summaryrefslogtreecommitdiffstats
path: root/src/plugins/kdb/db2
Commit message (Collapse)AuthorAgeFilesLines
* Remove osa_adb_rename_dbGreg Hudson2012-09-132-51/+0
| | | | | This function wasn't used anywhere. Also remove the declaration for osa_adb_close_policy(), which doesn't exist.
* Fix lock inconsistency in ctx_unlock()Nicolas Williams2012-09-121-4/+8
| | | | | | | | | | | | | | | | | | | | | The lock inconsistency fixed here is quite possibly the same as described in https://bugzilla.redhat.com/show_bug.cgi?id=586032 . The problem is that ctx_unlock() fails to unlock the principal DB if it fails to unlock the policy DB, and this happens when ctx_lock() fails to lock the policy DB (likely because the caller is racing against a kdb5_util load, which will be using a "permanent" lock, meaning that the lock file will be unlinked after acquiring the lock). The fix is to perform both unlock operations *then* handle any errors that either or both might have returned. Additionally, we don't really need or want to use non-blocking locks, and we certainly don't want to sleep(1) in krb5kdc (possibly several times, as there was a loop over this) when either of the principal or policy DB is locked. Some callers still request non-blocking locks, and ctx_lock() still honors this. ticket: 7360 (new)
* Use blocking locks in krb5kdc and libkadm5srvNicolas Williams2012-09-122-35/+19
| | | | | | | | | | We don't really need or want to use non-blocking locks, and we certainly don't want to sleep(1) in krb5kdc (possibly several times, as there was a loop over this) when either of the principal or policy DB is locked. Some callers still request non-blocking locks, and ctx_lock() still honors this. ticket: 7359 (new)
* Run "make depend"Tom Yu2012-08-231-8/+12
|
* Policy extensions + new policy: allowed ks typesNicolas Williams2012-07-302-49/+27
| | | | | | | | | | | | | | | | | This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new)
* Handle huge /bin directories in libdb2 testTom Yu2012-07-121-6/+7
| | | | | | | | | | | | The test suite for libdb2 uses /bin as a source of filenames and contents for insertion into databases. Fedora 17 (and possibly other OSes) have /bin symlinked to /usr/bin, which can vastly increase the number of files found, exceeding some limits of the test databases. Truncate this list of files at 100 to prevent this problem. ticket: 7201 (new) status: pullup target_version: 1.10.3
* Minor cleanups relating to size_t being unsignedBen Kaduk2012-07-031-1/+1
| | | | | | | | | | | In order to use -1 as a sentinel value, we should explicitly cast to make it clear what we are doing. It might be better to use a less convoluted sentinel value such as SIZE_T_MAX, though. Additionally, since size_t is unsigned and at least as wide as an int, a loop with int index variable that compares against a size_t for its termination check could become an infinite loop. Make the loop index size_t for consistency.
* Fix -DDEBUG compilation errorsHenry B. Hotz2012-06-041-0/+1
| | | | ticket: 7150
* Add missing $(LIBS) to some shared librariesTom Yu2012-05-171-1/+1
| | | | | | | | | | Add $(LIBS) to the $(SHLIB_EXPLIBS) for some shared libraries which did not previously include it, which prevented gcov from working properly in some cases. Patch from W. Trevor King. ticket: 7138
* Fix KDB iteration when callback does write callsGreg Hudson2012-03-011-4/+2
| | | | | | | | | | | | | | | | | | | kdb_db2's ctx_iterate makes an convenience alias to dbc->db in order to call more invoke call the DB's seq method. This alias may become invalidated if the callback writes to the DB, since ctx_lock() may re-open the DB in order to acquire a write lock. Fix the bug by getting rid of the convenience alias. Most KDB iteration operations in the code base do not write to the DB, but kdb5_util update_princ_encryption does. Bug discovered and diagnosed by will.fiveash@oracle.com. ticket: 7096 target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25723 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of fake-installGreg Hudson2011-11-041-1/+1
| | | | | | | | | Instead, use $(BUILDTOP)/plugins as the plugin base for tests. For each real plugin module, create a link in the parent directory if we're doing a shared-library build--so built KDB modules can be found in plugins/kdb, preauth modules in plugins/preauth, etc.. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25436 dc483132-0cff-0310-8789-dd5450dbe970
* SA-2011-006 KDC denial of service [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]Tom Yu2011-10-181-0/+12
| | | | | | | | | | | Fix null pointer dereference and assertion failure conditions that could cause a denial of service. ticket: 6981 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25368 dc483132-0cff-0310-8789-dd5450dbe970
* Create e_data as pa_data in KDC interfacesGreg Hudson2011-10-042-2/+2
| | | | | | | | | | | | All current known uses of e_data are encoded as pa-data or typed-data. FAST requires that e_data be expressed as pa-data. Change the DAL and kdcpreauth interfaces so that e_data is returned as a sequence of pa-data elements. Add a preauth module flag to indicate that the sequence should be encoded as typed-data in non-FAST errors. ticket: 6969 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25298 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize some more variablesKen Raeburn2011-09-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25151 dc483132-0cff-0310-8789-dd5450dbe970
* Fix "may be used uninitialized" warnings in db2 code, even though allKen Raeburn2011-09-056-9/+11
| | | | | | | such cases appear to be safe. This will permit making uninitialized-variable messages fatal. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25147 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-041-1/+1
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of variables triggering gcc's "defined but not used"Ken Raeburn2011-09-043-12/+0
| | | | | | complaints, almost entirely "rcsid" variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25141 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-101-2/+2
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-094-12/+7
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-251-24/+22
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-288-8/+8
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* After a failed kdb5_util load, make a subsequent load operation workGreg Hudson2010-11-062-631/+483
| | | | | | | | | | | by removing the remnant temporary files after obtaining a lock. To make this safe, the private contract for temporary DB creation and promotion had to be altered, along with many of the DB2 internal helper functions. ticket: 6814 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24511 dc483132-0cff-0310-8789-dd5450dbe970
* Further kdb_db2 code cleanup: make gen_dbsuffix return aGreg Hudson2010-11-042-55/+30
| | | | | | | krb5_error_code to simplify error handling in callers, and discard the db_lf_time field which was set but never used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24510 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify kdb_db2's open_db() a little further, avoiding a suspiciousGreg Hudson2010-11-031-7/+11
| | | | | | switch fallthrough. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24508 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid running off the end of the spares array in db2's page_to_oaddr()Greg Hudson2010-11-031-1/+1
| | | | | | in unrealistically large databases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24507 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up the DB2 KDB module code a bit, making it more conformant withGreg Hudson2010-11-021-141/+96
| | | | | | | current coding practices. Mostly namespace changes, but also simplify krb5_db2_destroy(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24505 dc483132-0cff-0310-8789-dd5450dbe970
* Propagate modprinc -unlock from master to slave KDCsGreg Hudson2010-10-051-0/+15
| | | | | | | | | | | | Create a new tl-data type to hold the time of the last administrative unlock, and factor it into decisions about account lockout. Since tl-data values are propagated from master to slave, this will cause modprinc -unlock operations to reach slave KDCs on the next propagation. ticket: 6795 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
* Remove dead code from DAL and kdb pluginsSam Hartman2010-09-153-42/+0
| | | | | | kdb: remove get/set_mkey_list git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24315 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-081-30/+26
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* Revert the part of r24157 which added the dal_version argument to theGreg Hudson2010-07-211-4/+2
| | | | | | | | | | | init_library interface. Instead use the already existing maj_ver field of the DAL vtable to detect incompatibilities. Since maj_ver is a short int, use an incrementing number instead of a date for the major version. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24200 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_allowed_to_delegate to the DAL with a corresponding libkdb5Greg Hudson2010-07-154-62/+1
| | | | | | | | | API, replacing the last method (CHECK_ALLOWED_TO_DELEGATE) of db_invoke. Remove db_invoke since it no longer has any methods. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24189 dc483132-0cff-0310-8789-dd5450dbe970
* Add refresh_config to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-151-0/+1
| | | | | | | | | replacing the REFRESH_POLICY method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24185: make audit_as_req return void, since it's anGreg Hudson2010-07-133-8/+8
| | | | | | | | | | informational method and we're not going to do anything with the result. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
* Add audit_as_req to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-134-28/+21
| | | | | | | | | | | | replacing the AUDIT_AS_REQ method of db_invoke. Remove the AUDIT_TGS_REQ method of db_invoke without adding a replacement, as there was no KDC support for it. (It can be added at a later time if necessary.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_policy_as and check_policy_tgs to the DAL table withGreg Hudson2010-07-134-26/+28
| | | | | | | | | | corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and CHECK_POLICY_TGS methods of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_transited_realms to the DAL table with a correspondingGreg Hudson2010-07-121-1/+1
| | | | | | | | | libkdb5 API, replacing the CHECK_TRANSITED_REALMS method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24183 dc483132-0cff-0310-8789-dd5450dbe970
* Add sign_authdata to the DAL table with a corresponding libkdb5 API,Greg Hudson2010-07-121-1/+1
| | | | | | | | | replacing the SIGN_AUTH_DATA method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24180: make sure osa_adb_get_policy sets its outputGreg Hudson2010-07-091-0/+1
| | | | | | parameter in all cases, per coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24181 dc483132-0cff-0310-8789-dd5450dbe970
* Improve output variable handling of osa_adb_get_policy() in the db2Greg Hudson2010-07-091-19/+20
| | | | | | KDB module, and close some unlikely memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24180 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-068-203/+117
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Use KRB5_PLUGIN_OP_NOTSUPP uniformly as the error code for operationsGreg Hudson2010-07-031-1/+1
| | | | | | | | | | not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
* Remove return value from void functionKen Raeburn2010-07-031-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24169 dc483132-0cff-0310-8789-dd5450dbe970
* Remove store_master_key from the DAL table, and implementGreg Hudson2010-07-021-1/+1
| | | | | | | | | krb5_store_master_key in terms of krb5_store_master_key_list. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24168 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_db_free_principal and krb5_db_free_mkey_list return void.Greg Hudson2010-07-023-7/+7
| | | | | | | | | Remove the stale prototype for krb5_db_free_master_key. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
* Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2010-07-021-1/+1
| | | | | | | | | | | libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
* Remove db_ and similar prefixes from DAL function names, forGreg Hudson2010-07-024-166/+144
| | | | | | | | | | consistency. Follow suit inside the DB2 and LDAP modules. (No change to the caller-facing libkdb5 APIs.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
* Remove setup_master_key_name from the DAL table as it was not usedGreg Hudson2010-07-021-1/+1
| | | | | | | ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24163 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the set_master_key and get_master_key DAL interfaces and theirGreg Hudson2010-07-023-57/+0
| | | | | | | | | | | | corresponding libkdb5 APIs, as they were not productively used. In kdb5_ldap_util, stop using the realm data's mkey field as a container to communicate the master key to static helper functions, since the field no longer exists. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
* Remove errcode_2_string and release_errcode_string from the DAL table,Greg Hudson2010-07-021-2/+0
| | | | | | | | | | and stop using them in kdb5.c. Modules can simply set error messages in the krb5 context on error. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24159 dc483132-0cff-0310-8789-dd5450dbe970
* Remove db_supported_realms and db_free_supported_realms from the DALGreg Hudson2010-07-021-2/+0
| | | | | | | | | | table, and remove the corresponding libkdb5 interfaces (which don't seem to have been in the library export table). ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24158 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-24 20:38:50 +0000