krb5.git/src/kadmin/server, branch proxymech Unnamed repository; edit this file 'description' to name the repository. Policy extensions + new policy: allowed ks types 2012-07-30T23:11:28+00:00 Nicolas Williams nico@cryptonector.com 2012-07-18T21:27:35+00:00 5829ca2b348974e52a67b553afc7f7491007c33a This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new) 
This simply adds KADM5_API_VERSION_4 and various fields to the
policy structures:

 - attributes         (policy-ish principal attributes)
 - max_life           (max ticket life)
 - max_renewable_life (max ticket renewable life)
 - allowed_keysalts   (allowed key/salt types)
 - TL data            (future policy extensions)

Of these only allowed_keysalts is currently implemented.

Some refactoring of TL data handling is also done.

ticket: 7223 (new)
Allow using locales when gettext is absent 2012-07-06T20:34:28+00:00 Ben Kaduk kaduk@mit.edu 2012-07-06T19:45:20+00:00 7afeca0d0f821e12298d6987a9d1cd65be7539b0 Previously, if configure did not detect dgettext(), we disabled anything that smelled like localization, inadvertently including setlocale(). Now that we use setlocale(LC_ALL, ""), we have localized dates available as well as messages, so we should not disable calls to setlocale() any more. Since the routines from locale.h are only used in a relatively small number of places, just include the header directly in those files and remove it from k5-platform.h. 
Previously, if configure did not detect dgettext(), we disabled
anything that smelled like localization, inadvertently including
setlocale().  Now that we use setlocale(LC_ALL, ""), we have
localized dates available as well as messages, so we should not
disable calls to setlocale() any more.
Since the routines from locale.h are only used in a relatively
small number of places, just include the header directly in those
files and remove it from k5-platform.h.
Enable all localizations in main functions 2012-07-06T18:06:12+00:00 Ben Kaduk kaduk@mit.edu 2012-07-05T18:56:50+00:00 75c7c600b49a7f1d5cf95260fc073cb4ba5929cd Bite the bullet and pass LC_ALL to setlocale() instead of just LC_MESSAGES. Calls to setlocale() itself were introduced in fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but only for LC_MESSAGES since only localized strings were needed and that was the most conservative option. However, klist, kadmin, and kinit (and perhaps others) would benefit from localized formats for times (i.e., LC_TIME). If potentially localized data is being sent on the wire, that is a bug that should be fixed. No such bugs are found with the current test suite, so we are comfortable enabling LC_ALL at this time. ticket: 7192 
Bite the bullet and pass LC_ALL to setlocale() instead of just
LC_MESSAGES.  Calls to setlocale() itself were introduced in
fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but
only for LC_MESSAGES since only localized strings were needed
and that was the most conservative option.
However, klist, kadmin, and kinit (and perhaps others) would benefit
from localized formats for times (i.e., LC_TIME).  If potentially
localized data is being sent on the wire, that is a bug that should
be fixed.  No such bugs are found with the current test suite, so we
are comfortable enabling LC_ALL at this time.

ticket: 7192
Only store master mey list in DAL handle 2012-03-21T16:57:05+00:00 Greg Hudson ghudson@mit.edu 2012-03-21T16:57:05+00:00 57a0c5e6c3c3af0eeed0487d56b53311752a8930 r24314 (#6778) created a hybrid owernship model for the master key list, with one virtual copy stored in the DAL handle and one provided to the caller of krb5_db_fetch_mkey_list. Replace this with a model where only the DAL handle owns the list, and a caller can get access to an alias pointer with a new function krb5_db_mkey_list_alias(). Functions which previously accepted the master key list as an input parameter now expect to find it in the DAL handle. Patch by Will Fiveash <will.fiveash@oracle.com>. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25781 dc483132-0cff-0310-8789-dd5450dbe970 
r24314 (#6778) created a hybrid owernship model for the master key
list, with one virtual copy stored in the DAL handle and one provided
to the caller of krb5_db_fetch_mkey_list.  Replace this with a model
where only the DAL handle owns the list, and a caller can get access
to an alias pointer with a new function krb5_db_mkey_list_alias().
Functions which previously accepted the master key list as an input
parameter now expect to find it in the DAL handle.

Patch by Will Fiveash <will.fiveash@oracle.com>.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25781 dc483132-0cff-0310-8789-dd5450dbe970
Remove admin_keytab references in code and docs 2012-03-04T00:38:48+00:00 Greg Hudson ghudson@mit.edu 2012-03-04T00:38:48+00:00 f938afd6b6f61a96a0aa72c57a280aa721566fe6 The admin keytab hasn't been needed or used by kadmind since 1.4 (except possibly by legacy admin daemons which we no longer ship). Eliminate remaining references to it in code, test cases, and documentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25729 dc483132-0cff-0310-8789-dd5450dbe970 
The admin keytab hasn't been needed or used by kadmind since 1.4
(except possibly by legacy admin daemons which we no longer ship).
Eliminate remaining references to it in code, test cases, and
documentation.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25729 dc483132-0cff-0310-8789-dd5450dbe970
Require IPv6 support 2012-02-28T16:15:56+00:00 Ken Raeburn raeburn@mit.edu 2012-02-28T16:15:56+00:00 666d801d3b1a288f59dc458ea1fb438dc4f4329a The configure-time options to enable and disable IPv6 support have been deprecated for some time, but the checks for OS support were kept. This removes those checks, and unconditionally compiles in the IPv6 support. There was a configure-time test to see if the macro INET6 needed to be defined in order to enable (visibility of) OS support for IPv6, which was needed on an IRIX system we tested with. That check is retained, but the revised code is untested on IRIX. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25719 dc483132-0cff-0310-8789-dd5450dbe970 
The configure-time options to enable and disable IPv6 support have
been deprecated for some time, but the checks for OS support were
kept.  This removes those checks, and unconditionally compiles in the
IPv6 support.

There was a configure-time test to see if the macro INET6 needed to be
defined in order to enable (visibility of) OS support for IPv6, which
was needed on an IRIX system we tested with.  That check is retained,
but the revised code is untested on IRIX.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25719 dc483132-0cff-0310-8789-dd5450dbe970
Access controls for string RPCs [CVE-2012-1012] 2012-02-21T19:14:47+00:00 Greg Hudson ghudson@mit.edu 2012-02-21T19:14:47+00:00 e31c182a5ddbdf21490d18fe308a50d82a7d7453 In the kadmin protocol, make the access controls for get_strings/set_string mirror those of get_principal/modify_principal. Previously, anyone with global list privileges could get or modify string attributes on any principal. The impact of this depends on how generous the kadmind acl is with list permission and whether string attributes are used in a deployment (nothing in the core code uses them yet). CVSSv2 vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:H/RL:O/RC:C ticket: 7093 target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25704 dc483132-0cff-0310-8789-dd5450dbe970 
In the kadmin protocol, make the access controls for
get_strings/set_string mirror those of get_principal/modify_principal.
Previously, anyone with global list privileges could get or modify
string attributes on any principal.  The impact of this depends on how
generous the kadmind acl is with list permission and whether string
attributes are used in a deployment (nothing in the core code uses
them yet).

CVSSv2 vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:H/RL:O/RC:C

ticket: 7093
target_version: 1.10.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25704 dc483132-0cff-0310-8789-dd5450dbe970
install sphinx-generated manpages 2012-01-09T20:13:10+00:00 Tom Yu tlyu@mit.edu 2012-01-09T20:13:10+00:00 bde5e9efadbdf0fb0b2d1dd16efcb83e82e433e4 Install sphinx-generated manpages. Original nroff manpages remain for reference until proofreading is complete. Modify doc/rst_source/conf.py to better deal with shadow manpages -- sphinx will now build k5login.5 instead of .k5login.5, and kadmin.1 instead of both kadmin.1 and kadmin.local.8. Proofreaders should ensure that the original nroff manpages (and associated Makefile rules) are deleted once their reST format equivalents have been proofread. ticket: 7064 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970 
Install sphinx-generated manpages.  Original nroff manpages remain for
reference until proofreading is complete.  Modify
doc/rst_source/conf.py to better deal with shadow manpages -- sphinx
will now build k5login.5 instead of .k5login.5, and kadmin.1 instead
of both kadmin.1 and kadmin.local.8.

Proofreaders should ensure that the original nroff manpages (and
associated Makefile rules) are deleted once their reST format
equivalents have been proofread.

ticket: 7064
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970
Make verto context available to kdcpreauth modules 2011-11-15T02:42:58+00:00 Greg Hudson ghudson@mit.edu 2011-11-15T02:42:58+00:00 cd7796cf4dfdcbd63b021624cb6345347ae59c8b Add an event_context callback to kdcpreauth. Adjust the internal KDC and main loop interfaces to pass around the event context, and expose it to kdcpreauth modules via the rock. ticket: 7019 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25475 dc483132-0cff-0310-8789-dd5450dbe970 
Add an event_context callback to kdcpreauth.  Adjust the internal KDC
and main loop interfaces to pass around the event context, and expose
it to kdcpreauth modules via the rock.

ticket: 7019
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25475 dc483132-0cff-0310-8789-dd5450dbe970
Exit on error in kadmind kprop child 2011-11-04T05:53:23+00:00 Greg Hudson ghudson@mit.edu 2011-11-04T05:53:23+00:00 5510237e36b15e53904b4eb30c3a6eb8e51d6cfa When we fork from kadmind to dump the database and kprop to an iprop slave, if we encounter an error in the child process we should exit rather than returning to the main loop. ticket: 7000 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25433 dc483132-0cff-0310-8789-dd5450dbe970 
When we fork from kadmind to dump the database and kprop to an iprop
slave, if we encounter an error in the child process we should exit
rather than returning to the main loop.

ticket: 7000
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25433 dc483132-0cff-0310-8789-dd5450dbe970