Nicolas Williams
a53f3a49e2
Fix unused variable warnings
2013-06-02 15:52:41 -05:00
Nicolas Williams
774f166e31
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
Viktor Dukhovni
2433496ea6
Simplify user_realm support by removing krb5_parse_name_flags_realm()
...
and setting the realm as necessary in the caller.
2013-05-16 23:15:00 -04:00
Viktor Dukhovni
203e2beedd
The DIR ccache code and tests don't quite work yet.
2013-05-16 00:34:36 -04:00
Viktor Dukhovni
4ce879c938
Fix: double free
2013-05-16 00:34:24 -04:00
Viktor Dukhovni
3f3bcc2731
When user_realm is used by PAM, do likewise in kinit.
...
When PAM is configured to use a user_realm that is different from the
default realm, do likewise in kinit with bare user names or the default
principal computed from the login name.
Similarly, when using a keytab, if no realm is specified find the most
suitable match in the keytab file.
2013-05-16 00:32:08 -04:00
Viktor Dukhovni
4fcad71a3a
Two new flags for krb5_parse_name_flags_realm():
...
- KRB5_PRINCIPAL_PARSE_IGNORE_REALM: MIT compatible
- KRB5_PRINCIPAL_PARSE_NO_DEF_REALM: Don't default the realm
The first ignores the realm if present.
The second does not impute the default realm if no realm is given and
leaves the realm NULL. This will be used in kinit to determine whether
the user provided a realm or not, and if not we may use the user_realm,
or find the realm via the keytab.
2013-05-16 00:32:08 -04:00
Viktor Dukhovni
a2127d091d
New krb5_parse_name_flags_realm supports explicit default realm.
...
Set the realm argument to NULL to get the usual default realm.
The krb5_parse_name_flags() function is now a wrapper around
krb5_parse_name_flags_realm().
2013-05-16 00:32:08 -04:00
Viktor Dukhovni
01fff2ca9c
Allow krb5_principal_set_realm to set the realm to NULL.
2013-05-16 00:32:06 -04:00
Love Hörnquist Åstrand
a2dfe4c467
Merge pull request #25 from kaduk/faq
...
Update URL for Kerberos FAQ
2013-05-08 11:56:55 -07:00
Ben Kaduk
402e7ba08d
Update URL for Kerberos FAQ
...
Submitted by Trix Farrar <trix@basement.net > as FreeBSD PR 178417.
2013-05-08 12:10:24 -04:00
Love Hornquist Astrand
b2ff260e15
klist --json support
2013-05-07 16:47:45 -07:00
Love Hornquist Astrand
6d356ae74d
remove debug printf's
2013-05-07 13:27:10 -07:00
Love Hornquist Astrand
c98d31d186
fixup
2013-05-07 13:25:07 -07:00
Love Hornquist Astrand
ed6c3921e6
make krb5_cc_get_lifetime sane
2013-05-07 13:10:22 -07:00
Love Hornquist Astrand
55e5bfdfe0
add krb5_principal_is_root_krbtgt
2013-05-07 13:10:02 -07:00
Love Hornquist Astrand
71c2303eb8
make compile
2013-05-07 13:09:33 -07:00
Love Hornquist Astrand
a4a47000b7
don't deal with pid files
...
we can't write out pid files since the code is using fork() and at
fork handler will delete the pid file.
2013-05-02 12:06:38 -07:00
Viktor Dukhovni
39516c2fc5
Normalize kinit.c whitespace in preparation for user_realm support patch.
2013-05-02 01:39:22 -04:00
Viktor Dukhovni
bf40b8cc63
Comment wordsmithing
2013-05-02 01:31:01 -04:00
Love Hornquist Astrand
bb089a75a9
undef rk_getpwnam_r to make sure we get the real prototype and not the rewrite #define
2013-05-01 14:00:31 -07:00
Love Hornquist Astrand
dfaedb7847
plug a memory leak, don't use strcpy/strcat
2013-05-01 13:55:21 -07:00
Patrik Lundin
0ff637618e
add version print
2013-05-01 13:46:35 -07:00
Love Hornquist Astrand
dca1de8dc8
add doxygen support and json export document support
2013-04-30 11:25:35 -07:00
Love Hornquist Astrand
c8cc2378f6
first go at dcc_get_cache_first
2013-04-30 11:01:12 -07:00
Love Hornquist Astrand
de61953108
handle creation of DIR caches
2013-04-29 22:54:11 -07:00
Love Hornquist Astrand
4256823e58
memset right size
2013-04-29 21:59:11 -07:00
Love Hornquist Astrand
a7e86affd8
add basic DIR support for file caches
2013-04-29 12:30:21 -07:00
Love Hornquist Astrand
e91bd34275
add rsa_keygen initializer
2013-04-29 12:03:42 -07:00
Love Hornquist Astrand
19f9fdbcea
don't bother seeing q if not sent
2013-04-29 11:42:46 -07:00
Love Hornquist Astrand
e8317b955f
allow optional q in DH DomainParameters
2013-04-29 11:37:39 -07:00
Love Hornquist Astrand
617f4b7bd5
use the exteral delete sec context that will locked the mutex
2013-04-29 11:08:46 -07:00
Love Hornquist Astrand
5f29169afc
check for strlcpy strlcat
2013-04-29 10:57:03 -07:00
Love Hornquist Astrand
bcbd477a20
support parsing PEM CRL files and printing revoke contexts
2013-04-27 12:42:12 -07:00
Harald Barth
7b4b415fa0
spell-and-gram-proxy-certs
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2013-04-26 00:06:07 -07:00
Harald Barth
3f52037382
Better error messages when UTF8 conversion fails
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2013-04-26 00:05:53 -07:00
Love Hornquist Astrand
124ab6957c
plug memory leak
2013-04-24 20:17:01 -07:00
Love Hornquist Astrand
81263bc94c
update leaks check
2013-04-24 17:59:25 -07:00
Love Hornquist Astrand
6f03e4ba76
plug memory leaks
2013-04-24 17:55:55 -07:00
Love Hornquist Astrand
6850c9ac5d
type casting to avoid printf warning
2013-04-24 16:45:24 -07:00
Love Hornquist Astrand
f17c4a6c5c
only check for keytab content where its needed
2013-04-24 16:42:30 -07:00
Love Hornquist Astrand
6e5bfce2de
use socket_set_nonblocking
2013-04-24 16:31:32 -07:00
Viktor Dukhovni
72f0690694
Temporary fix for high-priority iprop issues
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2013-04-24 16:29:34 -07:00
Viktor Dukhovni
435c02fa26
Compare pac timestamp to unix timestamp right when neither are set
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2013-04-24 16:28:26 -07:00
Viktor Dukhovni
eface6d31f
Fix free before use in ipropd_master slaves-stats open function
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2013-04-24 16:27:34 -07:00
Viktor Dukhovni
511cd18458
kpasswdd should not enforce principal realm =~ default realm(s)
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2013-04-24 16:27:16 -07:00
Viktor Dukhovni
9ca0a2b62f
More consistent error checks in build_principal()
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2013-04-24 16:26:23 -07:00
Viktor Dukhovni
a825143e73
The k5login_directory parameter and SYSTEM-K5LOGIN[:directory] are supposed to be directories, not path templates with %{luser} substitution
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2013-04-24 16:25:59 -07:00
Viktor Dukhovni
5903031630
Don't SEGV on as-is rules without realm=
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2013-04-24 16:23:36 -07:00
Landon Fuller
6fb9bc86b7
Add a configuration option to enable LDAP Start TLS.
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2013-04-24 16:21:15 -07:00