summaryrefslogtreecommitdiffstats
path: root/src/kadmin/cli
Commit message (Collapse)AuthorAgeFilesLines
* Remove install-oldmanBen Kaduk2012-10-171-5/+0
| | | | | | The old man pages are gone, so we can't install them anymore. Also clean up install and install-unix targets that were installing the old man pages by hand.
* Remove nroff man pagesBen Kaduk2012-10-163-1038/+0
| | | | | | | We generate man pages from RST sources now; they are checked into the tree in src/man/. The gen-manpages directory is no longer needed.
* Policy extensions + new policy: allowed ks typesNicolas Williams2012-07-301-23/+50
| | | | | | | | | | | | | | | | | This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new)
* Fix ugly ladder in src/kadmin/cli/kadmin.cNicolas Williams2012-07-301-144/+112
|
* Allow using locales when gettext is absentBen Kaduk2012-07-061-0/+1
| | | | | | | | | | | Previously, if configure did not detect dgettext(), we disabled anything that smelled like localization, inadvertently including setlocale(). Now that we use setlocale(LC_ALL, ""), we have localized dates available as well as messages, so we should not disable calls to setlocale() any more. Since the routines from locale.h are only used in a relatively small number of places, just include the header directly in those files and remove it from k5-platform.h.
* Enable all localizations in main functionsBen Kaduk2012-07-061-1/+1
| | | | | | | | | | | | | | | Bite the bullet and pass LC_ALL to setlocale() instead of just LC_MESSAGES. Calls to setlocale() itself were introduced in fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but only for LC_MESSAGES since only localized strings were needed and that was the most conservative option. However, klist, kadmin, and kinit (and perhaps others) would benefit from localized formats for times (i.e., LC_TIME). If potentially localized data is being sent on the wire, that is a bug that should be fixed. No such bugs are found with the current test suite, so we are comfortable enabling LC_ALL at this time. ticket: 7192
* Remove orphaned KfM codeGreg Hudson2012-06-211-14/+0
|
* Remove orphaned Apple PKINIT supportGreg Hudson2012-04-261-65/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25830 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin_getprivs replace the non-existing "GET" privilege by "INQUIRE". Zhanna Tsitkov2012-02-151-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25702 dc483132-0cff-0310-8789-dd5450dbe970
* install sphinx-generated manpagesTom Yu2012-01-091-0/+2
| | | | | | | | | | | | | | | | | Install sphinx-generated manpages. Original nroff manpages remain for reference until proofreading is complete. Modify doc/rst_source/conf.py to better deal with shadow manpages -- sphinx will now build k5login.5 instead of .k5login.5, and kadmin.1 instead of both kadmin.1 and kadmin.local.8. Proofreaders should ensure that the original nroff manpages (and associated Makefile rules) are deleted once their reST format equivalents have been proofread. ticket: 7064 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970
* Fix failure interval of 0 in LDAP lockout codeGreg Hudson2011-11-201-2/+3
| | | | | | | | | | | | | | | | A failure count interval of 0 caused krb5_ldap_lockout_check_policy to pass the lockout check (but didn't cause a reset of the failure count in krb5_ldap_lockout_audit). It should be treated as forever, as in the DB2 back end. This bug is the previously unknown cause of the assertion failure fixed in CVE-2011-1528. ticket: 7021 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25480 dc483132-0cff-0310-8789-dd5450dbe970
* Fix month/year units in getdateGreg Hudson2011-11-061-1/+2
| | | | | | | | | | | | | getdate strings like "1 month" or "next year" would fail some of the time, depending on the value of stack garbage, because DSTcorrect() doesn't set *error on success and RelativeMonth() doesn't initialize error. Make DSTcorrect() responsible for setting *error in all cases. ticket: 7003 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25444 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-171-1/+1
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* Man page spelling corrections from ville.skytta@iki.fiGreg Hudson2011-10-021-7/+7
| | | | | | ticket: 6968 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25290 dc483132-0cff-0310-8789-dd5450dbe970
* Add kadmin functionality for string attributesGreg Hudson2011-09-214-0/+161
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25215 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-041-6/+7
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of variables triggering gcc's "defined but not used"Ken Raeburn2011-09-041-4/+0
| | | | | | complaints, almost entirely "rcsid" variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25141 dc483132-0cff-0310-8789-dd5450dbe970
* Define KRB5_TL_DB_ARGS unconditionally in kdb.hGreg Hudson2011-07-261-1/+0
| | | | | | | | | Due to an apparent merge bug, KRB5_TL_DB_ARGS was defined in a SECURID conditional block, and several source files worked around the problem by defining the constant themselves or defining SECURID. Move the definition and remove the workarounds. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25055 dc483132-0cff-0310-8789-dd5450dbe970
* make dependEzra Peisach2011-07-011-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25007 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a minor memory leak in kadminGreg Hudson2011-06-231-10/+11
| | | | | | | | | kadmin_getprinc() was using the variable "canon" for two purposes. After r22785, canon wasn't freed between constructions, so the first value was leaked. Fix by using separate variables for separate strings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24987 dc483132-0cff-0310-8789-dd5450dbe970
* Handle invalid intervals in lockout-related kadmin parametersGreg Hudson2011-06-101-8/+18
| | | | | | ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24966 dc483132-0cff-0310-8789-dd5450dbe970
* Add setlocale() calls to main functionsGreg Hudson2011-06-101-0/+1
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24963 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-103-236/+275
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Document the lockout-related options in kadmin (modprinc -unlock andGreg Hudson2011-05-161-0/+21
| | | | | | | | | | addpol/modpol -maxfailure, -failurecountinterval, and -lockoutduration), in the man page and in admin.texinfo. Based on text submitted by shawn.emery@oracle.com. ticket: 6910 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24932 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin, try using get_date() for lockout-related duration inputs toGreg Hudson2011-05-161-6/+17
| | | | | | | | | | | modpol and addpol, but still allow bare numbers of seconds since that's what we took in 1.8 and 1.9. Use strdur() to display lockout-related durations in getpol. Reported by shawn.emery@oracle.com. ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24931 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-093-9/+7
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-251-8/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* kadmin's ktremove can remove wrong entries when removing kvno 0Greg Hudson2011-02-011-1/+2
| | | | | | | | | | | | | | | | | Because of 8-bit wraparound, keytabs can contain entries with kvno 0. Because 0 is a distinguished kvno value for krb5_kt_get_entry(), kadmin's remove_principal() winds up substituting the specified kvno with the highest-numbered kvno of the specified principal in the keytab. Make sure not to perform this substitution when in specified-kvno mode. (This fix leaves behind a very minor bug where "ktrem principal 0" returns silently, instead of producing an error message like it normally would, if principal exists in the keytab but not at kvno 0.) ticket: 6854 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24611 dc483132-0cff-0310-8789-dd5450dbe970
* Make principal renaming work in libkadm5srv by converting to explicitGreg Hudson2011-01-253-0/+67
| | | | | | | | | | | salts as necessary. Add a principal rename command to the client. (The RPC infrastructure was already present.) Adapted from patches submitted by mdw@umich.edu and lha@apple.com. ticket: 6323 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24604 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-281-1/+1
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Correct typo in r24526Greg Hudson2010-11-221-1/+1
| | | | | | ticket: 6823 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24527 dc483132-0cff-0310-8789-dd5450dbe970
* getdate.y: declare yyparseSam Hartman2010-11-221-0/+1
| | | | | | | | | | | | At least on lucid, byacc doesn't declare yyparse, which creates problems because lucid treats calls to unprototyped functions as errors. ticket: 6823 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24526 dc483132-0cff-0310-8789-dd5450dbe970
* FILE keytabs have been able to handle write operations since krb5 1.7,Greg Hudson2010-10-261-9/+0
| | | | | | | | | | as an apparently unintended side effect of r20594. Clean up the code by combining the identical resolve functions for FILE and WRFILE, and removing the code to set up a WRFILE default keytab name in kadmin.c. Also fixes a slight display bug; k5test.py needs to be adjusted to expect the correct output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24487 dc483132-0cff-0310-8789-dd5450dbe970
* Declare kadmin_purgekeysKen Raeburn2010-10-231-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24475 dc483132-0cff-0310-8789-dd5450dbe970
* Add a kadm5 RPC for purging old keys from the KDB (e.g., fromTom Yu2010-10-083-8/+63
| | | | | | | | | | | | | | | change_password -keepold), and add a kadmin CLI command for it. Keeping ticket open because an automated test needs to be added. Long-term future work includes start/expire dates on keys, or not-yet-valid flags. ticket: 1219 status: open target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24442 dc483132-0cff-0310-8789-dd5450dbe970
* Propagate modprinc -unlock from master to slave KDCsGreg Hudson2010-10-051-26/+52
| | | | | | | | | | | | Create a new tl-data type to hold the time of the last administrative unlock, and factor it into decisions about account lockout. Since tl-data values are propagated from master to slave, this will cause modprinc -unlock operations to reach slave KDCs on the next propagation. ticket: 6795 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-081-5/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* kadmin ktadd may display wrong name of default keytabGreg Hudson2010-06-082-4/+7
| | | | | | | | | | | | | | kadmin's ktadd (and ktrem) displays WRFILE:/etc/krb5.keytab whenever it uses the default keytab, even if the default has been overridden (e.g. by KRB5_KTNAME). Use krb5_kt_get_name to get the correct name of the default cache instead of displaying the string we think was used to open it. ticket: 6740 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24123 dc483132-0cff-0310-8789-dd5450dbe970
* When we display enctypes, display the input name rather than theGreg Hudson2010-06-082-3/+3
| | | | | | | | | description. Affects klist -e, kdb5_util list_mkeys, kdb5_util stash (error message), kadmin getprinc, kadmin ktadd, and ktutil list -e. ticket: 5014 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24122 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-071-10/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an unneeded conditional in the cleanup for kadmin's keytabGreg Hudson2010-05-211-5/+3
| | | | | | add_principal(), squashing a false-positive memory leak from Coverity. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24083 dc483132-0cff-0310-8789-dd5450dbe970
* In getdate.y, remove an error check from r19656 which couldn't everGreg Hudson2010-05-211-2/+0
| | | | | | trigger (Convert() does not use an error parameter). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24082 dc483132-0cff-0310-8789-dd5450dbe970
* Use ANSI-style function definitions in our copy of getdate.yGreg Hudson2010-05-211-37/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24081 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous documentationSam Hartman2010-01-041-1/+20
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23583 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-281-7/+8
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-281-4/+15
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-222-39/+37
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent and manually restore some BSD-style files that wereTom Yu2009-11-041-0/+1
| | | | | | previously incorrectly marked as krb5-style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23126 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-315-41/+42
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Fix printf argument type mismatches related to pw_max_fail inGreg Hudson2009-10-261-4/+5
| | | | | | kadmin.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23044 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 02:59:19 +0000