not accept U+2013 EN DASH as indicating a command-line
argument; U+2D HYPHEN-MINUS is required.
Replace U+201C LEFT DOUBLE QUOTATION MARK and U+201D RIGHT
DOUBLE QUOTATION MARK with ordinary ASCII quotes.
ticket: 7433
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We like these names better, and they match the PDF document filenames.
admins -> admin
appldev -> appdev
users -> user
and catch up where the names are used elsewhere.
The relay/ directory has been removed, with its contents moved to the
top level in build_this.rst and a new about.rst.
The section headers for kadmind, krb5kdc, sserver, kpasswd, kswitch,
and sclient are misdetected as conflict markers.
bigredbutton: whitespace
ticket: 7433
tags: pullup
|
| |
|
|
|
| |
ticket: 7433
tags: pullup
|
| |
|
|
|
|
|
|
| |
The full release string includes RELTAIL from patchlevel.h; it
is useful to know whether we are on a pre- or post-release branch.
ticket: 7433
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
| |
sphinx-build's latex output engine creates a subdirectory with
various latex files, and a Makefile. The generated Makefile assumes
gmake, which we do not. The logic needed in this makefile is rather
simple, so we just include it in src/doc/Makefile.in, even if we
do need a rather complicated shell expression to work in the subdirectory.
ticket: 7433
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
| |
We do not want one giant PDF document; we want separate PDFs for
our various components.
The features document cannot be included in the list because the
generated LaTeX for tables with empty cells does not compile.
ticket: 7433
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
Generate the NOTICE file using the main conf.py, by using a special
tag when invoking sphinx-build.
While here, add notice.txt to the list of files removed by make clean.
ticket: 7433
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Sphinx's idea of the version number appears in the man pages and
compiled PDF documents, and shows up as metadata in the generated
HTML sources.
Extract the version information from the master source (patchlevel.h)
into a form usable by Sphinx.
ticket: 7433
tags: pullup
|
| |
|
|
|
|
|
|
| |
We recently added documentation of the Camellia enctypes; rebuild
the in-tree man page to pick them up.
ticket: 7439
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
| |
The LDAP module doesn't support locking. There's code to ignore this
in load but not in dump. dump used to only lock for iprop dumps, but
now locks all the time after e65a16d898f3a686525e83661f4fd86c76e27bbf
(#7384), causing it to fail with LDAP.
ticket: 7445 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7439 (new)
target_version: 1.11
tags: pullup
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Remove the potentially misleading "experimental" annotation on the
description of the Camellia encryption feature. Also update the I-D
version to match the IESG-approved version.
ticket: 7437 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7436 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7431
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
| |
Avoid using "rst_composite" as the target name for building the
rst_composite directory, since we can't give it proper dependencies.
Instead use the target name "composite", which (like "html", "clean",
etc.) doesn't correspond to the name of a file or directory created by
the build rules.
|
| |
|
|
|
|
| |
ticket: 7429 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
| |
Release the cc_config_in and cc_config_out fields of a
krb5_init_creds_context when freeing the context.
ticket: 7428 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
Add an internal json function to make it easier to detect if an object
is empty, and use it to avoid creating a ccache config entry for
preauth module config data if there isn't any to save.
ticket: 7427 (new)
target_version: 1.11
tags: pullup
|
| | |
|
| |
|
|
| |
The fencepost error was illusory.
|
| |
|
|
|
|
|
|
| |
[ghudson@mit.edu: avoid verto.h header dependency; minor fixes]
ticket: 7426 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7425 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7424 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
| |
Move where we record the selected preauth type so that we never record
an informational preauth type, only a real one.
ticket: 7422 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
| |
ticket: 7421
|
| |
|
|
|
|
| |
ticket: 7420 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
For the responder callback signature, put the closure argument just
after the context, and use KRB5_CALLCONV. These changes make the
signature consistent with most other libkrb5 callbacks.
ticket: 7419 (new)
target_version: 1.11
tags: pullup
|
| | |
|
| |
|
|
|
| |
PA_PSEUDO only has meaning for kdcpreauth modules. Don't use it in
the flags method of the pkinit clpreauth module.
|
| |
|
|
|
|
|
|
|
|
| |
Some recently added test programs under lib/krb5 didn't have their
source files added to the appropriate Makefile.in variables, and
weren't getting dependencies as a result.
ticket: 7418 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
| |
* Avoid space-before-paren false positives on some function pointer
declarations by checking the identifier for simple type names.
* Check for space before close parenthesis.
* Check (carefully) for asymmetric spaces around binary operators.
* Handle nesting when checking for 2+ line flow control bodies.
* Check for asymmetric bracing around else statements.
|
| |
|
|
|
|
| |
ticket: 7417 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
* Save the vendor name of the token we used to create the challenge.
* If we saved the name of a token vendor previously, prune out any
tokeninfos which contain different vendor names.
ticket: 7416 (new)
target_version: 1.11
tags: pullup
|
