summaryrefslogtreecommitdiffstats
path: root/src/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* General code consistency pass in kdb_db2.c.Greg Hudson2010-05-051-136/+56
| | | | | | | Removes some pointless null checks. Frees the DB context when a DB is finalized. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23973 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust for removal of krb5_ldap_set_option in r23965Tom Yu2010-05-041-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23972 dc483132-0cff-0310-8789-dd5450dbe970
* Remove a stray comment from r23966Greg Hudson2010-05-041-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23967 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor the kdb_db2.c code which processes db_args and profileGreg Hudson2010-05-042-305/+134
| | | | | | | variables to configure a DB context, to avoid repeating that code three times in open/create/destroy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23966 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5_db_set_option and the associated DAL entry. It was notGreg Hudson2010-05-046-60/+0
| | | | | | used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23965 dc483132-0cff-0310-8789-dd5450dbe970
* Straighten the if-ladder in encrypted challenge's process_preauth,Greg Hudson2010-03-251-7/+6
| | | | | | | making it clearer that control drops through if one of the first couple of steps fails. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23836 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-02-204-33/+46
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23740 dc483132-0cff-0310-8789-dd5450dbe970
* Move array decl from mixed within code down into the block where it'sKen Raeburn2010-02-201-8/+11
| | | | | | actually used, for C90 compliance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23739 dc483132-0cff-0310-8789-dd5450dbe970
* Update export list for 2007 plugin interface changeKen Raeburn2010-02-201-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23738 dc483132-0cff-0310-8789-dd5450dbe970
* Move array decl from mixed within code down into the block where it'sKen Raeburn2010-02-201-8/+11
| | | | | | actually used, for C90 compliance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23737 dc483132-0cff-0310-8789-dd5450dbe970
* Make plugins/cksum_body more likely to build, and remove the empty srcGreg Hudson2010-02-191-2/+2
| | | | | | directory within. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23736 dc483132-0cff-0310-8789-dd5450dbe970
* Fix greet_server buildGreg Hudson2010-02-031-1/+1
| | | | | | | | | | Fix the export list for the greet_server plugin. ticket: 6654 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23694 dc483132-0cff-0310-8789-dd5450dbe970
* Update the LDAP dependencies for r23674Greg Hudson2010-01-272-132/+161
| | | | | | ticket: 6649 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23675 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of kdb_ext.h and allow out-of-tree KDB pluginsGreg Hudson2010-01-274-18/+13
| | | | | | | | | | | | | Move the contents of kdb_ext.h into kdb.h, since there is no meaningful "extensions" category of DB interfaces now that this stuff is in our tree. Allows out-of-tree KDB plugins to be built since we install kdb.h. ticket: 6649 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23674 dc483132-0cff-0310-8789-dd5450dbe970
* Other changes in this ticket guarantee that the padata argument toSam Hartman2010-01-041-1/+1
| | | | | | | | return callbacks is non-null; don't check for null in pkinit_srv.c. ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23582 dc483132-0cff-0310-8789-dd5450dbe970
* NetBSD 5.0.1 uses an OpenSSL snapshot that describes itself as 0.9.9,Ken Raeburn2009-12-311-1/+1
| | | | | | | and has the EVP_PKEY_decrypt API change that was already being worked around for OpenSSL 1.0.0. Work around it for 0.9.9 too. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23553 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an inoperable error check in return_pkinit_kxGreg Hudson2009-12-291-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23536 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-285-68/+90
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-287-194/+358
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* Remove dependency on /bin/csh in test suiteEzra Peisach2009-12-081-2/+14
| | | | | | | | | | | | The libdb2 test suite would fail if /bin/csh was not present. The tests did not execute /bin/csh - but used the contents as data to put into the test database. Iterate over a few "known" files until one is found that could be used for it... Tests for /bin/csh, /bin/cat, /usr/bin/cat, /bin/ls, /usr/bin/ls. If none of these exist - then fail. ticket: 6593 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23458 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_db2_db_init, make a format string constant to make CoverityGreg Hudson2009-11-251-3/+2
| | | | | | | happy. (Previously it was a disjunction of two constants, which is fine, but not as obviously safe to a static analysis tool.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23355 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent the pkinit plugin code, except for the header filesGreg Hudson2009-11-258-4813/+4815
| | | | | | which are kind of difficult. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23354 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent plugins, except for pkinit, which needs a littleGreg Hudson2009-11-2465-11371/+11089
| | | | | | cleanup first. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23353 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-2233-369/+365
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* Constrained delegation without PAC supportGreg Hudson2009-11-147-19/+115
| | | | | | | | | | | Merge Luke's users/lhoward/s4u2proxy branch to trunk. Implements a Heimdal-compatible mechanism for allowing constrained delegation without back-end support for PACs. Back-end support exists in LDAP only (via a new krbAllowedToDelegateTo attribute), not DB2. ticket: 6580 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23160 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-3180-477/+454
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Bump the accessor version number since we made changes.Greg Hudson2009-10-281-2/+2
| | | | | | | | Take the opportunity to regularize accessor field names (no krb5 or krb5int prefixes). Fix a test program which was still using krb5_hmac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23081 dc483132-0cff-0310-8789-dd5450dbe970
* Add variable DB_VERSION to Makefile.in. Generate deps so thatEzra Peisach2009-10-282-0/+44
| | | | | | configure will work. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23075 dc483132-0cff-0310-8789-dd5450dbe970
* Heimdal DB bridge plugin for KDC back endGreg Hudson2009-10-2711-0/+3930
| | | | | | | | | Merge Luke's users/lhoward/heimmig branch to trunk. Implements a KDC back-end plugin which interfaces to a Heimdal HDB plugin. ticket: 6578 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23073 dc483132-0cff-0310-8789-dd5450dbe970
* not try to free random stack garbage on errorEzra Peisach2009-10-251-0/+2
| | | | | | kdc_return_preauth: Set enc.ciphertext.data to null to ensure we do git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23040 dc483132-0cff-0310-8789-dd5450dbe970
* Account lockoutGreg Hudson2009-10-2522-78/+1122
| | | | | | | | | | | | Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
* Increment authdata SPI to V2 (V1 was experimental) to account for additionalLuke Howard2009-10-211-1/+1
| | | | | | krbtgt key parameter. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22959 dc483132-0cff-0310-8789-dd5450dbe970
* For naming extensions draft compliance, s/mspac:/urn:mspac:/Luke Howard2009-10-201-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22957 dc483132-0cff-0310-8789-dd5450dbe970
* Move destest to builtin/des, because it depends on overriding someTom Yu2009-10-104-118/+131
| | | | | | | | internals. Make depend. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
* Implement GSS naming extensions and authdata verificationGreg Hudson2009-10-098-0/+660
| | | | | | | | | Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
* In anticipation of a new version of OpenSSL 1.0.0, support renamed API: ↵Zhanna Tsitkov2009-10-081-1/+5
| | | | | | EVP_PKEY_decrypt -> EVP_PKEY_decrypt_old git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22871 dc483132-0cff-0310-8789-dd5450dbe970
* Re-run make depend without autoconf.h in the source treeGreg Hudson2009-09-161-4/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
* Create DB headers before recursing for "make depend" inGreg Hudson2009-09-161-1/+1
| | | | | | | | plugins/kdb/db2/libdb2, to restore the r22486 functionality ("make depend" in an unbuilt source tree) after r22572 (predictable "make depend" output for DB headers). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22774 dc483132-0cff-0310-8789-dd5450dbe970
* Supply canonical name if present in LDAP iterationGreg Hudson2009-09-031-5/+6
| | | | | | | | | | | | | In the presence of aliases, LDAP iteration was supplying the first principal it found within the expected realm, which is not necessarily the same as the canonical name. If the entry has a canonical name field, use that in preference to any of the principal names. ticket: 6557 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22710 dc483132-0cff-0310-8789-dd5450dbe970
* Supply LDAP service principal aliases to non-referrals clientsGreg Hudson2009-09-031-1/+25
| | | | | | | | | | | | In the LDAP back end, return aliases when the CLIENT_REFERRALS_ONLY flag isn't set (abusing that flag to recognize a client name lookup). Based on a patch from Luke Howard. ticket: 6556 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22708 dc483132-0cff-0310-8789-dd5450dbe970
* Rename db2 header files db.h and db-config.h in the source tree, soKen Raeburn2009-08-218-135/+89
| | | | | | | | | | | | | | | | | that there will always be only one version of each name in the include path (namely, the copy made in the build tree, or the generated db.h if not using the in-tree one). This should fix some minor problems with different dependency lists generated on different systems. Sort and uniquify dependency header names before doing substitutions, as well as after. Look for the db2 headers listed in sorted order. Don't copy db-ndbm.h into the build tree; let libdb2 find it from the source tree only. Update dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22572 dc483132-0cff-0310-8789-dd5450dbe970
* Minor code cleanups in pkinit plugin, mostly around malloc/freeGreg Hudson2009-08-187-262/+166
| | | | | | invocations. No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22534 dc483132-0cff-0310-8789-dd5450dbe970
* Check for null characters in pkinit cert fieldsGreg Hudson2009-08-101-0/+7
| | | | | | | | | | | When processing DNS names or MS UPNs in pkinit certs, disallow embedded null characters. ticket: 6542 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22516 dc483132-0cff-0310-8789-dd5450dbe970
* Narrow the contract of pkinit_client_profile by passing in the realmGreg Hudson2009-08-101-13/+14
| | | | | | instead of the whole request. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22515 dc483132-0cff-0310-8789-dd5450dbe970
* In pkinit_clnt.c, make private functions static. There and inGreg Hudson2009-08-102-118/+10
| | | | | | | | | pkinit_srv.c, only declare static functions when necessary for forward references (as is consistent with the other pkinit sources). Remove the empty functions pkinit_init_client_profile and pkinit_fini_client_profile. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22514 dc483132-0cff-0310-8789-dd5450dbe970
* Convert all uses of strtok() in libraries to strtok_r() for threadGreg Hudson2009-08-101-5/+5
| | | | | | safety. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22513 dc483132-0cff-0310-8789-dd5450dbe970
* Remove pkinit_identity_process_option, which wasn't doing anythingGreg Hudson2009-08-102-84/+19
| | | | | | | | besides picking a subsidiary function based on the (constant) input argument. Remove the associated constants from pkinit.h as well. No functional change. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22512 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the LDAP build, which was broken by the build reordering inGreg Hudson2009-08-071-3/+8
| | | | | | | | r22406. Build kdb5_util's getdate from the kadmin/cli getdate source, instead of borrowing the object file from the kadmin/cli build directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22501 dc483132-0cff-0310-8789-dd5450dbe970
* In ldap_create.c, remove four incorrect uses of krb5_set_error_messageGreg Hudson2009-06-171-10/+3
| | | | | | which resulted in obscured and confusing error diagnostics. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22412 dc483132-0cff-0310-8789-dd5450dbe970
* Restore limited support for static linkingGreg Hudson2009-06-0810-10/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add enough static linking support to run the test suite without shared libraries, to facilitate gcov and other kinds of instrumentation. The necessary changes include: * Undo some of the changes which removed static linking support, and cannibalize the defunct krb5_force_static conditional block in aclocal.m4. * Add --enable-static-only configure option. * For plugins, use a different symbol name for static and dynamic builds, via a macro in k5plugin.h. * Add build machinery for building static libraries for plugins (somewhat grotty due to the difference in names). * Move plugin subdirs earlier in SUBDIRS in src/Makefile.in. * Make the in-tree KDB5 plugins dependencies of libkdb5 in a static build (aclocal.m4 has to know what they are). * In kdb5.c, cannibalize the broken _KDB5_STATIC_LINK support to allow "loading" of statically linked plugin libraries. Preauth, authdata, locate, and GSSAPI plugins are not handled by this change, as they are not currently necessary to the test suite. Supporting GSSAPI plugins may be a bit tricky but the others should be straightforward if they become needed. $(STLIBEXT) changes from .a-nobuild to .a in a normal shared build as a result of these changes (except on AIX where aclocal.m4 changes it). This does not seem to be important as we avoid selecting the static library for building via other means. ticket: 6510 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22406 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 11:09:14 +0000