krb5.git/src/lib/kadm5, branch keyring MIT Kerberos patches Avoid deprecated krb5_get_in_tkt_with_keytab 2013-11-04T18:51:14+00:00 Ben Kaduk kaduk@mit.edu 2012-07-10T14:14:52+00:00 29dee7d2cece615bec4616fa9b727e77210051db The kprop code has been pretty unloved, and uses some routines that are marked as deprecated (which show up as warnings in the build log). Use the documented replacement for krb5_get_in_tkt_with_keytab, krb5_get_init_creds_keytab, instead. As a bonus, there is no longer a side effect of a credentials cache that needs to be destroyed. The also-deprecated function krb5_get_in_tkt_with_skey was backending to it when no keyblock was passed in; we can unroll the call to krb5_get_init_creds_keytab ourselves as the documented workaround. While here, improve style compliance with regards to cleanup. The setkey test just wants to know whether it can use the key it just put into a keytab to get credentials; as such the recommended krb5_get_init_creds_keytab is quite sufficient. While here, use that interface to request the particular enctype as well, reducing the scope of an XXX comment. ticket: 6366 
The kprop code has been pretty unloved, and uses some routines that
are marked as deprecated (which show up as warnings in the build log).
Use the documented replacement for krb5_get_in_tkt_with_keytab,
krb5_get_init_creds_keytab, instead.  As a bonus, there is no longer
a side effect of a credentials cache that needs to be destroyed.

The also-deprecated function krb5_get_in_tkt_with_skey was backending
to it when no keyblock was passed in; we can unroll the call to
krb5_get_init_creds_keytab ourselves as the documented workaround.
While here, improve style compliance with regards to cleanup.

The setkey test just wants to know whether it can use the key it
just put into a keytab to get credentials; as such the recommended
krb5_get_init_creds_keytab is quite sufficient.
While here, use that interface to request the particular enctype
as well, reducing the scope of an XXX comment.

ticket: 6366
Don't cache active master key list in kadmind 2013-10-25T15:36:11+00:00 Greg Hudson ghudson@mit.edu 2013-10-23T22:56:20+00:00 74c1420ea4dffc1105247e362decf608440751ae "kdb5_util use_mkey" should not require a kadmind restart to take effect. At the cost of fetching the K/M principal once for each key change operation, make kadmind use the current active master key list for each operation. ticket: 7685 target_version: 1.12 tags: pullup 
"kdb5_util use_mkey" should not require a kadmind restart to take
effect.  At the cost of fetching the K/M principal once for each key
change operation, make kadmind use the current active master key list
for each operation.

ticket: 7685
target_version: 1.12
tags: pullup
Add kadmin support for principals without keys 2013-07-15T16:31:38+00:00 Greg Hudson ghudson@mit.edu 2013-07-09T14:58:49+00:00 57d0b4b300e43722ae9f080fbf132edeb3834323 Add kadmin support for "addprinc -nokey", which creates a principal with no keys, and "purgekeys -all", which deletes all keys from a principal. The KDC was modified by #7630 to support principals without keys. ticket: 7679 (new) 
Add kadmin support for "addprinc -nokey", which creates a principal
with no keys, and "purgekeys -all", which deletes all keys from a
principal.  The KDC was modified by #7630 to support principals
without keys.

ticket: 7679 (new)
Avoid allocating zero key_data structures 2013-07-15T16:20:26+00:00 Greg Hudson ghudson@mit.edu 2013-07-15T16:20:26+00:00 d9457b501cbab535e5968dbdf195ca334b9fa555 When we allocate space for an array of key_data structures, make sure we allocate at least one, so we don't spuriously fail on platforms where malloc(0) returns NULL. Where we use malloc, use k5calloc instead. Where we use krb5_db_alloc or realloc, just allocate an extra entry. 
When we allocate space for an array of key_data structures, make sure
we allocate at least one, so we don't spuriously fail on platforms
where malloc(0) returns NULL.  Where we use malloc, use k5calloc
instead.  Where we use krb5_db_alloc or realloc, just allocate an
extra entry.
Use k5calloc instead of k5alloc where appropriate 2013-07-12T00:39:51+00:00 Greg Hudson ghudson@mit.edu 2013-07-12T00:39:51+00:00 443ce5fef316e3dc324fe84557a06b069dbe33f9 Wherever we use k5alloc with a multiplication in the size parameter,, use the new k5calloc helper function instead. 
Wherever we use k5alloc with a multiplication in the size parameter,,
use the new k5calloc helper function instead.
Fix various warnings 2013-06-07T19:19:37+00:00 Greg Hudson ghudson@mit.edu 2013-06-07T19:17:31+00:00 e51c089b745161dd6e1d64998e99d065fc22377e 






Make empty passwords work via init_creds APIs
2013-05-27T16:49:34+00:00

Greg Hudson
ghudson@mit.edu

2013-05-23T19:33:58+00:00

f3458ed803ae97b6c6c7c63baeb82b26c4943d4c

In the gak_data value used by krb5_get_as_key_password, separate the
already-known password from the storage we might have allocated to put
it in, so that we no longer use an empty data buffer to determine
whether we know the password.  This allows empty passwords to work via
the API.

Remove the kadm5 test which explicitly uses an empty password.

Based on a patch from Stef Walter.

ticket: 7642





In the gak_data value used by krb5_get_as_key_password, separate the
already-known password from the storage we might have allocated to put
it in, so that we no longer use an empty data buffer to determine
whether we know the password.  This allows empty passwords to work via
the API.

Remove the kadm5 test which explicitly uses an empty password.

Based on a patch from Stef Walter.

ticket: 7642







Reduce boilerplate in makefiles
2013-05-17T00:09:27+00:00

Greg Hudson
ghudson@mit.edu

2013-05-16T18:21:12+00:00

4b0985f8573840838bcfa8ec1df3dcd39a3dbf15

Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.





Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.







make depend
2013-03-24T05:30:33+00:00

Greg Hudson
ghudson@mit.edu

2013-03-24T05:30:33+00:00

24c8bacbccc854dc30fd6baee49cdd2bf2557e47












Modernize k5buf
2013-02-14T16:42:28+00:00

Greg Hudson
ghudson@mit.edu

2013-02-14T16:41:10+00:00

6dda284554a869f7fa1e6d2a035df06c97f103ef

Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity.  Reformat some k5buf implementation code to match current
practices.





Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity.  Reformat some k5buf implementation code to match current
practices.