aboutsummaryrefslogtreecommitdiff
path: root/src/plugins/kdb/db2/kdb_db2.c
AgeCommit message (Collapse)AuthorFilesLines
2010-07-13Addendum to r24185: make audit_as_req return void, since it's anGreg Hudson1-2/+2
informational method and we're not going to do anything with the result. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-13Add audit_as_req to the DAL with a corresponding libkdb5 API,Greg Hudson1-0/+8
replacing the AUDIT_AS_REQ method of db_invoke. Remove the AUDIT_TGS_REQ method of db_invoke without adding a replacement, as there was no KDC support for it. (It can be added at a later time if necessary.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-13Add check_policy_as and check_policy_tgs to the DAL table withGreg Hudson1-0/+14
corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and CHECK_POLICY_TGS methods of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-06Remove count parameters from get_principal, put_principal,Greg Hudson1-98/+50
free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03Remove return value from void functionKen Raeburn1-1/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24169 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Make krb5_db_free_principal and krb5_db_free_mkey_list return void.Greg Hudson1-1/+1
Remove the stale prototype for krb5_db_free_master_key. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove db_ and similar prefixes from DAL function names, forGreg Hudson1-94/+76
consistency. Follow suit inside the DB2 and LDAP modules. (No change to the caller-facing libkdb5 APIs.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove the set_master_key and get_master_key DAL interfaces and theirGreg Hudson1-37/+0
corresponding libkdb5 APIs, as they were not productively used. In kdb5_ldap_util, stop using the realm data's mkey field as a container to communicate the master key to static helper functions, since the field no longer exists. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-10Add lockout-related performance tuning variablesGreg Hudson1-0/+13
The account lockout feature of krb5 1.8 came at a cost in database accesses for principals requiring preauth, even if lockout is not used. Add dbmodules variables disable_last_success and disable_lockout for the DB2 and LDAP back ends, allowing the admin to recover the lost performance at the cost of new functionality. (Unrelated documentation fix: document database_name as a DB2-specific dbmodules variable instead of the realm variable it used to be.) ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24003 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-05General code consistency pass in kdb_db2.c.Greg Hudson1-136/+56
Removes some pointless null checks. Frees the DB context when a DB is finalized. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23973 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-04Remove a stray comment from r23966Greg Hudson1-1/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23967 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-04Refactor the kdb_db2.c code which processes db_args and profileGreg Hudson1-303/+134
variables to configure a DB context, to avoid repeating that code three times in open/create/destroy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23966 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-04Remove krb5_db_set_option and the associated DAL entry. It was notGreg Hudson1-33/+0
used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23965 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-25In krb5_db2_db_init, make a format string constant to make CoverityGreg Hudson1-3/+2
happy. (Previously it was a disjunction of two constants, which is fine, but not as obviously safe to a static analysis tool.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23355 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-24Mark and reindent plugins, except for pkinit, which needs a littleGreg Hudson1-630/+631
cleanup first. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23353 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-31make mark-cstyleTom Yu1-2/+1
make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-25Account lockoutGreg Hudson1-35/+206
Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-02Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn1-4/+4
unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-31recode as more straight-line code to simplify analysisKen Raeburn1-5/+7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21848 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-30Master Key Migration ProjectWill Fiveash1-0/+42
Commit for the Master Key Migration Project. http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration This commit provides the ability to add a new master key (with an enctype differing from the current master key) to the master key principal and stash file and then migrate the encryption of existing principals long term keys to use the new master key. In addition deletion of master keys is provided. ticket: 6354 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
2008-10-24Use strlcpy instead of strcpy in many placesGreg Hudson1-1/+1
ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970
2008-10-20Use asprintf instead of malloc/strcpy/strcat in many placesGreg Hudson1-4/+1
ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20901 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-27Check for strdup failure. Fix a memory leak in one failure caseKen Raeburn1-0/+32
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20488 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-02Change krb5_context.db_context to point to the real structure type,Ken Raeburn1-36/+35
and change uses to not cast all the time. Also rename it from db_context to dal_handle, since one of the fields in the pointed-to structure is also called db_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20348 dc483132-0cff-0310-8789-dd5450dbe970
2007-10-22Set close-on-exec flag in most places where file descriptors areKen Raeburn1-1/+4
opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. ticket: 5561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
2007-07-12Avoid unchecked sprintf in some KDC-side programsKen Raeburn1-9/+14
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19705 dc483132-0cff-0310-8789-dd5450dbe970
2007-01-08crash creating db2 database in non-existent directoryKen Raeburn1-18/+15
* kdb_db2.c (krb5_db2_db_create): If the creation of the first database file fails, return the error, instead of attempting to create the second (and using a null pointer as an input string in formatting a filename). Reported by Jeff Blaine. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19038 dc483132-0cff-0310-8789-dd5450dbe970
2006-10-12(krb5_db2_db_init): When creating a temporary database, use the suffixKen Raeburn1-1/+2
"~.kadm5" for the policy database filename. ticket: 4354 version_reported: 1.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18692 dc483132-0cff-0310-8789-dd5450dbe970
2006-06-30copyright datesKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18297 dc483132-0cff-0310-8789-dd5450dbe970
2006-06-30* kdb_db2.c: Don't include kdb_compat.h.Ken Raeburn1-12/+175
(OLD_COMPAT_VERSION_1): Don't define. (krb5_db2_db_create): For temporary db, use different names for all files. (krb5_db2_open, krb5_db2_create, krb5_db2_destroy): Fix check for "temporary" in supplied db_args. (krb5_db2_db_rename): New function, restored from pre-DAL code and hacked up a lot to mostly work. (krb5_db2_promote_db): New function. * db2_exp.c: Add promote_db entry. ticket: 3964 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18295 dc483132-0cff-0310-8789-dd5450dbe970
2006-06-30 * plugins/kdb/db2/kdb_db2.c (krb5_db2_db_init): Support tempdbSam Hartman1-41/+78
(krb5_db2_db_set_name): likewise (krb5_db2_open): likewise (krb5_db2_create): likewise (krb5_db2_db_create): likewise (krb5_db2_db_set_option): likewise (krb5_db2_destroy): likewise * plugins/kdb/db2/kdb_db2.h: Add tempdb to db context * plugins/kdb/db2/kdb_db2.c (k5db2_dbopen): Take flag for temporary databases. Ticket: 3964 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18285 dc483132-0cff-0310-8789-dd5450dbe970
2006-06-30 * plugins/kdb/db2/kdb_db2.c (krb5_db2_create): Remove incorrectSam Hartman1-1/+1
comment. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18281 dc483132-0cff-0310-8789-dd5450dbe970
2006-04-13Partial merge from Novell LDAP integration branch, not including theKen Raeburn1-14/+15
actual LDAP bits: * include/kdb.h (krb5_db_entry_new): Add MASK field indicating what's changed. (KRB5_KDB_SRV_TYPE_*): New macros indicating which type of service is accessing the database. * lib/kadm5/srv/svr_principal.c: Set mask field. * lib/kadm5/srv/server_misc.c, server_init.c: Pass service type to krb5_db_open. * kadmin/dbutil/kdb5_stash.c (kdb5_stash): Pass service type to krb5_db_open. * kadmin/dbutil/kdb5_util.c (open_db_and_mkey): Pass service type to krb5_db_open. * kdc/main.c (init_realm): Pass service type to krb5_db_open. * lib/kadm5/srv/svr_principal.c: Set mask field. * kadmin/dbutil/dump.c (load_db): Pass service type to krb5_db_open. * lib/kdb/kdb5.h (KRB5_KDB_SRV_TYPE_*): New macros. * lib/kdb/err_handle.{c,h}: Deleted. * lib/kadm5/clnt/err_handle.{c,h}: Deleted. (krb5_db_clr_error): Declaration deleted. * lib/kdb/Makefile.in, lib/kadm5/clnt/Makefile.in: Don't build them. * lib/kdb/kdb5.c, lib/kadm5/clnt, lib/kadm5/srv: Use new error-message API. * kdc/do_tgs_req.c (process_tgs_req): Use new error-message API. * kdc/kdc_preauth.c (check_padata) * kdc/do_as_req.c (process_as_req): * kdc/main.c (init_realm): * kadmin/server/ovsec_kadmd.c (main, do_schpw): * schpw.c (process_chpw_request): * kadmin/server/server_stubs.c: * kadmin/cli/kadmin.c (extended_com_err_fn): New function. (kadmin_startup): Tell com_err library to use it, for kadmin.local. * lib/kdb/libkdb5.exports: Don't export krb5_db_clr_error. * lib/kdb/Makefile.in: (SRCS, STLIBOBJS): Don't build err_handle.c. * lib/kdb/kdb5.c (kdb_load_library): Don't pass argument to init_library. (krb5_db_clr_error): Function deleted. * lib/kdb/kdb5.h (struct _kdb_vftabl): Remove argument from init_library field. * lib/kadm5/logger.c (krb5_klog_init): Save the krb5_context pointer. (klog_com_err_proc): Use it, and call new error-message API. * lib/kadm5/srv/svr_principal.c: Use new error-message API. * kadmin/dbutil/kdb5_util.c (extended_com_err_fn): New function. (main): Tell com_err library to use it. * plugins/kdb/db2: Use new error-message APIs and updated DAL interface. * lib/kadm5/kadm_rpc.h: Delete err_str fields. * lib/kadm5/kadm_rpc_xdr.c: Don't process them. * kadmin/server/server_stubs.c: Don't use ret.err_str field. * include/k5-thread.h (k5_key_t): Deleted unused values. * lib/kdb/kdb5.h (KDB_MODULE_SECTION): Change db_modules to dbmodules. (KDB_MODULE_DEF_SECTION): New macro. * tests/Makefile.in (krb5.conf): Rename db_modules to dbmodules. * tests/dejagnu/config/default.exp (setup_krb5_conf): Likewise. * kadmin/testing/proto/krb5.conf.proto: Likewise. * lib/kdb/libkdb5.exports: Do export krb5_def_store_mkey. * lib/kadm5/admin.h (KADM5_CPW_FUNCTION, KADM5_RANDKEY_USED): New macros. (struct _kadm5_config_params): New field kpasswd_server. * lib/krb5/error_tables/kdb5_err.et (KRB5_KDB_SERVER_INTERNAL_ERR): New error code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17899 dc483132-0cff-0310-8789-dd5450dbe970
2006-04-01* db2_exp.c, kdb_db2.c: Include k5-int.h earlierKen Raeburn1-1/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17824 dc483132-0cff-0310-8789-dd5450dbe970
2005-12-17Rename "modules" to "plugins", and fix up makefile variables etcKen Raeburn1-0/+1561
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17565 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-08-01 19:59:07 +0000