Skip to content
Commits on Jul 8, 2010
  1. Changed return types of the plugin related functions per "Plugin supp…

    …ort improvements" Project Proposal review.
    
    Introduced plugin_version and removed plugin_id config attr.
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24177 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Jul 8, 2010
Commits on Jun 30, 2010
  1. Renamed factory into loader.

    Example of plugin section in krb5.conf after renaming:
            PQ_DYN = {
                    plugin_api = plugin_pwd_qlty
                    plugin_loader_name = plugin_dyn_loader
                    plugin_loader_type = dynamic
                    plugin_name = plugin_pwd_qlty_DYN
                    plugin_loader_path = /var/tsitkova/Sources/pl/src/plugin_dynamic/libplugin_dynamic.so
                    plugin_type = service
                    plugin_id = 33
            }
     
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24155 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Jun 30, 2010
  2. Remove set_plugin_manager_instance API. Minor cleaning around plugin_id

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24154 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Jun 30, 2010
  3. Renamed pl_handle into pl_manager in krb5_context structure.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24150 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Jun 30, 2010
Commits on Jun 28, 2010
  1. Added facilities to handle dynamic plugins.

    For the purpose of demonstration, a new plugin pwd_qlty_DYN was created.
    The new section in krb5.conf for dynamic plugins looks as follows
            plugin_list = PQ_DYN
            PQ_DYN = {
                    plugin_api = plugin_pwd_qlty
                    plugin_factory_name = plugin_dyn_factory
                    plugin_factory_type = dynamic
                    plugin_name = plugin_pwd_qlty_DYN
                    plugin_factory_path = /var/tsitkova/Sources/pl/src/plugin_dynamic/libplugin_dynamic.so
                    plugin_id = 33
            }
    The test appl is server_misc.c.
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24149 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Jun 28, 2010
Commits on Jun 14, 2010
  1. Added facilities to handle multiple impls of the same static plugins.…

    … It is based on plugin_id.
    
    As a proof of the concept, the password quality validation plugins were considered.
    So, the following happens:
    In the krb5.conf we indicate that we potentially want two pwd quality plugins: plugin_pwd_qlty_krb (native MIT kerb code extracted from server_mics.c) and plugin_pwd_qlty_X (bogus,as a matter of fact, almost identical to plugin_pwd_qlty_krb impl).
    In the caller, i.e. in passwd_check of lib/kadm5/srv/server_misc.c, we call KRB and X impl's and verify the pwd against both of the policies:
     plugin_manager_get_service(srv_handle->context->pl_handle, "plugin_pwd_qlty", PWD_QLTY_KRB);
     plugin_manager_get_service(srv_handle->context->pl_handle, "plugin_pwd_qlty", PWD_QLTY_X);
    
    (It is proof of the concept.)
    
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24135 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Jun 14, 2010
Commits on Jun 3, 2010
  1. To prevent crash in case when conf file does not know about pwd_qlty …

    …plugin.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24116 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Jun 3, 2010
Commits on May 28, 2010
  1. Introduced a new static plugin - password quality validator. It is ba…

    …sed on the old/existing built-in pwd verification functionality. ( for proof of the concept and demonstration purposes)
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24108 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed May 28, 2010
Commits on May 26, 2010
  1. Implementation of yarrow prng as a plugin requires the vast majority …

    …of the routines in crypto lib to have a krb5_context as an argument. (This is needed to pass ref to pl_handle.) Unfortunately, it is not the case for the current state of crypto lib. Introducing krb5_context is a very invasive change and might be unsuitable for 1.9 release. So, yarrow is moved from plugins to crypto/krb and is treated as built-in functionality again.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24104 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed May 26, 2010
Commits on May 21, 2010
  1. Added missing files

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24080 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed May 21, 2010
  2. Moving pl handle into krb5_context. Part II

    KDC side works. kinit needs to be linked with old libs to work.
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24079 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed May 21, 2010
Commits on May 19, 2010
  1. Moved plugin handle initialization from lib init into krb5_ctx.

    At the moment we do not have "default" plugin configuration => needed to update come krb5 config files for "make check" tests to work.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24064 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed May 19, 2010
Commits on May 7, 2010
  1. Changed the type of "void *data" to " manager_data * data" in plugin_…

    …manager.
    
    Also, made path to yaml config file conditional in krb5_libinit.c
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@23975 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed May 7, 2010
  2. Support plugin configuration in krb5 config format.

    Example of plugin section in  krb5.conf:
    [plugins]
            plugin_prng = {
                    plugin_factory_name = plugin_default_factory
                    plugin_factory_type = static
                    plugin_name =  plugin_yarrow_prng
                    plugin_type = service
            }
            plugin_pa = {
                    plugin_factory_name = plugin_default_factory
                    plugin_factory_type = static
                    plugin_name = plugin_encrypted_challenge_pa
                    plugin_type = service
            }
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@23974 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed May 7, 2010
Commits on Apr 29, 2010
  1. Build libs/tests with libencrypted_challenge.a

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@23949 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Apr 29, 2010
Commits on Apr 22, 2010
  1. Add omitted in r23923 files

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@23924 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Apr 22, 2010
  2. For the experiment and as a proof of the concept, implement preauth/e…

    …ncrypted_challenge server side as a new plugin under the new arch.
    
    This commit is for plugin implementation and initialization only. Next step is to invoke the code in kdc.
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@23923 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Apr 22, 2010
Commits on Apr 21, 2010
  1. Moved plugin initialization into krb5int_lib_init from the applicatio…

    …ns. (It is still needed in the appl, e.g. t_prng, where krb5 lib is not initialized).
    
    Make check works until it reaches ./t_gssapi.py
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@23915 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Apr 21, 2010
Commits on Apr 14, 2010
  1. renamed factory_handle type

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@23904 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Apr 14, 2010
  2. Add missing files

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@23903 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Apr 14, 2010
  3. New plugin architecture code - first draft.

    This design provides the following advantages:
    
    1. Simple and clear additions of new plugin APIs and new implementations of the existing plugins
    2. Handle both static and dynamic plugins
    3. Handle two types of plugins: Listener and Service
    4. Uniform way to supply parameters for plugin configuration
    5. Possible versioning of configuration
    6. Potentially, configuration file  may contain hash values for the library validity verification
    7. Tables of functions are created during make.
    
    It was tested by implementing yarrow as PRNG plugin. (There is also a bogus plugin_prng_os implementation which uses system rand calls just for the demonstration purpose)
    t_prng and all other tests in crypto_tests work (need to run "make check" from crypto_tests dir)
    This particular version suggests using plugin configuration file in yaml format. It can be alternated by hardcoded or any other configuration.
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@23902 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Apr 14, 2010
Commits on Apr 13, 2010
  1. Branch for new plugin architecture work

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@23889 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Apr 13, 2010
  2. Branch to host a new plugins architecture work

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@23887 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Apr 13, 2010
Commits on Apr 8, 2010
  1. Remove krb5int_send_tgs(); it is unused as of r23358.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23881 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 8, 2010
  2. Add krb5_cc_dup() to make it possible to copy ccache handles.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23874 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 8, 2010
  3. Assume lstat in Unix code, specifically clients/ksu/ccache.c. Fix bad

    indentation caused by an #ifdef HAVE_LSTAT block.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23870 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 8, 2010
Commits on Apr 4, 2010
  1. In testrealm.py, add ksu and kvno to the list of build directories

    containing programs.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23858 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 4, 2010
Commits on Mar 29, 2010
  1. ticket: 6693

    subject: Fix backwards flag output in krb5_init_creds_step()
    tags: pullup
    target_version: 1.8.1
    
    krb5_init_creds_step() is taken from Heimdal, which sets *flags to 1
    for "continue" and 0 for "stop".  Unfortunately, we got it backwards
    in 1.8; fix it for 1.8.1.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23844 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Mar 29, 2010
Commits on Mar 27, 2010
  1. Always pass -W option to kdb5_util create in testing.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23838 dc483132-0cff-0310-8789-dd5450dbe970
    raeburn committed Mar 27, 2010
Commits on Mar 26, 2010
  1. In gc_frm_kdc.c, rename cur_kdc to cur_realm and nxt_kdc to nxt_realm,

    to make it easier to distinguish them from cur_tgt and nxt_tgt.  Make
    similar name changes to lst_kdc and kdc_list, as well as the function
    find_nxt_kdc().
    
    No functional changes.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23837 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Mar 26, 2010
Commits on Mar 25, 2010
  1. Straighten the if-ladder in encrypted challenge's process_preauth,

    making it clearer that control drops through if one of the first
    couple of steps fails.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23836 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Mar 25, 2010
Commits on Mar 23, 2010
  1. ticket: 6678

    target_version: 1.8.1
    tags: pullup
    
    Apply patch from Arlene Berry to not use freed memory in
    gss_import_sec_context in some error paths.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23834 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Mar 23, 2010
  2. ticket: 6690

    target_version: 1.8.1
    tags: pullup
    subject: MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
    
    The SPNEGO implementation in krb5-1.7 and later could crash due to
    assertion failure when receiving some sorts of invalid GSS-API tokens.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23832 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Mar 23, 2010
  3. Include t_spengno.o in list of OBJS so make clean will remove.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23831 dc483132-0cff-0310-8789-dd5450dbe970
    epeisach committed Mar 23, 2010
  4. ticket: 6689

    target_version: 1.8.1
    tags: pullup
    subject: krb5_typed_data not castable to krb5_pa_data on 64-bit MacOSX
    
    Move krb5_typed_data to krb5.hin from k5-int-pkinit.h because
    krb5int_fast_process_error was assuming that it was safe to cast it to
    krb5_pa_data.  It's not safe to do the cast on 64-bit MacOSX because
    krb5.hin uses #pragma pack on that platform.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23829 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Mar 23, 2010
Something went wrong with that request. Please try again.