summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Regen kswitch.1 from RST sourcesBen Kaduk2012-10-171-5/+5
| | | | To pick up the section/subsection correction for SYNOPSIS.
* Use config storage for client identity selectionNalin Dahyabhai2012-10-178-40/+403
| | | | | | | | * Keep track of the names of client identities when we load them. * Store the client identity we just used when we create or retry a client request. * If we read a client identity from the configuration, treat it like the KDC does: pick the "this is it, there is no other" logic branch.
* Add "pa_config_data" configuration to ccachesNalin Dahyabhai2012-10-176-48/+200
| | | | | | | | | | | * Read a "pa_config_data" item from an in_ccache, if provided, and add a callback which client preauth plugins can use to retrieve a string value from it that's keyed by a string. * Add a callback which client preauth plugins can use to provide string key/value pairs to be stored in the ccache. * Moves the definition of (struct krb5_clpreauth_rock_st) from k5-int.h to init_creds_ctx.h to try to reduce the number of files that will need to include k5-json.h to understand k5_json_value.
* Regen kinit.man from RST sourcesBen Kaduk2012-10-171-0/+14
| | | | To pick up the -I option.
* Make rules for missing man/catpagesBen Kaduk2012-10-171-0/+11
| | | | | | | Add the make rules to install the subfiles as man and cat pages, missed in the previous commit. Also correct the omission of catpages for the server binaries.
* Install missing man pagesBen Kaduk2012-10-171-4/+5
| | | | | Add kadm5.acl, sserver, and sclient to MANSUBS so that we will install them in the normal build process.
* Remove install-oldmanBen Kaduk2012-10-1720-72/+0
| | | | | | The old man pages are gone, so we can't install them anymore. Also clean up install and install-unix targets that were installing the old man pages by hand.
* Remove KRB5_DB_LOCKMODE_DONTBLOCK from kdb.hGreg Hudson2012-10-161-2/+0
| | | | It's wasn't used and wasn't implemented.
* Use blocking locks for policy DBGreg Hudson2012-10-161-19/+6
| | | | | | | In the db2 kdb module, use blocking locks for the policy DB as well as the principal DB. ticket: 7359
* Test in_ccache and pa_types functionalityNalin Dahyabhai2012-10-168-6/+416
| | | | | | | | | * Add a krb5int_build_conf_principals() function to allow our get/set code to directly prune out duplicate config entries. * Verify that when we specify a pa_type, it affects whether or not we will use a particular preauth plugin. * Verify that we correctly save the KDC's preauth type number, that we tried to answer, to the out_ccache.
* Add "pa_type" configuration to ccachesNalin Dahyabhai2012-10-164-0/+97
| | | | | | | | | | | | | | * When producing preauth data, keep track of the type of padata in the KDC's list of acceptable types which prompted the module to produce padata. * After obtaining credentials, store that value as a "pa_type" configuration item in the out_ccache. * Read that allowed preauth type from an in_ccache, if possible. * If we have an allowed preauth type, only call "real" modules that handle that value when filling in responder items and producing a client request. ticket: 7414 (new)
* Add an input ccache get_init_creds optionNalin Dahyabhai2012-10-166-26/+93
| | | | | | | | Add a krb5_get_init_creds_opt_set_in_ccache() function. An input ccache may hold configuration data which the client libraries can use to influence their decisions. ticket: 7413 (new)
* Regenerate man pagesBen Kaduk2012-10-1623-1054/+525
| | | | | | | Catch up to the RST content updates. Lots of .sp vertical space macros are removed, and the output engine spelles "restructuredText" correctly, now.
* Check in kadm5.acl.manBen Kaduk2012-10-161-0/+234
| | | | Somehow this man page was overlooked, previously.
* Remove nroff man pagesBen Kaduk2012-10-1636-6149/+2
| | | | | | | We generate man pages from RST sources now; they are checked into the tree in src/man/. The gen-manpages directory is no longer needed.
* More RST rename follow-upBen Kaduk2012-10-162-4/+4
| | | | | | Update conf.py for paths to man page sources and update make rules for building the man pages. Correct README files for the location of the sources.
* Avoid bit shifting in krb5.h constantsGreg Hudson2012-10-161-5/+5
| | | | | | Our traditional practice is to use hex integer literals for flag bits. Bit shifting can be dangerous because shifting into the sign bit is undefined. Convert existing bit shift expressions to hex literals.
* Handle concat OTP responder caseNathaniel McCallum2012-10-162-8/+20
|
* make dependTom Yu2012-10-155-57/+100
|
* Don't unparse principal names in process_tgs_req()Tom Yu2012-10-153-88/+104
|
* Refactor process_tgs_req() 2nd-ticket handlingTom Yu2012-10-151-95/+144
| | | | | Refactor some of the second-ticket handling and session key generation out of process_tgs_req().
* Clean up domain->realm referralsTom Yu2012-10-154-144/+91
| | | | | | | Clean up domain->realm referrals by breaking prep_reprocess_tgs_req() into smaller functions. Give the resulting functions more descriptive names. Also delete an unnecessary and almost exact copy of krb5_get_host_realm().
* Refactor process_tgs_req() service princ searchTom Yu2012-10-151-101/+91
| | | | | | The service principal database entry search logic in process_tgs_req() was excessively complex, containing questionable uses of "goto", along with deeply nested control flow. Refactor it into smaller functions.
* Move validate_tgs_request() to a separate fileTom Yu2012-10-154-334/+394
|
* Refactor validate_tgs_request()Tom Yu2012-10-151-199/+257
| | | | | | | Break validate_tgs_request() into smaller functions. Collect related checks into helper functions. As a result, some invalid requests with multiple problems can produce different error messages. This is probably not a problem for most situations.
* Move add_to_transited to a separate fileTom Yu2012-10-153-385/+420
| | | | | | | add_to_transited() is fairly large, and also fairly independent of the other contents of kdc_util.c. Move it into kdc_transit.c. Also simplifies the building of rtest by removing dependencies that kdc_util.c previously needed to satisfy undefined symbols.
* Move KDC PRNG reseed logic to a helper functionTom Yu2012-10-151-20/+29
|
* Eliminate some KDC globalsTom Yu2012-10-1515-327/+489
| | | | | | Make kdc_active_realm a local variable in every function that needs it. Pass it around in various state structures as needed. Keep the macros that reference its members remain for now.
* Don't use kdc_active_realm in kdc/rtest.cTom Yu2012-10-151-11/+9
| | | | | | | Too many parts of the KDC rely on the global variable kdc_active_realm. rtest.c doesn't actually need any of the KDC-specific information that's avaiable through kdc_active_realm, so delete references to it.
* Enforce TGS principals having 2 componentsTom Yu2012-10-151-9/+13
| | | | | | | RFC 4120 section 7.3 says that TGS principal names have two components. Make krb5_is_tgs_principal() and is_cross_tgs_principal() enforce this constraint. Code elsewhere in the KDC already checks for two components anyway.
* Catch up to RST move/renameBen Kaduk2012-10-151-20/+42
| | | | | | | | Change the make rules for the directory structure. Update the RST sources which include other RST sources for the loss of the krb_ prefix. ticket: 7409
* Make rules for building NOTICE from RSTBen Kaduk2012-10-151-5/+20
| | | | | | | | | | | | | | | | | | | | Sphinx-build wants to scan over all the sources in the source dir, and its text output engine does not handle the spanning row cells used in some of our fancy tables, so it will crash if we attempt to generate text output from our full suite of documents. We could work around this by attempting to just compile the one source file as an additional argument to sphinx-build, but this seems to insist on producing an index.txt as well as a notice.txt. Furthermore, we cannot use the same conf.py as in rst_composite because the paths substitutions are not available with just the minimal contents of rst_notice. Make a copy and remove the irrelevant parts, for now, changing only the master_doc field as appropriate. For the HTML build, we use the standard |copy| macro from isonum.txt to get the unicode copyright symbol glyph, but for ASCII output we prefer to just use the literal "(C)". ticket: 7407
* Set pointers to NULL after freeing themZhanna Tsitkov2012-10-152-0/+2
|
* Bump libkdb5 API and DAL versionsGreg Hudson2012-10-152-3/+3
| | | | | | We made two sets of incompatible changes to the DAL and libkdb5 API during development for 1.11 (master key list simplification and policy extensions), so increment the appropriate version numbers.
* Wait for correct message in t_iprop.pyGreg Hudson2012-10-151-2/+1
| | | | | | | | | The message "Got incremental updates from the master" precedes actually replaying the updates on the slave. Instead look for "Incremental updates:" (the statistics message), which happens just after the updates are replayed. Also, we don't need to import time now that we're not sleeping.
* Add a -C flag to klist to also show config entriesNalin Dahyabhai2012-10-151-12/+54
|
* Use hex escaping for non-printable trace dataNalin Dahyabhai2012-10-151-3/+42
| | | | | | When adding {str}, {lenstr}, or {data} to trace output, scan for bytes which might be non-printable, and add them as hex-escaped versions of themselves if any are found.
* Export krb5_cc_move()Nalin Dahyabhai2012-10-152-0/+2
|
* Correct type mismatches for get_as_key callbacksNalin Dahyabhai2012-10-152-2/+4
|
* Handle anonymous-as-signed-data-with-no-signersNalin Dahyabhai2012-10-151-27/+28
| | | | | Update to generate and consume signed-data with no signer-info, which we need for anonymous PKINIT.
* Make sure that pkinit_octetstring_hkdf() inits NSSNalin Dahyabhai2012-10-151-0/+15
| | | | | Create an NSS context for use when performing KDF, so that the tests, which call into the function directly, will work.
* Don't try to free an uninitialized keyblockNalin Dahyabhai2012-10-151-2/+0
|
* Sanity-check loading keys and certs from PEM filesNalin Dahyabhai2012-10-151-0/+15
| | | | | Print a debug message if we're unable to locate the matching private key for a certificate when we've just loaded both of them from PEM files.
* Reset the prompt_types list after calling prompterNalin Dahyabhai2012-10-151-0/+1
| | | | | Reset the prompt_types list immediately after the prompter callback returns, as is done everywhere else.
* Add responder support to preauth_otpNathaniel McCallum2012-10-154-18/+704
|
* Migrate to non-destructive tokeninfo selectionNathaniel McCallum2012-10-151-148/+191
|
* Move forward tokeninfo filteringNathaniel McCallum2012-10-151-63/+81
|
* Move pa_data encoding into a separate functionNathaniel McCallum2012-10-151-39/+45
|
* Eliminate races in t_iprop.pyGreg Hudson2012-10-131-15/+31
| | | | | | | | | | | | | After we start kpropd, read about the initial full dump before making changes on the master. Avoid prodding kpropd for this read (by shifting responsibility for the initial prod to the caller) since kpropd doesn't sleep before its first request. When waiting for sync, note whether we got a full propagation and match that up with our expectations. Use a long polling interval so kpropd doesn't wake up on its own and confuse the test script with an extra incremental update.
* Don't use void * arithmetic in interposed_oidGreg Hudson2012-10-131-1/+2
|
generated by cgit (git 2.34.1) at 2025-09-26 18:08:17 +0000