krb5.git/src/lib/kadm5/unit-test, branch keyring

Avoid deprecated krb5_get_in_tkt_with_keytab

2013-11-04T18:51:14+00:00

The kprop code has been pretty unloved, and uses some routines that
are marked as deprecated (which show up as warnings in the build log).
Use the documented replacement for krb5_get_in_tkt_with_keytab,
krb5_get_init_creds_keytab, instead.  As a bonus, there is no longer
a side effect of a credentials cache that needs to be destroyed.

The also-deprecated function krb5_get_in_tkt_with_skey was backending
to it when no keyblock was passed in; we can unroll the call to
krb5_get_init_creds_keytab ourselves as the documented workaround.
While here, improve style compliance with regards to cleanup.

The setkey test just wants to know whether it can use the key it
just put into a keytab to get credentials; as such the recommended
krb5_get_init_creds_keytab is quite sufficient.
While here, use that interface to request the particular enctype
as well, reducing the scope of an XXX comment.

ticket: 6366

Make empty passwords work via init_creds APIs

2013-05-27T16:49:34+00:00

In the gak_data value used by krb5_get_as_key_password, separate the
already-known password from the storage we might have allocated to put
it in, so that we no longer use an empty data buffer to determine
whether we know the password.  This allows empty passwords to work via
the API.

Remove the kadm5 test which explicitly uses an empty password.

Based on a patch from Stef Walter.

ticket: 7642

Reduce boilerplate in makefiles

2013-05-17T00:09:27+00:00

Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.

make depend

2013-03-24T05:30:33+00:00

make depend

2013-01-10T17:46:26+00:00

Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.

Fold kadm5 internal policy functions into callers

2013-01-09T20:35:44+00:00

kadm5_create_policy and kadm5_modify_policy had _internal variants in
libkadm5srv (but not libkadm5clnt) which only existed to protect the
policy_refcnt field from modification over the wire.  Now that
policy_refcnt is no longer used, we don't need the separation.

Bump the library soname since this is technically an ABI change.

Allow principals to refer to nonexistent policies

2013-01-09T20:35:43+00:00

Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.

In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.

ticket: 7385

Separate clpreauth and kdcpreauth interfaces

2012-12-19T19:24:21+00:00

Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header.  For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.

Policy extensions + new policy: allowed ks types

2012-07-30T23:11:28+00:00

This simply adds KADM5_API_VERSION_4 and various fields to the
policy structures:

 - attributes         (policy-ish principal attributes)
 - max_life           (max ticket life)
 - max_renewable_life (max ticket renewable life)
 - allowed_keysalts   (allowed key/salt types)
 - TL data            (future policy extensions)

Of these only allowed_keysalts is currently implemented.

Some refactoring of TL data handling is also done.

ticket: 7223 (new)

Make depend

2011-02-25T17:30:37+00:00

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970