| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
egregious formatting quirks. Add emacs mode settings to flag
untabified source files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20876 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 6138
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20786 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add several new gcc warning flags, used in the KfM build process.
Put declarations before code.
Fix a bunch of signed/unsigned type mixes, mostly by changing variable
types to unsigned int.
Fix constness in handling name of default ccache name.
Make sure functions get declared with prototypes:
krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt
krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get.
Don't shadow global names: stat accept index open encrypt. Fix
variable shadowing in LDAP ASN.1 support.
Don't define unused krb5int_local_addresses.
Don't export internal krb5_change_set_password.
Fix error return indications from gssint_oid_to_mech.
Create and use k5-gmt_mktime.h to provide one global declaration of
krb5int_gmt_mktime, needed before we've generated krb5.h on some
platforms.
Not incorporated from initial patch: const changes in function
signatures.
ticket: 6096
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
All changes are under LEAN_CLIENT macro. Application server functionality is disabled.
Ticket:new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20680 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch creates a mapping in the mechglue/spnego code to modify
mechanism status codes when passing them back to the application, so
that mechglue's display_status dispatcher can determine the correct
mechanism to dispatch to.
This is part of the "get enhanced error messages from gssapi
applications" project; ticket 5590 has updates to the Kerberos 5
mechanism to extract enhanced error messages (when there are any) from
the Kerberos library.
util/gen.pl, util/t_*.pm: New code generation script and templates.
lib/gssapi/generic: Add a new, global mapping that enumerates the
{mechOID,status} pairs as they're seen, allowing a magic mechOID value
to indicate com_err error codes from mechglue and spnego, and
reserving status code 0 for unknown errors. Preload the Kerberos
"wrong principal" error code once for each mechanism OID used for
Kerberos, so the entries get fixed positions (1-3) in the table.
lib/gssapi/gss_libinit.c: Call the initializer and destructor
functions.
lib/gssapi/mechglue, lib/gssapi/spnego: Enter all mechanism-generated
or locally-generated status codes into the mapping table, and return
the table index to the application. Do the reverse in display_status,
to get the messages from the mechanism..
lib/rpc: Define new function gssrpcint_printf to use for debugging
instead of printf, to redirect output away from dejagnu; add a couple
more debugging calls. Check for minor status codes 1-3 now instead of
KRB5KRB_AP_WRONG_PRINC.
tests/dejagnu/krb-standalone/gssftp.exp: Test getting more detailed
error messages back, by having the ftp client attempt to authenticate
to a non-existent service, and examining the error message for the
service principal name.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19831 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Save detailed error messages (usually from the krb5 library) in
per-thread storage, mapping each error code to the most recently
produced message for it. Return the message from display_status.
Currently not implemented for a few cases where the krb5 mechanism
returns a minor status code of 0, or another value different from the
libkrb5 error code.
Other functions are available to store a generic string or formatted
message, but aren't used much at present.
Tested with these errors in context establishment:
* missing ccache (libkrb5 shows pathname if FILE: type)
* missing keytab (libkrb5 shows pathname if FILE: type)
* server principal unknown (libkrb5 shows server principal)
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19672 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/Makefile.in: generate lib/gssapi/spnego/Makefile
src/lib/gssapi/Makefile.in: build mechglue and spnego
src/lib/gssapi/krb5/init_sec_context.c: do not include
kdc only symbols on windows
src/lib/gssapi/mechglue/g_utils.c: no strings.h on Windows
src/lib/gssapi/mechglue/Makefile.in: construct mechglue.lst
src/lib/gssapi/spnego/Makefile.in: construct spnego.lst
src/lib/gssapi/spnego/spnego_mech.c: k5-int.h must be
included before krb5.h in order to prevent mixed definitions
of time_t on windows
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18259 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mechglue and SPNEGO implementations. Additional changes outside of
src/lib/gssapi:
* src/configure.in: Add lib/gssapi/mechglue and lib/gssapi/spnego
to list of directories to output Makefile in.
* src/lib/rpc/unit-test/rpc_test.0/expire.exp (expired): Update
regexp for mechglue.
* src/tests/dejagnu/krb-standalone/v4gssftp.exp (v4ftp_test):
Update "Miscellaneous failure" regexp for mechglue.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18131 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
envvar arguments with a flag indicating whether KDC config data should
be used. Prototype and all callers changed.
(krb5_read_realm_params): Delete config file and env var arguments.
Prototype and all callers changed.
* lib/kadm5/admin.h (KADM5_CONFIG_PROFILE): Commented out.
(struct _kadm5_config_params): Delete field PROFILE.
* lib/kadm5/alt_prof.c (kadm5_get_config_params): Don't look at it.
(kadm5_free_config_params): Don't free it.
* kadmin/testing/tcl/util.t: Remove profile data from config params.
* kadmin/testing/util/tcl_kadm5.c (config_mask_flags): Deleted
KADM5_CONFIG_PROFILE entry.
(parse_config_params): Changed to require 20 parameters instead of 21.
* lib/kadm5/unit-test/api.2/init-v2.exp (test100): Deleted.
* lib/kadm5/alt_prof.c (krb5_aprof_init): Fetch the list of config files from
the library and add the caller-indicated config file to the front of the list.
* lib/kadm5/clnt/client_init.c (kadm5_init_krb5_context): New function.
* lib/kadm5/clnt/libkadm5clnt.exports: Export it.
* lib/kadm5/srv/server_init.c: Include k5-int.h, osconf.h, gssapiP_krb5.h.
(kadm5_init_krb5_context): New function.
* lib/kadm5/srv/libkadm5srv.exports: Export it.
* lib/kadm5/srv/Makefile.in (LOCAL_INCLUDES): Add gssapi directories.
* lib/kadm5/admin.h (kadm5_init_krb5_context): Declare it.
* kadmin/dbutil/kdb5_destroy.c (kdb5_destroy): Call kadm5_init_krb5_context
instead of krb5_init_context.
* kadmin/dbutil/dump.c (load_db): Likewise.
* kadmin/dbutil/kdb5_util.c (main): Likewise.
* kadmin/dbutil/kadm5_create.c (kadm5_create): Likewise.
* kadmin/dbutil/kdb5_stash.c (kdb5_stash): Likewise.
* kadmin/dbutil/loadv4.c (load_v4db): Likewise.
* kadmin/server/ovsec_kadmd.c (main): Likewise.
* kadmin/cli/kadmin.c (kadmin_startup): Likewise.
* kadmin/testing/util/tcl_ovsec_kadm.c (tcl_ovsec_kadm_init): Likewise.
* lib/kadm5/unit-test/lock-test.c (main): Likewise.
* lib/kadm5/unit-test/handle-test.c (main): Likewise.
* lib/kadm5/unit-test/randkey-test.c (main): Likewise.
* lib/kadm5/unit-test/setkey-test.c (main): Likewise.
* lib/kadm5/chpass_util.c (_kadm5_chpass_principal_util): Likewise.
* lib/kadm5/kadm_rpc_xdr.c (xdr_krb5_principal): Likewise.
* lib/krb5/os/init_os_ctx.c (add_kdc_config_file): New function.
(os_init_paths): Add new argument KDC; call add_kdc_config_file if true.
* lib/krb5/krb/init_ctx.c (krb5int_init_context_kdc): New function.
(init_common): Add new argument KDC, passed to krb5_os_init_context.
* lib/krb5/libkrb5.exports: Export krb5int_init_context_kdc.
* k5-int.h (krb5_os_init_context): Update decl.
* lib/kadm5/srv/server_init.c (kadm5_init): Call krb5int_init_context_kdc.
* krb524/krb524d.c (main): Likewise.
* lib/kadm5/unit-test/api.2/init-v2.exp: Don't run test 154 for error for
$KRB5_KDC_PROFILE file not present.
* lib/krb5/os/init_os_ctx.c (os_get_default_config_files): Rewrite KLL test so
as not to confuse Emacs indentation support.
* lib/gssapi/krb5/init_sec_context.c (kg_kdc_flag_mutex, kdc_flag): New
variables.
(krb5_gss_init_context, krb5_gss_use_kdc_context): New functions.
* lib/gssapi/krb5/gssapiP_krb5.h (kg_kdc_flag_mutex): Declare.
(krb5_gss_init_context, krb5_gss_use_kdc_context): Declare.
(krb5_init_context): Define as macro to invoke krb5_gss_init_context for now.
* lib/gssapi/gss_libinit.c (gssint_lib_init): Initialize the mutex.
(gssint_lib_fini): Destroy it.
* lib/gssapi/libgssapi_krb5.exports: Export krb5_gss_use_kdc_context.
* lib/kadm5/srv/server_init.c (kadm5_init): Don't complain if the config files
specify an admin server, since we now look at krb5.conf as well.
* lib/kadm5/unit-test/api.2/init-v2.exp: Delete test test114 for bad server
params.
* plugins/kdb/db2/adb_openclose.c (osa_adb_init_db): Use
krb5int_init_context_kdc instead of krb5_init_context.
* kdc/rtest.c (main): Likewise.
* kdc/fakeka.c (main): Likewise.
* kdc/main.c (main, init_realm): Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18009 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
Print tracing messages
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17090 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
libraries as part of a plug-in. Plugins are often loaded for a specific
purpose and then unregistered. In order to support this model, the libraries
must restore the library state to the uninitialized state when the library
is unloaded.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17050 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
register two new key values.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16592 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
(gssint_initialize_library): Don't do it directly here. Make sure
gssint_lib_init has been called, and return the status.
(gssint_lib_fini): Remove error tables here.
(gssint_cleanup_library): Function deleted.
(initialized): Variable deleted.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16390 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that the initializer completed successfully. Delay initialization on POSIX
until the first "verification" call. Currently specific to a few platforms,
but should still build on others without thread support enabled.
Use it to finish creating (if necessary) and destroy mutexes, and free some
other storage "permanently" allocated by libraries (currently, libkrb5
cache/keytab type registries only). Change initialization of static mutexes to
a two-step operation, a static "partial" initializer and a "finish_init"
routine called from a thread-safe environment like library initialization is
assumed to be. POSIX will use the former, Windows will use the latter, and the
debug support will check that *both* have been used.
Added init/fini functions to com_err, profile, krb5, and gssapi libraries.
(The profile library one may need to be removed later.) The existing ones, not
thread-safe, are still around.
Use weak symbol support if available to figure out if the pthread library has
been linked in, and avoid calling certain routines if the C library stubs are
known not to exist or work.
Stub declarations for thread-specific data.
Minor bugfixes, whitespace changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16268 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
krb5_gss_init_sec_context() while we're at it to make defcred-related
changes easier, and as a side effect, fix some error condition memory
leaks.
ticket: 1365
target_version: 1.3.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15694 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
!USE_BUNDLE_ERROR_STRINGS so Darwin based builds get com_err style error tables
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15266 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
USE_HARDCODED_FALLBACK_ERROR_TABLES macro used by KfM. * gss_libinit.h: do not use the same multiple include protection macro as krb5_libinit.h. Changed to GSSAPI_LIBINIT_H
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15251 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
not used.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14651 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Error tables should always be loaded on other platforms.
* gss_libinit.c: updated for Mac OS X header paths and added
include of gssapiP_krb5.h to get function prototypes.
[pullups from 1-2-2-branch]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14647 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
prototype.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13261 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
compiling.
* configure.in: Add libobj to Makefile frags.
* gss_libinit.c: Add terminating newline. Use 0 and 1 instead of
false and true.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11963 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
dedicated functions; added code to release global state allocated in prng.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11960 dc483132-0cff-0310-8789-dd5450dbe970
|
