summaryrefslogtreecommitdiffstats
path: root/src/kadmin
Commit message (Collapse)AuthorAgeFilesLines
...
* In getdate.y, remove an error check from r19656 which couldn't everGreg Hudson2010-05-211-2/+0
| | | | | | trigger (Convert() does not use an error parameter). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24082 dc483132-0cff-0310-8789-dd5450dbe970
* Use ANSI-style function definitions in our copy of getdate.yGreg Hudson2010-05-211-37/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24081 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of some kdb5_util load code which is no longer useful afterGreg Hudson2010-05-041-32/+1
| | | | | | the introduction of the DAL. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23971 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unused format string definitions from kdb5_util's dump.cGreg Hudson2010-05-041-14/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23970 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate some uses of variables as format strings. Based on a patchGreg Hudson2010-05-031-1/+1
| | | | | | | | from Guillaume Rousse <Guillaume.Rousse@inria.fr>. ticket: 6714 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23963 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the use of variables for format strings in kdb5_util. ManyGreg Hudson2010-05-038-140/+8
| | | | | | | | | | | were unused, and localization will probably be done through _() macros, not collecting all the strings together. Elminates a number of format-security static analysis defects. ticket: 6714 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23962 dc483132-0cff-0310-8789-dd5450dbe970
* Always pass -W option to kdb5_util create in testingKen Raeburn2010-03-271-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23838 dc483132-0cff-0310-8789-dd5450dbe970
* Merge users/raeburn/branches/network-mergeKen Raeburn2010-03-177-2147/+146
| | | | | | | | | | Re-integrates the forked versions of network.c in kdc and kadmin/server. Server-specific initialization and SIGHUP-reset code is moved into other source files; the more generic network-servicing code is merged and moved into apputils library already used by both programs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23811 dc483132-0cff-0310-8789-dd5450dbe970
* Fix minor error-handling bug in r23676Greg Hudson2010-01-311-1/+1
| | | | | | ticket: 6650 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23679 dc483132-0cff-0310-8789-dd5450dbe970
* Handle migration from pre-1.7 databases with master key kvno != 1Greg Hudson2010-01-281-2/+8
| | | | | | | | | | | | | | | | | | | | krb5_dbe_lookup_mkvno assumes an mkvno of 1 for entries with no explicit tl_data. We've seen at least one pre-1.7 KDB with a master kvno of 0, violating this assumption. Fix this as follows: * krb5_dbe_lookup_mkvno outputs 0 instead of 1 if no tl_data exists. * A new function krb5_dbe_get_mkvno translates this 0 value to the minimum version number in the mkey_list. (krb5_dbe_lookup_mkvno cannot do this as it doesn't take the mkey_list as a parameter.) * Call sites to krb5_dbe_lookup_mkvno are converted to krb5_dbe_get_mkvno, except for an LDAP case where it is acceptable to store 0 if the mkvno is unknown. ticket: 6650 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23676 dc483132-0cff-0310-8789-dd5450dbe970
* disable weak crypto by defaultTom Yu2010-01-051-1/+0
| | | | | | | | | Set allow_weak_crypto=false by default. Set default master key enctype to sha256. Adjust test suite to compensate. ticket: 6621 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous documentationSam Hartman2010-01-041-1/+20
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23583 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize variables in case of error path winds up freeing stack garbageEzra Peisach2010-01-031-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23571 dc483132-0cff-0310-8789-dd5450dbe970
* Some unsigned/signed warning cleanupEzra Peisach2010-01-032-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23568 dc483132-0cff-0310-8789-dd5450dbe970
* Unsigned/signed cleanupEzra Peisach2010-01-011-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23561 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new -P option to krb5kdc and kadmind which, if given, specifiesRuss Allbery2010-01-012-0/+59
| | | | | | | | | the path to which to write the PID file of the daemon after it finishes initializing. Ticket: 6618 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23560 dc483132-0cff-0310-8789-dd5450dbe970
* Fix spelling and hyphen errors in man pagesRuss Allbery2009-12-311-3/+3
| | | | | | | | | | | Fix spelling errors in man pages detected by Debian's Lintian program. Also escape some -'s that are intended to be literal ASCII dashes and not Unicode hyphens so that groff won't change them into true hyphens. ticket: 6616 component: krb5-doc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23554 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-281-7/+8
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-281-4/+15
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* Reformat new commentsKen Raeburn2009-12-031-14/+20
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23441 dc483132-0cff-0310-8789-dd5450dbe970
* fix slow behavior on Mac OS X with link-local addressesKen Raeburn2009-12-031-10/+48
| | | | | | | | | | | | | | | | | | | | | | | | | When using my previous patch, if a local hostname like "foobar.local" is looked up, you may get back a link-local IPv6 address. However, the KDC seems to be unable to respond from that address, resulting in a ~1s delay for each KDC exchange while waiting for the client to fail over to another address (in my case, another IPv6 address). Create a new object for holding whatever auxiliary information might be needed to properly transmit the response to the client. Currently, that only means the interface index number under IPv6. Fill it in on receipt, always; copy it back to the pktinfo structure when transmitting, ONLY if the local source address is link-local. If an error occurs while transmitting the reply, print both the remote destination address and the local source address. Use getnameinfo instead of inet_ntop. Apply the same changes to kadmind, to keep the versions of network.c more or less in sync. ticket: 6591 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23440 dc483132-0cff-0310-8789-dd5450dbe970
* allow testing even if name->addr->name mapping doesn't workKen Raeburn2009-12-032-5/+4
| | | | | | | | | | | | | | | Many of the tests are set up to fail if the local hostname can't be mapped to an address and back to a name again. If the name results in an address, and we can get a fully-qualified name or something that looks like it, though, we should be able to just go ahead and run some tests. This is also closer to the current behavior of sname_to_principal when reverse DNS is enabled. ticket: 6590 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23439 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-2214-289/+276
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* Use "unsigned short" instead of "u_short" in argument to SET macro;Ken Raeburn2009-11-041-8/+13
| | | | | | | | | the Emacs cc-mode indentation code seems to get confused by the one-word case. Reindent. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23129 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent and manually restore some BSD-style files that wereTom Yu2009-11-043-1/+4
| | | | | | previously incorrectly marked as krb5-style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23126 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent after making fixes for emacs-23Tom Yu2009-11-034-8/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23123 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-3133-8481/+8492
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Fix printf argument type mismatches related to pw_max_fail inGreg Hudson2009-10-261-4/+5
| | | | | | kadmin.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23044 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the telnet-to-localhost sanity check in start_servers_local, asGreg Hudson2009-10-261-71/+27
| | | | | | | | the system telnet will not necessarily run correctly with LD_LIBRARY_PATH pointing at the Kerberos libraries from the build tree. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23042 dc483132-0cff-0310-8789-dd5450dbe970
* Account lockoutGreg Hudson2009-10-2512-84/+375
| | | | | | | | | | | | Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
* Move destest to builtin/des, because it depends on overriding someTom Yu2009-10-104-54/+61
| | | | | | | | internals. Make depend. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
* Add keytab_local.c to the kadmin client SRCS variable, so that weGreg Hudson2009-09-252-1/+20
| | | | | | | generate dependencies for its object file. This change causes kadmin.local to be properly rebuilt when keytab.c changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22789 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a few bugs in kadmin's keytab.c from r22785Greg Hudson2009-09-251-13/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22788 dc483132-0cff-0310-8789-dd5450dbe970
* Update the kadmin client code to most current coding practicesGreg Hudson2009-09-243-1629/+1408
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22785 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a braino in r22782: we don't use strcpy even safely; use strlcpyGreg Hudson2009-09-221-1/+1
| | | | | | instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22783 dc483132-0cff-0310-8789-dd5450dbe970
* Improve the mechanism used for addprinc -randkey. In the kadminGreg Hudson2009-09-211-43/+61
| | | | | | | | server, if the password is null when creating a principal, treat that as a request for a random key. In the kadmin client, try using the new method for random key creation and then fall back to the old one. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22782 dc483132-0cff-0310-8789-dd5450dbe970
* Fix addprinc -randkey when policy requires multiple character classesGreg Hudson2009-09-211-6/+7
| | | | | | | | | | | | | The fix for ticket #6074 (r20650) caused a partial regression of ticket #115 (r9210) because the dummy password contained only one character class. As a minimal 1.7 fix, use all five character classes in the dummy password. ticket: 6568 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22781 dc483132-0cff-0310-8789-dd5450dbe970
* Implement s4u extensionsGreg Hudson2009-09-131-3/+7
| | | | | | | | | Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up a little bit of test suite spew in env-setup: first, whenGreg Hudson2009-08-281-12/+6
| | | | | | | | using BSD options with ps, they should not be prefixed with a '-'; second, the Linux ps supports both BSD and System V options, so change the structure of the tests not to warn when both forms work. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22647 dc483132-0cff-0310-8789-dd5450dbe970
* Remove bogus conditional from tcl_kadm5_randkey_principal(), which wasTom Yu2009-08-281-1/+1
| | | | | | | | | causing unparse_keyblocks() to get stack garbage as num_keys when num_var was "null", thus overrunning the end of the array. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22645 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2009-08-212-11/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22571 dc483132-0cff-0310-8789-dd5450dbe970
* Modify kadm5 initializers to accept krb5 contextsGreg Hudson2009-08-174-7/+7
| | | | | | | | | | Add krb5_context parameters to all kadm5 initialization functions. This allows extended error information to be retrieved by the caller when an error is returned. ticket: 6547 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22527 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused variables resulting from r22521, and also remove theGreg Hudson2009-08-171-1/+0
| | | | | | | | unused file svr_misc_free.c. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22523 dc483132-0cff-0310-8789-dd5450dbe970
* Remove kadmin v1 API supportGreg Hudson2009-08-1334-3977/+103
| | | | | | | | | | | | | | | The kadmin v1 API and the even older ovsec_kadm_* API were legacy when kadmin was first incorporated in 1996, and compatibility with them is no longer believed to be necessary. The uninstalled kadmin/passwd has been removed (since it used the ovsec API). The test suite has been updated to use the v2 API where appropriate, and the parts specifically designed to test the old API have been excised. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22521 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the LDAP build, which was broken by the build reordering inGreg Hudson2009-08-071-1/+2
| | | | | | | | r22406. Build kdb5_util's getdate from the kadmin/cli getdate source, instead of borrowing the object file from the kadmin/cli build directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22501 dc483132-0cff-0310-8789-dd5450dbe970
* Get "make depend" to work in an unbuilt source tree, since bad depsGreg Hudson2009-08-032-0/+3
| | | | | | | | files can make it difficult to build the tree. To do this, make the depends target depend on generated header files and on header file copies or links into the main include directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new '-W' option to kadmind and kdb5_util create to allow readingTom Yu2009-07-103-3/+12
| | | | | | | | | | | weak random numbers on startup, to avoid long delays in testing situations. Use only for testing. Update testing scripts accordingly. ticket: 1233 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22434 dc483132-0cff-0310-8789-dd5450dbe970
* Make datetest buildable againTom Yu2009-07-092-3/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22432 dc483132-0cff-0310-8789-dd5450dbe970
* man1 in title header for man1 manpagesSam Hartman2009-05-074-4/+4
| | | | | | | | | | | | A previous ticket moved kadmin, kadmin.local, ktutil and k5srvutil man pages to man1 from man8. This updates the section within the man page. ticket: 6483 Target_Version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22324 dc483132-0cff-0310-8789-dd5450dbe970
* Move KRB5_KDB_OK_AS_DELEGATE from kdb_ext.h to kdb.h. Add kadminGreg Hudson2009-04-272-1/+19
| | | | | | | | | | | support for the flag. In the KDC, remove the restriction on returning the flag on cross-realm TGTs since there is now a defined meaning for that (it allows ok-as-delegate to be honored on the foreign realm's service tickets). ticket: 5596 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22281 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 17:00:06 +0000