summaryrefslogtreecommitdiffstats
path: root/src/include
Commit message (Collapse)AuthorAgeFilesLines
* Use internal crypto functions directly from util_crypt.c, avoiding aGreg Hudson2011-05-091-2/+0
| | | | | | dependency on the accessor. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24918 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation: added usage example for krb5_tkt_creds family, ↵Zhanna Tsitkov2011-05-051-91/+105
| | | | | | removed "(unused)" string from the comments and other cleanup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24913 dc483132-0cff-0310-8789-dd5450dbe970
* Updated API documentation with the comments mostly related to verify and ↵Zhanna Tsitkov2011-05-031-250/+172
| | | | | | convert routines git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24910 dc483132-0cff-0310-8789-dd5450dbe970
* Add poll support to sendto_kdc.c so that it can work in processes withGreg Hudson2011-05-021-3/+12
| | | | | | | | | | large numbers of open files. Move krb5int_cm_call_select() to a separate file so that the poll support doesn't interfere with net-server.c's continuing use of select. ticket: 6905 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24908 dc483132-0cff-0310-8789-dd5450dbe970
* r24899 moved the declarations of krb5int_mk_chpw_req and relatedGreg Hudson2011-05-021-29/+0
| | | | | | | | | | functions from k5-int.h to int-proto.h. The removal of those declarations from k5-int.h was accidentally omitted from the commit; commit it now. ticket: 6893 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24907 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation of krb5_copy_ , krb5_free_ and krb5_kt_ functionsZhanna Tsitkov2011-05-011-191/+206
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24906 dc483132-0cff-0310-8789-dd5450dbe970
* Updated the documentation for API related to the credentials caches and ↵Zhanna Tsitkov2011-04-281-137/+140
| | | | | | their collections git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24905 dc483132-0cff-0310-8789-dd5450dbe970
* Do not reference krb5_chpw_result_code_string inGreg Hudson2011-04-251-3/+1
| | | | | | | krb5_change_password() documentation, as it is not a public function. Do not falsely claim that the result_code_string parameter is unused. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24898 dc483132-0cff-0310-8789-dd5450dbe970
* Close comment in #endif for KRB5_DEPRECATED to avoid warning ofEzra Peisach2011-04-221-1/+1
| | | | | | /* in open comment. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24894 dc483132-0cff-0310-8789-dd5450dbe970
* Documented V4/V5 convertion and some credential cache API functions. Marked ↵Zhanna Tsitkov2011-04-221-137/+139
| | | | | | krb5_cc_gen_new() as deprecated git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24893 dc483132-0cff-0310-8789-dd5450dbe970
* Documented krb5_auth_con_ API familyZhanna Tsitkov2011-04-201-380/+367
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24891 dc483132-0cff-0310-8789-dd5450dbe970
* Documentation updates. Mostly GIC relatedZhanna Tsitkov2011-04-121-222/+203
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24875 dc483132-0cff-0310-8789-dd5450dbe970
* Add k5_kt_get_principal, an internal krb5 interface to try to get aGreg Hudson2011-04-081-0/+3
| | | | | | | | principal name from a keytab. Used currently by vfy_increds.c (in place of its static helper); will also be used when querying the name of the default gss-krb5 acceptor cred. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24859 dc483132-0cff-0310-8789-dd5450dbe970
* Documentation updatesZhanna Tsitkov2011-04-061-190/+213
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24851 dc483132-0cff-0310-8789-dd5450dbe970
* Documentation updatesZhanna Tsitkov2011-04-041-201/+276
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24835 dc483132-0cff-0310-8789-dd5450dbe970
* In libkrb5, move krb5int_auth_con_chkseqnum to a new file privsafe.c,Greg Hudson2011-04-021-3/+0
| | | | | | | renamed to k5_privsafe_check_seqnum. Declare it in int-proto.h rather than k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24805 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_cc_move if something went wrong, free the dst credential cacheZhanna Tsitkov2011-03-291-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24754 dc483132-0cff-0310-8789-dd5450dbe970
* If the new configuration data that is passed to krb5_cc_set_config is NULL, ↵Zhanna Tsitkov2011-03-291-12/+5
| | | | | | | | just remove the old configuration. Moved short krb5_cc_set_config usage example from krb5.hin into the separate file. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24753 dc483132-0cff-0310-8789-dd5450dbe970
* Updated the documentation for the krb5_ error_message function family. Zhanna Tsitkov2011-03-291-93/+96
| | | | | | | Created the directory doc/doxy_examples/ to hold examples used in the doxygen documentation. Added usage example for the krb5_get/set/free_error_message functions git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24752 dc483132-0cff-0310-8789-dd5450dbe970
* Documentation update. Mostly related to _kt_ and _cc_ routinesZhanna Tsitkov2011-03-281-118/+162
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24748 dc483132-0cff-0310-8789-dd5450dbe970
* Fix DAL documentation to recommend using krb5_db_get_context() andGreg Hudson2011-03-241-2/+2
| | | | | | | krb5_db_set_context() instead of directly accessing context->dal_handle->db_context (which requires internal headers). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24743 dc483132-0cff-0310-8789-dd5450dbe970
* Minor clean-up in krb5.hinZhanna Tsitkov2011-03-181-44/+20
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24729 dc483132-0cff-0310-8789-dd5450dbe970
* Move doxygen comments from source to header. Updated comments and added some ↵Zhanna Tsitkov2011-03-181-4/+53
| | | | | | | | usage examples. Affected functions: krb5_cc_get_config, krb5_cc_set_config, krb5_is_config_principal git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24728 dc483132-0cff-0310-8789-dd5450dbe970
* Reinstate the line wrapping of the copyright notice in krb5.hin, andGreg Hudson2011-03-181-3/+3
| | | | | | fix the format of the header comment. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24727 dc483132-0cff-0310-8789-dd5450dbe970
* Added usage examples to the krb5_build_principal function familyZhanna Tsitkov2011-03-181-24/+56
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24726 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-0936-125/+76
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate almost all lib/crypto/krb headers into a singleGreg Hudson2011-03-021-94/+0
| | | | | | | | | | | | | crypto_int.h. In that header, define and document responsibilities for crypto modules, some of which are satisfied through a module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove many of the headers and sources providing functionality which isn't needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and SHA-1 hashing, as well as DES weak key testing). Change most Makefile.ins to only include headers from lib/crypto/krb and lib/crypto/$(CRYPTO_IMPL), instead of from many different directories. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677 dc483132-0cff-0310-8789-dd5450dbe970
* Reference random-to-key handlers through the enctype instead of theGreg Hudson2011-02-271-3/+0
| | | | | | | | | | | | enc_provider, for consistency with string-to-key and the place of implementation (other enc_provider functions are implemented in the back end, but random-to-key handlers are in krb). Use a single handler for non-DES/DES3 enctypes since it's always just directly copying the bits. Collapse the three implementations (des, des3, and direct) into random_to_key.c, as they're very short, and eliminate the lib/crypto/krb/rand2key directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24669 dc483132-0cff-0310-8789-dd5450dbe970
* Don't reject AP-REQs based on PACsGreg Hudson2011-02-161-3/+2
| | | | | | | | | | | | | | | | | Experience has shown that it was a mistake to fail AP-REQ verification based on failure to verify the signature of PAC authdata contained in the ticket. We've had two rounds of interoperability issues with the hmac-md5 checksum code, an interoperability issue OSX generating unsigned PACs, and another problem where PACs are copied by older KDCs from a cross-realm TGT into the service ticket. If a PAC signature cannot be verified, just don't mark it as verified and continue on with the AP exchange. ticket: 6870 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24640 dc483132-0cff-0310-8789-dd5450dbe970
* Defer hostname lookups in krb5_sendto_kdcGreg Hudson2011-02-133-80/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restructure the locate_kdc and sendto_kdc code to defer getaddrinfo calls until we need the answer. This requires many changes: * struct addrlist is now called struct serverlist, and is declared in os-proto.h instead of k5-int.h. It contains an array of struct server_entry structures which can hold either a name or an address. (Address entries are used for locate_kdc module results.) * The connection state list is now a linked list, and holds address information directly instead of using a struct addrinfo (this simplifies memory management). Each connection entry contains a callback buffer (previously stored in a separate array) and an index into the server list. * The {addrstate} trace formatting primitive is no longer needed, and has been replaced by {connstate}. There is also a new tracing event for resolving hostnames. * locate_server, locate_kdc, free_serverlist, and sendto get their prefixes changed from krb5int_ to k5_ as their prototypes were being adjusted anyway. The family argument is gone from the locate functions as it was never productively used. k5_sendto now receives the socket types of interest. * krb5_sendto_kdc will now pass a 0 socktype to k5_locate_kdc if both socket types are wanted. There were some allowances for this in locate but this was never previously done. In order to be conservative when invoking locate modules, we always pass an explicit socktype, thus calling lookup twice (as we did before, albeit with a separate init/fini cycle) in the common case. When creating hostname entries in serverlist from profile configuration, we preserve the 0 value of socktype, and later create both TCP and UDP addresses from the getaddrinfo results when the host is resolved. * Some accessor functions previously used by libkrb4 have been removed as they impinged upon this work. ticket: 6868 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24635 dc483132-0cff-0310-8789-dd5450dbe970
* Set JAVADOC_AUTOBRIEF to YES to allow Doxygen interpret the first line of a ↵Zhanna Tsitkov2011-02-081-9/+6
| | | | | | | | JavaDoc-style comment as the brief description. Also, minor argument name fix in krb5.hin git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24617 dc483132-0cff-0310-8789-dd5450dbe970
* Improve acceptor name flexibilityGreg Hudson2011-02-072-0/+18
| | | | | | | | | | | | | | | | | | | | | | Be more flexible about the principal names we will accept for a given GSS acceptor name. Also add support for a new libdefaults profile variable ignore_acceptor_hostname, which causes the hostnames of host-based service principals to be ignored when passed by server applications as acceptor names. Note that we still always invoke krb5_sname_to_principal() when importing a gss-krb5 mechanism name, even though we won't always use the result. This is an unfortunate waste of getaddrinfo/getnameinfo queries in some situations, but the code surgery necessary to defer it appears too risky at this time. The project proposal for this change is at: http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names ticket: 6855 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616 dc483132-0cff-0310-8789-dd5450dbe970
* Added doxygen comments (mostly from the backup location)Zhanna Tsitkov2011-02-071-119/+3866
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24614 dc483132-0cff-0310-8789-dd5450dbe970
* Restore KRB5_CALLCONV_WRONG attribute to krb5_auth_con_getrcacheTom Yu2011-01-261-1/+1
| | | | | | It was incorrectly removed in r24600. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24606 dc483132-0cff-0310-8789-dd5450dbe970
* Add a trace log event for unrecognized enctypes in a profile enctypeGreg Hudson2011-01-212-1/+5
| | | | | | list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24602 dc483132-0cff-0310-8789-dd5450dbe970
* Where missing, add the argument's names to the function signaturesZhanna Tsitkov2011-01-191-252/+422
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24600 dc483132-0cff-0310-8789-dd5450dbe970
* Doxygen style re-formating of the existing commentsZhanna Tsitkov2011-01-131-124/+120
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24596 dc483132-0cff-0310-8789-dd5450dbe970
* handle MS PACs that lack server checksumTom Yu2010-12-101-0/+6
| | | | | | | | | | | | | | | | | | | | | | target_version 1.9 tags: pullup Apple Mac OS X Server's Open Directory KDC issues MS PAC like authorization data that lacks a server checksum. If this checksum is missing, mark the PAC as unverfied, but allow krb5int_authdata_verify() to succeed. Filter out the unverified PAC in subsequent calls to krb5_authdata_get_attribute(). Add trace points to indicate where this behavior occurs. Thanks to Helmut Grohne for help with analysis. This bug is also Debian Bug #604925: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604925 This change should also get backported to krb5-1.8.x. ticket: 6839 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24564 dc483132-0cff-0310-8789-dd5450dbe970
* Implement restrict_anonymous_to_tgt realm flagGreg Hudson2010-12-012-0/+3
| | | | | | | | | | | | | Implement a new realm flag to reject ticket requests from anonymous principals to any principal other than the local TGT. Allows FAST to be deployed using anonymous tickets as armor in realms where the set of authenticatable users must be constrained. ticket: 6829 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24547 dc483132-0cff-0310-8789-dd5450dbe970
* Install kadm5_hook_plugin.hSam Hartman2010-11-301-0/+1
| | | | | | | | | | Install the kadm5 hook plugin header ticket: 6828 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24539 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-281-2/+3
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Fix Windows buildGreg Hudson2010-11-252-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Repair the Windows build. Tested with the prepare-on-Unix method. Some specific changes include: * Removed the IPC finalizer (no longer used after r20787) from ccapi/lib/ccapi_ipc.c, as it was creating a difficult dependency chain for the pingtest build in ccapi/test. Also updated pingtest to use the k5_ipc_stream interfaces since cci_stream is gone. * Reverted the apparently non-functional r20277. * klist -V prints just "Kerberos for Windows", since it has no access to PACKAGE_NAME and PACKAGE_VERSION from autoconf. This should be addressed correctly. * krb5, telnet, gssftp, and NIM are removed from the build. * Some files had CRLFs; these were replaced with LFs and the svn:eol-style property set on the files. Otherwise the CRLFs became CRCRLFs after the zip transfer. * Windows does not have opendir/readdir, so added Windows code to prof_parse.c for includedir. Probable fodder for a libkrb5support portability shim. ticket: 6826 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24533 dc483132-0cff-0310-8789-dd5450dbe970
* Update krb5_gic_opt_private and related code to reflect the change ofTom Yu2010-11-231-1/+1
| | | | | | | | | krb5_expire_callback_func from a function typedef to a function pointer typedef. This was causing segfaults. ticket: 6825 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24532 dc483132-0cff-0310-8789-dd5450dbe970
* Add missing KRB5_CALLCONV in callback declarationGreg Hudson2010-11-231-4/+4
| | | | | | | | | | | | krb5_get_init_creds_opt_set_expire_callback was correctly tagged with KRB5_CALLCONV but the corresponding callback type was not. Add that in. ticket: 6825 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24529 dc483132-0cff-0310-8789-dd5450dbe970
* Implement Camellia-CTS-CMAC instead of Camellia-CCMGreg Hudson2010-11-201-9/+9
| | | | | | | | | | | Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not compiled in by default since we don't have enctype assignments yet. ticket: 6822 target_verion: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970
* After a failed kdb5_util load, make a subsequent load operation workGreg Hudson2010-11-061-12/+14
| | | | | | | | | | | by removing the remnant temporary files after obtaining a lock. To make this safe, the private contract for temporary DB creation and promotion had to be altered, along with many of the DB2 internal helper functions. ticket: 6814 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24511 dc483132-0cff-0310-8789-dd5450dbe970
* Mark Camellia-CCM code as experimentalGreg Hudson2010-10-261-0/+3
| | | | | | | | | | | Add a comment noting that the Camellia-CCM code in 1.9 is experimental. ticket: 6811 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24486 dc483132-0cff-0310-8789-dd5450dbe970
* Make k5-buf.h comments consistent with coding styleGreg Hudson2010-10-261-44/+54
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24484 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-10-241-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24479 dc483132-0cff-0310-8789-dd5450dbe970
* Declare krb5_set_error_message_flKen Raeburn2010-10-231-0/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24474 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-11-06 12:20:23 +0000