aboutsummaryrefslogtreecommitdiff
path: root/src/kadmin
AgeCommit message (Collapse)AuthorFilesLines
2009-12-03Reformat new commentsKen Raeburn1-14/+20
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23441 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-03fix slow behavior on Mac OS X with link-local addressesKen Raeburn1-10/+48
When using my previous patch, if a local hostname like "foobar.local" is looked up, you may get back a link-local IPv6 address. However, the KDC seems to be unable to respond from that address, resulting in a ~1s delay for each KDC exchange while waiting for the client to fail over to another address (in my case, another IPv6 address). Create a new object for holding whatever auxiliary information might be needed to properly transmit the response to the client. Currently, that only means the interface index number under IPv6. Fill it in on receipt, always; copy it back to the pktinfo structure when transmitting, ONLY if the local source address is link-local. If an error occurs while transmitting the reply, print both the remote destination address and the local source address. Use getnameinfo instead of inet_ntop. Apply the same changes to kadmind, to keep the versions of network.c more or less in sync. ticket: 6591 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23440 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-03allow testing even if name->addr->name mapping doesn't workKen Raeburn2-5/+4
Many of the tests are set up to fail if the local hostname can't be mapped to an address and back to a name again. If the name results in an address, and we can get a fully-qualified name or something that looks like it, though, we should be able to just go ahead and run some tests. This is also closer to the current behavior of sname_to_principal when reverse DNS is enabled. ticket: 6590 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23439 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-22Consolidate Makefile variables now that we have only a single globalGreg Hudson14-289/+276
configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-04Use "unsigned short" instead of "u_short" in argument to SET macro;Ken Raeburn1-8/+13
the Emacs cc-mode indentation code seems to get confused by the one-word case. Reindent. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23129 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-04Reindent and manually restore some BSD-style files that wereTom Yu3-1/+4
previously incorrectly marked as krb5-style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23126 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-03Reindent after making fixes for emacs-23Tom Yu4-8/+8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23123 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-31make mark-cstyleTom Yu33-8481/+8492
make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-26Fix printf argument type mismatches related to pw_max_fail inGreg Hudson1-4/+5
kadmin.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23044 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-26Remove the telnet-to-localhost sanity check in start_servers_local, asGreg Hudson1-71/+27
the system telnet will not necessarily run correctly with LD_LIBRARY_PATH pointing at the Kerberos libraries from the build tree. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23042 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-25Account lockoutGreg Hudson12-84/+375
Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-10Move destest to builtin/des, because it depends on overriding someTom Yu4-54/+61
internals. Make depend. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
2009-09-25Add keytab_local.c to the kadmin client SRCS variable, so that weGreg Hudson2-1/+20
generate dependencies for its object file. This change causes kadmin.local to be properly rebuilt when keytab.c changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22789 dc483132-0cff-0310-8789-dd5450dbe970
2009-09-25Fix a few bugs in kadmin's keytab.c from r22785Greg Hudson1-13/+10
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22788 dc483132-0cff-0310-8789-dd5450dbe970
2009-09-24Update the kadmin client code to most current coding practicesGreg Hudson3-1629/+1408
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22785 dc483132-0cff-0310-8789-dd5450dbe970
2009-09-22Fix a braino in r22782: we don't use strcpy even safely; use strlcpyGreg Hudson1-1/+1
instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22783 dc483132-0cff-0310-8789-dd5450dbe970
2009-09-21Improve the mechanism used for addprinc -randkey. In the kadminGreg Hudson1-43/+61
server, if the password is null when creating a principal, treat that as a request for a random key. In the kadmin client, try using the new method for random key creation and then fall back to the old one. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22782 dc483132-0cff-0310-8789-dd5450dbe970
2009-09-21Fix addprinc -randkey when policy requires multiple character classesGreg Hudson1-6/+7
The fix for ticket #6074 (r20650) caused a partial regression of ticket #115 (r9210) because the dummy password contained only one character class. As a minimal 1.7 fix, use all five character classes in the dummy password. ticket: 6568 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22781 dc483132-0cff-0310-8789-dd5450dbe970
2009-09-13Implement s4u extensionsGreg Hudson1-3/+7
Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-28Clean up a little bit of test suite spew in env-setup: first, whenGreg Hudson1-12/+6
using BSD options with ps, they should not be prefixed with a '-'; second, the Linux ps supports both BSD and System V options, so change the structure of the tests not to warn when both forms work. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22647 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-28Remove bogus conditional from tcl_kadm5_randkey_principal(), which wasTom Yu1-1/+1
causing unparse_keyblocks() to get stack garbage as num_keys when num_var was "null", thus overrunning the end of the array. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22645 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-21update dependenciesKen Raeburn2-11/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22571 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-17Modify kadm5 initializers to accept krb5 contextsGreg Hudson4-7/+7
Add krb5_context parameters to all kadm5 initialization functions. This allows extended error information to be retrieved by the caller when an error is returned. ticket: 6547 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22527 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-17Remove unused variables resulting from r22521, and also remove theGreg Hudson1-1/+0
unused file svr_misc_free.c. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22523 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-13Remove kadmin v1 API supportGreg Hudson34-3977/+103
The kadmin v1 API and the even older ovsec_kadm_* API were legacy when kadmin was first incorporated in 1996, and compatibility with them is no longer believed to be necessary. The uninstalled kadmin/passwd has been removed (since it used the ovsec API). The test suite has been updated to use the v2 API where appropriate, and the parts specifically designed to test the old API have been excised. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22521 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-07Fix the LDAP build, which was broken by the build reordering inGreg Hudson1-1/+2
r22406. Build kdb5_util's getdate from the kadmin/cli getdate source, instead of borrowing the object file from the kadmin/cli build directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22501 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-03Get "make depend" to work in an unbuilt source tree, since bad depsGreg Hudson2-0/+3
files can make it difficult to build the tree. To do this, make the depends target depend on generated header files and on header file copies or links into the main include directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486 dc483132-0cff-0310-8789-dd5450dbe970
2009-07-10Add a new '-W' option to kadmind and kdb5_util create to allow readingTom Yu3-3/+12
weak random numbers on startup, to avoid long delays in testing situations. Use only for testing. Update testing scripts accordingly. ticket: 1233 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22434 dc483132-0cff-0310-8789-dd5450dbe970
2009-07-09Make datetest buildable againTom Yu2-3/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22432 dc483132-0cff-0310-8789-dd5450dbe970
2009-05-07man1 in title header for man1 manpagesSam Hartman4-4/+4
A previous ticket moved kadmin, kadmin.local, ktutil and k5srvutil man pages to man1 from man8. This updates the section within the man page. ticket: 6483 Target_Version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22324 dc483132-0cff-0310-8789-dd5450dbe970
2009-04-27Move KRB5_KDB_OK_AS_DELEGATE from kdb_ext.h to kdb.h. Add kadminGreg Hudson2-1/+19
support for the flag. In the KDC, remove the restriction on returning the flag on cross-realm TGTs since there is now a defined meaning for that (it allows ok-as-delegate to be honored on the foreign realm's service tickets). ticket: 5596 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22281 dc483132-0cff-0310-8789-dd5450dbe970
2009-04-22move kadmin, ktutil, k5srvutil man pages to man1Sam Hartman2-3/+3
These binaries have been moved to /usr/bin so their manpages should move from man8 to man1. Ticket: 6474 Target_Version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22267 dc483132-0cff-0310-8789-dd5450dbe970
2009-04-13Update kdb5_util man page with missing purge_mkeys commandWill Fiveash1-0/+12
While previously updating the kdb5_util command man page to include documentation on new subcommands added as a result of the Master Key Migration project I missed the purge_mkeys command. I've added that with this commit. Ticket: 6459 Version_Reported: 1.7 Target_Version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22208 dc483132-0cff-0310-8789-dd5450dbe970
2009-03-25Update kdb5_util man page for mkey migration projectWill Fiveash1-7/+18
Updated the kdb5_util command man page to include documentation on new subcommands added as a result of the Master Key Migration project. Ticket: 6432 Version_Reported: 1.7 Target_Version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22114 dc483132-0cff-0310-8789-dd5450dbe970
2009-03-10Several small fixes to enable the migrate mkey commands to work properly ↵Will Fiveash1-0/+5
with a LDAP KDB. See the ticket for more details ticket: 6405 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22073 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-20Also install k5srvutil into PREFIX/bin instead of PREFIX/sbinRuss Allbery1-1/+1
Ticket: 6348 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22042 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-12Don't apply 'const' twiceKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21986 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-11Install ktutil and kadmin into CLIENT_BINDIR instead of ADMIN_BINDIRRuss Allbery2-2/+2
since both are useful for users other than the system administrator. Ticket: 6348 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21966 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-09Rename X11 resource file to avoid name conflict on Mac in in-place buildKen Raeburn1-0/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21930 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-05deal with memleaks in migrate mkey projectWill Fiveash1-96/+107
Ken R. told me that Coverity found several potential memleaks introduced by the mkey migration project. This addresses those leaks and tweaks the code formatting in a few places. ticket: 6371 Version_Reported: 1.7 Target_Version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21900 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-05include omitted system header string.hKen Raeburn1-0/+1
Sun cc warns about some of the string functions being undeclared in several source files. So, include string.h there. ticket: 6365 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21889 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-04regenerateKen Raeburn1-0/+21
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21885 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-04new multi-masterkey support doesn't work well when system clock is setWill Fiveash1-53/+65
back The ticket contains the details. ticket: 6361 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21884 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-04In tcl_ovsec_kadm_get_policy, initialize ent since (at least inGreg Hudson1-1/+1
theory) there's a code path which gets through to the finalizers without setting it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21882 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-04remove some krb4 testing hooksKen Raeburn8-446/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21878 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-03prefer structure assignment to memcpyKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21876 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-02Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn10-17/+17
unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-02Get rid of casts of free() argument to char*, except where it'sKen Raeburn1-3/+3
casting away const (so as to make this change warning-neutral), and in unicode source (which we may want to keep in sync with another source), and krb5_xfree macro (to be handled separately). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21870 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-02Revise last change to better resemble the original test, keeping theKen Raeburn2-22/+19
min-lifetime test code collected together. Change policy to have a minimum password lifetime of 10s instead of 30s, and reduce the test delays accordingly. ticket: 6358 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21868 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-02speed up kpasswd testsKen Raeburn1-12/+23
Reorder some tests and tune delays, so that we don't need to run for much more than twice the min-password-life interval when testing that functionality. (This could be made faster if we can assume that init_db will always have been run immediately before the tests start.) In my tests, this cuts something like 11 seconds off the run time (now down to about 65 seconds). ticket: 6358 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21867 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-09-08 06:01:25 +0000