summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Test in_ccache and pa_types functionalityNalin Dahyabhai2012-10-168-6/+416
| | | | | | | | | * Add a krb5int_build_conf_principals() function to allow our get/set code to directly prune out duplicate config entries. * Verify that when we specify a pa_type, it affects whether or not we will use a particular preauth plugin. * Verify that we correctly save the KDC's preauth type number, that we tried to answer, to the out_ccache.
* Add "pa_type" configuration to ccachesNalin Dahyabhai2012-10-164-0/+97
| | | | | | | | | | | | | | * When producing preauth data, keep track of the type of padata in the KDC's list of acceptable types which prompted the module to produce padata. * After obtaining credentials, store that value as a "pa_type" configuration item in the out_ccache. * Read that allowed preauth type from an in_ccache, if possible. * If we have an allowed preauth type, only call "real" modules that handle that value when filling in responder items and producing a client request. ticket: 7414 (new)
* Add an input ccache get_init_creds optionNalin Dahyabhai2012-10-167-26/+94
| | | | | | | | Add a krb5_get_init_creds_opt_set_in_ccache() function. An input ccache may hold configuration data which the client libraries can use to influence their decisions. ticket: 7413 (new)
* Regenerate man pagesBen Kaduk2012-10-1623-1054/+525
| | | | | | | Catch up to the RST content updates. Lots of .sp vertical space macros are removed, and the output engine spelles "restructuredText" correctly, now.
* Check in kadm5.acl.manBen Kaduk2012-10-161-0/+234
| | | | Somehow this man page was overlooked, previously.
* Remove nroff man pagesBen Kaduk2012-10-1637-6150/+2
| | | | | | | We generate man pages from RST sources now; they are checked into the tree in src/man/. The gen-manpages directory is no longer needed.
* More RST rename follow-upBen Kaduk2012-10-165-32/+32
| | | | | | Update conf.py for paths to man page sources and update make rules for building the man pages. Correct README files for the location of the sources.
* Avoid bit shifting in krb5.h constantsGreg Hudson2012-10-161-5/+5
| | | | | | Our traditional practice is to use hex integer literals for flag bits. Bit shifting can be dangerous because shifting into the sign bit is undefined. Convert existing bit shift expressions to hex literals.
* Better doc the accepted values for kdc_timesyncZhanna Tsitkov2012-10-161-1/+1
|
* Modify MIT Kerberos Features documentZhanna Tsitkov2012-10-161-3/+4
|
* Handle concat OTP responder caseNathaniel McCallum2012-10-162-8/+20
|
* make dependTom Yu2012-10-155-57/+100
|
* Don't unparse principal names in process_tgs_req()Tom Yu2012-10-153-88/+104
|
* Refactor process_tgs_req() 2nd-ticket handlingTom Yu2012-10-151-95/+144
| | | | | Refactor some of the second-ticket handling and session key generation out of process_tgs_req().
* Clean up domain->realm referralsTom Yu2012-10-154-144/+91
| | | | | | | Clean up domain->realm referrals by breaking prep_reprocess_tgs_req() into smaller functions. Give the resulting functions more descriptive names. Also delete an unnecessary and almost exact copy of krb5_get_host_realm().
* Refactor process_tgs_req() service princ searchTom Yu2012-10-151-101/+91
| | | | | | The service principal database entry search logic in process_tgs_req() was excessively complex, containing questionable uses of "goto", along with deeply nested control flow. Refactor it into smaller functions.
* Move validate_tgs_request() to a separate fileTom Yu2012-10-154-334/+394
|
* Refactor validate_tgs_request()Tom Yu2012-10-151-199/+257
| | | | | | | Break validate_tgs_request() into smaller functions. Collect related checks into helper functions. As a result, some invalid requests with multiple problems can produce different error messages. This is probably not a problem for most situations.
* Move add_to_transited to a separate fileTom Yu2012-10-153-385/+420
| | | | | | | add_to_transited() is fairly large, and also fairly independent of the other contents of kdc_util.c. Move it into kdc_transit.c. Also simplifies the building of rtest by removing dependencies that kdc_util.c previously needed to satisfy undefined symbols.
* Move KDC PRNG reseed logic to a helper functionTom Yu2012-10-151-20/+29
|
* Eliminate some KDC globalsTom Yu2012-10-1515-327/+489
| | | | | | Make kdc_active_realm a local variable in every function that needs it. Pass it around in various state structures as needed. Keep the macros that reference its members remain for now.
* Don't use kdc_active_realm in kdc/rtest.cTom Yu2012-10-151-11/+9
| | | | | | | Too many parts of the KDC rely on the global variable kdc_active_realm. rtest.c doesn't actually need any of the KDC-specific information that's avaiable through kdc_active_realm, so delete references to it.
* Enforce TGS principals having 2 componentsTom Yu2012-10-151-9/+13
| | | | | | | RFC 4120 section 7.3 says that TGS principal names have two components. Make krb5_is_tgs_principal() and is_cross_tgs_principal() enforce this constraint. Code elsewhere in the KDC already checks for two components anyway.
* Catch up to RST move/renameBen Kaduk2012-10-154-32/+54
| | | | | | | | Change the make rules for the directory structure. Update the RST sources which include other RST sources for the loss of the krb_ prefix. ticket: 7409
* Massive reST content renameBen Kaduk2012-10-15102-0/+0
| | | | | | | | | | | All of rst_source/ is now just in doc/. The krb_ prefix is stripped from the document sub-directories. rst_tools are now just tools. The section headers of kadmind, krb5kdc, and sserver match as conflict markers. bigredbutton: whitespace ticket: 7409
* Whitespace cleanupBen Kaduk2012-10-1510-146/+146
| | | | Prior to a mass rename of the RST sources and utilities.
* Remove stale implement documentBen Kaduk2012-10-1513-1544/+0
| | | | | | | | As with the texinfo implementor's guide, it is sufficiently stale so as to be untrustworthy without verification. Content of this nature should live on k5wiki.kerberos.org. ticket: 7408
* Remove the last vestiges of the texinfo docsBen Kaduk2012-10-1511-12490/+0
| | | | | | | | | | | | | | We needed these last stragglers to build the NOTICE file at the root of the tree, but we now generate a notice.txt from reST. Man pages have been generated from reST for some time now, we no longer need scripts to turn them into HTML and ps, as those can be generated directly from the reST source. The Makefile only existed to serve the texinfo builds, so it goes away, too. (The tgz target appears to have been broken since 1996.) ticket: 7408
* Make rules for building NOTICE from RSTBen Kaduk2012-10-152-5/+108
| | | | | | | | | | | | | | | | | | | | Sphinx-build wants to scan over all the sources in the source dir, and its text output engine does not handle the spanning row cells used in some of our fancy tables, so it will crash if we attempt to generate text output from our full suite of documents. We could work around this by attempting to just compile the one source file as an additional argument to sphinx-build, but this seems to insist on producing an index.txt as well as a notice.txt. Furthermore, we cannot use the same conf.py as in rst_composite because the paths substitutions are not available with just the minimal contents of rst_notice. Make a copy and remove the irrelevant parts, for now, changing only the master_doc field as appropriate. For the HTML build, we use the standard |copy| macro from isonum.txt to get the unicode copyright symbol glyph, but for ASCII output we prefer to just use the literal "(C)". ticket: 7407
* Add notice.rstBen Kaduk2012-10-152-2/+1125
| | | | | | | | | | To replace the texinfo sources previously used to generate NOTICE. When compiled to HTML, compares well against the original NOTICE; use notice.rst in mitK5license.rst instead of using a literal include of the old NOTICE file. ticket: 7407
* Remove texinfo implementors guideBen Kaduk2012-10-152-1256/+0
| | | | | | | | | It is sufficiently old and unloved that nothing in it should be taken as truth without independent verification. Content of this nature should live on k5wiki.kerberos.org in the future. ticket: 7408
* Remove unused texinfo sourcesBen Kaduk2012-10-152-1775/+0
| | | | | | | Now that the users guide make rules are removed, some of the texinfo sources are not referenced from anywhere and can be safely removed. ticket: 7408
* Remove make glue for texinfo users guideBen Kaduk2012-10-151-35/+1
| | | | | | Towards removing the texinfo docs entirely. ticket: 7408
* Disconnect the texinfo users guide from the buildBen Kaduk2012-10-151-1/+1
| | | | | | | | | | | | | | | | | | Its content has been migrated to or superseded by the krb_users reST documentation. The texinfo document attempted to have a general introduction to Kerberos, but it is not quite suitable for the target audience of the user's guide and will be rewritten. A few portions of the texinfo document are simply no longer relevant and do not need to be migrated. In particular: The krb5-appl utilities are out of scope for this document, as they have been moved to a separate repository. Coverage of ksu may be brought back at a later time, though. The Kerberos Glossary will be expanded and handled separately. ticket: 7408
* Set pointers to NULL after freeing themZhanna Tsitkov2012-10-152-0/+2
|
* Bump libkdb5 API and DAL versionsGreg Hudson2012-10-152-3/+3
| | | | | | We made two sets of incompatible changes to the DAL and libkdb5 API during development for 1.11 (master key list simplification and policy extensions), so increment the appropriate version numbers.
* Wait for correct message in t_iprop.pyGreg Hudson2012-10-151-2/+1
| | | | | | | | | The message "Got incremental updates from the master" precedes actually replaying the updates on the slave. Instead look for "Incremental updates:" (the statistics message), which happens just after the updates are replayed. Also, we don't need to import time now that we're not sleeping.
* Add a -C flag to klist to also show config entriesNalin Dahyabhai2012-10-152-12/+60
|
* Use hex escaping for non-printable trace dataNalin Dahyabhai2012-10-151-3/+42
| | | | | | When adding {str}, {lenstr}, or {data} to trace output, scan for bytes which might be non-printable, and add them as hex-escaped versions of themselves if any are found.
* Export krb5_cc_move()Nalin Dahyabhai2012-10-152-0/+2
|
* Correct type mismatches for get_as_key callbacksNalin Dahyabhai2012-10-152-2/+4
|
* Handle anonymous-as-signed-data-with-no-signersNalin Dahyabhai2012-10-151-27/+28
| | | | | Update to generate and consume signed-data with no signer-info, which we need for anonymous PKINIT.
* Make sure that pkinit_octetstring_hkdf() inits NSSNalin Dahyabhai2012-10-151-0/+15
| | | | | Create an NSS context for use when performing KDF, so that the tests, which call into the function directly, will work.
* Don't try to free an uninitialized keyblockNalin Dahyabhai2012-10-151-2/+0
|
* Sanity-check loading keys and certs from PEM filesNalin Dahyabhai2012-10-151-0/+15
| | | | | Print a debug message if we're unable to locate the matching private key for a certificate when we've just loaded both of them from PEM files.
* Reset the prompt_types list after calling prompterNalin Dahyabhai2012-10-151-0/+1
| | | | | Reset the prompt_types list immediately after the prompter callback returns, as is done everywhere else.
* Add responder support to preauth_otpNathaniel McCallum2012-10-155-18/+707
|
* Migrate to non-destructive tokeninfo selectionNathaniel McCallum2012-10-151-148/+191
|
* Move forward tokeninfo filteringNathaniel McCallum2012-10-151-63/+81
|
* Move pa_data encoding into a separate functionNathaniel McCallum2012-10-151-39/+45
|
generated by cgit (git 2.34.1) at 2025-09-29 04:05:26 +0000