krb5.git/src/kadmin/testing, branch proxymech MIT Kerberos patches make depend 2013-01-10T17:46:26+00:00 Greg Hudson ghudson@mit.edu 2013-01-10T17:46:26+00:00 2807e8e1e1dc89b3d482de7c73d13d19187fdb38 Mostly this gets rid of the trailing space on line 2 after bb76891f5386526bdf91bc790c614fc9296cb5fa. 
Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.
Policy extensions + new policy: allowed ks types 2012-07-30T23:11:28+00:00 Nicolas Williams nico@cryptonector.com 2012-07-18T21:27:35+00:00 5829ca2b348974e52a67b553afc7f7491007c33a This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new) 
This simply adds KADM5_API_VERSION_4 and various fields to the
policy structures:

 - attributes         (policy-ish principal attributes)
 - max_life           (max ticket life)
 - max_renewable_life (max ticket renewable life)
 - allowed_keysalts   (allowed key/salt types)
 - TL data            (future policy extensions)

Of these only allowed_keysalts is currently implemented.

Some refactoring of TL data handling is also done.

ticket: 7223 (new)
Enable all localizations in main functions 2012-07-06T18:06:12+00:00 Ben Kaduk kaduk@mit.edu 2012-07-05T18:56:50+00:00 75c7c600b49a7f1d5cf95260fc073cb4ba5929cd Bite the bullet and pass LC_ALL to setlocale() instead of just LC_MESSAGES. Calls to setlocale() itself were introduced in fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but only for LC_MESSAGES since only localized strings were needed and that was the most conservative option. However, klist, kadmin, and kinit (and perhaps others) would benefit from localized formats for times (i.e., LC_TIME). If potentially localized data is being sent on the wire, that is a bug that should be fixed. No such bugs are found with the current test suite, so we are comfortable enabling LC_ALL at this time. ticket: 7192 
Bite the bullet and pass LC_ALL to setlocale() instead of just
LC_MESSAGES.  Calls to setlocale() itself were introduced in
fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but
only for LC_MESSAGES since only localized strings were needed
and that was the most conservative option.
However, klist, kadmin, and kinit (and perhaps others) would benefit
from localized formats for times (i.e., LC_TIME).  If potentially
localized data is being sent on the wire, that is a bug that should
be fixed.  No such bugs are found with the current test suite, so we
are comfortable enabling LC_ALL at this time.

ticket: 7192
Add krb5_kt_client_default API 2012-07-02T04:59:45+00:00 Greg Hudson ghudson@mit.edu 2012-06-15T15:14:39+00:00 d1fe0728c830fe52bdcb5d53c517a9462391069d The default client keytab is intended to be used to automatically acquire initial credentials for client applications. The current hardcoded default is a placeholder, and will likely change before 1.11. Add test framework settings to ensure that a system default client keytab doesn't interfere with tests, and to allow tests to be written to deliberately use the default client keytab. Add documentation about keytabs to the concepts section of the RST docs, and describe the default client keytab there. ticket: 7188 (new) 
The default client keytab is intended to be used to automatically
acquire initial credentials for client applications.  The current
hardcoded default is a placeholder, and will likely change before
1.11.

Add test framework settings to ensure that a system default client
keytab doesn't interfere with tests, and to allow tests to be written
to deliberately use the default client keytab.

Add documentation about keytabs to the concepts section of the RST
docs, and describe the default client keytab there.

ticket: 7188 (new)
Remove admin_keytab references in code and docs 2012-03-04T00:38:48+00:00 Greg Hudson ghudson@mit.edu 2012-03-04T00:38:48+00:00 f938afd6b6f61a96a0aa72c57a280aa721566fe6 The admin keytab hasn't been needed or used by kadmind since 1.4 (except possibly by legacy admin daemons which we no longer ship). Eliminate remaining references to it in code, test cases, and documentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25729 dc483132-0cff-0310-8789-dd5450dbe970 
The admin keytab hasn't been needed or used by kadmind since 1.4
(except possibly by legacy admin daemons which we no longer ship).
Eliminate remaining references to it in code, test cases, and
documentation.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25729 dc483132-0cff-0310-8789-dd5450dbe970
Get rid of fake-install 2011-11-04T18:39:35+00:00 Greg Hudson ghudson@mit.edu 2011-11-04T18:39:35+00:00 bc47e3eeb7a046a80faf9ba9ea4ccedf111e33a7 Instead, use $(BUILDTOP)/plugins as the plugin base for tests. For each real plugin module, create a link in the parent directory if we're doing a shared-library build--so built KDB modules can be found in plugins/kdb, preauth modules in plugins/preauth, etc.. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25436 dc483132-0cff-0310-8789-dd5450dbe970 
Instead, use $(BUILDTOP)/plugins as the plugin base for tests.  For
each real plugin module, create a link in the parent directory if
we're doing a shared-library build--so built KDB modules can be found
in plugins/kdb, preauth modules in plugins/preauth, etc..

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25436 dc483132-0cff-0310-8789-dd5450dbe970
Fix process list spew in verbose kadmin tests 2011-07-18T15:10:47+00:00 Greg Hudson ghudson@mit.edu 2011-07-18T15:10:47+00:00 f9bcb7139345ecfafc2dd2f4317f34c5aac381fa Set PS_PID to "ps uwwp" so we display only the process we're trying to point out, and not the whole process table. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25021 dc483132-0cff-0310-8789-dd5450dbe970 
Set PS_PID to "ps uwwp" so we display only the process we're trying to
point out, and not the whole process table.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25021 dc483132-0cff-0310-8789-dd5450dbe970
Set LC_MESSAGES to "C" in tests which run commands 2011-06-10T18:18:04+00:00 Greg Hudson ghudson@mit.edu 2011-06-10T18:18:04+00:00 9fb1be9f87e93a9dbd20fce3c9f6aaf1ca3405d2 ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24964 dc483132-0cff-0310-8789-dd5450dbe970 
ticket: 6918

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24964 dc483132-0cff-0310-8789-dd5450dbe970
Use for loops for recursion in the Windows build, cutting down on the 2010-11-28T01:36:42+00:00 Greg Hudson ghudson@mit.edu 2010-11-28T01:36:42+00:00 505ae39e1f5ef32013b0e95ff487de28663680cf verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970 
verbiage in Makefile.in files.  For correctness of output, every
Makefile.in mydir= definition is changed to use $(S) instead of /.

ticket: 6826

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
Make kadmin work over IPv6 2010-06-26T03:32:55+00:00 Greg Hudson ghudson@mit.edu 2010-06-26T03:32:55+00:00 0080380b3b3e945c5eb84504771d9d01ee76a611 Make gssrpc work over IPv6 TCP sockets provided that the client creates and connects/binds the sockets and doesn't query their addresses or use bindresvport(). Make kadmin work within those constraints and handle IPv6. Specific changes: * Make svctcp_create() able to extract the port from an IPv6 socket, using a new helper function getport(). * Make clnttcp_create() handle a null raddr value if *sockp is set. * Make kadm5_get_service_name() use getaddrinfo() to canonicalize the admin server name. * Make libkadm5clnt's init_any() responsible for connecting its socket using a new helper function connect_to_server(), which uses getaddrinfo instead of gethostbyname. Pass a null address to clnttcp_create(). * Make libapputil's net-server.c set up IPv6 as well as IPv4 listener ports for RPC connections. * Adjust the error code expected in a libkadm5 unit test. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24147 dc483132-0cff-0310-8789-dd5450dbe970 
Make gssrpc work over IPv6 TCP sockets provided that the client
creates and connects/binds the sockets and doesn't query their
addresses or use bindresvport().  Make kadmin work within those
constraints and handle IPv6.  Specific changes:

* Make svctcp_create() able to extract the port from an IPv6 socket,
  using a new helper function getport().
* Make clnttcp_create() handle a null raddr value if *sockp is set.
* Make kadm5_get_service_name() use getaddrinfo() to canonicalize the
  admin server name.
* Make libkadm5clnt's init_any() responsible for connecting its socket
  using a new helper function connect_to_server(), which uses
  getaddrinfo instead of gethostbyname.  Pass a null address to
  clnttcp_create().
* Make libapputil's net-server.c set up IPv6 as well as IPv4 listener
  ports for RPC connections.
* Adjust the error code expected in a libkadm5 unit test.

ticket: 6746

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24147 dc483132-0cff-0310-8789-dd5450dbe970