| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Found by clang's warnings.
ticket: 7591 (new)
target_version: 1.11.2
tags: pullup
|
|
|
|
|
|
| |
and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kdb_dbe_decrypt_key_data
Previously, code needed to run a loop to find the current master key,
possibly fetch a new master key list and try finding the master key
again around each key decryption. This was not universally done;
there are cases where only the current master key was used. In
addition, the correct ideom for decrypting key data is too complicated
and is potentially unavailable to plugins that do not have access to
the master key. Instead, store the master key list in the dal_handle
whenever it is fetched and permit a NULL master key for
krb5_dbe_decrypt_key_data.
* Remove APIs for krb5_db_{get|set}_mkey_list
* krb5_db_fetch_mkey_list: memoize master key list in dal_handle
* krb5_db_free_mkey_list: don't free the memoized list; arrange for it to be freed later
* krb5_dbe_decrypt_key_data: Search for correct master key on NULL argument
* change call sites to take advantage
ticket: 6778
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24314 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
free_principal, delete_principal, and get_policy. Make get_principal
allocate the DB entry container. Fold krb5_db_get_principal_ext into
krb5_db_get_principal.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
just use the krb5_dbe prefix.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit for the Master Key Migration Project.
http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration
This commit provides the ability to add a new master key (with an
enctype differing from the current master key) to the master key
principal and stash file and then migrate the encryption of existing
principals long term keys to use the new master key. In addition
deletion of master keys is provided.
ticket: 6354
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
char* and calls free.
Replace most uses, outside of the LDAP KDB plugin, which doesn't build
on my test system of the moment because of version dependencies. Add
one explicit cast to make the change warning-neutral (under gcc 4.0.1
on Mac OS X 10.5.6).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21812 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
At least in cases other than tgts, this code handles its own enctype matching, so kvno not found is the only
thing that produces the no matching key error.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21718 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
ticket: 6200
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Will probably break things.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17258 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
to krb5_boolean to match prototype for as argument to
krb5_c_enctype_compare.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16361 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
after it's been set.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16229 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15910 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
* keytab.c (is_xrealm_tgt): Use strncmp instead of strcmp - as
principal and realm name do not need to be null terminated.
ticket: new
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15466 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
* keytab.c (krb5_ktkdb_get_entry): Do not perform the enctype
comparison if the requested enctype is a wildcard.
ticket: new
status: open
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15295 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reenable (-X) which prints a warning that you are creating a security
hole.
Remove support for generating krb4 tickets encrypted using 3DES
service keys as it is insecure. They are still accepted however.
The KDc is much more strict about accepting only tickets that it would
have issued in the current configuration. In particular if the KDC
would choose some enctype for writing a TGT, other enctypes will not
be accepted when using a TGT.
Ticket: 1385
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kadmind previously required a file-based keytab to support its use of
gssapi. For ease of administration, a kdb-based keytab would be
beneficial.
This commit includes changes to the kdb library to support this goal,
as well as actual changes in the kadmind itself.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15237 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
storage architecture for 1.3.
ticket: 1193
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15168 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
DISALLOW_ALL_TIX and DISALLOW_SVR when looking up keys.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14727 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
aren't in permitted_enctypes. This prevents the KDC from issuing
a ticket whose enctype that it won't accept.
* keytab.c (krb5_ktkdb_get_entry): For now, coerce enctype of
output keyblock in case we got a match on a similar enctype.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13855 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
don't worry about restoring them when importing new versions of code.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13792 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* kdb_dbm.c (krb5_dbm_db_get_principal, krb5_dbm_db_delete_principal):
Incoming principal is const.
* kdb_xdr.c (krb5_dbe_update_mod_princ_data, krb5_encode_princ_dbkey):
Incoming principal is const.
* kdb_db2.h (krb5_db2_db_get_principal): Change prototype to const
principal.
* kdb_db2.c (krb5_db2_db_get_principal, krb5_db2_db_delete_principal):
The search for principal is const.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10192 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Makefile.in: Bump version due to major reworking.
* kdb_db2.h:
* kdb_db2.c: Add Berkely DB backend.
* keytab.c: Add support for new kdb API; delete dead arguments.
* kdb_xdr.c: Remove dependencies on dbm; encode things to
krb5_datas rather than datums.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10130 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
won't error out. Also, some gcc -Wall warning
cleanups. [krb5-kdc/361]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10004 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8919 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
krb5_ktkdb_resolve.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8291 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
(krb5_kt_kdb_ops): include _close method, comment what the other
slots are.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7510 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
BERK_DB_DBM.
(do_testing): wrap references as well.
* keytab.c (krb5_ktkdb_get_entry): use KRB5_PROTOTYPE.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7400 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
* t_kdb.c (add_principal): Remove mkvno
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7234 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7223 dc483132-0cff-0310-8789-dd5450dbe970
|