summaryrefslogtreecommitdiffstats
path: root/src/tests
Commit message (Collapse)AuthorAgeFilesLines
...
* Add kadmin functionality for string attributesGreg Hudson2011-09-212-0/+57
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25215 dc483132-0cff-0310-8789-dd5450dbe970
* Fix t_ccselect bugsGreg Hudson2011-09-062-4/+3
| | | | | | | initiator_cred wasn't initialized if no second arg was given. t_ccselect wasn't removed on make clean. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25165 dc483132-0cff-0310-8789-dd5450dbe970
* Make gss-krb5 use cache collectionGreg Hudson2011-09-054-8/+307
| | | | | | | | | | | | | | | | For default credentials, defer ccache resolution until we need the information. If this happens in init_sec_context when we have the target principal in hand, use krb5_cc_select() to pick a cache. If the target principal is not known, use the default cache. For credentials with a specified principal, use krb5_cc_cache_match() to find the cache. If no cache is found and a password is specified, create a new cache within the collection to hold the new credentials, if the default cache type supports a collection. ticket: 6958 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25160 dc483132-0cff-0310-8789-dd5450dbe970
* Add ccache collection support to toolsGreg Hudson2011-09-052-0/+78
| | | | | | | | | | | | | | | | * "kdestroy -A" destroys all caches in collection. * "kinit princ" searches the collection for a matching cache and overwrites it, or creates a new cache in the collection, if the type of the default cache is collection-enabled. The chosen cache also becomes the primary cache for the collection. * "klist -l" lists (in summary form) the caches in the collection. * "klist -A" lists the content of all of the caches in the collection. * "kswitch -c cache" (new command) makes cache the primary cache. * "kswitch -p princ" makes the cache for princ the primary cache. ticket: 6956 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25157 dc483132-0cff-0310-8789-dd5450dbe970
* Silence various "may be used uninitialized" warnings from GCC causedKen Raeburn2011-09-052-2/+2
| | | | | | | | | by it not figuring out the control flow (initialization and use both tied to some other variable). DB2 code not included. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25146 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-044-23/+23
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of variables triggering gcc's "defined but not used"Ken Raeburn2011-09-041-4/+0
| | | | | | complaints, almost entirely "rcsid" variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25141 dc483132-0cff-0310-8789-dd5450dbe970
* Make dejagnu tests work with non-FQDN hostnameGreg Hudson2011-09-012-34/+4
| | | | | | | | By making an entry for $hostname in [domain_realm], we can relax the requirement that the canonicalized local hostname must have a parent domain. This makes the test suite work more easily on Fedora. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25124 dc483132-0cff-0310-8789-dd5450dbe970
* make-dependKen Raeburn2011-08-201-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25108 dc483132-0cff-0310-8789-dd5450dbe970
* Add automated tests for krb5_gss_import_credGreg Hudson2011-07-203-10/+195
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25022 dc483132-0cff-0310-8789-dd5450dbe970
* Don't pass unsupported -n option to t_rcacheKen Raeburn2011-07-011-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25009 dc483132-0cff-0310-8789-dd5450dbe970
* Display default values in usage messageKen Raeburn2011-07-011-4/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25008 dc483132-0cff-0310-8789-dd5450dbe970
* Convert preauth_plugin.h to new plugin frameworkGreg Hudson2011-06-173-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | The preauth plugin interface was introduced in 1.6 but was never made a public API. In preparation for making it public in 1.10, convert it to use the new plugin framework. This will require changes to any existing preauth plugins. A number of symbols were renamed for namespace cleanliness, and abstract types were introduced for module data and module per-request data for better type safety. On the consumer end (preauth2.c and kdc_preauth.c), this is a pretty rough conversion. Eventually we should create proper consumer APIs with module handles, and the flat lists of preauth types should hold pointers to module handles rather than copies of the vtables. The built-in preauth type handlers should then be converted to built-in module providers linked into the consumer code (as should encrypted challenge, since it has no external dependencies). None of this will impact the provider API for preauth plugins, so it can wait. ticket: 6921 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24970 dc483132-0cff-0310-8789-dd5450dbe970
* Set LC_MESSAGES to "C" in tests which run commandsGreg Hudson2011-06-101-0/+3
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24964 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-0936-69/+395
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* On make clean remove test programs and object files. In lib/krb5/krbEzra Peisach2011-03-061-1/+2
| | | | | | make depend as a test program was missed from the source list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24687 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-256-35/+39
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* Improve acceptor name flexibilityGreg Hudson2011-02-073-5/+260
| | | | | | | | | | | | | | | | | | | | | | Be more flexible about the principal names we will accept for a given GSS acceptor name. Also add support for a new libdefaults profile variable ignore_acceptor_hostname, which causes the hostnames of host-based service principals to be ignored when passed by server applications as acceptor names. Note that we still always invoke krb5_sname_to_principal() when importing a gss-krb5 mechanism name, even though we won't always use the result. This is an unfortunate waste of getaddrinfo/getnameinfo queries in some situations, but the code surgery necessary to defer it appears too risky at this time. The project proposal for this change is at: http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names ticket: 6855 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616 dc483132-0cff-0310-8789-dd5450dbe970
* Make principal renaming work in libkadm5srv by converting to explicitGreg Hudson2011-01-252-0/+47
| | | | | | | | | | | salts as necessary. Add a principal rename command to the client. (The RPC infrastructure was already present.) Adapted from patches submitted by mdw@umich.edu and lha@apple.com. ticket: 6323 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24604 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a regression in the client-side ticket renewal code where KDCGreg Hudson2010-12-142-0/+17
| | | | | | | | | | | | options were not folded into the renewal request (most notably, the KDC_OPT_RENEWABLE flag), so we didn't request renewable renewed tickets. Add a simple test case for ticket renewal. ticket: 6838 tags: pullups target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24566 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2010-12-051-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24561 dc483132-0cff-0310-8789-dd5450dbe970
* Test for key rollover for TGT, including purging old keysTom Yu2010-12-032-0/+47
| | | | | | | | ticket: 1219 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24555 dc483132-0cff-0310-8789-dd5450dbe970
* Implement restrict_anonymous_to_tgt realm flagGreg Hudson2010-12-011-2/+15
| | | | | | | | | | | | | Implement a new realm flag to reject ticket requests from anonymous principals to any principal other than the local TGT. Allows FAST to be deployed using anonymous tickets as armor in realms where the set of authenticatable users must be constrained. ticket: 6829 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24547 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-2812-12/+12
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Implement Camellia-CTS-CMAC instead of Camellia-CCMGreg Hudson2010-11-201-15/+15
| | | | | | | | | | | Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not compiled in by default since we don't have enctype assignments yet. ticket: 6822 target_verion: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970
* The iprop dejagnu test had some deceptive commented-out debugging codeGreg Hudson2010-11-161-0/+1
| | | | | | | (it would set up the user to run kpropd in the master environment instead of the slave environment). Make it more useful. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24516 dc483132-0cff-0310-8789-dd5450dbe970
* Remove a stray spawn_shell in the iprop dejagnu testsGreg Hudson2010-11-041-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24509 dc483132-0cff-0310-8789-dd5450dbe970
* In profile-reading performance test, print microseconds not millisecondsKen Raeburn2010-10-231-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24472 dc483132-0cff-0310-8789-dd5450dbe970
* Merge users/lhoward/sasl-gs2 to trunkGreg Hudson2010-10-062-4/+194
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24436 dc483132-0cff-0310-8789-dd5450dbe970
* Propagate modprinc -unlock from master to slave KDCsGreg Hudson2010-10-051-1/+5
| | | | | | | | | | | | Create a new tl-data type to hold the time of the last administrative unlock, and factor it into decisions about account lockout. Since tl-data values are propagated from master to slave, this will cause modprinc -unlock operations to reach slave KDCs on the next propagation. ticket: 6795 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
* Fix type errors in t_gssextsGreg Hudson2010-10-021-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24412 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate K&R-style function definition headers in t_gssexts.c, andGreg Hudson2010-10-021-18/+10
| | | | | | reformat other definitions according to coding practices. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24411 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-09-302-10/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24393 dc483132-0cff-0310-8789-dd5450dbe970
* Automated tests for kadm5_hook pluginSam Hartman2010-09-292-0/+25
| | | | | | Include a k5test Python test and test plugin for the kadm5_hook interface. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24376 dc483132-0cff-0310-8789-dd5450dbe970
* kpasswd: if a credential cache is present, use FASTSam Hartman2010-09-271-1/+2
| | | | | | | | | | | | | | | | If a credentials cache is available, use it as an armor cache to enable FAST negotiation for kpasswd. This requires an attacker to attack both the user's long-term key for the old password as well as the ticket used for the armor cache in order to attack the password change. Depending on how the armor ticket is obtained, this may provide limited value. However, it provides users an easy option if they are concerned about their current password. Users can kinit with one principal to help protect changing the password of another principal. * krb5_get_init_creds_opt_set_fast_ccache: new API to set fast ccache based on a krb5_ccache object rather than a resolvable string * kpasswd: always open the current credential cache even if not needed for determining the principal. If the cache has tickets, use it as an armor cache. * tests/dejagnu/krb-standalone/kadmin.exp: Arrange to test new code path ticket: 6786 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24359 dc483132-0cff-0310-8789-dd5450dbe970
* Add gss_krb5_import_credGreg Hudson2010-09-271-23/+81
| | | | | | | | | | | | Add gss_krb5_import_cred from Heimdal; allows krb5 creds to be acquired from a keytab or ccache into a GSSAPI credential without using global process or thread variables. Merged from the users/lhoward/import-cred branch. ticket: 6785 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24356 dc483132-0cff-0310-8789-dd5450dbe970
* kinit: add KDB keytab supportSam Hartman2010-09-151-0/+5
| | | | | | | | | | | | | | | | | This implements http://k5wiki.kerberos.org/Projects/What_does_God_need_with_a_password. If the KDB keytab is selected by command line options, then kinit will register the KDB keytab and open the database. This permits an administrator to obtain tickets as a user without knowing that user's password. As a result kinit links against libkadm5srv and libkdb5. Discussion is ongoing about whether this is desirable or about whether two versions of kinit are required. ticket: 6779 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24316 dc483132-0cff-0310-8789-dd5450dbe970
* kdb: store mkey list in context and permit NULL mkey for ↵Sam Hartman2010-09-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | kdb_dbe_decrypt_key_data Previously, code needed to run a loop to find the current master key, possibly fetch a new master key list and try finding the master key again around each key decryption. This was not universally done; there are cases where only the current master key was used. In addition, the correct ideom for decrypting key data is too complicated and is potentially unavailable to plugins that do not have access to the master key. Instead, store the master key list in the dal_handle whenever it is fetched and permit a NULL master key for krb5_dbe_decrypt_key_data. * Remove APIs for krb5_db_{get|set}_mkey_list * krb5_db_fetch_mkey_list: memoize master key list in dal_handle * krb5_db_free_mkey_list: don't free the memoized list; arrange for it to be freed later * krb5_dbe_decrypt_key_data: Search for correct master key on NULL argument * change call sites to take advantage ticket: 6778 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24314 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-085-30/+30
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* Merge the camellia-ccm branch to trunk. Since there are no IANAGreg Hudson2010-09-071-0/+26
| | | | | | | | | assignments for Camellia-CCM enctypes or cksumtypes yet, they are disabled in a default build. They can be made available by defining (via CPPFLAGS) local-use enctype numbers for the enctypes and cksumtypes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24295 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leaks in kdb5_verifyEzra Peisach2010-09-041-0/+2
| | | | | | | | Minor leaks. Just cleaning up code. ticket: 6771 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24291 dc483132-0cff-0310-8789-dd5450dbe970
* Add simple automated tests for account lockout supportGreg Hudson2010-08-292-0/+49
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24269 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-062-88/+48
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2010-07-022-4/+10
| | | | | | | | | | | libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-022-5/+5
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-075-45/+55
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Add IAKERB mechanism and gss_acquire_cred_with_passwordGreg Hudson2010-04-309-0/+143
| | | | | | | | | | | | | | Merge branches/iakerb to trunk. Includes the following: * New IAKERB mechanism. * New gss_acquire_cred_with_password mechglue function. * ASN.1 encoders and decoders for IAKERB structures (with tests). * New shortcuts in gss-sample client and server. * Tests to exercise SPNEGO and IAKERB using gss-sample application. ticket: 6712 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23960 dc483132-0cff-0310-8789-dd5450dbe970
* Add a sentinel line to sim_server after the socket is ready, and useGreg Hudson2010-04-241-2/+4
| | | | | | it in simple.exp in the dejagnu test suite instead of sleeping. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23936 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the use of tail -f in the dejagnu test suite. Instead, useGreg Hudson2010-04-241-139/+7
| | | | | | | the sentinel lines printed by krb5kdc and kadmind to detect when the listening sockets are ready. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23935 dc483132-0cff-0310-8789-dd5450dbe970
* Add a sentinel to the sample gss-server after the socket is ready, andGreg Hudson2010-04-241-1/+5
| | | | | | use it in gssapi.exp in the dejagnu test suite instead of sleeping. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23934 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 17:28:58 +0000