Also, we were stopping as soon as one registered plugin returned
something other than KRB5_PLUGIN_NO_HANDLE, but we weren't doing the
same for discovered plugins. Add KRB5_PLUGIN_INVOKE_ALL flag to deal
with this; by default we'll stop at the first plugin that returns
anything other than KRB5_PLUGIN_NO_HANDLE.
Other buglets fixed as in c1423a8.
The lib/krb5 export lists contained the following functions
that are no longer in the tree:
krb5_425_conv_principal
krb5_425_conv_principal_ext2
krb5_425_conv_principal_ext
krb5_524_conv_principal
_krb5_krb_tf_setup
_krb5_krb_dest_tkt
_krb5_krb_life_to_time
_krb5_krb_decomp_ticket
_krb5_krb_create_ticket
_krb5_krb_create_ciph
_krb5_krb_create_auth_reply
_krb5_krb_rd_req
_krb5_krb_free_auth_data
_krb5_krb_time_to_life
_krb5_krb_cr_err_reply
Change-Id: I1f73768de2f7e9243e4e7a623b54af282ec54641
synchronize the export lists on Windows and UNIX.
When new functions are exported on UNIX or Windows,
the "test" build target on Windows will verify if
the export lists are in sync.
Change-Id: I9df3607983b03ee8dc6fa7cd22f85b07a6cee784
We add a function to cause krb5_storage's to be sync'd to their backing
store. For memory backed storages, this is a NOP. For files, it calls
fsync on the file descriptor.
Support for manipulating srvtabs was previously removed, but there
were still remnants in command documentation in the ktutil man page
and some declared and exported variables for the keytab ops
definitions for srvtab manipulation. Remove these additional
remnants.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Add krb5_allow_weak_crypto parallel to the API introduced in MIT
Kerberos 1.8. Enables or disables all enctypes marked as weak.
Add a new enctype flag marking weak enctypes (all of the ones that
are disabled by default).
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
krb5_principal_get_num_comp was prototyped as a public function but
not exported from libkrb5. Add it to the export version map.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Works for krb5 and SPNEGO mechanisms. Kerberos credentials are passed as
credential cache names, or if there are memory based credentials, inband in the protocol. This means that the credentials buffers must be keep secret.
As documented by IBM (they have the wrong prototype though)
and GGF (GSS-API Extensions) back in 2001
