summaryrefslogtreecommitdiffstats
path: root/src/kadmin/cli
Commit message (Collapse)AuthorAgeFilesLines
* Use correct default principal for kadmin -nGreg Hudson2013-10-301-6/+14
| | | | | | | | | Use WELLKNOWN/ANONYMOUS@realm as the default principal for kadmin -n, just like we do for kinit -n. ticket: 7741 (new) target_version: 1.12 tags: pullup
* Add kadmin support for principals without keysGreg Hudson2013-07-151-15/+34
| | | | | | | | | Add kadmin support for "addprinc -nokey", which creates a principal with no keys, and "purgekeys -all", which deletes all keys from a principal. The KDC was modified by #7630 to support principals without keys. ticket: 7679 (new)
* Reduce boilerplate in makefilesGreg Hudson2013-05-161-3/+0
| | | | | | | | | Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH, SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make sure to use DEFINES for local defines (not DEFS). Remove some other unnecessary makefile content.
* make dependGreg Hudson2013-03-241-7/+6
|
* Fix kadmin_getpol format stringGreg Hudson2013-03-151-2/+2
| | | | | | | Commit 0780e46fc13dbafa177525164997cd204cc50b51 matched a %ld format string with the integer 0, which is an int rather than a long. Just put 0 in the format string instead. Noted by David Benjamin <davidben@mit.edu>.
* Add support for k5srvutil -e keysaltsAlex Dehnert2013-03-111-2/+8
| | | | | | | | | | | k5srvutil is a little more convenient to use for rolling keys than kadmin is. When migrating off 1DES, though, it may be desirable to explicitly specify the desired keysalts. This adds an option, -e, to k5srvutil to specify desired keysalts. [ghudson@mit.edu: style fix; make whitespace in keysalt list work] ticket: 7589 (new)
* make dependGreg Hudson2013-01-101-1/+1
| | | | | Mostly this gets rid of the trailing space on line 2 after bb76891f5386526bdf91bc790c614fc9296cb5fa.
* Allow principals to refer to nonexistent policiesGreg Hudson2013-01-091-14/+35
| | | | | | | | | | | | | | Stop using and maintaining the policy_refcnt field, and do not try to prevent deletion of a policy which is still referenced by principals. Instead, allow principals to refer to policy names which do not exist as policy objects; treat those principals as having no associated policy. In the kadmin client, warn if addprinc or modprinc tries to reference a policy which doesn't exist, since the server will no longer error out in this case. ticket: 7385
* Separate clpreauth and kdcpreauth interfacesGreg Hudson2012-12-191-4/+4
| | | | | | | Since there is no overlap between the clpreauth and kdcpreauth interface declarations, there's no particular reason to combine them into one header. For backward compatibility and convenience, leave behind a preauth_plugin.h which includes both.
* Remove install-oldmanBen Kaduk2012-10-171-5/+0
| | | | | | The old man pages are gone, so we can't install them anymore. Also clean up install and install-unix targets that were installing the old man pages by hand.
* Remove nroff man pagesBen Kaduk2012-10-163-1038/+0
| | | | | | | We generate man pages from RST sources now; they are checked into the tree in src/man/. The gen-manpages directory is no longer needed.
* Policy extensions + new policy: allowed ks typesNicolas Williams2012-07-301-23/+50
| | | | | | | | | | | | | | | | | This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new)
* Fix ugly ladder in src/kadmin/cli/kadmin.cNicolas Williams2012-07-301-144/+112
|
* Allow using locales when gettext is absentBen Kaduk2012-07-061-0/+1
| | | | | | | | | | | Previously, if configure did not detect dgettext(), we disabled anything that smelled like localization, inadvertently including setlocale(). Now that we use setlocale(LC_ALL, ""), we have localized dates available as well as messages, so we should not disable calls to setlocale() any more. Since the routines from locale.h are only used in a relatively small number of places, just include the header directly in those files and remove it from k5-platform.h.
* Enable all localizations in main functionsBen Kaduk2012-07-061-1/+1
| | | | | | | | | | | | | | | Bite the bullet and pass LC_ALL to setlocale() instead of just LC_MESSAGES. Calls to setlocale() itself were introduced in fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but only for LC_MESSAGES since only localized strings were needed and that was the most conservative option. However, klist, kadmin, and kinit (and perhaps others) would benefit from localized formats for times (i.e., LC_TIME). If potentially localized data is being sent on the wire, that is a bug that should be fixed. No such bugs are found with the current test suite, so we are comfortable enabling LC_ALL at this time. ticket: 7192
* Remove orphaned KfM codeGreg Hudson2012-06-211-14/+0
|
* Remove orphaned Apple PKINIT supportGreg Hudson2012-04-261-65/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25830 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin_getprivs replace the non-existing "GET" privilege by "INQUIRE". Zhanna Tsitkov2012-02-151-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25702 dc483132-0cff-0310-8789-dd5450dbe970
* install sphinx-generated manpagesTom Yu2012-01-091-0/+2
| | | | | | | | | | | | | | | | | Install sphinx-generated manpages. Original nroff manpages remain for reference until proofreading is complete. Modify doc/rst_source/conf.py to better deal with shadow manpages -- sphinx will now build k5login.5 instead of .k5login.5, and kadmin.1 instead of both kadmin.1 and kadmin.local.8. Proofreaders should ensure that the original nroff manpages (and associated Makefile rules) are deleted once their reST format equivalents have been proofread. ticket: 7064 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970
* Fix failure interval of 0 in LDAP lockout codeGreg Hudson2011-11-201-2/+3
| | | | | | | | | | | | | | | | A failure count interval of 0 caused krb5_ldap_lockout_check_policy to pass the lockout check (but didn't cause a reset of the failure count in krb5_ldap_lockout_audit). It should be treated as forever, as in the DB2 back end. This bug is the previously unknown cause of the assertion failure fixed in CVE-2011-1528. ticket: 7021 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25480 dc483132-0cff-0310-8789-dd5450dbe970
* Fix month/year units in getdateGreg Hudson2011-11-061-1/+2
| | | | | | | | | | | | | getdate strings like "1 month" or "next year" would fail some of the time, depending on the value of stack garbage, because DSTcorrect() doesn't set *error on success and RelativeMonth() doesn't initialize error. Make DSTcorrect() responsible for setting *error in all cases. ticket: 7003 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25444 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-171-1/+1
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* Man page spelling corrections from ville.skytta@iki.fiGreg Hudson2011-10-021-7/+7
| | | | | | ticket: 6968 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25290 dc483132-0cff-0310-8789-dd5450dbe970
* Add kadmin functionality for string attributesGreg Hudson2011-09-214-0/+161
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25215 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-041-6/+7
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of variables triggering gcc's "defined but not used"Ken Raeburn2011-09-041-4/+0
| | | | | | complaints, almost entirely "rcsid" variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25141 dc483132-0cff-0310-8789-dd5450dbe970
* Define KRB5_TL_DB_ARGS unconditionally in kdb.hGreg Hudson2011-07-261-1/+0
| | | | | | | | | Due to an apparent merge bug, KRB5_TL_DB_ARGS was defined in a SECURID conditional block, and several source files worked around the problem by defining the constant themselves or defining SECURID. Move the definition and remove the workarounds. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25055 dc483132-0cff-0310-8789-dd5450dbe970
* make dependEzra Peisach2011-07-011-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25007 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a minor memory leak in kadminGreg Hudson2011-06-231-10/+11
| | | | | | | | | kadmin_getprinc() was using the variable "canon" for two purposes. After r22785, canon wasn't freed between constructions, so the first value was leaked. Fix by using separate variables for separate strings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24987 dc483132-0cff-0310-8789-dd5450dbe970
* Handle invalid intervals in lockout-related kadmin parametersGreg Hudson2011-06-101-8/+18
| | | | | | ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24966 dc483132-0cff-0310-8789-dd5450dbe970
* Add setlocale() calls to main functionsGreg Hudson2011-06-101-0/+1
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24963 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-103-236/+275
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Document the lockout-related options in kadmin (modprinc -unlock andGreg Hudson2011-05-161-0/+21
| | | | | | | | | | addpol/modpol -maxfailure, -failurecountinterval, and -lockoutduration), in the man page and in admin.texinfo. Based on text submitted by shawn.emery@oracle.com. ticket: 6910 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24932 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin, try using get_date() for lockout-related duration inputs toGreg Hudson2011-05-161-6/+17
| | | | | | | | | | | modpol and addpol, but still allow bare numbers of seconds since that's what we took in 1.8 and 1.9. Use strdur() to display lockout-related durations in getpol. Reported by shawn.emery@oracle.com. ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24931 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-093-9/+7
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-251-8/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* kadmin's ktremove can remove wrong entries when removing kvno 0Greg Hudson2011-02-011-1/+2
| | | | | | | | | | | | | | | | | Because of 8-bit wraparound, keytabs can contain entries with kvno 0. Because 0 is a distinguished kvno value for krb5_kt_get_entry(), kadmin's remove_principal() winds up substituting the specified kvno with the highest-numbered kvno of the specified principal in the keytab. Make sure not to perform this substitution when in specified-kvno mode. (This fix leaves behind a very minor bug where "ktrem principal 0" returns silently, instead of producing an error message like it normally would, if principal exists in the keytab but not at kvno 0.) ticket: 6854 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24611 dc483132-0cff-0310-8789-dd5450dbe970
* Make principal renaming work in libkadm5srv by converting to explicitGreg Hudson2011-01-253-0/+67
| | | | | | | | | | | salts as necessary. Add a principal rename command to the client. (The RPC infrastructure was already present.) Adapted from patches submitted by mdw@umich.edu and lha@apple.com. ticket: 6323 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24604 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-281-1/+1
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Correct typo in r24526Greg Hudson2010-11-221-1/+1
| | | | | | ticket: 6823 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24527 dc483132-0cff-0310-8789-dd5450dbe970
* getdate.y: declare yyparseSam Hartman2010-11-221-0/+1
| | | | | | | | | | | | At least on lucid, byacc doesn't declare yyparse, which creates problems because lucid treats calls to unprototyped functions as errors. ticket: 6823 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24526 dc483132-0cff-0310-8789-dd5450dbe970
* FILE keytabs have been able to handle write operations since krb5 1.7,Greg Hudson2010-10-261-9/+0
| | | | | | | | | | as an apparently unintended side effect of r20594. Clean up the code by combining the identical resolve functions for FILE and WRFILE, and removing the code to set up a WRFILE default keytab name in kadmin.c. Also fixes a slight display bug; k5test.py needs to be adjusted to expect the correct output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24487 dc483132-0cff-0310-8789-dd5450dbe970
* Declare kadmin_purgekeysKen Raeburn2010-10-231-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24475 dc483132-0cff-0310-8789-dd5450dbe970
* Add a kadm5 RPC for purging old keys from the KDB (e.g., fromTom Yu2010-10-083-8/+63
| | | | | | | | | | | | | | | change_password -keepold), and add a kadmin CLI command for it. Keeping ticket open because an automated test needs to be added. Long-term future work includes start/expire dates on keys, or not-yet-valid flags. ticket: 1219 status: open target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24442 dc483132-0cff-0310-8789-dd5450dbe970
* Propagate modprinc -unlock from master to slave KDCsGreg Hudson2010-10-051-26/+52
| | | | | | | | | | | | Create a new tl-data type to hold the time of the last administrative unlock, and factor it into decisions about account lockout. Since tl-data values are propagated from master to slave, this will cause modprinc -unlock operations to reach slave KDCs on the next propagation. ticket: 6795 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-081-5/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* kadmin ktadd may display wrong name of default keytabGreg Hudson2010-06-082-4/+7
| | | | | | | | | | | | | | kadmin's ktadd (and ktrem) displays WRFILE:/etc/krb5.keytab whenever it uses the default keytab, even if the default has been overridden (e.g. by KRB5_KTNAME). Use krb5_kt_get_name to get the correct name of the default cache instead of displaying the string we think was used to open it. ticket: 6740 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24123 dc483132-0cff-0310-8789-dd5450dbe970
* When we display enctypes, display the input name rather than theGreg Hudson2010-06-082-3/+3
| | | | | | | | | description. Affects klist -e, kdb5_util list_mkeys, kdb5_util stash (error message), kadmin getprinc, kadmin ktadd, and ktutil list -e. ticket: 5014 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24122 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-071-10/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an unneeded conditional in the cleanup for kadmin's keytabGreg Hudson2010-05-211-5/+3
| | | | | | add_principal(), squashing a false-positive memory leak from Coverity. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24083 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 17:39:40 +0000