summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Set SHLIB_RDIRS in profile test module buildGreg Hudson2011-07-211-0/+3
| | | | | | | The test module has no dependencies, but SHLIB_RDIRS must be set or the commands in shlib.conf can produce syntax errors. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25033 dc483132-0cff-0310-8789-dd5450dbe970
* Fix dependencies of test_load in profile libraryGreg Hudson2011-07-211-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25032 dc483132-0cff-0310-8789-dd5450dbe970
* Fix profile_abandon() management lib_handle lockGreg Hudson2011-07-211-1/+4
| | | | | | | It wasn't unlocking the mutex after decrementing the refcount and wasn't destroying the mutex before freeing the handle. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25031 dc483132-0cff-0310-8789-dd5450dbe970
* Fix name initialization in gss_krb5int_import_credGreg Hudson2011-07-201-0/+6
| | | | | | | | If we're going to fake up a name, we have to initialize its lock. It might be better to use kg_init_name(), but we don't have a context on hand. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25030 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak of accprinc in kg_accept_krb5()Greg Hudson2011-07-201-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25029 dc483132-0cff-0310-8789-dd5450dbe970
* Document loadable profile modulesGreg Hudson2011-07-201-0/+12
| | | | | | ticket: 6929 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25027 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_init_context_profile APIGreg Hudson2011-07-206-22/+53
| | | | | | ticket: 6929 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25026 dc483132-0cff-0310-8789-dd5450dbe970
* Add support for loadable profile modulesGreg Hudson2011-07-2019-80/+511
| | | | | | ticket: 6929 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25025 dc483132-0cff-0310-8789-dd5450dbe970
* Add libprofile support for vtable-backed profilesGreg Hudson2011-07-2010-85/+819
| | | | | | ticket: 6929 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25024 dc483132-0cff-0310-8789-dd5450dbe970
* Added documentation for krb5_decode_authdata_container and ↵Zhanna Tsitkov2011-07-201-2/+27
| | | | | | krb5_encode_authdata_container API functions git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25023 dc483132-0cff-0310-8789-dd5450dbe970
* Add automated tests for krb5_gss_import_credGreg Hudson2011-07-203-10/+195
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25022 dc483132-0cff-0310-8789-dd5450dbe970
* Fix process list spew in verbose kadmin testsGreg Hudson2011-07-181-2/+2
| | | | | | | Set PS_PID to "ps uwwp" so we display only the process we're trying to point out, and not the whole process table. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25021 dc483132-0cff-0310-8789-dd5450dbe970
* Declare gmt_mktime before useKen Raeburn2011-07-171-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25020 dc483132-0cff-0310-8789-dd5450dbe970
* use timegm() for krb5int_gmt_mktime() when availableTom Yu2011-07-112-2/+36
| | | | | | | | | | | | | | | Use timegm() if it is available, so that krb5int_gmt_mktime() functions correctly on systems configured with a "right" (leap-second-aware) time zone. It is arguably an OS bug if a "right" time zone can be configured on a system that lacks timegm(). Due to a current lack of evidence of affected systems, the additional workaround of replacing gmtime() with a version that always ignores leap seconds is deferred. ticket: 6928 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25018 dc483132-0cff-0310-8789-dd5450dbe970
* Fix make clean in gss-kernel-libGreg Hudson2011-07-111-2/+1
| | | | | | | List kernel_gss.c in EXTRADEPSRCS instead of SRCS so that it doesn't get removed by "make clean" along with the copied source files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25017 dc483132-0cff-0310-8789-dd5450dbe970
* Added documentation for cred cache (un)lock, checksum and crypto length APIsZhanna Tsitkov2011-07-111-23/+275
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25016 dc483132-0cff-0310-8789-dd5450dbe970
* Exclude files from src/plugins subdirectory as input source files for DoxygenZhanna Tsitkov2011-07-071-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25015 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify and fix chpass_util error generationGreg Hudson2011-07-061-34/+20
| | | | | | | | | | | | | | If a principal has no associated kadm5 policy, we may still get password quality errors from a module (KDB or pwqual). There was a bug in the error generation for this case which caused only a generic error to be returned. Also use snprintf() instead of multiple string operations to compose errors. From Simo Sorce <ssorce@redhat.com>. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25014 dc483132-0cff-0310-8789-dd5450dbe970
* C90 doesn't allow commas at the ends of enumeration listsKen Raeburn2011-07-012-3/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25012 dc483132-0cff-0310-8789-dd5450dbe970
* Always include fake-addrinfo.h when using getaddrinfo and friendsKen Raeburn2011-07-012-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25011 dc483132-0cff-0310-8789-dd5450dbe970
* isspace should only get unsigned-char values or EOFKen Raeburn2011-07-011-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25010 dc483132-0cff-0310-8789-dd5450dbe970
* Don't pass unsupported -n option to t_rcacheKen Raeburn2011-07-011-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25009 dc483132-0cff-0310-8789-dd5450dbe970
* Display default values in usage messageKen Raeburn2011-07-011-4/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25008 dc483132-0cff-0310-8789-dd5450dbe970
* make dependEzra Peisach2011-07-0113-111/+98
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25007 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typo in preauth plugin krb5.conf docsGreg Hudson2011-06-291-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25001 dc483132-0cff-0310-8789-dd5450dbe970
* Get static linking working again, mostlyGreg Hudson2011-06-288-53/+57
| | | | | | | | | | | | | | | | | | | Static linking (#6510) broke when lockout support was added because the DB2 plugin became dependent on libkadm5srv_mit for XDR functions. Also, static linking was extensively broken in combination with LDAP support. Fix these problems. Afer these fixes, the test suite fails in the FAST tests because there's no static build support for dynamic preauth plugins, which means there's no encrypted challenge. (And unlike the pkinit tests, the test suite doesn't conditionalize on the presence of the encrypted challenge plugin, because we always build it.) This will fix itself if and when encrypted challenge becomes linked into the consumers, or static build support is added for preauth plugins. ticket: 6914 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24996 dc483132-0cff-0310-8789-dd5450dbe970
* Enable and fix warnings in util/gss-kernel-libGreg Hudson2011-06-277-18/+55
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24995 dc483132-0cff-0310-8789-dd5450dbe970
* Make kgss test processes run in lock-stepGreg Hudson2011-06-274-0/+42
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24994 dc483132-0cff-0310-8789-dd5450dbe970
* Add a missing call in t_kgss_user.cGreg Hudson2011-06-271-0/+1
| | | | | | | | | | The userland side of the gss kernel subset tests was missing a call to read_iov_token() at the end of the operation sequence. This mistake caused a race condition where the child could either exit successfully (if it finished send_iov_token() before the parent closed its end of the pipe) or could fail with an EPIPE error from write(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24993 dc483132-0cff-0310-8789-dd5450dbe970
* Document built-in modules for clpreauth/kdcpreauthGreg Hudson2011-06-261-8/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24991 dc483132-0cff-0310-8789-dd5450dbe970
* Make fewer db lookups in kadm5_create_principal_3Greg Hudson2011-06-241-19/+10
| | | | | | | | By creating the password history entry earlier in the function, we can avoid the need to look up the principal entry twice just to save a copy of the key data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24990 dc483132-0cff-0310-8789-dd5450dbe970
* Use zapfree in krb5_free_key_data_contents()Greg Hudson2011-06-241-6/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24989 dc483132-0cff-0310-8789-dd5450dbe970
* Don't destroy dst on error in krb5_cc_moveGreg Hudson2011-06-232-3/+1
| | | | | | | | Although destroying any partial contents of dst on error isn't a bad idea, invalidating the handle would be an incompatible change. So revert that part of r24754. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24988 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a minor memory leak in kadminGreg Hudson2011-06-231-10/+11
| | | | | | | | | kadmin_getprinc() was using the variable "canon" for two purposes. After r22785, canon wasn't freed between constructions, so the first value was leaked. Fix by using separate variables for separate strings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24987 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a minor memory leak in the pwqual loaderGreg Hudson2011-06-231-0/+1
| | | | | | | k5_pwqual_free_handles() wasn't freeing the container structure for each handle. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24986 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak introduced in r24969Greg Hudson2011-06-231-0/+1
| | | | | | | The new context field plugin_base_dir wasn't being freed on context deletion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24985 dc483132-0cff-0310-8789-dd5450dbe970
* Fix multiple libkdb_ldap memory leaksGreg Hudson2011-06-234-43/+40
| | | | | | | | | | | | | | | | | * krb5_ldap_policydn_to_name wasn't freeing rdn, and was using the wrong function to free dn, in the HAVE_LDAP_STR2DN CASE. * populate_krb5_db_entry wasn't freeing the tl_data generated from ber_tl_data. * populate_krb5_db_entry was using the wrong function to free a password policy when finding pw_max_life. * krb5_ldap_put_principal wasn't freeing ber_tl_data. * krb5_update_tl_kadm_data had a bad contract. Change the contract to be more like krb5_dbe_update_mod_princ_data and simplify its memory management. ticket: 6924 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24984 dc483132-0cff-0310-8789-dd5450dbe970
* Document clpreauth/kdcpreauth module configurationGreg Hudson2011-06-231-0/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24982 dc483132-0cff-0310-8789-dd5450dbe970
* Separate license and non-license comment in kpropdGreg Hudson2011-06-231-2/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24979 dc483132-0cff-0310-8789-dd5450dbe970
* Use AI_ADDRCONFIG for more efficient getaddrinfoGreg Hudson2011-06-239-6/+11
| | | | | | | | | | | | | | | Add AI_ADDRCONFIG to the hint flags for every invocation of getaddrinfo which wasn't already using it. This is often the default behavior when no hints are specified, but we tend to specify hints a lot, so we have to say it ourselves. AI_ADDRCONFIG causes AAAA lookups to be skipped if the system has no public IPv6 interface addresses, usually saving a couple of DNS queries per getaddrinfo call and allowing DNS caching to be much more effective without the need for negative caching. ticket: 6923 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24978 dc483132-0cff-0310-8789-dd5450dbe970
* Work around glibc getaddrinfo PTR lookupsGreg Hudson2011-06-231-8/+1
| | | | | | | | | | | | | | | | | | | In krb5_sname_to_principal(), we always do a forward canonicalization using getaddrinfo() with AI_CANONNAME set. Then, we do a reverse canonicalization with getnameinfo() if rdns isn't set to false in libdefaults. Current glibc (tested with eglibc 2.11.1) has the arguably buggy behavior of doing PTR lookups in getaddrinfo() to get the canonical name, if hints.ai_family is set to something other than AF_UNSPEC. This behavior defeats the ability to turn off rdns. Work around this behavior by using AF_UNSPEC in krb5_sname_to_principal() from the start, instead of starting with AF_INET and falling back. Specify AI_ADDRCONFIG to avoid AAAA lookups on hosts with no IPv6 addresses. ticket: 6922 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24977 dc483132-0cff-0310-8789-dd5450dbe970
* Use AI_ADDRCONFIG unconditionally in kpropdGreg Hudson2011-06-231-5/+1
| | | | | | | fake-addrinfo.h ensures that AI_ADDRCONFIG is defined, so we don't need #ifdef tests when we use it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24976 dc483132-0cff-0310-8789-dd5450dbe970
* Cosmetic fixes to preauth_plugin.h from Linus NordbergGreg Hudson2011-06-221-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24975 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the build and doxygen markupZhanna Tsitkov2011-06-221-6/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24974 dc483132-0cff-0310-8789-dd5450dbe970
* Formatting and editorial pass over krb5.hin doxygen markupGreg Hudson2011-06-221-2356/+2482
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24973 dc483132-0cff-0310-8789-dd5450dbe970
* Document that e_data can be used by KDB modules internallyGreg Hudson2011-06-201-0/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24972 dc483132-0cff-0310-8789-dd5450dbe970
* Convert preauth_plugin.h to new plugin frameworkGreg Hudson2011-06-1728-1333/+1224
| | | | | | | | | | | | | | | | | | | | | | | | The preauth plugin interface was introduced in 1.6 but was never made a public API. In preparation for making it public in 1.10, convert it to use the new plugin framework. This will require changes to any existing preauth plugins. A number of symbols were renamed for namespace cleanliness, and abstract types were introduced for module data and module per-request data for better type safety. On the consumer end (preauth2.c and kdc_preauth.c), this is a pretty rough conversion. Eventually we should create proper consumer APIs with module handles, and the flat lists of preauth types should hold pointers to module handles rather than copies of the vtables. The built-in preauth type handlers should then be converted to built-in module providers linked into the consumer code (as should encrypted challenge, since it has no external dependencies). None of this will impact the provider API for preauth plugins, so it can wait. ticket: 6921 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24970 dc483132-0cff-0310-8789-dd5450dbe970
* Add k5_plugin_register_dyn internal APIGreg Hudson2011-06-177-31/+91
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24969 dc483132-0cff-0310-8789-dd5450dbe970
* ANSIfy the remaining K&R functions in lib/gssapi/genericGreg Hudson2011-06-132-26/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24968 dc483132-0cff-0310-8789-dd5450dbe970
* Fix old-style GSSRPC authenticationGreg Hudson2011-06-131-3/+10
| | | | | | | | | | | | | | | r24147 (ticket #6746) made libgssrpc ignorant of the remote address of the kadmin socket, even when it's IPv4. This made old-style GSSAPI authentication fail because it uses the wrong channel bindings. Fix this problem by making clnttcp_create() get the remote address from the socket using getpeername() if the caller doesn't provide it and it's an IPv4 address. ticket: 6920 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24967 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-05-25 06:20:36 +0000