aboutsummaryrefslogtreecommitdiff
path: root/src/lib/kadm5/clnt/client_init.c
AgeCommit message (Collapse)AuthorFilesLines
2010-07-08Fix a memory leak in libkadm5clnt's get_init_creds()Greg Hudson1-4/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24179 dc483132-0cff-0310-8789-dd5450dbe970
2010-06-26Make kadmin work over IPv6Greg Hudson1-21/+53
Make gssrpc work over IPv6 TCP sockets provided that the client creates and connects/binds the sockets and doesn't query their addresses or use bindresvport(). Make kadmin work within those constraints and handle IPv6. Specific changes: * Make svctcp_create() able to extract the port from an IPv6 socket, using a new helper function getport(). * Make clnttcp_create() handle a null raddr value if *sockp is set. * Make kadm5_get_service_name() use getaddrinfo() to canonicalize the admin server name. * Make libkadm5clnt's init_any() responsible for connecting its socket using a new helper function connect_to_server(), which uses getaddrinfo instead of gethostbyname. Pass a null address to clnttcp_create(). * Make libapputil's net-server.c set up IPv6 as well as IPv4 listener ports for RPC connections. * Adjust the error code expected in a libkadm5 unit test. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24147 dc483132-0cff-0310-8789-dd5450dbe970
2010-06-25Adjust function names and declarations in libkadm5's client_init.c; inGreg Hudson1-149/+95
particular, avoid the use of library namespace prefixes for static helper functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24146 dc483132-0cff-0310-8789-dd5450dbe970
2010-06-25Simplify the iprop conditionalization of _kadm5_init_any()Greg Hudson1-25/+19
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24145 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-18Improve the error message from kadmin when hostname resolution failsGreg Hudson1-3/+1
for the admin server. (The extended message won't be displayed by kadmin currently; that's a separate issue.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24054 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-28Whitespace fixes for new anonymous supportGreg Hudson1-2/+3
ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-28Anonymous support for KerberosSam Hartman1-22/+38
This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-22In _kadm5_init_any on error - if we created a cache entry, destroy itEzra Peisach1-0/+8
(parallel to kadm5_destroy code). Also - free config_params. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23300 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-21Memory leak in _kadm5_init_any introduced with ipropdEzra Peisach1-0/+2
Fix minor memory leak introduced by the ipropd integration. ticket: 6582 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23296 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-31make mark-cstyleTom Yu1-653/+654
make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-25Account lockoutGreg Hudson1-1/+11
Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-17Modify kadm5 initializers to accept krb5 contextsGreg Hudson1-16/+15
Add krb5_context parameters to all kadm5 initialization functions. This allows extended error information to be retrieved by the caller when an error is returned. ticket: 6547 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22527 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-13Remove kadmin v1 API supportGreg Hudson1-14/+4
The kadmin v1 API and the even older ovsec_kadm_* API were legacy when kadmin was first incorporated in 1996, and compatibility with them is no longer believed to be necessary. The uninstalled kadmin/passwd has been removed (since it used the ovsec API). The test suite has been updated to use the v2 API where appropriate, and the parts specifically designed to test the old API have been excised. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22521 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-02Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn1-3/+2
unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-14Force tickets acquired by the kadm5 client library via passwordRuss Allbery1-1/+5
authentication to be non-forwardable and non-proxiable, overridding any [libdefaults] configuration. This may be necessary at sites that set forwardable to true by default in their krb5.conf files but disable forwardable tickets for privileged principals. Since the ticket cache acquired by the kadm5 client library is used only for kadmin operations, where forwardable is not useful or necessary, there is no reason to ever attempt to obtain forwardable or proxiable tickets here. Ticket: 6337 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21744 dc483132-0cff-0310-8789-dd5450dbe970
2008-12-16Add prototype for kadm5_init_iprop. FOr the client - adds a dummy argument Ezra Peisach1-1/+1
which is ignored. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21480 dc483132-0cff-0310-8789-dd5450dbe970
2008-08-06Fully initialize handle data on allocationKen Raeburn1-0/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20617 dc483132-0cff-0310-8789-dd5450dbe970
2008-07-25fix possible uninit variable use in error pathKen Raeburn1-0/+1
Clear gss_client and gss_target before any possible branch to 'error', where they can be used. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20580 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-24Merge from branch sun-ipropKen Raeburn1-3/+49
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-18Disable check for invalid client-side admin config parameters in theKen Raeburn1-1/+5
config file. Since KDC configuration parameters can now be put in krb5.conf, this doesn't make sense any more. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20411 dc483132-0cff-0310-8789-dd5450dbe970
2007-07-12Avoid use of unchecked sprintf in libraries. Use asprintf if theKen Raeburn1-26/+22
output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
2007-07-04Some handy debugging code for gssapi errors in credential acquisition; ↵Ken Raeburn1-0/+44
currently disabled git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19667 dc483132-0cff-0310-8789-dd5450dbe970
2006-05-16* lib/kadm5/alt_prof.c (kadm5_get_config_params): Replace filename andKen Raeburn1-5/+7
envvar arguments with a flag indicating whether KDC config data should be used. Prototype and all callers changed. (krb5_read_realm_params): Delete config file and env var arguments. Prototype and all callers changed. * lib/kadm5/admin.h (KADM5_CONFIG_PROFILE): Commented out. (struct _kadm5_config_params): Delete field PROFILE. * lib/kadm5/alt_prof.c (kadm5_get_config_params): Don't look at it. (kadm5_free_config_params): Don't free it. * kadmin/testing/tcl/util.t: Remove profile data from config params. * kadmin/testing/util/tcl_kadm5.c (config_mask_flags): Deleted KADM5_CONFIG_PROFILE entry. (parse_config_params): Changed to require 20 parameters instead of 21. * lib/kadm5/unit-test/api.2/init-v2.exp (test100): Deleted. * lib/kadm5/alt_prof.c (krb5_aprof_init): Fetch the list of config files from the library and add the caller-indicated config file to the front of the list. * lib/kadm5/clnt/client_init.c (kadm5_init_krb5_context): New function. * lib/kadm5/clnt/libkadm5clnt.exports: Export it. * lib/kadm5/srv/server_init.c: Include k5-int.h, osconf.h, gssapiP_krb5.h. (kadm5_init_krb5_context): New function. * lib/kadm5/srv/libkadm5srv.exports: Export it. * lib/kadm5/srv/Makefile.in (LOCAL_INCLUDES): Add gssapi directories. * lib/kadm5/admin.h (kadm5_init_krb5_context): Declare it. * kadmin/dbutil/kdb5_destroy.c (kdb5_destroy): Call kadm5_init_krb5_context instead of krb5_init_context. * kadmin/dbutil/dump.c (load_db): Likewise. * kadmin/dbutil/kdb5_util.c (main): Likewise. * kadmin/dbutil/kadm5_create.c (kadm5_create): Likewise. * kadmin/dbutil/kdb5_stash.c (kdb5_stash): Likewise. * kadmin/dbutil/loadv4.c (load_v4db): Likewise. * kadmin/server/ovsec_kadmd.c (main): Likewise. * kadmin/cli/kadmin.c (kadmin_startup): Likewise. * kadmin/testing/util/tcl_ovsec_kadm.c (tcl_ovsec_kadm_init): Likewise. * lib/kadm5/unit-test/lock-test.c (main): Likewise. * lib/kadm5/unit-test/handle-test.c (main): Likewise. * lib/kadm5/unit-test/randkey-test.c (main): Likewise. * lib/kadm5/unit-test/setkey-test.c (main): Likewise. * lib/kadm5/chpass_util.c (_kadm5_chpass_principal_util): Likewise. * lib/kadm5/kadm_rpc_xdr.c (xdr_krb5_principal): Likewise. * lib/krb5/os/init_os_ctx.c (add_kdc_config_file): New function. (os_init_paths): Add new argument KDC; call add_kdc_config_file if true. * lib/krb5/krb/init_ctx.c (krb5int_init_context_kdc): New function. (init_common): Add new argument KDC, passed to krb5_os_init_context. * lib/krb5/libkrb5.exports: Export krb5int_init_context_kdc. * k5-int.h (krb5_os_init_context): Update decl. * lib/kadm5/srv/server_init.c (kadm5_init): Call krb5int_init_context_kdc. * krb524/krb524d.c (main): Likewise. * lib/kadm5/unit-test/api.2/init-v2.exp: Don't run test 154 for error for $KRB5_KDC_PROFILE file not present. * lib/krb5/os/init_os_ctx.c (os_get_default_config_files): Rewrite KLL test so as not to confuse Emacs indentation support. * lib/gssapi/krb5/init_sec_context.c (kg_kdc_flag_mutex, kdc_flag): New variables. (krb5_gss_init_context, krb5_gss_use_kdc_context): New functions. * lib/gssapi/krb5/gssapiP_krb5.h (kg_kdc_flag_mutex): Declare. (krb5_gss_init_context, krb5_gss_use_kdc_context): Declare. (krb5_init_context): Define as macro to invoke krb5_gss_init_context for now. * lib/gssapi/gss_libinit.c (gssint_lib_init): Initialize the mutex. (gssint_lib_fini): Destroy it. * lib/gssapi/libgssapi_krb5.exports: Export krb5_gss_use_kdc_context. * lib/kadm5/srv/server_init.c (kadm5_init): Don't complain if the config files specify an admin server, since we now look at krb5.conf as well. * lib/kadm5/unit-test/api.2/init-v2.exp: Delete test test114 for bad server params. * plugins/kdb/db2/adb_openclose.c (osa_adb_init_db): Use krb5int_init_context_kdc instead of krb5_init_context. * kdc/rtest.c (main): Likewise. * kdc/fakeka.c (main): Likewise. * kdc/main.c (main, init_realm): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18009 dc483132-0cff-0310-8789-dd5450dbe970
2006-04-01Include autoconf.h (or include it earlier) in a bunch of files that areKen Raeburn1-0/+1
currently depending on command-line macro settings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17825 dc483132-0cff-0310-8789-dd5450dbe970
2005-11-18Fix additional cases where krb5.h is included before k5-int.h. In most cases,Ken Raeburn1-1/+1
it suffices to remove the inclusion of k5-int.h, sometimes including errno.h or another header. In a couple cases, include order has been changed, or k5-int.h has been included instead of krb5.h. ticket: 3236 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17494 dc483132-0cff-0310-8789-dd5450dbe970
2005-08-20Rename all RPC functions from _1 to _2 to match current program version number;Ken Raeburn1-2/+2
likewise _1_svc to _2_svc in the kadmin server. Delete the RPC functions from the libkadm5clnt export list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17345 dc483132-0cff-0310-8789-dd5450dbe970
2005-06-21Novell Database Abstraction Layer merge.Ken Raeburn1-5/+11
Will probably break things. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17258 dc483132-0cff-0310-8789-dd5450dbe970
2005-02-11Implement principal name and auth flavor fallback for kadm5 clientTom Yu1-257/+350
library. Adjust test suites to compensate. ticket: 2913 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17099 dc483132-0cff-0310-8789-dd5450dbe970
2004-10-26Kevin Coffman's patches to support passing gss context state to kernelTom Yu1-0/+2
ticket: 2743 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16836 dc483132-0cff-0310-8789-dd5450dbe970
2004-08-21Fix no-auth test to use a config mask flag to ask for no-auth, toTom Yu1-8/+2
avoid the icky repeated build of client_init.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16678 dc483132-0cff-0310-8789-dd5450dbe970
2004-06-24Use null pointer as service name to request host-based service nameTom Yu1-2/+15
ticket: 2613 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16515 dc483132-0cff-0310-8789-dd5450dbe970
2004-06-24 * client_init.c (_kadm5_init_any)[DEBUG]: Print error fromTom Yu1-0/+3
clnttcp_create(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16508 dc483132-0cff-0310-8789-dd5450dbe970
2004-06-16This commit merges the RPCSEC_GSS integration branch onto the trunk.Tom Yu1-12/+29
Remaining work includes: * Default to using kadmin/fqdn for SEAM compatibility * Namespace cleanups and other API tweaks -- this API is not stable yet * Fix lib/rpc/unit-test testsuite to test RPCSEC_GSS in addition to AUTH_GSSAPI Additional work will be tracked in separate tickets. This merge is bracketed between the tags "tlyu-umich-rpc-merge-pre" and "tlyu-umich-rpc-merge-post". ticket: 2578 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16467 dc483132-0cff-0310-8789-dd5450dbe970
2003-12-13don't limit enctype lists at init timeKen Raeburn1-10/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15912 dc483132-0cff-0310-8789-dd5450dbe970
2002-10-08libkadm5 should allow persistent locksTom Yu1-0/+11
libkadm5 should have a way to persistently lock the databases to avoid wasting time on closing and reopening. These patches implement persistent exclusive locks for local access only. ticket: new target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14914 dc483132-0cff-0310-8789-dd5450dbe970
2002-09-18* client_init.c (_kadm5_init_any): If creating a new ccache, put it in memoryKen Raeburn1-0/+9
instead of on disk. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14876 dc483132-0cff-0310-8789-dd5450dbe970
2002-07-31 * client_init.c (_kadm5_init_any): UseTom Yu1-1/+1
KADM5_MISSING_KRB5_CONF_PARAMS in order to be less confusing to someone running kadmin rather than kadmin.local. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14677 dc483132-0cff-0310-8789-dd5450dbe970
2001-11-07Allow rc4 to be used for kadminSam Hartman1-0/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13961 dc483132-0cff-0310-8789-dd5450dbe970
2001-06-18 * client_init.c (_kadm5_init_any): Add casts to (gss_OID) in callsEzra Peisach1-3/+3
to gss library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13359 dc483132-0cff-0310-8789-dd5450dbe970
2001-02-18 * client_rpc.c: Insure pointer argument type is same as passedEzra Peisach1-4/+6
onto xdr functions. (arguments specified to *3_1 functions were for the *_1 functions). * client_init.c, client_principal.c, clnt_policy.c: Cleanup unused variables and assignments in conditionals. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13011 dc483132-0cff-0310-8789-dd5450dbe970
2000-06-29 * client_init.c (_kadm5_init_any): gss_krb5_ccache_name returnsEzra Peisach1-3/+7
const char *, but the code was treating it as a char *. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12461 dc483132-0cff-0310-8789-dd5450dbe970
2000-06-27pullup from 1.2 branchKen Raeburn1-6/+8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12442 dc483132-0cff-0310-8789-dd5450dbe970
2000-06-01Check for existance of <memory.h>.Wilfredo Sanchez1-0/+2
(from Nathan Neulinger <nneul@umr.edu>) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12332 dc483132-0cff-0310-8789-dd5450dbe970
2000-01-27limit kadm5 net interface to des for now until gssapi mech is fixedKen Raeburn1-2/+7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11971 dc483132-0cff-0310-8789-dd5450dbe970
1999-09-01disable krb5-mech2 for now; from 1.1 branchKen Raeburn1-23/+11
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11773 dc483132-0cff-0310-8789-dd5450dbe970
1999-05-13 * client_init.c (_kadm5_init_any): Use gss_krb5_ccache_name() toTom Yu1-8/+19
set the gssapi ccache name. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11439 dc483132-0cff-0310-8789-dd5450dbe970
1998-10-30pull up 3des implementation from the marc-3des branchMarc Horowitz1-1/+41
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
1998-02-14 * client_init.c:Tom Yu1-2/+2
* client_principal.c: * client_rpc.c: * clnt_policy.c: * clnt_privs.c: Update header locations. * Makefile.in (LIBMAJOR): Bump major version to reflect change in rpc library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10450 dc483132-0cff-0310-8789-dd5450dbe970
1997-10-13 * client_init.c (kadm5_destroy): Free handle->lhandle field, callEzra Peisach1-2/+7
kadm5_free_config_params and krb5_free_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10225 dc483132-0cff-0310-8789-dd5450dbe970
1997-02-20Removed unneeded call to krb5_init_etsRichard Basch1-1/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9927 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-08-02 10:23:36 +0000