summaryrefslogtreecommitdiffstats
path: root/src/kadmin/dbutil
Commit message (Collapse)AuthorAgeFilesLines
* Clean up the code to eliminate some clang warningsBen Kaduk2013-11-042-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In ure.c, though k is a short, the literal 1 is of type 'int', and so the operation 'k + 1' is performed at the (32-bit) width of int, and therefore the "%d" format string is correct. In accept_sec_context.c, the 'length' field of krb5_data is an unsigned type, so checking for a negative value has no effect. In net-server.c, the helper routine rtm_type_name() is only used in code that is disabled with #if 0 conditionals; make the definition also disabled in the same way to avoid warnings of an unused function. In kdc_authdata.c, equality checks in double parentheses elicit a warning from clang. The double-parentheses idiom is normally used to indicate that an assignment is being performed, but the value of the assignment is also to be used as the value for the conditional. Since assignment and equality checking differ only by a single character, clang considers this worthy of a warning. Since the extra set of parentheses is redundant and against style, it is correct to remove them. In several places (sim_server.c, dump.c, kdb5_destroy.c, ovsec_kadmd.c), there are declarations of extern variables relating to getopt() functionality that are now unused in the code. Remove these unused variables.
* Use retval, not errno, when stashing master keysBen Kaduk2013-11-043-3/+3
| | | | | | The krb5_db_store_master_key{,_list} functions return a krb5_error_code, and do not necessarily set errno on failure. Use the correct variable while reporting errors with com_err().
* Simplify kdb5_list_mkeys actkvno list retrievalGreg Hudson2013-10-251-34/+12
| | | | | After recent changes, krb5_dbe_lookup_actkvno cannot yield an empty list and cannot return KRB5_KDB_NOACTMASTERKEY.
* Use active master key in update_princ_encryptionGreg Hudson2013-10-251-10/+5
| | | | | | | | | kdb5_util update_princ_encryption should update to the active master key version, not the most recent. ticket: 6507 target_version: 1.12 tags: pullup
* Fix typos in kdb5_util master key command outputsGreg Hudson2013-10-251-5/+5
| | | | | | | | | | kdb5_util list_mkeys was beginning lines with "KNVO" instead of "KVNO". kdb5_util purge_mkeys was displaying "follwing" instead of "following" for both dry-run and normal cases. ticket: 7730 (new) target_version: 1.12 tags: pullup
* Clarify flag handling in dump.cGreg Hudson2013-08-273-65/+70
| | | | | | Get rid of "flags" bitfields and just use boolean values, to make the internal contracts for dump and load functions more precise. Rename "add_update" to "iprop_load" and reverse its sense.
* Update ulog state after promoting DB when loadingGreg Hudson2013-08-271-30/+21
| | | | | | | | If we are doing a full load, do not touch the ulog header until after we promote the temporary DB to live. This avoids the same bugs as the #7588 fix, but more robustly. Based on a patch from Richard Basch. ticket: 7695
* Don't reopen the KDB in update_princ_encryptionGreg Hudson2013-07-311-0/+12
| | | | | | | | | | kdb5_util update_princ_encryption iterates over the KDB and writes modified entries. With the DB2 back end, the first write operation has to upgrade the lock and reopen the DB, which resets the cursor state. Take out an explicit write lock before iterating to avoid this step. ticket: 7684 (new)
* Fix various warningsGreg Hudson2013-06-073-6/+3
|
* Reduce boilerplate in makefilesGreg Hudson2013-05-161-3/+0
| | | | | | | | | Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH, SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make sure to use DEFINES for local defines (not DEFS). Remove some other unnecessary makefile content.
* make dependGreg Hudson2013-03-241-25/+20
|
* Reset ulog header if iprop load failsGreg Hudson2013-03-151-0/+2
| | | | | | | | | | | If an iprop slave tries to load a dump from the master and it fails, reset the ulog header so we take another full dump, instead of reporting that the slave is current when it isn't. Reported by Richard Basch <basch@alum.mit.edu>. ticket: 7588 target_version: 1.11.2 tags: pullup
* Modernize dump.cGreg Hudson2013-02-063-1313/+697
| | | | | Reformat and simplify dump.c code according to current coding standards. No functional changes except for some error messages.
* Refactor dump.cGreg Hudson2013-02-061-175/+124
| | | | | | | When dumping, use a common iterator function to unpack the dump_args structure, unparse and filter the principal name, and convert master keys. Add helper functions to dump and load the "octets or -1" format used for optional binary fields in the current dump format.
* Reorder dump.cGreg Hudson2013-02-061-467/+439
| | | | | | Without changing anything (except to make a few internal functions static), reorder dump.c to bottom-up order so that forward function declarations aren't needed.
* Remove -b6 and -old dump formatsGreg Hudson2013-02-041-590/+8
| | | | | | | Get rid of the code to dump and load -b6 and -old format dump files. Loading these versions hasn't worked since at least 1.3. ticket: 7564 (new)
* Simplify kdb5_util create using a null passwordGreg Hudson2013-02-041-30/+7
| | | | | | kadm5_create_principal now uses a random key if passed a null password, so we don't need a multi-step process to create admin principals when creating a database any more.
* Fix kdb5_util dump.c uninitialized warningsGreg Hudson2013-02-011-1/+1
| | | | | | | | | | | | | Some versions of clang report an uninitialized variable warning (which we treat as an error) in process_k5beta_record. Due to the if-ladder style of the function, uninitialized tmpint values can be copied around in certain error cases, although the garbage values would be ultimately ignored. As a minimal fix, initialize the tmpint variables. ticket: 7560 (new) target_version: 1.11.1 tags: pullup
* Fix iprop log reinitializationGreg Hudson2013-01-222-13/+2
| | | | | | | | | | | | | | | | If the master iprop log is reinitialized to serial number 0, slaves will need to take a full dump--but after that happens, we need to know whether the slave has taken that full dump, we we don't offering full dumps indefinitely. So, record a timestamp in kdb_last_time when we reinitialize the log header, and compare the slave timestamp to kdb_last_time whenever it has the current serial number, even if it's 0. Test this by performing a propagation with sno 0 in t_iprop.py and detecting whether kpropd gets a second UPDATE_FULL_RESYNC_NEEDED response from kadmind. ticket: 7550 (new)
* Fix iprop safety net in kdb5_util loadGreg Hudson2013-01-171-2/+4
| | | | | | | | | The error message was missing a newline, and the exit behavior causes the database to be destroyed. ticket: 7370 target_version: 1.11.1 tags: pullup
* make dependGreg Hudson2013-01-101-1/+1
| | | | | Mostly this gets rid of the trailing space on line 2 after bb76891f5386526bdf91bc790c614fc9296cb5fa.
* Allow principals to refer to nonexistent policiesGreg Hudson2013-01-091-15/+14
| | | | | | | | | | | | | | Stop using and maintaining the policy_refcnt field, and do not try to prevent deletion of a policy which is still referenced by principals. Instead, allow principals to refer to policy names which do not exist as policy objects; treat those principals as having no associated policy. In the kadmin client, warn if addprinc or modprinc tries to reference a policy which doesn't exist, since the server will no longer error out in this case. ticket: 7385
* Separate clpreauth and kdcpreauth interfacesGreg Hudson2012-12-191-9/+9
| | | | | | | Since there is no overlap between the clpreauth and kdcpreauth interface declarations, there's no particular reason to combine them into one header. For backward compatibility and convenience, leave behind a preauth_plugin.h which includes both.
* Fix various integer issuesGreg Hudson2012-12-101-2/+1
| | | | | | | | | | | | | | | In kdc_util.c and spnego_mech.c, error returns from ASN.1 length functions could be ignored because they were assigned to unsigned values. In spnego_mech.c, two buffer size checks could be rewritten to reduce the likelihood of pointer overflow. In dump.c and kdc_preauth.c, calloc() could be used to simplify the code and avoid multiplication overflow. In pkinit_clnt.c, the wrong value was checked for a null result from malloc(), and the code could be simplified. Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>. ticket: 7488
* Make kdb5_util dump work with LDAP againGreg Hudson2012-11-121-1/+2
| | | | | | | | | | | The LDAP module doesn't support locking. There's code to ignore this in load but not in dump. dump used to only lock for iprop dumps, but now locks all the time after e65a16d898f3a686525e83661f4fd86c76e27bbf (#7384), causing it to fail with LDAP. ticket: 7445 (new) target_version: 1.11 tags: pullup
* Remove install-oldmanBen Kaduk2012-10-171-3/+0
| | | | | | The old man pages are gone, so we can't install them anymore. Also clean up install and install-unix targets that were installing the old man pages by hand.
* Remove nroff man pagesBen Kaduk2012-10-161-276/+0
| | | | | | | We generate man pages from RST sources now; they are checked into the tree in src/man/. The gen-manpages directory is no longer needed.
* Fix a minor race in kdb5_util loadNicolas Williams2012-10-051-1/+1
| | | | | | | | | | | | | | | | | | | If a kdb5_util load gets killed between rename()ing the new KDB file into place and resetting the iprop ulog then the ulog can reflect the pre-load state, which will almost certainly be incorrect. This matters because we want to impose a timeout on full resyncs in kpropd when iprop dictates that a full resync is needed, and the simplest timeout scheme involves signaling the kdb5_util load process. But also, we want no such races in general. The fix is simple: re-initialize the ulog before renaming the new KDB file into place, then proceed as usual. If the ulog is not properly updated at the end of the load it will at least always result in subsequent iprop get updates operations always indicating that a full resync is required. ticket: 7399
* Fix policy refcount corruption race in dumpNicolas Williams2012-10-051-10/+10
| | | | ticket: 7384
* Sync iprop header in kdb5_util dumpNicolas Williams2012-10-051-0/+10
| | | | [ghudson@mit.edu: split out from previous commit]
* kdb5_util load needs iprop safety netNicolas Williams2012-10-051-15/+36
| | | | ticket: 7370
* Fix kdb5_util dump raceNicolas Williams2012-10-052-34/+32
| | | | ticket: 7377
* Cleanup dump_db()Nicolas Williams2012-10-051-20/+14
|
* Use a single global dump for iprop full syncsNicolas Williams2012-10-051-54/+177
| | | | | | | | | | | | | | | | | | | | | | | | | | Use a global dump (the default dump file) for full syncs for iprop. When a slave asks for a fullsync we kprop the existing global dump to it if that is good enough, else we dump the DB and send the new global dump. Before this change kadmind would run kdb5_util dump -i... each time a slave asked for a full dump. This was done in a sub-process, thankfully, but it was still a waste of time and storage (e.g., if one has a huge KDB). Also, long dump times might cause a slave to give up (the timeout for this is now configurable). But since iprop dumps bear a serial number and timestamp and since slaves will resync from that point forward, it doesn't matter if the dump we send a slave is fresh as long as it is fresh enough (i.e., that its sno and timestamp are in the ulog). Also: - Rename dumps into place instead of unlink, create, write (but we still keep the dump ok files as lock files and as a method of signaling to kprop that the dump is complete). ticket: 7371
* Fix edge-case bugs in kdb5_util loadGreg Hudson2012-07-312-16/+25
| | | | | | | | | | | * fscanf field widths must be less than the buffer size, not equal to it. * Check for negative values of lengths we're going to allocate. * Eliminate a warning in the comparison of the regexp end offset. * process_r1_8 policy doesn't actually ignore additional values, so get rid of the comment and inequality test suggesting that it does. ticket: 7224 (new)
* Revert an out-of-scope change in policy extensionsGreg Hudson2012-07-311-1/+1
|
* Policy extensions + new policy: allowed ks typesNicolas Williams2012-07-303-61/+261
| | | | | | | | | | | | | | | | | This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new)
* De-indent process_k5beta6_record()Nicolas Williams2012-07-301-247/+210
|
* Allow using locales when gettext is absentBen Kaduk2012-07-061-0/+1
| | | | | | | | | | | Previously, if configure did not detect dgettext(), we disabled anything that smelled like localization, inadvertently including setlocale(). Now that we use setlocale(LC_ALL, ""), we have localized dates available as well as messages, so we should not disable calls to setlocale() any more. Since the routines from locale.h are only used in a relatively small number of places, just include the header directly in those files and remove it from k5-platform.h.
* Enable all localizations in main functionsBen Kaduk2012-07-061-1/+1
| | | | | | | | | | | | | | | Bite the bullet and pass LC_ALL to setlocale() instead of just LC_MESSAGES. Calls to setlocale() itself were introduced in fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but only for LC_MESSAGES since only localized strings were needed and that was the most conservative option. However, klist, kadmin, and kinit (and perhaps others) would benefit from localized formats for times (i.e., LC_TIME). If potentially localized data is being sent on the wire, that is a bug that should be fixed. No such bugs are found with the current test suite, so we are comfortable enabling LC_ALL at this time. ticket: 7192
* Only store master mey list in DAL handleGreg Hudson2012-03-215-30/+26
| | | | | | | | | | | | | | r24314 (#6778) created a hybrid owernship model for the master key list, with one virtual copy stored in the DAL handle and one provided to the caller of krb5_db_fetch_mkey_list. Replace this with a model where only the DAL handle owns the list, and a caller can get access to an alias pointer with a new function krb5_db_mkey_list_alias(). Functions which previously accepted the master key list as an input parameter now expect to find it in the DAL handle. Patch by Will Fiveash <will.fiveash@oracle.com>. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25781 dc483132-0cff-0310-8789-dd5450dbe970
* install sphinx-generated manpagesTom Yu2012-01-091-0/+2
| | | | | | | | | | | | | | | | | Install sphinx-generated manpages. Original nroff manpages remain for reference until proofreading is complete. Modify doc/rst_source/conf.py to better deal with shadow manpages -- sphinx will now build k5login.5 instead of .k5login.5, and kadmin.1 instead of both kadmin.1 and kadmin.local.8. Proofreaders should ensure that the original nroff manpages (and associated Makefile rules) are deleted once their reST format equivalents have been proofread. ticket: 7064 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970
* Man page spelling corrections from ville.skytta@iki.fiGreg Hudson2011-10-021-2/+2
| | | | | | ticket: 6968 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25290 dc483132-0cff-0310-8789-dd5450dbe970
* Instead of passing a 0 to add_new_mkey for kvno and leavingKen Raeburn2011-09-051-1/+3
| | | | | | | | | | new_mkey_kvno (used when stashing) uninitialized, use get_next_kvno to set the latter to the only non-zero value that add_new_mkey will accept. ticket: 6617 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25148 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an unused variableEzra Peisach2011-08-191-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25104 dc483132-0cff-0310-8789-dd5450dbe970
* Use AI_ADDRCONFIG for more efficient getaddrinfoGreg Hudson2011-06-231-1/+1
| | | | | | | | | | | | | | | Add AI_ADDRCONFIG to the hint flags for every invocation of getaddrinfo which wasn't already using it. This is often the default behavior when no hints are specified, but we tend to specify hints a lot, so we have to say it ourselves. AI_ADDRCONFIG causes AAAA lookups to be skipped if the system has no public IPv6 interface addresses, usually saving a couple of DNS queries per getaddrinfo call and allowing DNS caching to be much more effective without the need for negative caching. ticket: 6923 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24978 dc483132-0cff-0310-8789-dd5450dbe970
* Add setlocale() calls to main functionsGreg Hudson2011-06-101-0/+1
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24963 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-107-278/+315
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-096-38/+10
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make sure ulog_map() is invoked whenever we open the database inGreg Hudson2011-02-272-8/+11
| | | | | | | | | | | kdb5_util. Fixes all of the master key rollover commands in the presence of iprop. Reported by kacarstensen@csupomona.edu. ticket: 6875 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24667 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 04:54:31 +0000