summaryrefslogtreecommitdiffstats
path: root/src/kadmin/cli/kadmin.c
Commit message (Collapse)AuthorAgeFilesLines
* Make salt defaulting work for keysaltsTom Yu2014-01-061-4/+4
| | | | | | | | | | Make krb5_string_to_keysalts() default to only ":" as a key:salt separator character. Change most of its callers to pass NULL so they get the default separators. Adapted from a patch proposed by Jon Looney. ticket: 884
* Use correct default principal for kadmin -nGreg Hudson2013-10-301-6/+14
| | | | | | | | | Use WELLKNOWN/ANONYMOUS@realm as the default principal for kadmin -n, just like we do for kinit -n. ticket: 7741 (new) target_version: 1.12 tags: pullup
* Add kadmin support for principals without keysGreg Hudson2013-07-151-15/+34
| | | | | | | | | Add kadmin support for "addprinc -nokey", which creates a principal with no keys, and "purgekeys -all", which deletes all keys from a principal. The KDC was modified by #7630 to support principals without keys. ticket: 7679 (new)
* Fix kadmin_getpol format stringGreg Hudson2013-03-151-2/+2
| | | | | | | Commit 0780e46fc13dbafa177525164997cd204cc50b51 matched a %ld format string with the integer 0, which is an int rather than a long. Just put 0 in the format string instead. Noted by David Benjamin <davidben@mit.edu>.
* Allow principals to refer to nonexistent policiesGreg Hudson2013-01-091-14/+35
| | | | | | | | | | | | | | Stop using and maintaining the policy_refcnt field, and do not try to prevent deletion of a policy which is still referenced by principals. Instead, allow principals to refer to policy names which do not exist as policy objects; treat those principals as having no associated policy. In the kadmin client, warn if addprinc or modprinc tries to reference a policy which doesn't exist, since the server will no longer error out in this case. ticket: 7385
* Policy extensions + new policy: allowed ks typesNicolas Williams2012-07-301-23/+50
| | | | | | | | | | | | | | | | | This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new)
* Fix ugly ladder in src/kadmin/cli/kadmin.cNicolas Williams2012-07-301-144/+112
|
* Remove orphaned KfM codeGreg Hudson2012-06-211-14/+0
|
* Remove orphaned Apple PKINIT supportGreg Hudson2012-04-261-65/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25830 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin_getprivs replace the non-existing "GET" privilege by "INQUIRE". Zhanna Tsitkov2012-02-151-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25702 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-171-1/+1
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* Add kadmin functionality for string attributesGreg Hudson2011-09-211-0/+127
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25215 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-041-6/+7
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Define KRB5_TL_DB_ARGS unconditionally in kdb.hGreg Hudson2011-07-261-1/+0
| | | | | | | | | Due to an apparent merge bug, KRB5_TL_DB_ARGS was defined in a SECURID conditional block, and several source files worked around the problem by defining the constant themselves or defining SECURID. Move the definition and remove the workarounds. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25055 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a minor memory leak in kadminGreg Hudson2011-06-231-10/+11
| | | | | | | | | kadmin_getprinc() was using the variable "canon" for two purposes. After r22785, canon wasn't freed between constructions, so the first value was leaked. Fix by using separate variables for separate strings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24987 dc483132-0cff-0310-8789-dd5450dbe970
* Handle invalid intervals in lockout-related kadmin parametersGreg Hudson2011-06-101-8/+18
| | | | | | ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24966 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-101-191/+224
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin, try using get_date() for lockout-related duration inputs toGreg Hudson2011-05-161-6/+17
| | | | | | | | | | | modpol and addpol, but still allow bare numbers of seconds since that's what we took in 1.8 and 1.9. Use strdur() to display lockout-related durations in getpol. Reported by shawn.emery@oracle.com. ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24931 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-091-3/+3
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make principal renaming work in libkadm5srv by converting to explicitGreg Hudson2011-01-251-0/+63
| | | | | | | | | | | salts as necessary. Add a principal rename command to the client. (The RPC infrastructure was already present.) Adapted from patches submitted by mdw@umich.edu and lha@apple.com. ticket: 6323 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24604 dc483132-0cff-0310-8789-dd5450dbe970
* FILE keytabs have been able to handle write operations since krb5 1.7,Greg Hudson2010-10-261-9/+0
| | | | | | | | | | as an apparently unintended side effect of r20594. Clean up the code by combining the identical resolve functions for FILE and WRFILE, and removing the code to set up a WRFILE default keytab name in kadmin.c. Also fixes a slight display bug; k5test.py needs to be adjusted to expect the correct output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24487 dc483132-0cff-0310-8789-dd5450dbe970
* Add a kadm5 RPC for purging old keys from the KDB (e.g., fromTom Yu2010-10-081-0/+47
| | | | | | | | | | | | | | | change_password -keepold), and add a kadmin CLI command for it. Keeping ticket open because an automated test needs to be added. Long-term future work includes start/expire dates on keys, or not-yet-valid flags. ticket: 1219 status: open target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24442 dc483132-0cff-0310-8789-dd5450dbe970
* Propagate modprinc -unlock from master to slave KDCsGreg Hudson2010-10-051-26/+52
| | | | | | | | | | | | Create a new tl-data type to hold the time of the last administrative unlock, and factor it into decisions about account lockout. Since tl-data values are propagated from master to slave, this will cause modprinc -unlock operations to reach slave KDCs on the next propagation. ticket: 6795 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
* When we display enctypes, display the input name rather than theGreg Hudson2010-06-081-2/+2
| | | | | | | | | description. Affects klist -e, kdb5_util list_mkeys, kdb5_util stash (error message), kadmin getprinc, kadmin ktadd, and ktutil list -e. ticket: 5014 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24122 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-281-7/+8
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-281-4/+15
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-311-22/+22
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Fix printf argument type mismatches related to pw_max_fail inGreg Hudson2009-10-261-4/+5
| | | | | | kadmin.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23044 dc483132-0cff-0310-8789-dd5450dbe970
* Account lockoutGreg Hudson2009-10-251-7/+48
| | | | | | | | | | | | Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
* Update the kadmin client code to most current coding practicesGreg Hudson2009-09-241-1230/+1014
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22785 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a braino in r22782: we don't use strcpy even safely; use strlcpyGreg Hudson2009-09-221-1/+1
| | | | | | instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22783 dc483132-0cff-0310-8789-dd5450dbe970
* Improve the mechanism used for addprinc -randkey. In the kadminGreg Hudson2009-09-211-43/+61
| | | | | | | | server, if the password is null when creating a principal, treat that as a request for a random key. In the kadmin client, try using the new method for random key creation and then fall back to the old one. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22782 dc483132-0cff-0310-8789-dd5450dbe970
* Fix addprinc -randkey when policy requires multiple character classesGreg Hudson2009-09-211-6/+7
| | | | | | | | | | | | | The fix for ticket #6074 (r20650) caused a partial regression of ticket #115 (r9210) because the dummy password contained only one character class. As a minimal 1.7 fix, use all five character classes in the dummy password. ticket: 6568 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22781 dc483132-0cff-0310-8789-dd5450dbe970
* Implement s4u extensionsGreg Hudson2009-09-131-3/+7
| | | | | | | | | Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
* Modify kadm5 initializers to accept krb5 contextsGreg Hudson2009-08-171-3/+3
| | | | | | | | | | Add krb5_context parameters to all kadm5 initialization functions. This allows extended error information to be retrieved by the caller when an error is returned. ticket: 6547 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22527 dc483132-0cff-0310-8789-dd5450dbe970
* Move KRB5_KDB_OK_AS_DELEGATE from kdb_ext.h to kdb.h. Add kadminGreg Hudson2009-04-271-1/+9
| | | | | | | | | | | support for the flag. In the KDC, remove the restriction on returning the flag on cross-realm TGTs since there is now a defined meaning for that (it allows ok-as-delegate to be honored on the foreign realm's service tickets). ticket: 5596 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22281 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-021-1/+1
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* Master Key Migration ProjectWill Fiveash2009-01-301-0/+2
| | | | | | | | | | | | | | | Commit for the Master Key Migration Project. http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration This commit provides the ability to add a new master key (with an enctype differing from the current master key) to the master key principal and stash file and then migrate the encryption of existing principals long term keys to use the new master key. In addition deletion of master keys is provided. ticket: 6354 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin, free the correct item in an error case (fixes a double-freeGreg Hudson2009-01-231-1/+1
| | | | | | and a memory leak). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21783 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-031-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Add prototype for kadm5_init_iprop. FOr the client - adds a dummy argument Ezra Peisach2008-12-161-1/+1
| | | | | | which is ignored. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21480 dc483132-0cff-0310-8789-dd5450dbe970
* Convert many uses of sprintf to snprintf or asprintfGreg Hudson2008-12-011-17/+19
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21258 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a kadmin bug introduced in a recent set of string handlingGreg Hudson2008-11-061-1/+1
| | | | | | | | | conversions. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21019 dc483132-0cff-0310-8789-dd5450dbe970
* Convert many uses of strcpy/strcat (and sometimes sprintf) to acceptedGreg Hudson2008-11-051-10/+9
| | | | | | | | | string-handling functions. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21001 dc483132-0cff-0310-8789-dd5450dbe970
* Use asprintf instead of malloc/strcpy/strcat in many placesGreg Hudson2008-10-201-30/+9
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20901 dc483132-0cff-0310-8789-dd5450dbe970
* Finished KLL to KIM shim.Alexandra Ellwood2008-10-011-5/+6
| | | | | | | | Switched krb5 code to using it. ticket: 6134 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20796 dc483132-0cff-0310-8789-dd5450dbe970
* Use a valid UTF8 password for randkey passwordAlexandra Ellwood2008-08-131-5/+9
| | | | | | | | KfM RC4 string to key function expects password to be valid UTF8 ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20650 dc483132-0cff-0310-8789-dd5450dbe970
* Merge from branch sun-ipropKen Raeburn2008-06-241-1/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465 dc483132-0cff-0310-8789-dd5450dbe970
* Apple PKINIT patch commitAlexandra Ellwood2008-05-301-6/+89
| | | | | | | | | | | | | Commit of Apple PKINIT patches under "APPLE_PKINIT" preprocessor symbol. Long term goal is to merge these patches with the pkinit preauth plugin which does not currently have support for Mac OS X crypto libraries or the exported functions used by Back To My Mac. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20346 dc483132-0cff-0310-8789-dd5450dbe970
* fixed mispelling in kadmin error messageAlexandra Ellwood2007-10-161-1/+1
| | | | | | ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20126 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 19:32:37 +0000