summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Add refresh_config to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-152-0/+13
| | | | | | | | | replacing the REFRESH_POLICY method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24185: make audit_as_req return void, since it's anGreg Hudson2010-07-131-7/+4
| | | | | | | | | | informational method and we're not going to do anything with the result. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
* Add audit_as_req to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-132-0/+18
| | | | | | | | | | | | replacing the AUDIT_AS_REQ method of db_invoke. Remove the AUDIT_TGS_REQ method of db_invoke without adding a replacement, as there was no KDC support for it. (It can be added at a later time if necessary.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_policy_as and check_policy_tgs to the DAL table withGreg Hudson2010-07-132-0/+41
| | | | | | | | | | corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and CHECK_POLICY_TGS methods of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_transited_realms to the DAL table with a correspondingGreg Hudson2010-07-122-0/+19
| | | | | | | | | libkdb5 API, replacing the CHECK_TRANSITED_REALMS method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24183 dc483132-0cff-0310-8789-dd5450dbe970
* Add sign_authdata to the DAL table with a corresponding libkdb5 API,Greg Hudson2010-07-122-0/+25
| | | | | | | | | replacing the SIGN_AUTH_DATA method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in libkadm5clnt's get_init_creds()Greg Hudson2010-07-081-4/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24179 dc483132-0cff-0310-8789-dd5450dbe970
* Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modulesGreg Hudson2010-07-081-1/+2
| | | | | | | | | | | should return in-realm aliases. Set it where appropriate, and use it in the LDAP module instead of intuiting the result based on other flags. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-0614-967/+767
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* In kdb5.c, simplify the code for getting the profile config sectionGreg Hudson2010-07-031-93/+54
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24173 dc483132-0cff-0310-8789-dd5450dbe970
* Remove assertions for non-nullity of init_module and fini_module inGreg Hudson2010-07-031-3/+0
| | | | | | | | | kdb5.c for consistency with other uses of mandatory vtable functions. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24172 dc483132-0cff-0310-8789-dd5450dbe970
* Make the APIs for iterate, get_master_key_list, set_master_key_list,Greg Hudson2010-07-032-38/+14
| | | | | | | | | | and promote_db return KRB5_PLUGIN_OP_NOTSUPP if the KDB module does not implement them, avoiding the need for stub default implementations. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24171 dc483132-0cff-0310-8789-dd5450dbe970
* Use KRB5_PLUGIN_OP_NOTSUPP uniformly as the error code for operationsGreg Hudson2010-07-031-19/+19
| | | | | | | | | | not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
* Remove store_master_key from the DAL table, and implementGreg Hudson2010-07-023-29/+6
| | | | | | | | | krb5_store_master_key in terms of krb5_store_master_key_list. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24168 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_db_free_principal and krb5_db_free_mkey_list return void.Greg Hudson2010-07-021-8/+4
| | | | | | | | | Remove the stale prototype for krb5_db_free_master_key. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
* Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2010-07-024-89/+0
| | | | | | | | | | | libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
* Remove db_ and similar prefixes from DAL function names, forGreg Hudson2010-07-021-55/+54
| | | | | | | | | | consistency. Follow suit inside the DB2 and LDAP modules. (No change to the caller-facing libkdb5 APIs.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-029-82/+68
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the set_master_key and get_master_key DAL interfaces and theirGreg Hudson2010-07-024-53/+0
| | | | | | | | | | | | corresponding libkdb5 APIs, as they were not productively used. In kdb5_ldap_util, stop using the realm data's mkey field as a container to communicate the master key to static helper functions, since the field no longer exists. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
* Remove errcode_2_string and release_errcode_string from the DAL table,Greg Hudson2010-07-021-104/+29
| | | | | | | | | | and stop using them in kdb5.c. Modules can simply set error messages in the krb5 context on error. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24159 dc483132-0cff-0310-8789-dd5450dbe970
* Remove db_supported_realms and db_free_supported_realms from the DALGreg Hudson2010-07-021-32/+0
| | | | | | | | | | table, and remove the corresponding libkdb5 interfaces (which don't seem to have been in the library export table). ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24158 dc483132-0cff-0310-8789-dd5450dbe970
* DAL improvementsGreg Hudson2010-07-023-3/+5
| | | | | | | | | | | | | | | | | | | Add KRB5_KDB_API_VERSION to allow callers to adjust to incompatible changes in libkdb; to be kept in sync with the libkdb major version, which is bumped to 5 in anticipation of other changes. Add KRB5_KDB_DAL_VERSION to allow database modules to detect when they are mismatched with the KDB version. Since KDB modules are often developed concurrently with trunk code, this is defined to be the date of the last incompatible DAL change. The DAL version is passed to the init_library DAL function; the module should check it against the value of KRB5_KDB_DAL_VERSION it was compiled with and return KRB5_KDB_DBTYPE_MISMATCH if it doesn't match. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24157 dc483132-0cff-0310-8789-dd5450dbe970
* Factor out a common socket creation sequence in net-server.c, whichGreg Hudson2010-06-301-116/+67
| | | | | | happens to coincide with what setup_a_rpc_listener does. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24153 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate warnings in net-server.cGreg Hudson2010-06-301-8/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24152 dc483132-0cff-0310-8789-dd5450dbe970
* Improve coding style conformance in net-server.cGreg Hudson2010-06-301-131/+155
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24151 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a bug in r24147 where svctcp_create() was passing the wrong lengthGreg Hudson2010-06-261-1/+1
| | | | | | | | argument to bind(), causing it to fail on Solaris. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24148 dc483132-0cff-0310-8789-dd5450dbe970
* Make kadmin work over IPv6Greg Hudson2010-06-266-45/+145
| | | | | | | | | | | | | | | | | | | | | | | | Make gssrpc work over IPv6 TCP sockets provided that the client creates and connects/binds the sockets and doesn't query their addresses or use bindresvport(). Make kadmin work within those constraints and handle IPv6. Specific changes: * Make svctcp_create() able to extract the port from an IPv6 socket, using a new helper function getport(). * Make clnttcp_create() handle a null raddr value if *sockp is set. * Make kadm5_get_service_name() use getaddrinfo() to canonicalize the admin server name. * Make libkadm5clnt's init_any() responsible for connecting its socket using a new helper function connect_to_server(), which uses getaddrinfo instead of gethostbyname. Pass a null address to clnttcp_create(). * Make libapputil's net-server.c set up IPv6 as well as IPv4 listener ports for RPC connections. * Adjust the error code expected in a libkadm5 unit test. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24147 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust function names and declarations in libkadm5's client_init.c; inGreg Hudson2010-06-251-149/+95
| | | | | | | particular, avoid the use of library namespace prefixes for static helper functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24146 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify the iprop conditionalization of _kadm5_init_any()Greg Hudson2010-06-251-25/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24145 dc483132-0cff-0310-8789-dd5450dbe970
* Make OFFLINE!=no work againTom Yu2010-06-211-6/+9
| | | | | | ticket: 6744 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24140 dc483132-0cff-0310-8789-dd5450dbe970
* Add correct error table when initializing gss-krb5Greg Hudson2010-06-211-1/+1
| | | | | | | | | | | | | | | gss_krb5int_lib_init was adding the generic GSS error table (again) instead of the krb5 error table, which could lead to crashes on library unload. This bug was introduced in krb5 1.7; the fix is also applicable there. Patch from Leonardo Chiquitto <leonardo.lists@gmail.com>. ticket: 6745 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24139 dc483132-0cff-0310-8789-dd5450dbe970
* only test t_locate_kdc if known-good DNS name is presentTom Yu2010-06-181-6/+20
| | | | | | | | | | | | | | | | Running "make check" while offline or on a firewalled network may result in failure in lib/krb5/os because the invocation of t_locate_kdc requires that the DNS servers for ATHENA.MIT.EDU be reachable. Autodetect DNS utilities "dig" and "nslookup", and use them to check for existence of the known-good DNS name. Also parameterize the test so that the known-good DNS name can be overridden on the make command line. ticket: 6744 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24138 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the code for krb5_append_addresses(), which was never used andGreg Hudson2010-06-111-58/+0
| | | | | | was ifdef'd out fifteen years ago in r5464. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24133 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate actx_copy_addr in auth_con.c; use krb5_copy_addr insteadGreg Hudson2010-06-111-23/+6
| | | | | | (it's exactly the same). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24132 dc483132-0cff-0310-8789-dd5450dbe970
* In yarrow.c, undefine k5-trace.h's TRACE before defining it to avoid aGreg Hudson2010-06-101-0/+1
| | | | | | conflict. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24126 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a couple of minor defects in trace.cGreg Hudson2010-06-101-3/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24124 dc483132-0cff-0310-8789-dd5450dbe970
* Stop checking the current time against the context expiration time inGreg Hudson2010-06-083-29/+3
| | | | | | | | | | | | | | | | the message wrap/unwrap functions in the krb5 GSS mech. Heimdal doesn't do it, and it generally results in poor app behavior when a ticket expires. In exchange, it doesn't provide much security benefit since it's not enforced across the board--for example, ssh sessions can persist beyond ticket expiration time since they don't use GSS to wrap payload data. (This is a continuation of r24120, which should have contained the changes to all four files.) ticket: 6739 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24121 dc483132-0cff-0310-8789-dd5450dbe970
* Stop checking the current time against the context expiration time inGreg Hudson2010-06-081-14/+0
| | | | | | | | | | | | | | | the message wrap/unwrap functions in the krb5 GSS mech. Heimdal doesn't do it, and it generally results in poor app behavior when a ticket expires. In exchange, it doesn't provide much security benefit since it's not enforced across the board--for example, ssh sessions can persist beyond ticket expiration time since they don't use GSS to wrap payload data. ticket: 6739 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24120 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-0735-1586/+1729
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Trace loggingGreg Hudson2010-06-0720-88/+568
| | | | | | | | | | | | | | | | Add trace logging infrastructure code, enabled by the KRB5_TRACE environment variable or the API functions krb5_set_trace_callback() or krb5_set_trace_filename(). As a start, add tracing events for: * AS-REQ client code, including FAST and preauth * TGS-REQ client code * AP-REQ and AP-REP code (client and server) * sendto_kdc * Selected ccache operations * Selected keytab operations ticket: 6737 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24118 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_enctype_to_name() APIGreg Hudson2010-06-043-3/+30
| | | | | | | | | | Add an API to return the input name, or optionally the shortest alias, of an enctype. Similar to krb5_enctype_to_string() which returns a description. ticket: 6736 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24117 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_cc_set_config, don't call krb5_cc_remove_cred; it's redundantGreg Hudson2010-05-281-4/+0
| | | | | | with the krb5_cc_remove_cred call in krb5_cc_store_cred. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24110 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-05-282-15/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24109 dc483132-0cff-0310-8789-dd5450dbe970
* From Luke: make copies of S4U2Proxy authdata modules work when thereGreg Hudson2010-05-281-1/+1
| | | | | | is no S4U2Proxy authdata. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24107 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the get_masters logic in locate_srv_conf_1 which was orphanedGreg Hudson2010-05-272-63/+11
| | | | | | by r15736 when we added the master_kdc profile variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24106 dc483132-0cff-0310-8789-dd5450dbe970
* Get t_ser to build again after the S4U authdata branch mergeGreg Hudson2010-05-271-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24105 dc483132-0cff-0310-8789-dd5450dbe970
* FAST negotiation could erroneously succeedGreg Hudson2010-05-251-0/+1
| | | | | | | | | | | | | | When FAST negotiation is performed against an older KDC (rep->enc_part2->flags & TKT_FLG_ENC_PA_REP not set), krb5int_fast_verify_nego did not set the value of *fast_avail, causing stack garbage to be used in init_creds_step_reply. Initialize *fast_avail at the beginning of the function per coding practices. ticket: 6734 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24102 dc483132-0cff-0310-8789-dd5450dbe970
* Fix long lines and other formatting issues in fast.hGreg Hudson2010-05-241-25/+36
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24101 dc483132-0cff-0310-8789-dd5450dbe970
* Fix long lines and other formatting issues in fast.cGreg Hudson2010-05-241-56/+81
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24100 dc483132-0cff-0310-8789-dd5450dbe970
* Make signedpath authdata visible via GSS naming extsGreg Hudson2010-05-235-2/+615
| | | | | | | | | | Merge users/lhoward/signedpath-naming-exts to trunk. Adds an authdata provider which makes non-PAC S4U2Proxy signedpath authdata visible to application servers via GSS naming extensions. ticket: 6733 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24094 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 09:10:41 +0000