summaryrefslogtreecommitdiffstats
path: root/src/include
Commit message (Collapse)AuthorAgeFilesLines
* Fix incorrect formatting of KDF fields, no substantive changeSam Hartman2011-10-051-2/+2
| | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25301 dc483132-0cff-0310-8789-dd5450dbe970
* Use an opaque handle in the kdcpreauth callbackGreg Hudson2011-10-053-32/+22
| | | | | | | | | | | | | | Instead of passing a request and entry to the kdcpreauth get_data callback, pass an opaque handle. Remove DB entry and key data parameters from kdcpreauth methods (but keep the request, since that's transparent). The SecurID plugin links against libkdb5 and needs access to the client DB entry. Rather than continue to pass a DB entry to kdcpreauth methods, add a get_data callback to get the client DB entry for the few plugins which might need it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25300 dc483132-0cff-0310-8789-dd5450dbe970
* Create e_data as pa_data in KDC interfacesGreg Hudson2011-10-042-12/+26
| | | | | | | | | | | | All current known uses of e_data are encoded as pa-data or typed-data. FAST requires that e_data be expressed as pa-data. Change the DAL and kdcpreauth interfaces so that e_data is returned as a sequence of pa-data elements. Add a preauth module flag to indicate that the sequence should be encoded as typed-data in non-FAST errors. ticket: 6969 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25298 dc483132-0cff-0310-8789-dd5450dbe970
* Make kdcpreauth verify respond via callbackGreg Hudson2011-10-031-4/+9
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25294 dc483132-0cff-0310-8789-dd5450dbe970
* Make dispatch() respond via a callbackGreg Hudson2011-10-031-6/+5
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25291 dc483132-0cff-0310-8789-dd5450dbe970
* Moved Windows specific include files to src/windows/includeSam Hartman2011-09-2811-3468/+0
| | | | | | | | Updated Windows specific Makefiles to search for header files in src/windows/include Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25279 dc483132-0cff-0310-8789-dd5450dbe970
* Enabled unconditional build of kfwlogon on WindowsSam Hartman2011-09-285-0/+2431
| | | | | | | | Removed dependency on KFW, as it is now a part of the same build. Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25258 dc483132-0cff-0310-8789-dd5450dbe970
* Moved LoadFuncs/UnloadFuncs() to windows/libSam Hartman2011-09-281-0/+41
| | | | | | Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25257 dc483132-0cff-0310-8789-dd5450dbe970
* Added leashdll/wshelper related files from KFWSam Hartman2011-09-285-0/+996
| | | | | | From: Alexey Melnikov <alexey.melnikov@isode.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25243 dc483132-0cff-0310-8789-dd5450dbe970
* win-mac.h additions for windows buildSam Hartman2011-09-281-1/+1
| | | | | | | | | windows implementation of k5_get_os_entropy() Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25242 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate domain-based client realm walkGreg Hudson2011-09-281-0/+4
| | | | | | | | | | | | | | | | | For a very long time, KDCs have known how to perform a domain-based realm walk when serving requests for TGTs. (So if a KDC for A.B.C receives a request for krbtgt/X.B.C and doesn't have that principal, it can return one for krbtgt/B.C instead.) Performing the same heuristic on the client is unnecessary and inefficient in common cases. Add a new function k5_client_realm_path to walk_rtree.c which uses capaths values only, and returns a list of realms (as desired by get_creds.c) instead of TGT names. ticket: 6966 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25241 dc483132-0cff-0310-8789-dd5450dbe970
* Make the comments usable by DoxygenZhanna Tsitkov2011-09-261-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25237 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use accessor in encrypted challengeGreg Hudson2011-09-241-12/+1
| | | | | | | Now that the encrypted challenge code is linked into libkrb5 and the KDC, it's unnecessary to use the accessor there. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25229 dc483132-0cff-0310-8789-dd5450dbe970
* Recast encrypted challenge as linked built-insGreg Hudson2011-09-231-0/+86
| | | | | | | | Since it has no external dependencies, split up encrypted preauth into clpreauth and kdcpreauth chunks and link them directly into the consumers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25227 dc483132-0cff-0310-8789-dd5450dbe970
* Add kadmin functionality for string attributesGreg Hudson2011-09-211-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25215 dc483132-0cff-0310-8789-dd5450dbe970
* Add KRB5_TL_STRING_ATTRS and libkdb5 accessorsGreg Hudson2011-09-211-0/+34
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25214 dc483132-0cff-0310-8789-dd5450dbe970
* Formatting fixesGreg Hudson2011-09-192-10/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25209 dc483132-0cff-0310-8789-dd5450dbe970
* Protect autoconf #defines (HAVE_FOO, et al) in win-mac.h with #ifdef ↵Sam Hartman2011-09-191-0/+4
| | | | | | | | | KRB5_PRIVATE add -DKRB5_PRIVATE to CPPFLAGS in win-pre.in and to ALL_CXXFLAGS and ALL_CFLAGS in pre.in Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25199 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the ticket from the pkinit-alg-agility KDF function, to matchSam Hartman2011-09-191-1/+0
| | | | | | | | | agreed changes to the IETF specification. Includes removing a parameter from the KDF function, removing the ticket from the ASN.1 encoder, and updating the test code. Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25197 dc483132-0cff-0310-8789-dd5450dbe970
* * Extend auth_packSam Hartman2011-09-192-3/+20
| | | | | | | | | | * extend dh_rep * add krb5_free_octet_data * extend pkinit free functions pkinit: add supportedKDFs and kdfID to structures git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25194 dc483132-0cff-0310-8789-dd5450dbe970
* Added underlying ASN.1 structures for pkinit algorithm agilitySam Hartman2011-09-191-0/+22
| | | | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> tested-by: Sam Hartman <hartmans@debian.org> fixes-from: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25190 dc483132-0cff-0310-8789-dd5450dbe970
* Split signal setup into loop_setup_signals()Greg Hudson2011-09-141-1/+3
| | | | | | | In the KDC, set up signals in the worker process child after forking from the monitor process. From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25176 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_cc_select() API and pluggable interfaceGreg Hudson2011-09-054-2/+170
| | | | | | | | | | | The interface has two built-in modules. The realm module guesses a cache based on the server realm if it is known. The k5identity module (Unix only) chooses a client principal based on rules in a .k5identity file in the user's homedir. ticket: 6957 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25158 dc483132-0cff-0310-8789-dd5450dbe970
* Add new cache collection APIsGreg Hudson2011-09-052-0/+70
| | | | | | | | | | | | | | | * krb5_cc_get_full_name retrieves the full type:name of a cache. * krb5_cc_switch makes a cache the primary cache. * krb5_cc_cache_match searches the collection for a client principal. * krb5_free_string releases a string (for the krb5_cc_get_full_name result). All of these are from Heimdal except for krb5_free_string (Heimdal uses krb5_xfree). ticket: 6954 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25155 dc483132-0cff-0310-8789-dd5450dbe970
* Add fnmatch support to libkrb5supportGreg Hudson2011-09-051-0/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25153 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-041-2/+2
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-041-117/+117
| | | | | | Mostly changes column choice for backslashes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25143 dc483132-0cff-0310-8789-dd5450dbe970
* Migrate net-server loop to use libvertoGreg Hudson2011-09-021-7/+11
| | | | | | From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25132 dc483132-0cff-0310-8789-dd5450dbe970
* Add a loop_ prefix to net-server.c functionsGreg Hudson2011-09-021-9/+10
| | | | | | From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25128 dc483132-0cff-0310-8789-dd5450dbe970
* Make data_eq_string work with const stringsGreg Hudson2011-08-151-8/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25101 dc483132-0cff-0310-8789-dd5450dbe970
* Removed unused "db_modules" and "preauth_module_dir" configuration optionsZhanna Tsitkov2011-08-121-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25099 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up some ldap #define'sZhanna Tsitkov2011-08-101-4/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25092 dc483132-0cff-0310-8789-dd5450dbe970
* In last-resort fallback va_copy change 'memcmp' to 'memcpy'Sam Hartman2011-08-091-1/+1
| | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25080 dc483132-0cff-0310-8789-dd5450dbe970
* Add internal APIs for portable path manipulationGreg Hudson2011-08-071-0/+22
| | | | | | | | | | | | | k5_path_split separates a path into dirname and basename. k5_path_join joins two paths. k5_path_isabs determines if a path is absolute. All three functions follow the Python path function semantics. Currently the test module doesn't run in the Windows build, but the Windows path semantics are tested in the Unix build using specially built objects. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25074 dc483132-0cff-0310-8789-dd5450dbe970
* Minor comment correctionZhanna Tsitkov2011-08-011-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25064 dc483132-0cff-0310-8789-dd5450dbe970
* Define KRB5_TL_DB_ARGS unconditionally in kdb.hGreg Hudson2011-07-261-1/+2
| | | | | | | | | Due to an apparent merge bug, KRB5_TL_DB_ARGS was defined in a SECURID conditional block, and several source files worked around the problem by defining the constant themselves or defining SECURID. Move the definition and remove the workarounds. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25055 dc483132-0cff-0310-8789-dd5450dbe970
* Better x-ref for simple macro's in doxygen commentsZhanna Tsitkov2011-07-251-159/+178
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25051 dc483132-0cff-0310-8789-dd5450dbe970
* Added documentation for the encrypt/decrypt API functionsZhanna Tsitkov2011-07-251-26/+204
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25049 dc483132-0cff-0310-8789-dd5450dbe970
* Fix build without KRB5_DNS_LOOKUPGreg Hudson2011-07-251-1/+1
| | | | | | | | | | | | | Define MAX_DNS_NAMELEN unconditionally in k5-int.h as we use it unconditionally in kdc_util.c. Don't define it in locate_kdc.c. Conditionalize dns_locate_server() in locate_kdc.c as its only call site (in k5_locate_server) and its helper function (locate_srv_dns_1) are conditional. From Chris Hecker with minor changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25042 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_init_context_profile APIGreg Hudson2011-07-202-1/+25
| | | | | | ticket: 6929 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25026 dc483132-0cff-0310-8789-dd5450dbe970
* Added documentation for krb5_decode_authdata_container and ↵Zhanna Tsitkov2011-07-201-2/+27
| | | | | | krb5_encode_authdata_container API functions git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25023 dc483132-0cff-0310-8789-dd5450dbe970
* Added documentation for cred cache (un)lock, checksum and crypto length APIsZhanna Tsitkov2011-07-111-23/+275
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25016 dc483132-0cff-0310-8789-dd5450dbe970
* C90 doesn't allow commas at the ends of enumeration listsKen Raeburn2011-07-011-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25012 dc483132-0cff-0310-8789-dd5450dbe970
* Don't destroy dst on error in krb5_cc_moveGreg Hudson2011-06-231-1/+1
| | | | | | | | Although destroying any partial contents of dst on error isn't a bad idea, invalidating the handle would be an incompatible change. So revert that part of r24754. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24988 dc483132-0cff-0310-8789-dd5450dbe970
* Cosmetic fixes to preauth_plugin.h from Linus NordbergGreg Hudson2011-06-221-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24975 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the build and doxygen markupZhanna Tsitkov2011-06-221-6/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24974 dc483132-0cff-0310-8789-dd5450dbe970
* Formatting and editorial pass over krb5.hin doxygen markupGreg Hudson2011-06-221-2356/+2482
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24973 dc483132-0cff-0310-8789-dd5450dbe970
* Document that e_data can be used by KDB modules internallyGreg Hudson2011-06-201-0/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24972 dc483132-0cff-0310-8789-dd5450dbe970
* Convert preauth_plugin.h to new plugin frameworkGreg Hudson2011-06-172-416/+357
| | | | | | | | | | | | | | | | | | | | | | | | The preauth plugin interface was introduced in 1.6 but was never made a public API. In preparation for making it public in 1.10, convert it to use the new plugin framework. This will require changes to any existing preauth plugins. A number of symbols were renamed for namespace cleanliness, and abstract types were introduced for module data and module per-request data for better type safety. On the consumer end (preauth2.c and kdc_preauth.c), this is a pretty rough conversion. Eventually we should create proper consumer APIs with module handles, and the flat lists of preauth types should hold pointers to module handles rather than copies of the vtables. The built-in preauth type handlers should then be converted to built-in module providers linked into the consumer code (as should encrypted challenge, since it has no external dependencies). None of this will impact the provider API for preauth plugins, so it can wait. ticket: 6921 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24970 dc483132-0cff-0310-8789-dd5450dbe970
* Add k5_plugin_register_dyn internal APIGreg Hudson2011-06-173-2/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24969 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-04-13 07:10:08 +0000