diff options
| author | Tom Yu <tlyu@mit.edu> | 2010-10-08 03:57:28 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2010-10-08 03:57:28 +0000 |
| commit | 1cc59c12550c828d487c622990d83481e8bbb6c5 (patch) | |
| tree | a22d50f4041bfa23ad1001bfa6164626602885ac /src/lib/kadm5/clnt | |
| parent | bd7b3a76ef6ca5485ec8a8b2de4a2a5170356f84 (diff) | |
| download | krb5-1cc59c12550c828d487c622990d83481e8bbb6c5.tar.gz krb5-1cc59c12550c828d487c622990d83481e8bbb6c5.tar.xz krb5-1cc59c12550c828d487c622990d83481e8bbb6c5.zip | |
Add a kadm5 RPC for purging old keys from the KDB (e.g., from
change_password -keepold), and add a kadmin CLI command for it.
Keeping ticket open because an automated test needs to be added.
Long-term future work includes start/expire dates on keys, or
not-yet-valid flags.
ticket: 1219
status: open
target_version: 1.9
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24442 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5/clnt')
| -rw-r--r-- | src/lib/kadm5/clnt/client_principal.c | 23 | ||||
| -rw-r--r-- | src/lib/kadm5/clnt/client_rpc.c | 15 | ||||
| -rw-r--r-- | src/lib/kadm5/clnt/libkadm5clnt_mit.exports | 1 |
3 files changed, 39 insertions, 0 deletions
diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c index 95d5c2dbd3..019c50a28f 100644 --- a/src/lib/kadm5/clnt/client_principal.c +++ b/src/lib/kadm5/clnt/client_principal.c @@ -463,3 +463,26 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, { return EINVAL; } + +kadm5_ret_t +kadm5_purgekeys(void *server_handle, + krb5_principal princ, + int keepkvno) +{ + purgekeys_arg arg; + generic_ret *r; + kadm5_server_handle_t handle = server_handle; + + CHECK_HANDLE(server_handle); + + arg.princ = princ; + arg.keepkvno = keepkvno; + arg.api_version = handle->api_version; + + if (princ == NULL) + return EINVAL; + r = purgekeys_2(&arg, handle->clnt); + if(r == NULL) + eret(); + return r->code; +} diff --git a/src/lib/kadm5/clnt/client_rpc.c b/src/lib/kadm5/clnt/client_rpc.c index 184f154fca..95417a60ce 100644 --- a/src/lib/kadm5/clnt/client_rpc.c +++ b/src/lib/kadm5/clnt/client_rpc.c @@ -326,3 +326,18 @@ init_2(void *argp, CLIENT *clnt) } return (&clnt_res); } + +generic_ret * +purgekeys_2(purgekeys_arg *argp, CLIENT *clnt) +{ + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, PURGEKEYS, + (xdrproc_t) xdr_purgekeys_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); +} diff --git a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports index 5e81580b19..249a3c774c 100644 --- a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports +++ b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports @@ -32,6 +32,7 @@ kadm5_init_with_skey kadm5_lock kadm5_modify_policy kadm5_modify_principal +kadm5_purgekeys kadm5_randkey_principal kadm5_randkey_principal_3 kadm5_rename_principal |