summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipa-getkeytab.c
Commit message (Collapse)AuthorAgeFilesLines
* Move some krb5 keys related functions from ipa-client to utilSumit Bose2012-06-111-376/+5
|
* Use indexed format specifiers in i18n stringsJohn Dennis2012-04-101-6/+6
| | | | | | | | | | Translators need to reorder messages to suit the needs of the target language. The conventional positional format specifiers (e.g. %s %d) do not permit reordering because their order is tied to the ordering of the arguments to the printf function. The fix is to use indexed format specifiers. https://fedorahosted.org/freeipa/ticket/2596
* Fix memleak and silence Coverity defectsSimo Sorce2012-03-221-2/+2
| | | | | | | | | | | | | | | Some of these are not real defects, because we are guaranteed to have valid context in some functions, and checks are not necessary. I added the checks anyway in order to silence Coverity on these issues. One meleak on error condition was fixed in daemons/ipa-kdb/ipa_kdb_pwdpolicy.c Silence errors in ipa-client/ipa-getkeytab.c, the code looks wrong, but it is actually fine as we count before hand so we never actually use the wrong value that is computed on the last pass when p == 0 Fixes: https://fedorahosted.org/freeipa/ticket/2488
* Only warn if ipa-getkeytab doesn't get all requested enctypes.Rob Crittenden2012-03-041-5/+32
| | | | | | | | Older client machines may request DES keys not supported in newer KDCs. Thsi was causing the entire request to fail as well as client enrollment. https://fedorahosted.org/freeipa/ticket/2424
* Fix coverity issues in client CLI toolsMartin Kosek2011-11-231-2/+12
| | | | | | | | This patch fixes 2 coverity issues: * ipa-client/config.c: CID 11090: Resource leak * ipa-client/ipa-getkeytab.c: CID 11018: Unchecked return value https://fedorahosted.org/freeipa/ticket/2035
* Disable reverse lookups in ipa-join and ipa-getkeytabRob Crittenden2011-08-251-0/+7
| | | | | | This prevents broken DNS from causing enrollment problems. https://fedorahosted.org/freeipa/ticket/1693
* Fix build warningsSimo Sorce2011-08-261-1/+1
| | | | Some are actual bugs.
* Fix duplicate OIDsSimo Sorce2011-02-171-2/+2
| | | | | | | | | | | | | | | Apparently we forgot to check OID consistency between the schema and the extensions, and we got duplicates. Technically the schema was done later but it is easier to change the extensions OIDs than to change the schema of current beta2/rc1 installations. The only side effect is that older ipa-getkeytab and ipa-join binaries will fail. So all the admin/client tools must be upgraded at the same time as well as all the masters (otherwise some will show/accept the new OID while others won't). Fixes: https://fedorahosted.org/freeipa/ticket/976
* Fix filter_keys in ipa-getkeytabJakub Hrozek2011-01-281-2/+6
| | | | https://fedorahosted.org/freeipa/ticket/723
* Mozldap-specific code removedMartin Kosek2011-01-141-4/+0
| | | | | | | | Mozldap code removed from all sources and configure source script. Now, IPA will compile even when package mozldap-devel is not installed on the system. https://fedorahosted.org/freeipa/ticket/756
* Potential memory leaks in ipa-getkeytabMartin Kosek2011-01-141-0/+2
| | | | | | | | This patch fixes 2 situations where a pointer to allocated error string could be overwritten - which could have resulted in a memory leak. https://fedorahosted.org/freeipa/ticket/714
* Unchecked return value in ipa-getkeytabMartin Kosek2011-01-121-3/+15
| | | | | | | | | | | | krb5_init_context return value was not checked. This could lead to unhandled error issues. This patch moves the Kerberos context initialization to the branch where it is needed and handles the error value in a way that allows program exit in a standard way deallocating all resources. https://fedorahosted.org/freeipa/ticket/721
* Do not use LDAP_DEPRECATED in pluginsJakub Hrozek2011-01-071-4/+0
| | | | | | | | | Remove the LDAP_DEPRECATED constant and do not use functions that are marked as deprecated in recent OpenLDAP releases. Also always define WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that depend on that constant. https://fedorahosted.org/freeipa/ticket/576
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-201-5/+5
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* ipa-client code cleanupJakub Hrozek2010-11-221-31/+5
| | | | | | | Fixes errors about implicit function declaration and moves duplicated gettext code into a common module. Also silences some warnings. Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Don't use deprecated ldap_bind_sJakub Hrozek2010-11-221-1/+11
| | | | | | ldap_bind_s is marked as deprecated in new libldap releases. Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Use internal implementation of internal Kerberos functionsJakub Hrozek2010-11-221-4/+6
| | | | | | | | | | | Don't use KRB5_PRIVATE. The patch implements and uses the following krb5 functions that are otherwise private in recent MIT Kerberos releases: * krb5_principal2salt_norealm * krb5_free_ktypes Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Initial gettext support for C utilsSimo Sorce2010-10-121-61/+119
| | | | | | | | Add automatic creation of python an C file lists for potfiles Deletes useless copy of Makefile in install/po Remove duplicate maintainer-clean target Add debug target that prints file lists Unbreak update-po target, merges in patch from John
* ldap_initializeAdam Young2010-08-201-3/+24
| | | | the code was calling ldap_init, which is a deprecated function, and getting a compilation warning. This version uses the recommended function ldap_initilaize.
* Enable a host to retrieve a keytab for all its services.Rob Crittenden2010-08-161-15/+21
| | | | | | | | | | | | | | | | | | | | | | | | Using the host service principal one should be able to retrieve a keytab for other services for the host using ipa-getkeytab. This required a number of changes: - allow hosts in the service's managedby to write krbPrincipalKey - automatically add the host to managedby when a service is created - fix ipa-getkeytab to return the entire prinicpal and not just the first data element. It was returning "host" from the service tgt and not host/ipa.example.com - fix the display of the managedby attribute in the service plugin This led to a number of changes in the service unit tests. I took the opportunity to switch to the Declarative scheme and tripled the number of tests we were doing. This shed some light on a few bugs in the plugin: - if a service had a bad usercertificate it was impossible to delete the service. I made it a bit more flexible. - I added a summary for the mod and find commands - has_keytab wasn't being set in the find output ticket 68
* Add the popt auto-help/usage macro for enhanced help output.Rob Crittenden2010-03-021-1/+2
|
* Enrollment for a host in an IPA domainRob Crittenden2009-09-241-10/+46
| | | | | | | | | | | | This will create a host service principal and may create a host entry (for admins). A keytab will be generated, by default in /etc/krb5.keytab If no kerberos credentails are available then enrollment over LDAPS is used if a password is provided. This change requires that openldap be used as our C LDAP client. It is much easier to do SSL using openldap than mozldap (no certdb required). Otherwise we'd have to write a slew of extra code to create a temporary cert database, import the CA cert, ...
* Fix segfault in ipa-getkeytabRob Crittenden2008-09-241-1/+1
| | | | 463548
* Add 2 features to ipa-getkeytab:Simo Sorce2008-08-211-195/+443
| | | | | 1. Allow to specify the salt type along with the enctype 2. Allow to specify a password instead of forcing a random secret
* Fix some small issues that caused compiler warnings, like uninitialized or ↵Martin Nagy2008-06-301-7/+4
| | | | unused variables or missing krb5 prototypes.
* Fix uninizialized counter, was causing allocation to fail and command toSimo Sorce2008-06-121-0/+1
| | | | return in case any encryption type was explicitly requested
* Fix typo and reorder -q|--quiet so it displays nicer. popt isn't putting it ↵Rob Crittenden2008-06-041-2/+2
| | | | | | on a separate line so moving it up front makes it easier to find. 443014
* remove useless if-before-free testsJim Meyering2008-05-151-1/+1
| | | | | | | | | | | | I've been on a crusade (;-) to remove useless if-before-free tests, so ran a script that spotted some here. I think I removed the first batch (without braces) automatically, then manually removed the ones with curly braces around the free statements. You may well have doubts about the portability of removing those tests, but as long as you don't care about SunOS4 or earlier, you'll be fine. I've done similar things for e.g., coreutils, glibc, and git, and have had no problems.
* This patch begins the process of replacing OpenLDAP with mozldap.W. Michael Petullo2008-05-011-15/+9
| | | | | | | | | FreeIPA relies on RedHat's Directory Server, which uses mozldap. A FreeIPA build using mozldap would reduce the project's dependencies and redundant code. In addition, mozldap uses NSS instead of OpenSSL. This is beneficial for the reasons listed in [1]. [1] http://fedoraproject.org/wiki/FedoraCryptoConsolidation
* Add --permitted-enctypes command and add it to the man page tooSimo Sorce2008-04-081-8/+31
|
* Add --quiet option to ipa-getkeytabSimo Sorce2008-03-051-2/+11
| | | | | | Return message on success Avoid SASL output from being printed Make sure the man page is up to date
* Add switch to be able to provide a comma separate list of encryption typesSimo Sorce2008-02-061-25/+76
| | | | | we want to have in the keytab. This superceedes any default enctype.
* Set the license uniformly to GPLv2 only.Rob Crittenden2008-02-041-1/+19
|
* Big changeset that includes the work around keytab management.Simo Sorce2007-12-211-0/+495
Following the changelog history from my dev tree, some comments are useful imo ------------------------------------------------------ user: Simo Sorce <ssorce@redhat.com> date: Fri Dec 21 03:05:36 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Remove remnants of the initial test tool changeset: 563:4fe574b7bdf1 user: Simo Sorce <ssorce@redhat.com> date: Fri Dec 21 02:58:37 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: Maybe actually encrypting the keys will help :-) changeset: 562:488ded41242a user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:53:50 2007 -0500 files: ipa-server/ipa-install/share/Makefile.am ipa-server/ipa-install/share/default-aci.ldif description: Fixes changeset: 561:4518f6f5ecaf user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:53:32 2007 -0500 files: ipa-admintools/Makefile ipa-admintools/ipa-addservice description: transform the old ipa-getkeytab in a tool to add services as the new ipa-getkeytab won't do it (and IMO it makes more sense to keep the two functions separate anyway). changeset: 559:25a7f8ee973d user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:48:59 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: Bugfixes changeset: 558:28fcabe4aeba user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:48:29 2007 -0500 files: ipa-client/configure.ac ipa-client/ipa-client.spec ipa-client/ipa-client.spec.in ipa-client/ipa-getkeytab.c description: Configure fixes Add ipa-getkeytab to spec Client fixes changeset: 557:e92a4ffdcda4 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:57:10 2007 -0500 files: ipa-client/Makefile.am ipa-client/configure.ac description: Try to make ipa-getkeytab build via autotools changeset: 556:224894175d6b user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:35:56 2007 -0500 files: ipa-admintools/ipa-getkeytab ipa-client/ipa-getkeytab.c description: Messed a bit with hg commands. To make it short: - Remove the python ipa-getkeytab program - Rename the keytab plugin test program to ipa-getkeytab - Put the program in ipa-client as it should be distributed with the client tools changeset: 555:5e1a068f2e90 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:20:40 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Polish the client program changeset: 554:0a5b19a167cf user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 18:53:49 2007 -0500 files: ipa-server/ipa-install/share/default-aci.ldif ipa-server/ipa-install/share/default-keytypes.ldif ipa-server/ipa-install/share/kdc.conf.template ipa-server/ipa-install/share/kerberos.ldif ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c ipa-server/ipaserver/krbinstance.py description: Support retrieving enctypes from LDAP Filter enctypes Update test program changeset: 553:f75d7886cb91 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 00:17:40 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Fix ber generation and remove redundant keys changeset: 552:0769cafe6dcd user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 19:31:37 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Avoid stupid segfault changeset: 551:1acd5fdb5788 user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 18:39:12 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: If ber_peek_tag() returns LBER_ERROR it may just be that we are at the end of the buffer. Unfortunately ber_scanf is broken in the sense that it doesn't actually really consider sequence endings (due probably to the fact they are just representation and do not reflect in the underlieing DER encoding.) changeset: 550:e974fb2726a4 user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 18:35:07 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: First shot at the new method