summaryrefslogtreecommitdiffstats
path: root/src/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* Make krb5_db_free_principal and krb5_db_free_mkey_list return void.Greg Hudson2010-07-025-9/+9
| | | | | | | | | Remove the stale prototype for krb5_db_free_master_key. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
* Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2010-07-022-2/+1
| | | | | | | | | | | libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
* Remove db_ and similar prefixes from DAL function names, forGreg Hudson2010-07-028-190/+168
| | | | | | | | | | consistency. Follow suit inside the DB2 and LDAP modules. (No change to the caller-facing libkdb5 APIs.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-021-12/+8
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
* Remove setup_master_key_name from the DAL table as it was not usedGreg Hudson2010-07-022-2/+1
| | | | | | | ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24163 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the set_master_key and get_master_key DAL interfaces and theirGreg Hudson2010-07-0210-169/+22
| | | | | | | | | | | | corresponding libkdb5 APIs, as they were not productively used. In kdb5_ldap_util, stop using the realm data's mkey field as a container to communicate the master key to static helper functions, since the field no longer exists. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-up to r24157: return correctly from krb5_ldap_lib_init() ifGreg Hudson2010-07-021-0/+1
| | | | | | | | there is no version mismatch. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24161 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-on to r24157: pass KRB5_KDB_DAL_VERSION to krb5_ldap_lib_init()Greg Hudson2010-07-021-1/+1
| | | | | | | | in kdb5_ldap_util.c. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24160 dc483132-0cff-0310-8789-dd5450dbe970
* Remove errcode_2_string and release_errcode_string from the DAL table,Greg Hudson2010-07-024-22/+0
| | | | | | | | | | and stop using them in kdb5.c. Modules can simply set error messages in the krb5 context on error. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24159 dc483132-0cff-0310-8789-dd5450dbe970
* Remove db_supported_realms and db_free_supported_realms from the DALGreg Hudson2010-07-025-28/+0
| | | | | | | | | | table, and remove the corresponding libkdb5 interfaces (which don't seem to have been in the library export table). ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24158 dc483132-0cff-0310-8789-dd5450dbe970
* DAL improvementsGreg Hudson2010-07-023-4/+8
| | | | | | | | | | | | | | | | | | | Add KRB5_KDB_API_VERSION to allow callers to adjust to incompatible changes in libkdb; to be kept in sync with the libkdb major version, which is bumped to 5 in anticipation of other changes. Add KRB5_KDB_DAL_VERSION to allow database modules to detect when they are mismatched with the KDB version. Since KDB modules are often developed concurrently with trunk code, this is defined to be the date of the last incompatible DAL change. The DAL version is passed to the init_library DAL function; the module should check it against the value of KRB5_KDB_DAL_VERSION it was compiled with and return KRB5_KDB_DBTYPE_MISMATCH if it doesn't match. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24157 dc483132-0cff-0310-8789-dd5450dbe970
* In PKINIT, notice if DH_compute_key() returns a value less than theGreg Hudson2010-06-141-2/+18
| | | | | | | | | | buffer size, and pad it on the left if so. ticket: 6738 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24137 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust the PKINIT DH debugging code:Greg Hudson2010-06-141-7/+8
| | | | | | | | | | * Use %p and void * for pointers instead of %x and int * Don't call the computed symmetric key the "secret key" since that's easily confused with the private key g^x. * Print the private key when printing DH parameters, instead of the q value (not even sure what they is). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24136 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-075-179/+189
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-05-161-14/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24041 dc483132-0cff-0310-8789-dd5450dbe970
* Add lockout-related performance tuning variablesGreg Hudson2010-05-106-39/+124
| | | | | | | | | | | | | | | The account lockout feature of krb5 1.8 came at a cost in database accesses for principals requiring preauth, even if lockout is not used. Add dbmodules variables disable_last_success and disable_lockout for the DB2 and LDAP back ends, allowing the admin to recover the lost performance at the cost of new functionality. (Unrelated documentation fix: document database_name as a DB2-specific dbmodules variable instead of the realm variable it used to be.) ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24003 dc483132-0cff-0310-8789-dd5450dbe970
* Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAPGreg Hudson2010-05-101-22/+29
| | | | | | | | | | | | | | | | | In krb5_ldap_put_principal, use krb5_get_attributes_mask to determine whether krbLoginFailedCount existed on the entry when it was retrieved. If it didn't exist, don't try to use LDAP_MOD_INCREMENT, and don't assert an old value when not using LDAP_MOD_INCREMENT. Also, create the krbLoginFailedCount attribute when creating new entries. This allows us to use LDAP_MOD_INCREMENT during the first failed login (if the server supports it), avoiding a race condition. ticket: 6718 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24002 dc483132-0cff-0310-8789-dd5450dbe970
* General code consistency pass in kdb_db2.c.Greg Hudson2010-05-051-136/+56
| | | | | | | Removes some pointless null checks. Frees the DB context when a DB is finalized. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23973 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust for removal of krb5_ldap_set_option in r23965Tom Yu2010-05-041-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23972 dc483132-0cff-0310-8789-dd5450dbe970
* Remove a stray comment from r23966Greg Hudson2010-05-041-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23967 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor the kdb_db2.c code which processes db_args and profileGreg Hudson2010-05-042-305/+134
| | | | | | | variables to configure a DB context, to avoid repeating that code three times in open/create/destroy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23966 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5_db_set_option and the associated DAL entry. It was notGreg Hudson2010-05-046-60/+0
| | | | | | used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23965 dc483132-0cff-0310-8789-dd5450dbe970
* Straighten the if-ladder in encrypted challenge's process_preauth,Greg Hudson2010-03-251-7/+6
| | | | | | | making it clearer that control drops through if one of the first couple of steps fails. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23836 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-02-204-33/+46
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23740 dc483132-0cff-0310-8789-dd5450dbe970
* Move array decl from mixed within code down into the block where it'sKen Raeburn2010-02-201-8/+11
| | | | | | actually used, for C90 compliance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23739 dc483132-0cff-0310-8789-dd5450dbe970
* Update export list for 2007 plugin interface changeKen Raeburn2010-02-201-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23738 dc483132-0cff-0310-8789-dd5450dbe970
* Move array decl from mixed within code down into the block where it'sKen Raeburn2010-02-201-8/+11
| | | | | | actually used, for C90 compliance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23737 dc483132-0cff-0310-8789-dd5450dbe970
* Make plugins/cksum_body more likely to build, and remove the empty srcGreg Hudson2010-02-191-2/+2
| | | | | | directory within. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23736 dc483132-0cff-0310-8789-dd5450dbe970
* Fix greet_server buildGreg Hudson2010-02-031-1/+1
| | | | | | | | | | Fix the export list for the greet_server plugin. ticket: 6654 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23694 dc483132-0cff-0310-8789-dd5450dbe970
* Update the LDAP dependencies for r23674Greg Hudson2010-01-272-132/+161
| | | | | | ticket: 6649 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23675 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of kdb_ext.h and allow out-of-tree KDB pluginsGreg Hudson2010-01-274-18/+13
| | | | | | | | | | | | | Move the contents of kdb_ext.h into kdb.h, since there is no meaningful "extensions" category of DB interfaces now that this stuff is in our tree. Allows out-of-tree KDB plugins to be built since we install kdb.h. ticket: 6649 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23674 dc483132-0cff-0310-8789-dd5450dbe970
* Other changes in this ticket guarantee that the padata argument toSam Hartman2010-01-041-1/+1
| | | | | | | | return callbacks is non-null; don't check for null in pkinit_srv.c. ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23582 dc483132-0cff-0310-8789-dd5450dbe970
* NetBSD 5.0.1 uses an OpenSSL snapshot that describes itself as 0.9.9,Ken Raeburn2009-12-311-1/+1
| | | | | | | and has the EVP_PKEY_decrypt API change that was already being worked around for OpenSSL 1.0.0. Work around it for 0.9.9 too. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23553 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an inoperable error check in return_pkinit_kxGreg Hudson2009-12-291-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23536 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-285-68/+90
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-287-194/+358
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* Remove dependency on /bin/csh in test suiteEzra Peisach2009-12-081-2/+14
| | | | | | | | | | | | The libdb2 test suite would fail if /bin/csh was not present. The tests did not execute /bin/csh - but used the contents as data to put into the test database. Iterate over a few "known" files until one is found that could be used for it... Tests for /bin/csh, /bin/cat, /usr/bin/cat, /bin/ls, /usr/bin/ls. If none of these exist - then fail. ticket: 6593 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23458 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_db2_db_init, make a format string constant to make CoverityGreg Hudson2009-11-251-3/+2
| | | | | | | happy. (Previously it was a disjunction of two constants, which is fine, but not as obviously safe to a static analysis tool.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23355 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent the pkinit plugin code, except for the header filesGreg Hudson2009-11-258-4813/+4815
| | | | | | which are kind of difficult. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23354 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent plugins, except for pkinit, which needs a littleGreg Hudson2009-11-2465-11371/+11089
| | | | | | cleanup first. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23353 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-2233-369/+365
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* Constrained delegation without PAC supportGreg Hudson2009-11-147-19/+115
| | | | | | | | | | | Merge Luke's users/lhoward/s4u2proxy branch to trunk. Implements a Heimdal-compatible mechanism for allowing constrained delegation without back-end support for PACs. Back-end support exists in LDAP only (via a new krbAllowedToDelegateTo attribute), not DB2. ticket: 6580 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23160 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-3180-477/+454
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Bump the accessor version number since we made changes.Greg Hudson2009-10-281-2/+2
| | | | | | | | Take the opportunity to regularize accessor field names (no krb5 or krb5int prefixes). Fix a test program which was still using krb5_hmac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23081 dc483132-0cff-0310-8789-dd5450dbe970
* Add variable DB_VERSION to Makefile.in. Generate deps so thatEzra Peisach2009-10-282-0/+44
| | | | | | configure will work. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23075 dc483132-0cff-0310-8789-dd5450dbe970
* Heimdal DB bridge plugin for KDC back endGreg Hudson2009-10-2711-0/+3930
| | | | | | | | | Merge Luke's users/lhoward/heimmig branch to trunk. Implements a KDC back-end plugin which interfaces to a Heimdal HDB plugin. ticket: 6578 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23073 dc483132-0cff-0310-8789-dd5450dbe970
* not try to free random stack garbage on errorEzra Peisach2009-10-251-0/+2
| | | | | | kdc_return_preauth: Set enc.ciphertext.data to null to ensure we do git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23040 dc483132-0cff-0310-8789-dd5450dbe970
* Account lockoutGreg Hudson2009-10-2522-78/+1122
| | | | | | | | | | | | Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
* Increment authdata SPI to V2 (V1 was experimental) to account for additionalLuke Howard2009-10-211-1/+1
| | | | | | krbtgt key parameter. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22959 dc483132-0cff-0310-8789-dd5450dbe970
* For naming extensions draft compliance, s/mspac:/urn:mspac:/Luke Howard2009-10-201-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22957 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-04-05 10:37:53 +0000