| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
ticket: 5899
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20325 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20163 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20153 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20145 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).
Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe. In: util lib plugins kdc kadmin/server krb524.
The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.
This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them. So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written. (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)
Update dependencies.
ticket: 5561
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19753 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pull up PKINIT support onto the trunk.
Changes from the version in branch users/coffman/pkinit are:
- Update the preauth plugin interface version to avoid
conflict with any existing plugins.
- Add a pkcs11.h locally to the pkinit code rather than
depending on opensc being installed.
ticket: new
Target_Version: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19745 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
build by default.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19565 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
build_dynobj. Hard-code the behavior for shared libraries, no static,
no profiled.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19261 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19260 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r18922@cathode-dark-space: coffman | 2006-12-04 18:30:15 -0500
First cut at making the get_init_creds_opt structure extendable
and adding library functions to set options for preauthentication
plugins.
This does *not* include a compatibility function to work like
Heimdal's krb5_get_init_creds_opt_set_pkinit() function.
Hopefully, the test code that doesn't belong in kinit.c is
obvious.
r18929@cathode-dark-space: coffman | 2006-12-07 10:01:20 -0500
Remove extra "user_id" parameter.
Add function which duplicates the Heimdal interface (if we can agree on
what the matching attribute names should be).
r18934@cathode-dark-space: coffman | 2006-12-08 15:28:03 -0500
Update to use the simplified interface for krb5_get_init_creds_opt_set_pa()
Add code in kinit to process "-X" options as preauth options and pass
them along.
r18936@cathode-dark-space: coffman | 2006-12-11 12:04:26 -0500
Move prototypes for get_init_creds_opt_get_pa() and
krb5_get_init_creds_opt_free_pa() into the
preauth_plugin.h header rather than krb5.hin.
ticket: new
status: open
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19127 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change server-side preauth plugin interface to allow the plugin's
verify_padata function to return e-data to be returned to the client.
(Patch from Nalin Dahyabhai <nalin@redhat.com>)
Update sample plugins to return e-data to exercise the code.
Fix memory leak in the wpse plugin.
ticket: new
Component: krb5-kdc
Target_Version: 1.6
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18801 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Modify the client preauth plugin interface to pass in a function
pointer and data pointer so the plugin may request information
otherwise unavailable.
ticket: new
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18790 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
global to all the modules within a plugin. Also, change the
client-side interface so that the preauth plugin context (once
created) lives the lifetime of a krb5_context. This will allow
future changes that can set plugin parameters. The client side
request context lives the lifetime of a call to krb5_get_init_creds().
Make the sample preauth plugins buildable outside the source tree.
Fix minor memory leak in sort_krb5_padata_sequence().
Add a prototype for krb5_do_preauth_tryagain() and change the plugin
interface.
Incorporates fixes from Nalin Dahyabhai <nalin@redhat.com> for leaks
of the function table pointers (rt #4566) and fix KDC crash (rt #4567)
ticket: 4566
ticket: 4567
ticket: 4587
Target_Version: 1.6
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18754 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
ticket: 4377
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18693 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
Patch from Nalin Dahyabhai at Redhat to implement a preauthentication
framework based on the plugin architecture. Currently. the API is
considered internal and the header is not installed.
See src/include/krb5/preauth_plugin.h for the interface.
ticket: new
Tags: enhancement
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18641 dc483132-0cff-0310-8789-dd5450dbe970
|
