summaryrefslogtreecommitdiffstats
path: root/src/plugins
Commit message (Collapse)AuthorAgeFilesLines
* Simplify kdb_db2's open_db() a little further, avoiding a suspiciousGreg Hudson2010-11-031-7/+11
| | | | | | switch fallthrough. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24508 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid running off the end of the spares array in db2's page_to_oaddr()Greg Hudson2010-11-031-1/+1
| | | | | | in unrealistically large databases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24507 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up the DB2 KDB module code a bit, making it more conformant withGreg Hudson2010-11-021-141/+96
| | | | | | | current coding practices. Mostly namespace changes, but also simplify krb5_db2_destroy(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24505 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-10-243-68/+57
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24478 dc483132-0cff-0310-8789-dd5450dbe970
* SecurID build supportSam Hartman2010-10-192-2/+19
| | | | | | | | | | | Integrate SecurID into the build if libaceclnt is found. Add a README file with an example of how to build it. ticket: 6807 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24467 dc483132-0cff-0310-8789-dd5450dbe970
* securID error handling fixSam Hartman2010-10-192-29/+29
| | | | | | | | | | | In porting forward, I incorrectly used krb5_set_error_message instead of com_err. This commit reverts that change. ticket: 6806 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24466 dc483132-0cff-0310-8789-dd5450dbe970
* securID code fixesSam Hartman2010-10-193-18/+35
| | | | | | | | | | | | | | | | | | | | | | Fixes to get securID preauth plugin working. A separate patch will address error handling and build issues. * Permit a preauth plugin to return KRB5KDC_ERR_PREAUTH_REQUIRED from the verify entry point. * If verify_securid2 fails, save the return value and return that rather than success after dealing with encoding the out_edata * Use the client key not the securid principal key for the sam checksum * indicate that securID is hardware authentication ticket: 6805 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24465 dc483132-0cff-0310-8789-dd5450dbe970
* Encoding cleanup: curly quotes to ASCII quotes, and some ISO-8859-1Tom Yu2010-10-082-2/+2
| | | | | | files to UTF-8. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24446 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a typo in kerberos.ldif. Reported by nalin@redhat.comGreg Hudson2010-10-071-1/+1
| | | | | | | | ticket: 6701 target_version: 1.8.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24441 dc483132-0cff-0310-8789-dd5450dbe970
* Performance issue in LDAP policy fetchGreg Hudson2010-10-071-6/+14
| | | | | | | | | | Instead of performing a tree search to fill in the refcnt field of a policy object whenever a policy is fetched, set the refcnt to 0 and perform a check when policies are deleted. ticket: 6799 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24440 dc483132-0cff-0310-8789-dd5450dbe970
* Propagate modprinc -unlock from master to slave KDCsGreg Hudson2010-10-059-5/+93
| | | | | | | | | | | | Create a new tl-data type to hold the time of the last administrative unlock, and factor it into decisions about account lockout. Since tl-data values are propagated from master to slave, this will cause modprinc -unlock operations to reach slave KDCs on the next propagation. ticket: 6795 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
* Add additional NRL copyrightSam Hartman2010-10-051-0/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24423 dc483132-0cff-0310-8789-dd5450dbe970
* Copyright statements, whitespace, and other code formattingGreg Hudson2010-10-023-666/+772
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24415 dc483132-0cff-0310-8789-dd5450dbe970
* Add empty src/plugins/preauth/securid_sam2/deps to allow build to work againTom Yu2010-10-011-0/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24407 dc483132-0cff-0310-8789-dd5450dbe970
* Initial securid2 support.Sam Hartman2010-10-015-0/+1005
| | | | | | builds but untested git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24405 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-09-301-5/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24393 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2010-09-291-0/+14
| | | | | | Add kadm5_hook test plugin to toplevel Makefile.in git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24377 dc483132-0cff-0310-8789-dd5450dbe970
* Automated tests for kadm5_hook pluginSam Hartman2010-09-294-0/+143
| | | | | | Include a k5test Python test and test plugin for the kadm5_hook interface. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24376 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize kdb5_ldap_util's context with kadm5_init_krb5_context, likeGreg Hudson2010-09-221-1/+1
| | | | | | | kdb5_util does, in order to get the KDC profile settings as well as the regular krb5 profile settings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24337 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-on to r24315: remove get/set_mkey_list from export list ofGreg Hudson2010-09-161-2/+0
| | | | | | libkdb_ldap. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24324 dc483132-0cff-0310-8789-dd5450dbe970
* In the PKINIT OpenSSL crypto code, use a signed int to hold the resultGreg Hudson2010-09-151-3/+3
| | | | | | | | | of X509_get_ext_by_NID so we can detect negative return values. Reported by nalin@redhat.com. ticket: 6774 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24323 dc483132-0cff-0310-8789-dd5450dbe970
* Remove dead code from DAL and kdb pluginsSam Hartman2010-09-158-126/+0
| | | | | | kdb: remove get/set_mkey_list git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24315 dc483132-0cff-0310-8789-dd5450dbe970
* In the PKINIT OpenSSL code, ensure that appropriate cerficiate fieldsGreg Hudson2010-09-151-0/+2
| | | | | | | | have been set before using ku_reject. Patch from nalin@redhat.com. ticket: 6775 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24313 dc483132-0cff-0310-8789-dd5450dbe970
* Use correct CRL stack macros in pkinit OpenSSL code. Patch from OlafGreg Hudson2010-09-151-3/+3
| | | | | | | | Flebbe. ticket: 6776 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24312 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-085-137/+137
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* X509_verify_cert can return without setting cert_ctx.current_cert. IfGreg Hudson2010-09-081-2/+5
| | | | | | | it does, don't dereference a null pointer when creating the pkiDebug message. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24296 dc483132-0cff-0310-8789-dd5450dbe970
* In the LDAP KDB module's populate_krb5_db_entry, fix the checks forGreg Hudson2010-08-241-2/+2
| | | | | | | | | | the KDB_PRINC_EXPIRE_TIME_ATTR and KDB_PWD_EXPIRE_TIME_ATTR flags so that they properly succeed when the flags are set. Bug report from Rob Crittenden, patch from nalin@redhat.com. ticket: 6762 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24254 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24200: fix kdb5_ldap_util call site ofGreg Hudson2010-07-211-1/+1
| | | | | | | | krb5_ldap_lib_init. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24201 dc483132-0cff-0310-8789-dd5450dbe970
* Revert the part of r24157 which added the dal_version argument to theGreg Hudson2010-07-215-13/+7
| | | | | | | | | | | init_library interface. Instead use the already existing maj_ver field of the DAL vtable to detect incompatibilities. Since maj_ver is a short int, use an incrementing number instead of a date for the major version. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24200 dc483132-0cff-0310-8789-dd5450dbe970
* Get the kdb_hdb module to compile again. Probably still buggy,Greg Hudson2010-07-204-293/+161
| | | | | | | | particularly around the master key logic. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24193 dc483132-0cff-0310-8789-dd5450dbe970
* In kdb5_util's kdb5_ldap_create(), add back the assignment ofGreg Hudson2010-07-191-0/+1
| | | | | | | | rblock.key which was erroneously removed in r24162. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24192 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_allowed_to_delegate to the DAL with a corresponding libkdb5Greg Hudson2010-07-1510-161/+40
| | | | | | | | | API, replacing the last method (CHECK_ALLOWED_TO_DELEGATE) of db_invoke. Remove db_invoke since it no longer has any methods. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24189 dc483132-0cff-0310-8789-dd5450dbe970
* Add refresh_config to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-152-0/+2
| | | | | | | | | replacing the REFRESH_POLICY method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24185: make audit_as_req return void, since it's anGreg Hudson2010-07-135-11/+11
| | | | | | | | | | informational method and we're not going to do anything with the result. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
* Add audit_as_req to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-139-48/+36
| | | | | | | | | | | | replacing the AUDIT_AS_REQ method of db_invoke. Remove the AUDIT_TGS_REQ method of db_invoke without adding a replacement, as there was no KDC support for it. (It can be added at a later time if necessary.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_policy_as and check_policy_tgs to the DAL table withGreg Hudson2010-07-139-52/+50
| | | | | | | | | | corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and CHECK_POLICY_TGS methods of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_transited_realms to the DAL table with a correspondingGreg Hudson2010-07-122-1/+2
| | | | | | | | | libkdb5 API, replacing the CHECK_TRANSITED_REALMS method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24183 dc483132-0cff-0310-8789-dd5450dbe970
* Add sign_authdata to the DAL table with a corresponding libkdb5 API,Greg Hudson2010-07-122-1/+2
| | | | | | | | | replacing the SIGN_AUTH_DATA method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24180: make sure osa_adb_get_policy sets its outputGreg Hudson2010-07-091-0/+1
| | | | | | parameter in all cases, per coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24181 dc483132-0cff-0310-8789-dd5450dbe970
* Improve output variable handling of osa_adb_get_policy() in the db2Greg Hudson2010-07-091-19/+20
| | | | | | KDB module, and close some unlikely memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24180 dc483132-0cff-0310-8789-dd5450dbe970
* Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modulesGreg Hudson2010-07-081-25/+1
| | | | | | | | | | | should return in-realm aliases. Set it where appropriate, and use it in the LDAP module instead of intuiting the result based on other flags. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-0617-836/+736
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-on to r24168: in kdb5_ldap_util, indirect throughGreg Hudson2010-07-041-5/+5
| | | | | | | | | | krb5_db_store_master_key instead of using the (now removed) default implementation directly. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24174 dc483132-0cff-0310-8789-dd5450dbe970
* Use KRB5_PLUGIN_OP_NOTSUPP uniformly as the error code for operationsGreg Hudson2010-07-032-2/+2
| | | | | | | | | | not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
* Remove return value from void functionKen Raeburn2010-07-031-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24169 dc483132-0cff-0310-8789-dd5450dbe970
* Remove store_master_key from the DAL table, and implementGreg Hudson2010-07-022-2/+1
| | | | | | | | | krb5_store_master_key in terms of krb5_store_master_key_list. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24168 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_db_free_principal and krb5_db_free_mkey_list return void.Greg Hudson2010-07-025-9/+9
| | | | | | | | | Remove the stale prototype for krb5_db_free_master_key. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
* Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2010-07-022-2/+1
| | | | | | | | | | | libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
* Remove db_ and similar prefixes from DAL function names, forGreg Hudson2010-07-028-190/+168
| | | | | | | | | | consistency. Follow suit inside the DB2 and LDAP modules. (No change to the caller-facing libkdb5 APIs.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-021-12/+8
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-10 12:33:15 +0000