freeipa/daemons/ipa-kdb
Alexander Bokovoy 21d99b457d ipa-kdb: for delegation check, use different error codes before and after krb5 1.20
With MIT krb5 1.20, a call to krb5_db_check_allowed_to_delegate()
and krb5_db_check_allowed_to_delegate_from() expects to return either
KRB5KDC_ERR_BADOPTION for a policy denial or KRB5_PLUGIN_OP_NOTSUPP in
case plugin does not handle the policy case. This is part of the MIT
krb5 commit a441fbe329ebbd7775eb5d4ccc4a05eef370f08b which added a
minimal MS-PAC generator.

Prior to MIT krb5 1.20, the same call was expected to return either
KRB5KDC_ERR_POLICY or KRB5_PLUGIN_OP_NOTSUPP errors.

Related: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-11-14 10:12:42 -05:00
..
tests ipa-kdb: add krb5 1.20 support 2022-11-02 11:03:04 +02:00
ipa_kdb_audit_as.c ipa-kdb: fix compiler warnings 2021-03-01 10:44:25 -05:00
ipa_kdb_certauth.c ipa-kdb: do not fail if certmap rule cannot be added 2022-10-07 17:02:43 +02:00
ipa_kdb_common.c ipa-kdb: handle dates up to 2106-02-07 06:28:16 2020-12-18 20:38:40 +02:00
ipa_kdb_delegation.c ipa-kdb: for delegation check, use different error codes before and after krb5 1.20 2022-11-14 10:12:42 -05:00
ipa_kdb_kdcpolicy.c ipa-kdb: avoid additional checks for a well-known anonymous principal 2022-05-30 12:12:44 +03:00
ipa_kdb_mkey.c ipa-kdb: Get/Store Master Key directly from LDAP 2011-08-26 08:24:49 -04:00
ipa_kdb_mspac_private.h ipa-kdb: add krb5 1.20 support 2022-11-02 11:03:04 +02:00
ipa_kdb_mspac_v6.c ipa-kdb: refactor MS-PAC processing to prepare for krb5 1.20 2022-11-02 11:03:04 +02:00
ipa_kdb_mspac_v9.c ipa-kdb: add krb5 1.20 support 2022-11-02 11:03:04 +02:00
ipa_kdb_mspac.c ipa-kdb: fix comment to make sure we talk about krb5 1.20 or later 2022-11-02 11:03:04 +02:00
ipa_kdb_passwords.c Add missing break statement to password quality switch 2021-01-15 10:01:28 +01:00
ipa_kdb_principals.c ipa-kdb: add krb5 1.20 support 2022-11-02 11:03:04 +02:00
ipa_kdb_pwdpolicy.c ipa-kdb: fix compiler warnings 2021-03-01 10:44:25 -05:00
ipa_kdb.c ipa-kdb: add krb5 1.20 support 2022-11-02 11:03:04 +02:00
ipa_kdb.exports Add a skeleton kdcpolicy plugin 2019-09-10 12:33:21 +03:00
ipa_kdb.h ipa-kdb: add krb5 1.20 support 2022-11-02 11:03:04 +02:00
ipa-print-pac.c Fix use of comparison functions to avoid GCC bug 95189 2021-11-23 10:31:34 +01:00
Makefile.am ipa-kdb: fix make check 2022-03-29 14:01:29 -04:00
README Make the coding style explicit 2020-01-15 10:00:08 +01:00
README.s4u2proxy.txt Fix s4u2proxy README and add warning 2015-06-08 14:37:29 -04:00

This is the ipa krb5kdc database backend.

As the KDB interfaces heavily with krb5, we inherit its code style as well.
However, note the following changes:

- no modelines (and different file preamble)
- return types don't require their own line
- single-statement blocks may optionally be braced
- /* and */ do not ever get their own line
- C99 for-loops are permitted (and encouraged)
- a restricted set of other C99 features are permitted

In particular, variable-length arrays, flexible array members, compound
literals, universal character names, and //-style comments are not permitted.

Use of regular malloc/free is preferred over talloc for new code.

By and large, existing code mostly conforms to these requirements.  New code
must conform to them.