krb5.git/src/lib/kadm5/srv, branch master MIT Kerberos patches make depend 2014-07-08T23:36:32+00:00 Greg Hudson ghudson@mit.edu 2014-07-08T23:36:32+00:00 aea099ab5544eefb4d27d8cd963b1247c10dc559 






Include autoconf.h before system headers
2014-07-08T23:19:24+00:00

Greg Hudson
ghudson@mit.edu

2014-07-05T15:50:58+00:00

02a1123cf44381690c28f18ab2c4ba8036200539

Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961





Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961







Use k5_setmsg
2014-06-05T15:22:50+00:00

Greg Hudson
ghudson@mit.edu

2014-05-24T16:15:32+00:00

a7b5808b5df9e54ef8a8a7ac24e5faad458ddbce

Replace most calls to krb5_set_error_message with k5_setmsg for
brevity.  Leave alone plugin sources where we don't include k5-int.h
(mostly PKINIT).





Replace most calls to krb5_set_error_message with k5_setmsg for
brevity.  Leave alone plugin sources where we don't include k5-int.h
(mostly PKINIT).







Remove adb_policy_init and adb_policy_close
2014-04-04T18:02:47+00:00

Tomas Kuthan
tkuthan@gmail.com

2014-04-03T15:58:43+00:00

8d735931e2a93fab31d68772e8881faa6b030a10

Since f72c3ffa the policy is initialized as part of database.
adb_policy_close is now a no-op, and adb_policy_init just makes sure
the database is initialized.  adb_policy_init is only called from
kadm5_flush, and only if database initialization was successful
beforehand, rendering this call redundant.

Remove adb_policy_init and adb_policy_close and all their references
in the code and documentation.





Since f72c3ffa the policy is initialized as part of database.
adb_policy_close is now a no-op, and adb_policy_init just makes sure
the database is initialized.  adb_policy_init is only called from
kadm5_flush, and only if database initialization was successful
beforehand, rendering this call redundant.

Remove adb_policy_init and adb_policy_close and all their references
in the code and documentation.







Fix leak in kadm5_flush with LDAP KDB
2014-04-04T17:59:36+00:00

Tomas Kuthan
tkuthan@gmail.com

2014-04-02T15:48:04+00:00

372e4cb6f5d4a603e6e3157c7b5d354953836136

Due to an inverted test in adb_policy_init, kadm5_flush calls
krb5_db_open twice.  With the DB2 KDB module, the second open is a
no-op, but with the LDAP module, a new DB handle is allocated and the
old one is leaked.

[ghudson@mit.edu: rewrote commit message]

ticket: 7897 (new)
target_version: 1.12.2
tags: pullup





Due to an inverted test in adb_policy_init, kadm5_flush calls
krb5_db_open twice.  With the DB2 KDB module, the second open is a
no-op, but with the LDAP module, a new DB handle is allocated and the
old one is leaked.

[ghudson@mit.edu: rewrote commit message]

ticket: 7897 (new)
target_version: 1.12.2
tags: pullup







Stop generating gssapi_krb5.h
2014-02-26T21:15:20+00:00

Greg Hudson
ghudson@mit.edu

2014-02-01T20:59:21+00:00

a7a2c02b618aea40ebd4f597ec956eaf0fe210f5

We started generating gssapi_krb5.h from gssapi_krb5.hin when we
needed to use a 64-bit type for lucid contexts.  Since we can now
assume a standard name for 64-bit types, we can stop generating the
header.





We started generating gssapi_krb5.h from gssapi_krb5.hin when we
needed to use a 64-bit type for lucid contexts.  Since we can now
assume a standard name for 64-bit types, we can stop generating the
header.







Simplify ulog_map
2014-02-21T01:42:47+00:00

Greg Hudson
ghudson@mit.edu

2014-01-24T21:52:47+00:00

6a4a4b7b5e3265e4a811a9fd72c2534e6c5f5fd4

Get rid of the caller parameter.  The kproplog semantics (without -R)
for mapping the ulog are simple and almost completely different from
other users of the ulog, so implement them as a static helper in
kproplog.  With hierarchical iprop, kpropd will need the same
semantics as FKCOMMAND and FKADMIND, which were already identical.

Get rid of the db_args parameter, since ulog_map no longer opens the
database after #7552.

Remove an inoperative lseek() call when creating a new ulog file.
Rename ulog_filesize to filesize and compute it from scratch each time
we use it, for easier analysis.  If kdb_hmagic is zero, init the ulog
header but don't skip the rest of the function; it's possible that we
need to expand the ulog file.  Remove an unneeded conditional before
calling extend_file_to for an existing ulog.

ticket: 7855





Get rid of the caller parameter.  The kproplog semantics (without -R)
for mapping the ulog are simple and almost completely different from
other users of the ulog, so implement them as a static helper in
kproplog.  With hierarchical iprop, kpropd will need the same
semantics as FKCOMMAND and FKADMIND, which were already identical.

Get rid of the db_args parameter, since ulog_map no longer opens the
database after #7552.

Remove an inoperative lseek() call when creating a new ulog file.
Rename ulog_filesize to filesize and compute it from scratch each time
we use it, for easier analysis.  If kdb_hmagic is zero, init the ulog
header but don't skip the rest of the function; it's possible that we
need to expand the ulog file.  Remove an unneeded conditional before
calling extend_file_to for an existing ulog.

ticket: 7855







Make salt defaulting work for keysalts
2014-01-06T22:17:02+00:00

Tom Yu
tlyu@mit.edu

2014-01-06T22:17:02+00:00

cc26d29b8087e31d0ea1aca6bde45f8935e8b744

Make krb5_string_to_keysalts() default to only ":" as a key:salt
separator character.  Change most of its callers to pass NULL so they
get the default separators.

Adapted from a patch proposed by Jon Looney.

ticket: 884





Make krb5_string_to_keysalts() default to only ":" as a key:salt
separator character.  Change most of its callers to pass NULL so they
get the default separators.

Adapted from a patch proposed by Jon Looney.

ticket: 884







Don't cache active master key list in kadmind
2013-10-25T15:36:11+00:00

Greg Hudson
ghudson@mit.edu

2013-10-23T22:56:20+00:00

74c1420ea4dffc1105247e362decf608440751ae

"kdb5_util use_mkey" should not require a kadmind restart to take
effect.  At the cost of fetching the K/M principal once for each key
change operation, make kadmind use the current active master key list
for each operation.

ticket: 7685
target_version: 1.12
tags: pullup





"kdb5_util use_mkey" should not require a kadmind restart to take
effect.  At the cost of fetching the K/M principal once for each key
change operation, make kadmind use the current active master key list
for each operation.

ticket: 7685
target_version: 1.12
tags: pullup







Add kadmin support for principals without keys
2013-07-15T16:31:38+00:00

Greg Hudson
ghudson@mit.edu

2013-07-09T14:58:49+00:00

57d0b4b300e43722ae9f080fbf132edeb3834323

Add kadmin support for "addprinc -nokey", which creates a principal
with no keys, and "purgekeys -all", which deletes all keys from a
principal.  The KDC was modified by #7630 to support principals
without keys.

ticket: 7679 (new)





Add kadmin support for "addprinc -nokey", which creates a principal
with no keys, and "purgekeys -all", which deletes all keys from a
principal.  The KDC was modified by #7630 to support principals
without keys.

ticket: 7679 (new)