| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
------------------------------------------------------------------------
r24667 | ghudson | 2011-02-26 21:35:04 -0500 (Sat, 26 Feb 2011) | 8 lines
ticket: 6875
tags: pullup
target_version: 1.9.1
Make sure ulog_map() is invoked whenever we open the database in
kdb5_util. Fixes all of the master key rollover commands in the
presence of iprop. Reported by kacarstensen@csupomona.edu.
ticket: 6875
version_fixed: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24674 dc483132-0cff-0310-8789-dd5450dbe970
|
|
free_principal, delete_principal, and get_policy. Make get_principal
allocate the DB entry container. Fold krb5_db_get_principal_ext into
krb5_db_get_principal.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
|
|
libkdb5 interface. Callers can (and mostly already do) use
krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create,
tests/verify, and kdb5_util dump to do so.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
|
|
corresponding libkdb5 APIs, as they were not productively used. In
kdb5_ldap_util, stop using the realm data's mkey field as a container
to communicate the master key to static helper functions, since the
field no longer exists.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
|
|
were unused, and localization will probably be done through _()
macros, not collecting all the strings together. Elminates a number
of format-security static analysis defects.
ticket: 6714
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23962 dc483132-0cff-0310-8789-dd5450dbe970
|
|
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Merge Luke's users/lhoward/lockout2 branch to trunk. Implements
account lockout policies for preauth-using principals using existing
principal metadata fields and new policy fields. The kadmin API
version is bumped from 2 to 3 to compatibly extend the policy_ent_rec
structure.
ticket: 6577
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
|
|
unicode, windows code
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Commit for the Master Key Migration Project.
http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration
This commit provides the ability to add a new master key (with an
enctype differing from the current master key) to the master key
principal and stash file and then migrate the encryption of existing
principals long term keys to use the new master key. In addition
deletion of master keys is provided.
ticket: 6354
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
|
|
this code had already been commented out previously.)
ticket: 6303
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21445 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6200
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20901 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Note, this is the commit for the associated Krb Consortium project:
Projects/Masterkey Keytab Stash
ticket: 194
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20661 dc483132-0cff-0310-8789-dd5450dbe970
|
|
argv[0].
ticket: 6030
tags: pullup
target_version: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20532 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6028
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20531 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465 dc483132-0cff-0310-8789-dd5450dbe970
|
|
KRB5_KDB_SRV_TYPE_ADMIN
When I ran kdb5_util dump I had two initial problems. First, the LDAP
plugin was not finding the bind DN because open_db_and_mkey() was
passing KRB5_KDB_SRV_TYPE_OTHER to krb5_db_open(). When I change this
to KRB5_KDB_SRV_TYPE_ADMIN then the ldap_kadmind_dn parameter is used
from krb5.conf and a valid bind DN is found. Second,
krb5_ldap_iterate() will core dump when it is called withy a NULL
match_expr arg. This is how dump_db calls krb5_db_iterate(). I updated
krb5_ldap_iterate() to use a default_match_expr of "*" if match_expr ==
NULL.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18736 dc483132-0cff-0310-8789-dd5450dbe970
|
|
drop separate port-number spec so it'll build with current sources. Not
tested because of a bug in the recent Novell patch. :-(
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18616 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(extended_com_err_fn): Don't look up or print error message if the error code
is 0.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18277 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(main): Use it.
* kdb5_util.h (add_db_arg): Declare it.
* kdb5_create.c (kdb5_create): Use it.
* dump.c (load_db): Use it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18276 dc483132-0cff-0310-8789-dd5450dbe970
|
|
envvar arguments with a flag indicating whether KDC config data should
be used. Prototype and all callers changed.
(krb5_read_realm_params): Delete config file and env var arguments.
Prototype and all callers changed.
* lib/kadm5/admin.h (KADM5_CONFIG_PROFILE): Commented out.
(struct _kadm5_config_params): Delete field PROFILE.
* lib/kadm5/alt_prof.c (kadm5_get_config_params): Don't look at it.
(kadm5_free_config_params): Don't free it.
* kadmin/testing/tcl/util.t: Remove profile data from config params.
* kadmin/testing/util/tcl_kadm5.c (config_mask_flags): Deleted
KADM5_CONFIG_PROFILE entry.
(parse_config_params): Changed to require 20 parameters instead of 21.
* lib/kadm5/unit-test/api.2/init-v2.exp (test100): Deleted.
* lib/kadm5/alt_prof.c (krb5_aprof_init): Fetch the list of config files from
the library and add the caller-indicated config file to the front of the list.
* lib/kadm5/clnt/client_init.c (kadm5_init_krb5_context): New function.
* lib/kadm5/clnt/libkadm5clnt.exports: Export it.
* lib/kadm5/srv/server_init.c: Include k5-int.h, osconf.h, gssapiP_krb5.h.
(kadm5_init_krb5_context): New function.
* lib/kadm5/srv/libkadm5srv.exports: Export it.
* lib/kadm5/srv/Makefile.in (LOCAL_INCLUDES): Add gssapi directories.
* lib/kadm5/admin.h (kadm5_init_krb5_context): Declare it.
* kadmin/dbutil/kdb5_destroy.c (kdb5_destroy): Call kadm5_init_krb5_context
instead of krb5_init_context.
* kadmin/dbutil/dump.c (load_db): Likewise.
* kadmin/dbutil/kdb5_util.c (main): Likewise.
* kadmin/dbutil/kadm5_create.c (kadm5_create): Likewise.
* kadmin/dbutil/kdb5_stash.c (kdb5_stash): Likewise.
* kadmin/dbutil/loadv4.c (load_v4db): Likewise.
* kadmin/server/ovsec_kadmd.c (main): Likewise.
* kadmin/cli/kadmin.c (kadmin_startup): Likewise.
* kadmin/testing/util/tcl_ovsec_kadm.c (tcl_ovsec_kadm_init): Likewise.
* lib/kadm5/unit-test/lock-test.c (main): Likewise.
* lib/kadm5/unit-test/handle-test.c (main): Likewise.
* lib/kadm5/unit-test/randkey-test.c (main): Likewise.
* lib/kadm5/unit-test/setkey-test.c (main): Likewise.
* lib/kadm5/chpass_util.c (_kadm5_chpass_principal_util): Likewise.
* lib/kadm5/kadm_rpc_xdr.c (xdr_krb5_principal): Likewise.
* lib/krb5/os/init_os_ctx.c (add_kdc_config_file): New function.
(os_init_paths): Add new argument KDC; call add_kdc_config_file if true.
* lib/krb5/krb/init_ctx.c (krb5int_init_context_kdc): New function.
(init_common): Add new argument KDC, passed to krb5_os_init_context.
* lib/krb5/libkrb5.exports: Export krb5int_init_context_kdc.
* k5-int.h (krb5_os_init_context): Update decl.
* lib/kadm5/srv/server_init.c (kadm5_init): Call krb5int_init_context_kdc.
* krb524/krb524d.c (main): Likewise.
* lib/kadm5/unit-test/api.2/init-v2.exp: Don't run test 154 for error for
$KRB5_KDC_PROFILE file not present.
* lib/krb5/os/init_os_ctx.c (os_get_default_config_files): Rewrite KLL test so
as not to confuse Emacs indentation support.
* lib/gssapi/krb5/init_sec_context.c (kg_kdc_flag_mutex, kdc_flag): New
variables.
(krb5_gss_init_context, krb5_gss_use_kdc_context): New functions.
* lib/gssapi/krb5/gssapiP_krb5.h (kg_kdc_flag_mutex): Declare.
(krb5_gss_init_context, krb5_gss_use_kdc_context): Declare.
(krb5_init_context): Define as macro to invoke krb5_gss_init_context for now.
* lib/gssapi/gss_libinit.c (gssint_lib_init): Initialize the mutex.
(gssint_lib_fini): Destroy it.
* lib/gssapi/libgssapi_krb5.exports: Export krb5_gss_use_kdc_context.
* lib/kadm5/srv/server_init.c (kadm5_init): Don't complain if the config files
specify an admin server, since we now look at krb5.conf as well.
* lib/kadm5/unit-test/api.2/init-v2.exp: Delete test test114 for bad server
params.
* plugins/kdb/db2/adb_openclose.c (osa_adb_init_db): Use
krb5int_init_context_kdc instead of krb5_init_context.
* kdc/rtest.c (main): Likewise.
* kdc/fakeka.c (main): Likewise.
* kdc/main.c (main, init_realm): Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18009 dc483132-0cff-0310-8789-dd5450dbe970
|
|
actual LDAP bits:
* include/kdb.h (krb5_db_entry_new): Add MASK field indicating what's
changed.
(KRB5_KDB_SRV_TYPE_*): New macros indicating which type of service is
accessing the database.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* lib/kadm5/srv/server_misc.c, server_init.c: Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_stash.c (kdb5_stash): Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_util.c (open_db_and_mkey): Pass service type to
krb5_db_open.
* kdc/main.c (init_realm): Pass service type to krb5_db_open.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* kadmin/dbutil/dump.c (load_db): Pass service type to krb5_db_open.
* lib/kdb/kdb5.h (KRB5_KDB_SRV_TYPE_*): New macros.
* lib/kdb/err_handle.{c,h}: Deleted.
* lib/kadm5/clnt/err_handle.{c,h}: Deleted.
(krb5_db_clr_error): Declaration deleted.
* lib/kdb/Makefile.in, lib/kadm5/clnt/Makefile.in: Don't build them.
* lib/kdb/kdb5.c, lib/kadm5/clnt, lib/kadm5/srv: Use new error-message API.
* kdc/do_tgs_req.c (process_tgs_req): Use new error-message API.
* kdc/kdc_preauth.c (check_padata)
* kdc/do_as_req.c (process_as_req):
* kdc/main.c (init_realm):
* kadmin/server/ovsec_kadmd.c (main, do_schpw):
* schpw.c (process_chpw_request):
* kadmin/server/server_stubs.c:
* kadmin/cli/kadmin.c (extended_com_err_fn): New function.
(kadmin_startup): Tell com_err library to use it, for kadmin.local.
* lib/kdb/libkdb5.exports: Don't export krb5_db_clr_error.
* lib/kdb/Makefile.in: (SRCS, STLIBOBJS): Don't build err_handle.c.
* lib/kdb/kdb5.c (kdb_load_library): Don't pass argument to init_library.
(krb5_db_clr_error): Function deleted.
* lib/kdb/kdb5.h (struct _kdb_vftabl): Remove argument from init_library field.
* lib/kadm5/logger.c (krb5_klog_init): Save the krb5_context pointer.
(klog_com_err_proc): Use it, and call new error-message API.
* lib/kadm5/srv/svr_principal.c: Use new error-message API.
* kadmin/dbutil/kdb5_util.c (extended_com_err_fn): New function.
(main): Tell com_err library to use it.
* plugins/kdb/db2: Use new error-message APIs and updated DAL
interface.
* lib/kadm5/kadm_rpc.h: Delete err_str fields.
* lib/kadm5/kadm_rpc_xdr.c: Don't process them.
* kadmin/server/server_stubs.c: Don't use ret.err_str field.
* include/k5-thread.h (k5_key_t): Deleted unused values.
* lib/kdb/kdb5.h (KDB_MODULE_SECTION): Change db_modules to dbmodules.
(KDB_MODULE_DEF_SECTION): New macro.
* tests/Makefile.in (krb5.conf): Rename db_modules to dbmodules.
* tests/dejagnu/config/default.exp (setup_krb5_conf): Likewise.
* kadmin/testing/proto/krb5.conf.proto: Likewise.
* lib/kdb/libkdb5.exports: Do export krb5_def_store_mkey.
* lib/kadm5/admin.h (KADM5_CPW_FUNCTION, KADM5_RANDKEY_USED): New macros.
(struct _kadm5_config_params): New field kpasswd_server.
* lib/krb5/error_tables/kdb5_err.et (KRB5_KDB_SERVER_INTERNAL_ERR):
New error code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17899 dc483132-0cff-0310-8789-dd5450dbe970
|
|
include directives sometimes using krb5/foo.h and sometimes using foo.h, and
-I options always given for both directories in both source and build trees,
push include/krb5/* up a level and drop the krb5 directory (except, for the
moment, the change log).
Updated #include directives, -I options, and dependencies accordingly, and
deleted one or two bits of old, unused code that was noticed in the process.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17730 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Will probably break things.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17258 dc483132-0cff-0310-8789-dd5450dbe970
|
|
"-recurse" flags to permit reverse and recursive dumping of the
database, respectively. Check for dump filename beginning with
"-" to avoid accidental dumps to such filenames.
* kdb5_util.c (usage): Update to match reality, primarily by
updating the "dump" usage, but also showing global options before
the command, which is how they were being interpreted anyway.
* kdb5_util.M: Update to match reality. Document "-mkey_convert",
"-new_mkey_file", "-rev", and "-recurse" options to "dump".
Document "dump to stdout" behavior. Show global options before
the command. Make some formatting fixes. s/binary tree/btree/
since the btree back end is actually an n-ary tree.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14757 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14367 dc483132-0cff-0310-8789-dd5450dbe970
|
|
shadowing of getopt function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13488 dc483132-0cff-0310-8789-dd5450dbe970
|
|
dumpv4.c, dump.c: Compiler warning cleanup including prototypes,
assignments in conditionals, unused variables, varaibles shadowing
one-another.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13028 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* kdb5_util.c (usage): Update usage message.
* dumpv4.c (dump_v4_iterator): Add logic to deal with long
lifetimes, as well as optionally using short lifetimes.
* loadv4.c (load_v4db): Add logic to deal with long lifetimes, as
well as optionally using short lifetimes.
* kadm5_create.c (kadm5_create_magic_princs): Add calls to
krb5_klog_init() and krb5_klog_close() to avoid coredumping if
kadm5_init() calls krb5_klog_syslog().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12763 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
|
|
fails, instead of fprintf of the error number.
(cf krb5-bugs db #499, 13-Nov-1997)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11546 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Change '-f" option to "-sf" to indicate stash file on
command line.
* kdb5_stash.c (kdb5_stash): Indicate that policy db should be
closed, free context when done.
* kadm5_create.c (kadm5_create): Fix up memory leaks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10265 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Removed unneeded call to krb5_init_ets
load_v4.c:
Removed unneeded call to krb5_init_ets
Check return value of krb5_init_context
Call krb5_free_context prior to returning (error returns)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9921 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9906 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9598 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* kadmin/dbutil loadv4 stashfile, default fixes
(original changelogs included.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9372 dc483132-0cff-0310-8789-dd5450dbe970
|
|
to fix problem on AIX; this should have worked anyway because of
the , operator but it is easy enough to force the solution, too.
[krb5-admin/41]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9140 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Eliminated the -f option, as it is superfluous. Don't create the
policy database if using the -t option, since it'll already exist.
kdb5_util.c (usage): Fix usage message so that it's correct for load_v4.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9028 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* kdb5_create.c: use global mkey_password
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8925 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ss_wrapper.c are now obsolete
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8907 dc483132-0cff-0310-8789-dd5450dbe970
|
|
OV_MERGE branches. This includes, but is not limited to, the new openvision
admin system, and major changes to gssapi to add functionality, and bring
the implementation in line with rfc1964. before committing, the
code was built and tested for netbsd and solaris.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970
|
