summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove .doctrees when cleaning src/docTom Yu2012-11-261-1/+2
| | | | | | | | | | Sphinx produces .doctree pickles that can be over 17MB with the current documentation. Remove them when running "make clean" in src/doc so that they don't pollute distribution tar files. ticket: 7461 (new) target_version: 1.11 tags: pullup
* Document krb5_get_init_creds_opt_set_in_ccacheZhanna Tsitkov2012-11-261-0/+2
| | | | | | | More specifically, document that this new API was first introduced in 1.11 ticket: 7460
* Remove broken clean_hostname trace messagesGreg Hudson2012-11-252-9/+0
| | | | | | | | | | | | The trace messages in krb5int_clean_hostname were outputting the entire contents of the output buffer (mostly uninitialized garbage) into the trace log. Since these messages were essentially redundant with messages in the callers, and were arguably at too low of a level to begin with, simply remove them. ticket: 7459 (new) target_version: 1.11 tags: pullup
* Update mkrel for new doc build processTom Yu2012-11-201-1/+4
| | | | | | ticket: 7453 (new) target_version: 1.11 tags: pullup
* Reword krb5_unparse_name_ext doxygen markupGreg Hudson2012-11-201-5/+6
| | | | | | | | | | Avoid using asterix characters in the documentation for krb5_unparse_ext_name, since they get intepreted as markdown punctuation when translated to RST. ticket: 7452 (new) target_version: 1.11 tags: pullup
* Fix quoting issues in LDAP KDB moduleGreg Hudson2012-11-175-99/+48
| | | | | | | | | | | | | | | Modify ldap_filter_correct() to quote special characters for DN strings as well as filters, since it is already used to quote a DN string in krb5_ldap_name_to_policydn() and there's no harm in over-quoting. In krb5_ldap_put_principal(), quote the unparsed principal name for use in DNs we choose. In krb5_ldap_create_password_policy(), use the policy name for the CN of the policy entry instead of the (possibly quoted) first element of the DN. Adapted from a patch by Jim Shi <hanmao_shi@apple.com>. ticket: 7296
* Tests for kinit's detection of a keytab requestBen Kaduk2012-11-161-0/+12
| | | | | | | | | We must check that 'kinit -t keytab' and 'kinit -i' successfully produce tickets, and have the specified warning output. ticket: 7218 tags: pullup target_version: 1.11
* Make kinit smarter about using keytabsBen Kaduk2012-11-161-0/+11
| | | | | | | | | | | | Previously, we would happily accept -i or -t name and do nothing with it, if -k was not given. If the user is passing -i or -t, they clearly want to use a keytab, so do so (but print a warning). While here, enforce that only one of -t and -i is given. ticket: 7218 tags: pullup target_version: 1.11
* Add Doxygen markup for Camellia enctype constantsGreg Hudson2012-11-161-4/+4
| | | | | | An RFC number has been assigned for the Camellia draft. Add Doxygen markup to the enctype and cksumtype constants pointing to the informational RFC.
* Avoid using grep -q in configure.inGreg Hudson2012-11-151-1/+1
| | | | grep -q isn't as portable as we would like, so don't use it.
* Add automated tests for LDAP KDB moduleGreg Hudson2012-11-154-2/+696
| | | | | | | | | | | | | | Add new tests kdbtest.c and t_kdb.py. Together these exercise most of the code in the LDAP back end. kdbtest is also run against the DB2 module, which is mostly redundant with other tests, but does exercise the lockout logic a little more thoroughly than t_lockout.py can. To test the LDAP back end, we look for slapd and ldapadd binaries in the path. The system slapd is sometimes constrained by AppArmor or the like, which we can typically work around by making a copy of the binary. slapd detaches before listening on its server socket (this got better in 2.4.27 but still isn't perfect), so we unfortunately have to use a one-second sleep in the slapd setup.
* Fix typo disabling static-linked LDAP back endGreg Hudson2012-11-151-1/+1
|
* Rebuild krb5.conf.man for default enctypesBen Kaduk2012-11-141-3/+3
| | | | | | | | | | Now that the Camellia enctypes are in the default lists for permitted_enctypes, default_tkt_enctypes, and default_tgs_enctypes, regenerate the man page to reflect that change. ticket: 7446 target_version: 1.11 tags: pullup
* Add Camellia enctypes to default enctype listsGreg Hudson2012-11-141-0/+1
| | | | | | | | | | | | Add camellia256-cts-cmas and camellia128-cts-cmac to the default permitted_enctypes, default_tkt_enctypes, and default_tgs_enctypes lists, to simplify deployment of Camellia. The new enctypes still aren't on supported_enctypes, so won't be in the set of long-term keys for principals without administrator intervention. ticket: 7446 (new) target_version: 1.11 tags: pullup
* Rename doc subdirectoriesBen Kaduk2012-11-141-7/+8
| | | | | | | | | | | | | | | | | | | | We like these names better, and they match the PDF document filenames. admins -> admin appldev -> appdev users -> user and catch up where the names are used elsewhere. The relay/ directory has been removed, with its contents moved to the top level in build_this.rst and a new about.rst. The section headers for kadmind, krb5kdc, sserver, kpasswd, kswitch, and sclient are misdetected as conflict markers. bigredbutton: whitespace ticket: 7433 tags: pullup
* Make glue for building PDFsBen Kaduk2012-11-141-0/+26
| | | | | | | | | | | sphinx-build's latex output engine creates a subdirectory with various latex files, and a Makefile. The generated Makefile assumes gmake, which we do not. The logic needed in this makefile is rather simple, so we just include it in src/doc/Makefile.in, even if we do need a rather complicated shell expression to work in the subdirectory. ticket: 7433 tags: pullup
* Use main conf.py for NOTICETom Yu2012-11-141-15/+4
| | | | | | | | | | Generate the NOTICE file using the main conf.py, by using a special tag when invoking sphinx-build. While here, add notice.txt to the list of files removed by make clean. ticket: 7433 tags: pullup
* Generate and use version.py for SphinxTom Yu2012-11-143-4/+37
| | | | | | | | | | | | Sphinx's idea of the version number appears in the man pages and compiled PDF documents, and shows up as metadata in the generated HTML sources. Extract the version information from the master source (patchlevel.h) into a form usable by Sphinx. ticket: 7433 tags: pullup
* Regenerate kdc.conf.man to pick up CamelliaBen Kaduk2012-11-141-0/+18
| | | | | | | | We recently added documentation of the Camellia enctypes; rebuild the in-tree man page to pick them up. ticket: 7439 tags: pullup
* Make kdb5_util dump work with LDAP againGreg Hudson2012-11-121-1/+2
| | | | | | | | | | | The LDAP module doesn't support locking. There's code to ignore this in load but not in dump. dump used to only lock for iprop dumps, but now locks all the time after e65a16d898f3a686525e83661f4fd86c76e27bbf (#7384), causing it to fail with LDAP. ticket: 7445 (new) target_version: 1.11 tags: pullup
* Correctly document krb5_unparse_name_extGreg Hudson2012-10-251-7/+13
| | | | | | ticket: 7431 target_version: 1.11 tags: pullup
* Always rebuild rst_composite in src/docGreg Hudson2012-10-251-3/+3
| | | | | | | | Avoid using "rst_composite" as the target name for building the rst_composite directory, since we can't give it proper dependencies. Instead use the target name "composite", which (like "html", "clean", etc.) doesn't correspond to the name of a file or directory created by the build rules.
* Don't leak new fields of krb5_init_creds_contextGreg Hudson2012-10-241-0/+2
| | | | | | | | | Release the cc_config_in and cc_config_out fields of a krb5_init_creds_context when freeing the context. ticket: 7428 (new) target_version: 1.11 tags: pullup
* Don't save empty cc_config_out in ccacheGreg Hudson2012-10-244-1/+11
| | | | | | | | | | Add an internal json function to make it easier to detect if an object is empty, and use it to avoid creating a ccache config entry for preauth module config data if there isn't any to save. ticket: 7427 (new) target_version: 1.11 tags: pullup
* Quiet down two noisy test programsGreg Hudson2012-10-232-4/+0
|
* Revert last trace.c changeGreg Hudson2012-10-231-1/+1
| | | | The fencepost error was illusory.
* Add loop() kdcpreauth methodNathaniel McCallum2012-10-234-5/+34
| | | | | | | | [ghudson@mit.edu: avoid verto.h header dependency; minor fixes] ticket: 7426 (new) target_version: 1.11 tags: pullup
* Fix verto_ctx declaration in preauth_plugin.hGreg Hudson2012-10-231-1/+1
| | | | | | ticket: 7425 (new) target_version: 1.11 tags: pullup
* Only record real selected preauth typeGreg Hudson2012-10-231-3/+3
| | | | | | | | | Move where we record the selected preauth type so that we never record an informational preauth type, only a real one. ticket: 7422 (new) target_version: 1.11 tags: pullup
* Correct typo in krb5_rd_req documentationGreg Hudson2012-10-231-1/+1
| | | | ticket: 7421
* Print tilde characters as-is in trace outputGreg Hudson2012-10-231-1/+1
| | | | | | ticket: 7420 (new) target_version: 1.11 tags: pullup
* Alter responder function signature for consistencyGreg Hudson2012-10-232-5/+5
| | | | | | | | | | For the responder callback signature, put the closure argument just after the context, and use KRB5_CALLCONV. These changes make the signature consistent with most other libkrb5 callbacks. ticket: 7419 (new) target_version: 1.11 tags: pullup
* Don't use PA_PSEUDO in pkinit client codeGreg Hudson2012-10-221-1/+1
| | | | | PA_PSEUDO only has meaning for kdcpreauth modules. Don't use it in the flags method of the pkinit clpreauth module.
* Add dependencies for some test programsGreg Hudson2012-10-214-3/+77
| | | | | | | | | | Some recently added test programs under lib/krb5 didn't have their source files added to the appropriate Makefile.in variables, and weren't getting dependencies as a result. ticket: 7418 (new) target_version: 1.11 tags: pullup
* Improve C style checkingGreg Hudson2012-10-191-22/+34
| | | | | | | | | * Avoid space-before-paren false positives on some function pointer declarations by checking the identifier for simple type names. * Check for space before close parenthesis. * Check (carefully) for asymmetric spaces around binary operators. * Handle nesting when checking for 2+ line flow control bodies. * Check for asymmetric bracing around else statements.
* Don't expose binary format in preauth otpNathaniel McCallum2012-10-192-2/+2
| | | | | | ticket: 7417 (new) target_version: 1.11 tags: pullup
* Use config storage for client OTP token selectionNalin Dahyabhai2012-10-181-0/+90
| | | | | | | | | | * Save the vendor name of the token we used to create the challenge. * If we saved the name of a token vendor previously, prune out any tokeninfos which contain different vendor names. ticket: 7416 (new) target_version: 1.11 tags: pullup
* Fix sam2 client preauth after salt changesGreg Hudson2012-10-181-2/+3
| | | | | | | | | | Commit bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41 altered the internal contracts relating to salts, but neglected to adjust the sam2 preauth code to match. Do that now. ticket: 7415 (new) target_version: 1.11 tags: pullup
* Update versioning for krb5-1.12-prereleaseTom Yu2012-10-171-1/+1
| | | | | Now that krb5-1.11 is branched, the master branch is krb5-1.12-prerelease.
* make dependGreg Hudson2012-10-172-39/+41
|
* Regenerate mit-krb5.potGreg Hudson2012-10-171-1349/+1504
|
* Regen kswitch.1 from RST sourcesBen Kaduk2012-10-171-5/+5
| | | | To pick up the section/subsection correction for SYNOPSIS.
* Use config storage for client identity selectionNalin Dahyabhai2012-10-178-40/+403
| | | | | | | | * Keep track of the names of client identities when we load them. * Store the client identity we just used when we create or retry a client request. * If we read a client identity from the configuration, treat it like the KDC does: pick the "this is it, there is no other" logic branch.
* Add "pa_config_data" configuration to ccachesNalin Dahyabhai2012-10-176-48/+200
| | | | | | | | | | | * Read a "pa_config_data" item from an in_ccache, if provided, and add a callback which client preauth plugins can use to retrieve a string value from it that's keyed by a string. * Add a callback which client preauth plugins can use to provide string key/value pairs to be stored in the ccache. * Moves the definition of (struct krb5_clpreauth_rock_st) from k5-int.h to init_creds_ctx.h to try to reduce the number of files that will need to include k5-json.h to understand k5_json_value.
* Regen kinit.man from RST sourcesBen Kaduk2012-10-171-0/+14
| | | | To pick up the -I option.
* Make rules for missing man/catpagesBen Kaduk2012-10-171-0/+11
| | | | | | | Add the make rules to install the subfiles as man and cat pages, missed in the previous commit. Also correct the omission of catpages for the server binaries.
* Install missing man pagesBen Kaduk2012-10-171-4/+5
| | | | | Add kadm5.acl, sserver, and sclient to MANSUBS so that we will install them in the normal build process.
* Remove install-oldmanBen Kaduk2012-10-1720-72/+0
| | | | | | The old man pages are gone, so we can't install them anymore. Also clean up install and install-unix targets that were installing the old man pages by hand.
* Remove KRB5_DB_LOCKMODE_DONTBLOCK from kdb.hGreg Hudson2012-10-161-2/+0
| | | | It's wasn't used and wasn't implemented.
* Use blocking locks for policy DBGreg Hudson2012-10-161-19/+6
| | | | | | | In the db2 kdb module, use blocking locks for the policy DB as well as the principal DB. ticket: 7359
generated by cgit (git 2.34.1) at 2025-09-28 04:55:23 +0000