krb5.git/src/lib/kadm5/unit-test/api.current, branch proxymech MIT Kerberos patches Fold kadm5 internal policy functions into callers 2013-01-09T20:35:44+00:00 Greg Hudson ghudson@mit.edu 2013-01-09T07:07:05+00:00 ecb9c348dd3e82aa8e68a466d89150dc0df3d46c kadm5_create_policy and kadm5_modify_policy had _internal variants in libkadm5srv (but not libkadm5clnt) which only existed to protect the policy_refcnt field from modification over the wire. Now that policy_refcnt is no longer used, we don't need the separation. Bump the library soname since this is technically an ABI change. 
kadm5_create_policy and kadm5_modify_policy had _internal variants in
libkadm5srv (but not libkadm5clnt) which only existed to protect the
policy_refcnt field from modification over the wire.  Now that
policy_refcnt is no longer used, we don't need the separation.

Bump the library soname since this is technically an ABI change.
Allow principals to refer to nonexistent policies 2013-01-09T20:35:43+00:00 Greg Hudson ghudson@mit.edu 2013-01-08T20:20:45+00:00 0780e46fc13dbafa177525164997cd204cc50b51 Stop using and maintaining the policy_refcnt field, and do not try to prevent deletion of a policy which is still referenced by principals. Instead, allow principals to refer to policy names which do not exist as policy objects; treat those principals as having no associated policy. In the kadmin client, warn if addprinc or modprinc tries to reference a policy which doesn't exist, since the server will no longer error out in this case. ticket: 7385 
Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.

In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.

ticket: 7385
Make kadmin work over IPv6 2010-06-26T03:32:55+00:00 Greg Hudson ghudson@mit.edu 2010-06-26T03:32:55+00:00 0080380b3b3e945c5eb84504771d9d01ee76a611 Make gssrpc work over IPv6 TCP sockets provided that the client creates and connects/binds the sockets and doesn't query their addresses or use bindresvport(). Make kadmin work within those constraints and handle IPv6. Specific changes: * Make svctcp_create() able to extract the port from an IPv6 socket, using a new helper function getport(). * Make clnttcp_create() handle a null raddr value if *sockp is set. * Make kadm5_get_service_name() use getaddrinfo() to canonicalize the admin server name. * Make libkadm5clnt's init_any() responsible for connecting its socket using a new helper function connect_to_server(), which uses getaddrinfo instead of gethostbyname. Pass a null address to clnttcp_create(). * Make libapputil's net-server.c set up IPv6 as well as IPv4 listener ports for RPC connections. * Adjust the error code expected in a libkadm5 unit test. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24147 dc483132-0cff-0310-8789-dd5450dbe970 
Make gssrpc work over IPv6 TCP sockets provided that the client
creates and connects/binds the sockets and doesn't query their
addresses or use bindresvport().  Make kadmin work within those
constraints and handle IPv6.  Specific changes:

* Make svctcp_create() able to extract the port from an IPv6 socket,
  using a new helper function getport().
* Make clnttcp_create() handle a null raddr value if *sockp is set.
* Make kadm5_get_service_name() use getaddrinfo() to canonicalize the
  admin server name.
* Make libkadm5clnt's init_any() responsible for connecting its socket
  using a new helper function connect_to_server(), which uses
  getaddrinfo instead of gethostbyname.  Pass a null address to
  clnttcp_create().
* Make libapputil's net-server.c set up IPv6 as well as IPv4 listener
  ports for RPC connections.
* Adjust the error code expected in a libkadm5 unit test.

ticket: 6746

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24147 dc483132-0cff-0310-8789-dd5450dbe970
Lazy history key creation 2010-03-11T17:05:24+00:00 Greg Hudson ghudson@mit.edu 2010-03-11T17:05:24+00:00 49abf1c55ae0d9a79239cd22ada98b2cfc54e224 Create kadmin/history lazily when we need it (i.e. when a password is changed on a principal with a policy) instead of whenever we open the database. Allows kadmin.local to be used as a read-only tool on non- kadmin-conformant database back ends such as the Samba bridge. ticket: 6679 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23799 dc483132-0cff-0310-8789-dd5450dbe970 
Create kadmin/history lazily when we need it (i.e. when a password is
changed on a principal with a policy) instead of whenever we open the
database.  Allows kadmin.local to be used as a read-only tool on non-
kadmin-conformant database back ends such as the Samba bridge.

ticket: 6679

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23799 dc483132-0cff-0310-8789-dd5450dbe970
Remove some more test suite cruft: 2010-02-28T20:32:00+00:00 Greg Hudson ghudson@mit.edu 2010-02-28T20:32:00+00:00 9f79427d9b3793dff35e2c787e7b27f4d62e50f5 * localhostname from get_hostname was unused. * database_name is no longer used except (misleadingly) in kdb5_util output. * admin_database_name and admin_database_lockfile are no longer used. * default_domain is only used for v4->v5 principal conversion, which isn't tested. * libkadm5's init-v2.exp had a copy of get_hostname; domain and localhostname from it were unused. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23759 dc483132-0cff-0310-8789-dd5450dbe970 
* localhostname from get_hostname was unused.
* database_name is no longer used except (misleadingly) in kdb5_util
  output.
* admin_database_name and admin_database_lockfile are no longer used.
* default_domain is only used for v4->v5 principal conversion, which
  isn't tested.
* libkadm5's init-v2.exp had a copy of get_hostname; domain and
  localhostname from it were unused.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23759 dc483132-0cff-0310-8789-dd5450dbe970
Minimal support for updating history key 2010-02-11T16:07:08+00:00 Greg Hudson ghudson@mit.edu 2010-02-11T16:07:08+00:00 fe68c6595b7f90ec6891b4dbb0b227ee859090e5 Add minimal support for re-randomizing the history key: * cpw -randkey kadmin/history now works, but creates only one key. * cpw -randkey -keepold kadmin/history still fails. * libkadm5 no longer caches the history key. Performance impact is minimal since password changes are not common. * randkey no longer checks the newly randomized key against old keys, and the disabled code to do so in setkey/setv4key is gone, so now only kadm5_chpass_principal_3 accesses the password history. ticket: 6660 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23716 dc483132-0cff-0310-8789-dd5450dbe970 
Add minimal support for re-randomizing the history key:

* cpw -randkey kadmin/history now works, but creates only one key.
* cpw -randkey -keepold kadmin/history still fails.
* libkadm5 no longer caches the history key.  Performance impact
  is minimal since password changes are not common.
* randkey no longer checks the newly randomized key against old keys,
  and the disabled code to do so in setkey/setv4key is gone, so now
  only kadm5_chpass_principal_3 accesses the password history.

ticket: 6660
target_version: 1.8
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23716 dc483132-0cff-0310-8789-dd5450dbe970
Rename api.3 to api.current in the libkadm5 unit tests. This way the 2009-10-29T16:13:36+00:00 Greg Hudson ghudson@mit.edu 2009-10-29T16:13:36+00:00 88dce422743e99b8a6814b730b0ff1d219c513ea main body of tests won't have to be moved every time the current API version of libkadm5 changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23087 dc483132-0cff-0310-8789-dd5450dbe970 
main body of tests won't have to be moved every time the current API
version of libkadm5 changes.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23087 dc483132-0cff-0310-8789-dd5450dbe970