krb5.git/src/lib/kdb/libkdb5.exports, branch master Unnamed repository; edit this file 'description' to name the repository. Lock around more ulog operations 2014-02-20T20:55:49+00:00 Greg Hudson ghudson@mit.edu 2014-01-23T16:34:52+00:00 71d028f1054deb186807e7c8048218b82b478422 Always lock the ulog when accessing it. We can currently get away with some laxness on iprop slaves because they are mostly synchronous, but hierarchical iprop will allow master and slave operations to take place concurrently, requiring more strict locking. Add new functions ulog_get_last and ulog_set_last, which access the ulog header with locking, and use them in kdb5_util and kpropd. Add locking to ulog_replay and ulog_init_header. ulog_lock and ulog_sync_header are no longer used outside of kdb_log.c after these changes, so make them static functions and remove the ulog_ prefix. Add an unlock_ulog function for clarity. 
Always lock the ulog when accessing it.  We can currently get away
with some laxness on iprop slaves because they are mostly synchronous,
but hierarchical iprop will allow master and slave operations to take
place concurrently, requiring more strict locking.

Add new functions ulog_get_last and ulog_set_last, which access the
ulog header with locking, and use them in kdb5_util and kpropd.  Add
locking to ulog_replay and ulog_init_header.

ulog_lock and ulog_sync_header are no longer used outside of kdb_log.c
after these changes, so make them static functions and remove the
ulog_ prefix.  Add an unlock_ulog function for clarity.
Factor out ulog serial number status check 2014-02-20T20:55:48+00:00 Greg Hudson ghudson@mit.edu 2014-01-20T23:46:52+00:00 d1f9aa3737b2b3e62b5c5ed488d6112b7ce8a5ad Add a new function ulog_get_sno_status, which checks a serial number and timestamp against the ulog for currency. Use it in kdb5_util dump and in ulog_get_entries. Adjust parse_iprop_header's contract in dump.c to better match the ulog_get_sno_status contract. This change causes some minor behavior differences. kadmind will check for an empty ulog unless the last serial number matches exactly, and will never set lastentry when returning UPDATE_FULL_RESYNC_NEEDED (which was pointless). kdb5_util dump will recognize a dump file as current if it exactly matches the last serial number, even if the ulog is empty; it will be more robust in the presence of non-monotonic clocks; and it will properly lock around the ulog access. 
Add a new function ulog_get_sno_status, which checks a serial number
and timestamp against the ulog for currency.  Use it in kdb5_util dump
and in ulog_get_entries.  Adjust parse_iprop_header's contract in
dump.c to better match the ulog_get_sno_status contract.

This change causes some minor behavior differences.  kadmind will
check for an empty ulog unless the last serial number matches exactly,
and will never set lastentry when returning UPDATE_FULL_RESYNC_NEEDED
(which was pointless).  kdb5_util dump will recognize a dump file as
current if it exactly matches the last serial number, even if the ulog
is empty; it will be more robust in the presence of non-monotonic
clocks; and it will properly lock around the ulog access.
Add test case for ulog serial number wrapping 2014-01-30T23:33:09+00:00 Greg Hudson ghudson@mit.edu 2014-01-30T17:26:09+00:00 b8a0c995d2a72cbfd2500de89e395e1ee10fc8e0 Add a unit test program named t_ulog. Make it map a ulog file, set up header state where kdb_last_sno is the last serial number, and then add an empty update. Check that the result is a ulog header with one update at serial number 1. ticket: 7839 
Add a unit test program named t_ulog.  Make it map a ulog file, set up
header state where kdb_last_sno is the last serial number, and then
add an empty update.  Check that the result is a ulog header with one
update at serial number 1.

ticket: 7839
Fix iprop log reinitialization 2013-01-22T22:49:50+00:00 Greg Hudson ghudson@mit.edu 2013-01-22T22:42:37+00:00 7665c0677b59574c2c7ccd016221f8f4beafd279 If the master iprop log is reinitialized to serial number 0, slaves will need to take a full dump--but after that happens, we need to know whether the slave has taken that full dump, we we don't offering full dumps indefinitely. So, record a timestamp in kdb_last_time when we reinitialize the log header, and compare the slave timestamp to kdb_last_time whenever it has the current serial number, even if it's 0. Test this by performing a propagation with sno 0 in t_iprop.py and detecting whether kpropd gets a second UPDATE_FULL_RESYNC_NEEDED response from kadmind. ticket: 7550 (new) 
If the master iprop log is reinitialized to serial number 0, slaves
will need to take a full dump--but after that happens, we need to know
whether the slave has taken that full dump, we we don't offering full
dumps indefinitely.

So, record a timestamp in kdb_last_time when we reinitialize the log
header, and compare the slave timestamp to kdb_last_time whenever it
has the current serial number, even if it's 0.  Test this by
performing a propagation with sno 0 in t_iprop.py and detecting
whether kpropd gets a second UPDATE_FULL_RESYNC_NEEDED response from
kadmind.

ticket: 7550 (new)
Use a single global dump for iprop full syncs 2012-10-05T17:54:20+00:00 Nicolas Williams nico@cryptonector.com 2012-08-17T23:19:31+00:00 4fd4144b3222b060f3e9928a9cb4587df9979539 Use a global dump (the default dump file) for full syncs for iprop. When a slave asks for a fullsync we kprop the existing global dump to it if that is good enough, else we dump the DB and send the new global dump. Before this change kadmind would run kdb5_util dump -i... each time a slave asked for a full dump. This was done in a sub-process, thankfully, but it was still a waste of time and storage (e.g., if one has a huge KDB). Also, long dump times might cause a slave to give up (the timeout for this is now configurable). But since iprop dumps bear a serial number and timestamp and since slaves will resync from that point forward, it doesn't matter if the dump we send a slave is fresh as long as it is fresh enough (i.e., that its sno and timestamp are in the ulog). Also: - Rename dumps into place instead of unlink, create, write (but we still keep the dump ok files as lock files and as a method of signaling to kprop that the dump is complete). ticket: 7371 
Use a global dump (the default dump file) for full syncs for iprop.
When a slave asks for a fullsync we kprop the existing global dump to it
if that is good enough, else we dump the DB and send the new global
dump.

Before this change kadmind would run kdb5_util dump -i... each time a
slave asked for a full dump.  This was done in a sub-process,
thankfully, but it was still a waste of time and storage (e.g., if one
has a huge KDB).

Also, long dump times might cause a slave to give up (the timeout for
this is now configurable).  But since iprop dumps bear a serial number
and timestamp and since slaves will resync from that point forward, it
doesn't matter if the dump we send a slave is fresh as long as it is
fresh enough (i.e., that its sno and timestamp are in the ulog).

Also:

 - Rename dumps into place instead of unlink, create, write (but we
   still keep the dump ok files as lock files and as a method of
   signaling to kprop that the dump is complete).

ticket: 7371
Policy extensions + new policy: allowed ks types 2012-07-30T23:11:28+00:00 Nicolas Williams nico@cryptonector.com 2012-07-18T21:27:35+00:00 5829ca2b348974e52a67b553afc7f7491007c33a This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new) 
This simply adds KADM5_API_VERSION_4 and various fields to the
policy structures:

 - attributes         (policy-ish principal attributes)
 - max_life           (max ticket life)
 - max_renewable_life (max ticket renewable life)
 - allowed_keysalts   (allowed key/salt types)
 - TL data            (future policy extensions)

Of these only allowed_keysalts is currently implemented.

Some refactoring of TL data handling is also done.

ticket: 7223 (new)
Only store master mey list in DAL handle 2012-03-21T16:57:05+00:00 Greg Hudson ghudson@mit.edu 2012-03-21T16:57:05+00:00 57a0c5e6c3c3af0eeed0487d56b53311752a8930 r24314 (#6778) created a hybrid owernship model for the master key list, with one virtual copy stored in the DAL handle and one provided to the caller of krb5_db_fetch_mkey_list. Replace this with a model where only the DAL handle owns the list, and a caller can get access to an alias pointer with a new function krb5_db_mkey_list_alias(). Functions which previously accepted the master key list as an input parameter now expect to find it in the DAL handle. Patch by Will Fiveash <will.fiveash@oracle.com>. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25781 dc483132-0cff-0310-8789-dd5450dbe970 
r24314 (#6778) created a hybrid owernship model for the master key
list, with one virtual copy stored in the DAL handle and one provided
to the caller of krb5_db_fetch_mkey_list.  Replace this with a model
where only the DAL handle owns the list, and a caller can get access
to an alias pointer with a new function krb5_db_mkey_list_alias().
Functions which previously accepted the master key list as an input
parameter now expect to find it in the DAL handle.

Patch by Will Fiveash <will.fiveash@oracle.com>.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25781 dc483132-0cff-0310-8789-dd5450dbe970
Refactor salt computation into libkdb5 2011-10-24T15:09:32+00:00 Greg Hudson ghudson@mit.edu 2011-10-24T15:09:32+00:00 7fc21c4a4a6ef8a88567f166eda1fe73784686c7 Add a new API krb5_dbe_compute_salt() to determine the salt for a key data entry, and use it in the three places we currently compute salts. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25410 dc483132-0cff-0310-8789-dd5450dbe970 
Add a new API krb5_dbe_compute_salt() to determine the salt for a key
data entry, and use it in the three places we currently compute salts.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25410 dc483132-0cff-0310-8789-dd5450dbe970
Add KRB5_TL_STRING_ATTRS and libkdb5 accessors 2011-09-21T16:28:54+00:00 Greg Hudson ghudson@mit.edu 2011-09-21T16:28:54+00:00 237e57c297708c8009cf2af4833b78abc4e05bbc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25214 dc483132-0cff-0310-8789-dd5450dbe970 
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25214 dc483132-0cff-0310-8789-dd5450dbe970
Propagate modprinc -unlock from master to slave KDCs 2010-10-05T14:53:09+00:00 Greg Hudson ghudson@mit.edu 2010-10-05T14:53:09+00:00 96f2a016991c199be477b6abd48824ec1cb6641f Create a new tl-data type to hold the time of the last administrative unlock, and factor it into decisions about account lockout. Since tl-data values are propagated from master to slave, this will cause modprinc -unlock operations to reach slave KDCs on the next propagation. ticket: 6795 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970 
Create a new tl-data type to hold the time of the last administrative
unlock, and factor it into decisions about account lockout.  Since
tl-data values are propagated from master to slave, this will cause
modprinc -unlock operations to reach slave KDCs on the next
propagation.

ticket: 6795

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970