mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
21d99b457d
With MIT krb5 1.20, a call to krb5_db_check_allowed_to_delegate() and krb5_db_check_allowed_to_delegate_from() expects to return either KRB5KDC_ERR_BADOPTION for a policy denial or KRB5_PLUGIN_OP_NOTSUPP in case plugin does not handle the policy case. This is part of the MIT krb5 commit a441fbe329ebbd7775eb5d4ccc4a05eef370f08b which added a minimal MS-PAC generator. Prior to MIT krb5 1.20, the same call was expected to return either KRB5KDC_ERR_POLICY or KRB5_PLUGIN_OP_NOTSUPP errors. Related: https://pagure.io/freeipa/issue/9083 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> |
||
---|---|---|
.. | ||
tests | ||
ipa_kdb_audit_as.c | ||
ipa_kdb_certauth.c | ||
ipa_kdb_common.c | ||
ipa_kdb_delegation.c | ||
ipa_kdb_kdcpolicy.c | ||
ipa_kdb_mkey.c | ||
ipa_kdb_mspac_private.h | ||
ipa_kdb_mspac_v6.c | ||
ipa_kdb_mspac_v9.c | ||
ipa_kdb_mspac.c | ||
ipa_kdb_passwords.c | ||
ipa_kdb_principals.c | ||
ipa_kdb_pwdpolicy.c | ||
ipa_kdb.c | ||
ipa_kdb.exports | ||
ipa_kdb.h | ||
ipa-print-pac.c | ||
Makefile.am | ||
README | ||
README.s4u2proxy.txt |
This is the ipa krb5kdc database backend. As the KDB interfaces heavily with krb5, we inherit its code style as well. However, note the following changes: - no modelines (and different file preamble) - return types don't require their own line - single-statement blocks may optionally be braced - /* and */ do not ever get their own line - C99 for-loops are permitted (and encouraged) - a restricted set of other C99 features are permitted In particular, variable-length arrays, flexible array members, compound literals, universal character names, and //-style comments are not permitted. Use of regular malloc/free is preferred over talloc for new code. By and large, existing code mostly conforms to these requirements. New code must conform to them.