krb5.git/src/kadmin, branch master MIT Kerberos patches Include autoconf.h before system headers 2014-07-08T23:19:24+00:00 Greg Hudson ghudson@mit.edu 2014-07-05T15:50:58+00:00 02a1123cf44381690c28f18ab2c4ba8036200539 Include autoconf.h (either directly or via proxy) before system headers, so that feature test macros defined there can affect the system namespace. Where include order was changed, eliminate some redundant or unnecessary includes. ticket: 7961 
Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961
Make tcl_kadm5.c work with Tcl 8.6 2014-05-28T23:45:32+00:00 Greg Hudson ghudson@mit.edu 2014-05-28T22:06:59+00:00 b63496d7b44f090ea5d300dc09b4fc043138ae38 Directly accessing the result field of Tcl_Interp has been deprecated for a long time, requires a special define in Tcl 8.6, and will be impossible in Tcl 9. Use Tcl_SetResult instead. The new error messages are less helpful than the old ones, but this is just support infrastructure for old tests, so it isn't important. ticket: 7924 
Directly accessing the result field of Tcl_Interp has been deprecated
for a long time, requires a special define in Tcl 8.6, and will be
impossible in Tcl 9.  Use Tcl_SetResult instead.  The new error
messages are less helpful than the old ones, but this is just support
infrastructure for old tests, so it isn't important.

ticket: 7924
Check for asprintf failure in kdb5_util create 2014-04-15T17:35:49+00:00 Tomas Kuthan tkuthan@gmail.com 2014-04-10T13:16:06+00:00 f5645d30cf83398640c386a612eb6f07c543286f In add_admin_princ, remove build_name_with_realm and call asprintf directly instead. Check for asprintf failure to avoid passing an undefined pointer to krb5_parse_name. [ghudson@mit.edu: rewrite commit message] ticket: 7902 (new) target_version: 1.12.2 tags: pullup 
In add_admin_princ, remove build_name_with_realm and call asprintf
directly instead.  Check for asprintf failure to avoid passing an
undefined pointer to krb5_parse_name.

[ghudson@mit.edu: rewrite commit message]

ticket: 7902 (new)
target_version: 1.12.2
tags: pullup
Improve salt type display in kadmin getprinc 2014-03-26T22:12:31+00:00 Greg Hudson ghudson@mit.edu 2014-03-21T22:07:41+00:00 54c97cd0c435f78880d80541a20cf7f08928705d In krb5_salttype_to_string, output the salt type name we would recognize as input. In the output of getprinc, display the enctype and salt type in a form we would accept--either enctype:salttype if the salt type is not the default, or just the enctype if it is. Update t_mkey.py and t_salt.py to expect the new output format. Update documentation examples to show the new format. ticket: 5958 
In krb5_salttype_to_string, output the salt type name we would
recognize as input.

In the output of getprinc, display the enctype and salt type in a form
we would accept--either enctype:salttype if the salt type is not the
default, or just the enctype if it is.

Update t_mkey.py and t_salt.py to expect the new output format.
Update documentation examples to show the new format.

ticket: 5958
Check for malloc failure in process_chpw_request 2014-03-03T16:52:40+00:00 Greg Hudson ghudson@mit.edu 2014-03-02T23:12:54+00:00 4356deefa2d2fe0bc7b52f3b62a387c7ec1eb369 ticket: 7866 target_version: 1.12.2 tags: pullup 
ticket: 7866
target_version: 1.12.2
tags: pullup
In kdb5_util dump, only lock DB for iprop dumps 2014-02-26T21:33:32+00:00 Greg Hudson ghudson@mit.edu 2014-02-23T16:28:44+00:00 a2ac57b0ec230efed06fabc2d55db1fcbc6f7ea3 Revert #7384, as there are no longer policy refcounts. For iprop dumps we want to make sure that the reported serial number matches the DB state (although we could perhaps relax that requirement with enough analysis), but for non-iprop dumps we don't need any transactional guarantees. Also use the correct constant name for the locking mode (the numeric value is the same, fortunately), and only unlock the database if we successfully locked it. ticket: 7869 (new) 
Revert #7384, as there are no longer policy refcounts.  For iprop
dumps we want to make sure that the reported serial number matches the
DB state (although we could perhaps relax that requirement with enough
analysis), but for non-iprop dumps we don't need any transactional
guarantees.

Also use the correct constant name for the locking mode (the numeric
value is the same, fortunately), and only unlock the database if we
successfully locked it.

ticket: 7869 (new)
Stop generating gssapi_krb5.h 2014-02-26T21:15:20+00:00 Greg Hudson ghudson@mit.edu 2014-02-01T20:59:21+00:00 a7a2c02b618aea40ebd4f597ec956eaf0fe210f5 We started generating gssapi_krb5.h from gssapi_krb5.hin when we needed to use a 64-bit type for lucid contexts. Since we can now assume a standard name for 64-bit types, we can stop generating the header. 
We started generating gssapi_krb5.h from gssapi_krb5.hin when we
needed to use a 64-bit type for lucid contexts.  Since we can now
assume a standard name for 64-bit types, we can stop generating the
header.
Implement kadmind -proponly 2014-02-21T01:45:55+00:00 Greg Hudson ghudson@mit.edu 2014-01-26T23:11:56+00:00 2ed8ebf18809af66aeaa2af6984754bdbefff500 The -proponly option causes kadmind to only service the iprop service, not the kpasswd or kadmin services. An intermediate slave in a hierarchical iprop setup runs kadmind -proponly in order to provide incremental updates to downstream slaves. Based on code submitted by Richard Basch. ticket: 7855 
The -proponly option causes kadmind to only service the iprop service,
not the kpasswd or kadmin services.  An intermediate slave in a
hierarchical iprop setup runs kadmind -proponly in order to provide
incremental updates to downstream slaves.

Based on code submitted by Richard Basch.

ticket: 7855
Simplify ulog_map 2014-02-21T01:42:47+00:00 Greg Hudson ghudson@mit.edu 2014-01-24T21:52:47+00:00 6a4a4b7b5e3265e4a811a9fd72c2534e6c5f5fd4 Get rid of the caller parameter. The kproplog semantics (without -R) for mapping the ulog are simple and almost completely different from other users of the ulog, so implement them as a static helper in kproplog. With hierarchical iprop, kpropd will need the same semantics as FKCOMMAND and FKADMIND, which were already identical. Get rid of the db_args parameter, since ulog_map no longer opens the database after #7552. Remove an inoperative lseek() call when creating a new ulog file. Rename ulog_filesize to filesize and compute it from scratch each time we use it, for easier analysis. If kdb_hmagic is zero, init the ulog header but don't skip the rest of the function; it's possible that we need to expand the ulog file. Remove an unneeded conditional before calling extend_file_to for an existing ulog. ticket: 7855 
Get rid of the caller parameter.  The kproplog semantics (without -R)
for mapping the ulog are simple and almost completely different from
other users of the ulog, so implement them as a static helper in
kproplog.  With hierarchical iprop, kpropd will need the same
semantics as FKCOMMAND and FKADMIND, which were already identical.

Get rid of the db_args parameter, since ulog_map no longer opens the
database after #7552.

Remove an inoperative lseek() call when creating a new ulog file.
Rename ulog_filesize to filesize and compute it from scratch each time
we use it, for easier analysis.  If kdb_hmagic is zero, init the ulog
header but don't skip the rest of the function; it's possible that we
need to expand the ulog file.  Remove an unneeded conditional before
calling extend_file_to for an existing ulog.

ticket: 7855
Lock around more ulog operations 2014-02-20T20:55:49+00:00 Greg Hudson ghudson@mit.edu 2014-01-23T16:34:52+00:00 71d028f1054deb186807e7c8048218b82b478422 Always lock the ulog when accessing it. We can currently get away with some laxness on iprop slaves because they are mostly synchronous, but hierarchical iprop will allow master and slave operations to take place concurrently, requiring more strict locking. Add new functions ulog_get_last and ulog_set_last, which access the ulog header with locking, and use them in kdb5_util and kpropd. Add locking to ulog_replay and ulog_init_header. ulog_lock and ulog_sync_header are no longer used outside of kdb_log.c after these changes, so make them static functions and remove the ulog_ prefix. Add an unlock_ulog function for clarity. 
Always lock the ulog when accessing it.  We can currently get away
with some laxness on iprop slaves because they are mostly synchronous,
but hierarchical iprop will allow master and slave operations to take
place concurrently, requiring more strict locking.

Add new functions ulog_get_last and ulog_set_last, which access the
ulog header with locking, and use them in kdb5_util and kpropd.  Add
locking to ulog_replay and ulog_init_header.

ulog_lock and ulog_sync_header are no longer used outside of kdb_log.c
after these changes, so make them static functions and remove the
ulog_ prefix.  Add an unlock_ulog function for clarity.