Kerberos

lp:~hartmans/kerberos/trunk

Created by Sam Hartman and last modified
Get this branch:
bzr branch lp:~hartmans/kerberos/trunk

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Sam Hartman
Project:
Kerberos
Status:
Development

Import details

Import Status: Reviewed

This branch is an import of the HEAD branch of the Git repository at https://github.com/krb5/krb5-anonsvn.

The next import is scheduled to run .

Last successful import was .

Import started on juju-98ee42-prod-launchpad-codeimport-1 and finished taking 20 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-1 and finished taking 20 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-0 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-0 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-5 and finished taking 20 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-5 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-5 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-5 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-5 and finished taking 10 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-4 and finished taking 15 seconds — see the log

Recent revisions

17027. By ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>

Omit start time in common AS requests

MIT and Heimdal KDCs ignore the start time for non-postdated ticket
requests, but AD yields an error if the start time is in the KDC's
future, defeating the kdc_timesync option. Omit the start time if the
caller did not specify a start time offset.

This change reenables the client check for too much clock skew in the
KDC reply in the non-timesync configuration. That check had been
unintentionally suppressed since the introduction of the
get_init_creds interfaces. Adjust the t_skew test script to expect
the new error behavior.

Code changes from <email address hidden> with slight modifications.

ticket: 7130

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25864 dc483132-0cff-0310-8789-dd5450dbe970

17026. By ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>

Avoid requiring default realm for in_tkt_service

Use the new KRB5_PRINCIPAL_PARSE_IGNORE_REALM flag when parsing
in_tkt_service arguments in get_init_cred functions, since we're going
to overwrite the realm anyway.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25863 dc483132-0cff-0310-8789-dd5450dbe970

17025. By ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>

Add krb5_parse_name flag to ignore realm

The flag KRB5_PRINCIPAL_PARSE_IGNORE_REALM causes krb5_parse_name to
return the principal with an empty realm whether or not a realm is
present in the name.

ticket: 7129

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25862 dc483132-0cff-0310-8789-dd5450dbe970

17024. By ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>

Rewrite krb5_parse_name

krb5_parse_name started out a bit unwieldy, and has become more so
with the introduction of flags. Rewrite it using two passes (allocate
and fill), each broken out into its own helper, and a wrapper which
handles the realm flags.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25861 dc483132-0cff-0310-8789-dd5450dbe970

17023. By ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>

Make password change work without default realm

This fix is not very general or clean, but is suitable for backporting
because it is minimally invasive. A more comprehensive fix will
follow.

ticket: 7127
target_version: 1.10.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25860 dc483132-0cff-0310-8789-dd5450dbe970

17022. By ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>

Add no-op macro for ngettext for non-NLS builds

r25857 (#7128) uses ngettext, which means we need a no-op macro for it
when we're building without NLS support.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25859 dc483132-0cff-0310-8789-dd5450dbe970

17021. By ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>

Constify get_init_creds string input params

The get_init_creds functions take read-only string input parameters
for passwords and initial ticket services. Make these const char *
parameters instead of just char * parameters, for caller convenience.

Reported by <email address hidden>.

ticket: 7121

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25858 dc483132-0cff-0310-8789-dd5450dbe970

17020. By ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>

Add API to interpret changepw result strings

Active Directory returns structured policy information in the
nominally UTF-8 result string field of a password change reply. Add a
new API krb5_chpw_message() to convert a result string into a
displayable message, interpreting policy information if present.

Patch from <email address hidden> with changes.

ticket: 7128

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25857 dc483132-0cff-0310-8789-dd5450dbe970

17019. By ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>

Constify krb5int_utf8_normalize input parameter

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25856 dc483132-0cff-0310-8789-dd5450dbe970

17018. By ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>

First pass at PKINIT client trace logs

Trace basic decisions about PKINIT client protocol processing.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25855 dc483132-0cff-0310-8789-dd5450dbe970

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers