summaryrefslogtreecommitdiffstats
path: root/src/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* Add empty src/plugins/preauth/securid_sam2/deps to allow build to work againTom Yu2010-10-011-0/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24407 dc483132-0cff-0310-8789-dd5450dbe970
* Initial securid2 support.Sam Hartman2010-10-015-0/+1005
| | | | | | builds but untested git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24405 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-09-301-5/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24393 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2010-09-291-0/+14
| | | | | | Add kadm5_hook test plugin to toplevel Makefile.in git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24377 dc483132-0cff-0310-8789-dd5450dbe970
* Automated tests for kadm5_hook pluginSam Hartman2010-09-294-0/+143
| | | | | | Include a k5test Python test and test plugin for the kadm5_hook interface. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24376 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize kdb5_ldap_util's context with kadm5_init_krb5_context, likeGreg Hudson2010-09-221-1/+1
| | | | | | | kdb5_util does, in order to get the KDC profile settings as well as the regular krb5 profile settings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24337 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-on to r24315: remove get/set_mkey_list from export list ofGreg Hudson2010-09-161-2/+0
| | | | | | libkdb_ldap. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24324 dc483132-0cff-0310-8789-dd5450dbe970
* In the PKINIT OpenSSL crypto code, use a signed int to hold the resultGreg Hudson2010-09-151-3/+3
| | | | | | | | | of X509_get_ext_by_NID so we can detect negative return values. Reported by nalin@redhat.com. ticket: 6774 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24323 dc483132-0cff-0310-8789-dd5450dbe970
* Remove dead code from DAL and kdb pluginsSam Hartman2010-09-158-126/+0
| | | | | | kdb: remove get/set_mkey_list git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24315 dc483132-0cff-0310-8789-dd5450dbe970
* In the PKINIT OpenSSL code, ensure that appropriate cerficiate fieldsGreg Hudson2010-09-151-0/+2
| | | | | | | | have been set before using ku_reject. Patch from nalin@redhat.com. ticket: 6775 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24313 dc483132-0cff-0310-8789-dd5450dbe970
* Use correct CRL stack macros in pkinit OpenSSL code. Patch from OlafGreg Hudson2010-09-151-3/+3
| | | | | | | | Flebbe. ticket: 6776 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24312 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-085-137/+137
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* X509_verify_cert can return without setting cert_ctx.current_cert. IfGreg Hudson2010-09-081-2/+5
| | | | | | | it does, don't dereference a null pointer when creating the pkiDebug message. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24296 dc483132-0cff-0310-8789-dd5450dbe970
* In the LDAP KDB module's populate_krb5_db_entry, fix the checks forGreg Hudson2010-08-241-2/+2
| | | | | | | | | | the KDB_PRINC_EXPIRE_TIME_ATTR and KDB_PWD_EXPIRE_TIME_ATTR flags so that they properly succeed when the flags are set. Bug report from Rob Crittenden, patch from nalin@redhat.com. ticket: 6762 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24254 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24200: fix kdb5_ldap_util call site ofGreg Hudson2010-07-211-1/+1
| | | | | | | | krb5_ldap_lib_init. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24201 dc483132-0cff-0310-8789-dd5450dbe970
* Revert the part of r24157 which added the dal_version argument to theGreg Hudson2010-07-215-13/+7
| | | | | | | | | | | init_library interface. Instead use the already existing maj_ver field of the DAL vtable to detect incompatibilities. Since maj_ver is a short int, use an incrementing number instead of a date for the major version. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24200 dc483132-0cff-0310-8789-dd5450dbe970
* Get the kdb_hdb module to compile again. Probably still buggy,Greg Hudson2010-07-204-293/+161
| | | | | | | | particularly around the master key logic. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24193 dc483132-0cff-0310-8789-dd5450dbe970
* In kdb5_util's kdb5_ldap_create(), add back the assignment ofGreg Hudson2010-07-191-0/+1
| | | | | | | | rblock.key which was erroneously removed in r24162. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24192 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_allowed_to_delegate to the DAL with a corresponding libkdb5Greg Hudson2010-07-1510-161/+40
| | | | | | | | | API, replacing the last method (CHECK_ALLOWED_TO_DELEGATE) of db_invoke. Remove db_invoke since it no longer has any methods. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24189 dc483132-0cff-0310-8789-dd5450dbe970
* Add refresh_config to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-152-0/+2
| | | | | | | | | replacing the REFRESH_POLICY method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24185: make audit_as_req return void, since it's anGreg Hudson2010-07-135-11/+11
| | | | | | | | | | informational method and we're not going to do anything with the result. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
* Add audit_as_req to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-139-48/+36
| | | | | | | | | | | | replacing the AUDIT_AS_REQ method of db_invoke. Remove the AUDIT_TGS_REQ method of db_invoke without adding a replacement, as there was no KDC support for it. (It can be added at a later time if necessary.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_policy_as and check_policy_tgs to the DAL table withGreg Hudson2010-07-139-52/+50
| | | | | | | | | | corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and CHECK_POLICY_TGS methods of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_transited_realms to the DAL table with a correspondingGreg Hudson2010-07-122-1/+2
| | | | | | | | | libkdb5 API, replacing the CHECK_TRANSITED_REALMS method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24183 dc483132-0cff-0310-8789-dd5450dbe970
* Add sign_authdata to the DAL table with a corresponding libkdb5 API,Greg Hudson2010-07-122-1/+2
| | | | | | | | | replacing the SIGN_AUTH_DATA method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24180: make sure osa_adb_get_policy sets its outputGreg Hudson2010-07-091-0/+1
| | | | | | parameter in all cases, per coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24181 dc483132-0cff-0310-8789-dd5450dbe970
* Improve output variable handling of osa_adb_get_policy() in the db2Greg Hudson2010-07-091-19/+20
| | | | | | KDB module, and close some unlikely memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24180 dc483132-0cff-0310-8789-dd5450dbe970
* Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modulesGreg Hudson2010-07-081-25/+1
| | | | | | | | | | | should return in-realm aliases. Set it where appropriate, and use it in the LDAP module instead of intuiting the result based on other flags. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-0617-836/+736
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-on to r24168: in kdb5_ldap_util, indirect throughGreg Hudson2010-07-041-5/+5
| | | | | | | | | | krb5_db_store_master_key instead of using the (now removed) default implementation directly. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24174 dc483132-0cff-0310-8789-dd5450dbe970
* Use KRB5_PLUGIN_OP_NOTSUPP uniformly as the error code for operationsGreg Hudson2010-07-032-2/+2
| | | | | | | | | | not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
* Remove return value from void functionKen Raeburn2010-07-031-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24169 dc483132-0cff-0310-8789-dd5450dbe970
* Remove store_master_key from the DAL table, and implementGreg Hudson2010-07-022-2/+1
| | | | | | | | | krb5_store_master_key in terms of krb5_store_master_key_list. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24168 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_db_free_principal and krb5_db_free_mkey_list return void.Greg Hudson2010-07-025-9/+9
| | | | | | | | | Remove the stale prototype for krb5_db_free_master_key. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
* Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2010-07-022-2/+1
| | | | | | | | | | | libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
* Remove db_ and similar prefixes from DAL function names, forGreg Hudson2010-07-028-190/+168
| | | | | | | | | | consistency. Follow suit inside the DB2 and LDAP modules. (No change to the caller-facing libkdb5 APIs.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-021-12/+8
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
* Remove setup_master_key_name from the DAL table as it was not usedGreg Hudson2010-07-022-2/+1
| | | | | | | ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24163 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the set_master_key and get_master_key DAL interfaces and theirGreg Hudson2010-07-0210-169/+22
| | | | | | | | | | | | corresponding libkdb5 APIs, as they were not productively used. In kdb5_ldap_util, stop using the realm data's mkey field as a container to communicate the master key to static helper functions, since the field no longer exists. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-up to r24157: return correctly from krb5_ldap_lib_init() ifGreg Hudson2010-07-021-0/+1
| | | | | | | | there is no version mismatch. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24161 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-on to r24157: pass KRB5_KDB_DAL_VERSION to krb5_ldap_lib_init()Greg Hudson2010-07-021-1/+1
| | | | | | | | in kdb5_ldap_util.c. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24160 dc483132-0cff-0310-8789-dd5450dbe970
* Remove errcode_2_string and release_errcode_string from the DAL table,Greg Hudson2010-07-024-22/+0
| | | | | | | | | | and stop using them in kdb5.c. Modules can simply set error messages in the krb5 context on error. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24159 dc483132-0cff-0310-8789-dd5450dbe970
* Remove db_supported_realms and db_free_supported_realms from the DALGreg Hudson2010-07-025-28/+0
| | | | | | | | | | table, and remove the corresponding libkdb5 interfaces (which don't seem to have been in the library export table). ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24158 dc483132-0cff-0310-8789-dd5450dbe970
* DAL improvementsGreg Hudson2010-07-023-4/+8
| | | | | | | | | | | | | | | | | | | Add KRB5_KDB_API_VERSION to allow callers to adjust to incompatible changes in libkdb; to be kept in sync with the libkdb major version, which is bumped to 5 in anticipation of other changes. Add KRB5_KDB_DAL_VERSION to allow database modules to detect when they are mismatched with the KDB version. Since KDB modules are often developed concurrently with trunk code, this is defined to be the date of the last incompatible DAL change. The DAL version is passed to the init_library DAL function; the module should check it against the value of KRB5_KDB_DAL_VERSION it was compiled with and return KRB5_KDB_DBTYPE_MISMATCH if it doesn't match. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24157 dc483132-0cff-0310-8789-dd5450dbe970
* In PKINIT, notice if DH_compute_key() returns a value less than theGreg Hudson2010-06-141-2/+18
| | | | | | | | | | buffer size, and pad it on the left if so. ticket: 6738 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24137 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust the PKINIT DH debugging code:Greg Hudson2010-06-141-7/+8
| | | | | | | | | | * Use %p and void * for pointers instead of %x and int * Don't call the computed symmetric key the "secret key" since that's easily confused with the private key g^x. * Print the private key when printing DH parameters, instead of the q value (not even sure what they is). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24136 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-075-179/+189
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-05-161-14/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24041 dc483132-0cff-0310-8789-dd5450dbe970
* Add lockout-related performance tuning variablesGreg Hudson2010-05-106-39/+124
| | | | | | | | | | | | | | | The account lockout feature of krb5 1.8 came at a cost in database accesses for principals requiring preauth, even if lockout is not used. Add dbmodules variables disable_last_success and disable_lockout for the DB2 and LDAP back ends, allowing the admin to recover the lost performance at the cost of new functionality. (Unrelated documentation fix: document database_name as a DB2-specific dbmodules variable instead of the realm variable it used to be.) ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24003 dc483132-0cff-0310-8789-dd5450dbe970
* Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAPGreg Hudson2010-05-101-22/+29
| | | | | | | | | | | | | | | | | In krb5_ldap_put_principal, use krb5_get_attributes_mask to determine whether krbLoginFailedCount existed on the entry when it was retrieved. If it didn't exist, don't try to use LDAP_MOD_INCREMENT, and don't assert an old value when not using LDAP_MOD_INCREMENT. Also, create the krbLoginFailedCount attribute when creating new entries. This allows us to use LDAP_MOD_INCREMENT during the first failed login (if the server supports it), avoiding a race condition. ticket: 6718 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24002 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 01:31:16 +0000