krb5.git/src/lib/kadm5/srv, branch proxymech MIT Kerberos patches make depend 2013-03-24T05:30:33+00:00 Greg Hudson ghudson@mit.edu 2013-03-24T05:30:33+00:00 24c8bacbccc854dc30fd6baee49cdd2bf2557e47 






Add and use k5memdup, k5memdup0 helpers
2013-02-09T05:43:35+00:00

Greg Hudson
ghudson@mit.edu

2013-02-09T05:43:35+00:00

7905cd6a2eddbf264242bb2a85f811878b2da7ab

Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.





Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.







Get rid of krb5_read_realm_params
2013-01-16T16:38:55+00:00

Greg Hudson
ghudson@mit.edu

2013-01-16T16:38:55+00:00

1078f5bf8049ab95322e7daf37c06f94623cdb74

Read realm parameters directly from the profile in the KDC's
init_realm(), getting rid of the intermediate krb5_realm_params
structure.  Then get rid of krb5_realm_params and
krb5_read_realm_params, since nothing else uses it.





Read realm parameters directly from the profile in the KDC's
init_realm(), getting rid of the intermediate krb5_realm_params
structure.  Then get rid of krb5_realm_params and
krb5_read_realm_params, since nothing else uses it.







Simplify KDC host referral code
2013-01-11T18:36:20+00:00

Greg Hudson
ghudson@mit.edu

2013-01-11T18:26:37+00:00

c53ea7bef444d7c151c46224b7a0600b9539496f

Remove some unnecessary optimizations to reduce code complexity.  Get
rid of krb5_match_config_pattern in favor of a simpler helper function
in do_tgs_req_c.  Get rid of KRB5_CONF_ASTERISK and just use "*"
instead.  Use a helper function to combine [kdcdefaults] and realm
subsection values of variables, and don't bother adding leading and
trailing spaces.  Consistently use the names "hostbased" and
"no_referral" to refer to variable values (with a "realm_" prefix for
structures which currently use it).





Remove some unnecessary optimizations to reduce code complexity.  Get
rid of krb5_match_config_pattern in favor of a simpler helper function
in do_tgs_req_c.  Get rid of KRB5_CONF_ASTERISK and just use "*"
instead.  Use a helper function to combine [kdcdefaults] and realm
subsection values of variables, and don't bother adding leading and
trailing spaces.  Consistently use the names "hostbased" and
"no_referral" to refer to variable values (with a "realm_" prefix for
structures which currently use it).







make depend
2013-01-10T17:46:26+00:00

Greg Hudson
ghudson@mit.edu

2013-01-10T17:46:26+00:00

2807e8e1e1dc89b3d482de7c73d13d19187fdb38

Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.





Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.







Fold kadm5 internal policy functions into callers
2013-01-09T20:35:44+00:00

Greg Hudson
ghudson@mit.edu

2013-01-09T07:07:05+00:00

ecb9c348dd3e82aa8e68a466d89150dc0df3d46c

kadm5_create_policy and kadm5_modify_policy had _internal variants in
libkadm5srv (but not libkadm5clnt) which only existed to protect the
policy_refcnt field from modification over the wire.  Now that
policy_refcnt is no longer used, we don't need the separation.

Bump the library soname since this is technically an ABI change.





kadm5_create_policy and kadm5_modify_policy had _internal variants in
libkadm5srv (but not libkadm5clnt) which only existed to protect the
policy_refcnt field from modification over the wire.  Now that
policy_refcnt is no longer used, we don't need the separation.

Bump the library soname since this is technically an ABI change.







Allow principals to refer to nonexistent policies
2013-01-09T20:35:43+00:00

Greg Hudson
ghudson@mit.edu

2013-01-08T20:20:45+00:00

0780e46fc13dbafa177525164997cd204cc50b51

Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.

In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.

ticket: 7385





Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.

In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.

ticket: 7385







Fix various result checks
2013-01-07T06:37:19+00:00

Nickolai Zeldovich
nickolai@csail.mit.edu

2013-01-07T06:37:19+00:00

a9ee4a040eeacab1d410ff9e4c862484b531c401

Correct three cases where the wrong expression was checked to see if
an allocation function returned null.

[ghudson@mit.edu: commit message, patch splitting]

ticket: 7534
target_version: 1.11.1
tags: pullup





Correct three cases where the wrong expression was checked to see if
an allocation function returned null.

[ghudson@mit.edu: commit message, patch splitting]

ticket: 7534
target_version: 1.11.1
tags: pullup







Separate clpreauth and kdcpreauth interfaces
2012-12-19T19:24:21+00:00

Greg Hudson
ghudson@mit.edu

2012-10-21T23:37:14+00:00

f0794cba6a406fc834434eb6dc794bf29eda4a13

Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header.  For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.





Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header.  For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.







Fix apply_keysalt_policy bug
2012-08-15T19:33:50+00:00

Greg Hudson
ghudson@mit.edu

2012-08-15T19:12:12+00:00

b52d0c793c82e9c74f03b1d2a5d251a1adc4626f

If apply_keysalt_policy is called with null result arguments (as from
kadm5_setkey_principal_3), we would dereference a null pointer if the
principal has no policy or no policy allowed_keysalts field, due to an
incorrect optimization.  Reported by Nico.

ticket: 7223





If apply_keysalt_policy is called with null result arguments (as from
kadm5_setkey_principal_3), we would dereference a null pointer if the
principal has no policy or no policy allowed_keysalts field, due to an
incorrect optimization.  Reported by Nico.

ticket: 7223