Age | Commit message (Collapse) | Author | Files | Lines |
|
linux
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21839 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21837 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Fixed a number of memleaks where the master key list was refetched.
Modified the initial actkvno TL entry to set the act_time to 0 in case
the kdc's clock is moved back after the initial entry is created. This
way the initial mkey will always be active.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21836 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21835 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(can currently happen in certain time-warp cases), print a message to
that effect and keep going with the listing.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21834 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21833 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21832 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21831 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Duplicates glob-to-regexp code from libkadm5srv for now (noted in
comments in both places).
Updated kdb5_util.M for update_princ_encryption, and added
placeholders for add_mkey, use_mkey, and list_mkeys.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21830 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21829 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Make "kdb5_util stash" store the full master key list.
Make "kdb5_util stash" use a preexisting stashed key if available.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21827 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Also tweaked the add_mkey code to call krb5_dbe_update_mkvno to update
the mkvno stored in the K/M princ so the kadmin getprinc will output the
right value.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21824 dc483132-0cff-0310-8789-dd5450dbe970
|
|
All conflicts resolved, everything builds. Did a quick test, seems to
work ok.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21822 dc483132-0cff-0310-8789-dd5450dbe970
|
|
princ isn't found on the current mkey list. This is useful if the mkey
princ has a new key but the running krb5kdc/kamind was started prior to
that.
Fix another issue related to nentries and krb5_db_get_principal() in
kdb5_mkey.c.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21821 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kdb5_mkey.c.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21817 dc483132-0cff-0310-8789-dd5450dbe970
|
|
to crash on exit when memory corruption detection is on.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21816 dc483132-0cff-0310-8789-dd5450dbe970
|
|
attribute is used.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21811 dc483132-0cff-0310-8789-dd5450dbe970
|
|
If I use "kdb5_util dump -mkey_convert" after using the master key rollover
support, does something reasonably sane happen? E.g., process all the old
keys properly, leave just one new master key value in the output database,
reset the mkvno values attached to principals, etc.
Done. Note I may have to update the dump code to deal with the
various mkey input options which I'll do in a follow on commit.
Also note that I removed the locking around the krb5_db2_alloc and
free functions.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21807 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Have both LDAP and DB2 back ends been tried with Will's new code? Looks
like some default routines like kdb_def_get_mkey_list won't do anything; is
that okay?
Done but not tested.
"XXX" comments in kdc/extern.h and elsewhere need to be looked into,
obviously.
Almost done (working on the mkey_convert issue).
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21806 dc483132-0cff-0310-8789-dd5450dbe970
|
|
code which needed it moved away.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21804 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Makefile.in.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21803 dc483132-0cff-0310-8789-dd5450dbe970
|
|
src/lib/kadm5/misc_free.c and rename the version of that function in
kdb5.c to krb5_dbe_free_key_data_contents. Eventually this needs to be
consolidated somewhere.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21802 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21800 dc483132-0cff-0310-8789-dd5450dbe970
|
|
of his issues so there will be a follow up commit.
The type krb5_keylist_node shouldn't go into krb5.hin, as it's not part of
the library (or any other) public API. Maybe k5-int.h as a catch-all, if
there's not a more appropriate internal header?
Done.
Can we avoid moving krb5_free_key_data_contents, which deals with a data
structure used only in the KDC-related libraries, into libkrb5 and
k5-int.h? (Exception: The libkrb5 asn.1 code does encode/decode the data
structure and thus may allocate it. But I think we can assume the same C
runtime for kadm5srv/kdb and krb5 libs, so it's kind of okay. And the
asn.1 setup should be "modularized" at some point, so the ldap support can
move out into the ldap kdb plugin.) I think it can probably go into
libkdb?
Done.
If possible, k5-int.h shouldn't include kdb.h, so updating kdb.h doesn't
cause recompilation of (for example) all of the crypto library code.
Done.
After printing "master keys for principal", if enctype_to_string fails, we
haven't set retval to the error code but use it anyways. Later, asprintf
isn't checked for failure.
Done.
Some cases of indentation not matching MIT style, in particular,
continuation lines in function calls being indented four columns instead of
indented to make function arguments line up.
Done.
krb5_dbe_lookup_mkvno, krb5_dbe_lookup_mkey_aux, krb5_dbe_lookup_actkvno
need to verify lengths before decoding data.
Done.
kdb5_add_mkey should use the "zap" macro on key data instead of memset
before directly freeing it; some compilers (one reference I found mentions
the Microsoft C++ .NET compiler) may optimize away scribbles over storage
about to be freed, leaving the values to be retained in core dumps or
uninitialized heap allocations, and "zap" is intended to be where we dump
any necessary hacks to defeat that. Similarly for any other places where
key data is stored (e.g., within tl_data).
Done.
krb5_dbe_update_actkvno (and probably elsewhere in our existing code): Note
that failure in realloc (NULL return when size is nonzero) leaves the old
storage un-freed. So "x=realloc(x,sz)" is a good way to leak memory if
reallocation fails, since you no longer have a handle on the orignial "x".
Done.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21797 dc483132-0cff-0310-8789-dd5450dbe970
|
|
filesystems whose record size is > 64K. All make check tests pass on my
Solaris test system using ZFS with recordsize=128K.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21791 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_dbe_act_key_list to indicate it is a generic function of use on any
princ. I also modified the process_tgs_req function to use the
master_keylist and look up the proper mkey when decrypting the server
key.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21777 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21772 dc483132-0cff-0310-8789-dd5450dbe970
|
|
After making this modification 917 dejagnu tests pass (did not see any
failures on my Solaris test system).
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21771 dc483132-0cff-0310-8789-dd5450dbe970
|
|
svn merge -r21722:HEAD svn+ssh://wfiveash@svn.mit.edu/krb5/trunk
Everything compiles.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21769 dc483132-0cff-0310-8789-dd5450dbe970
|
|
stored in the stash instead of overriding that with what is set in the
gobal parameter. This allows a stashed mkey's enctype to differ from
the current mkey stored in the K/M princ. I also updated
krb5_def_fetch_mkey_list() to avoid a crash when trying to decrypt data
encrypted with a des-cbc-crc key with a aes-128 key.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21767 dc483132-0cff-0310-8789-dd5450dbe970
|
|
At this point the add_mkey, use_mkey and list_mkeys commands appear to
work generally. I've noticed however that specifying a non-default
enctype when using add_mkey and stashing the result (add_mkey -e
aes128-cts-hmac-sha1-96 -s) causes problems when the new mkey is fetched
from the stash file. I'll fix this in another commit.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21765 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21757 dc483132-0cff-0310-8789-dd5450dbe970
|
|
with the encoding/decoding of the new TL data types.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21756 dc483132-0cff-0310-8789-dd5450dbe970
|
|
creation.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21755 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21743 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(removed hard tabs), added logic to add default actkvno tl_data when
creating a new mkey princ.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21739 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21722 dc483132-0cff-0310-8789-dd5450dbe970
|
|
purge_mkeys, sync_stash and update_princ_encryption still need to be
written) so the purpose of this commit is to allow early review of the
addition of support for > 1 master key and the "active" master keylist.
This commit does not include any changes required to sync this level of
the branch with the current level of the trunk. That will follow this
commit.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21721 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@20822 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Only center the windows the first time they are shown for a client.
Improve the math on the NSRect sent to -[NSWindow setFrame:] so dialog windows don't jump around the screen and the title bar stays in the same place.
Refactor repeated view swapping code to -[AuthenticationController swapView:].
ticket: 6142
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20821 dc483132-0cff-0310-8789-dd5450dbe970
|
|
widths. Make its default width 500px
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20819 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20818 dc483132-0cff-0310-8789-dd5450dbe970
|
|
password menu item support
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20817 dc483132-0cff-0310-8789-dd5450dbe970
|
|
enter identity dialogs.
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20816 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20815 dc483132-0cff-0310-8789-dd5450dbe970
|
|
from launchservices and not removing extension from path in
fallback code.
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20814 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20813 dc483132-0cff-0310-8789-dd5450dbe970
|
|
identity ui elements.
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20812 dc483132-0cff-0310-8789-dd5450dbe970
|
|
working between interactions
Make Identity and Identities classes use NSDictionary representations of kim_options like the rest of KerberosAgent.
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20811 dc483132-0cff-0310-8789-dd5450dbe970
|
|
seconds. Code changes from a patch submitted by umich.
ticket: 6120
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20810 dc483132-0cff-0310-8789-dd5450dbe970
|