summaryrefslogtreecommitdiffstats
path: root/src/lib/kadm5
Commit message (Collapse)AuthorAgeFilesLines
...
* make dependTom Yu2011-10-141-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25344 dc483132-0cff-0310-8789-dd5450dbe970
* Add kadmin functionality for string attributesGreg Hudson2011-09-2110-0/+278
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25215 dc483132-0cff-0310-8789-dd5450dbe970
* Silence various "may be used uninitialized" warnings from GCC causedKen Raeburn2011-09-051-1/+1
| | | | | | | | | by it not figuring out the control flow (initialization and use both tied to some other variable). DB2 code not included. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25146 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-041-1/+1
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of variables triggering gcc's "defined but not used"Ken Raeburn2011-09-048-32/+0
| | | | | | complaints, almost entirely "rcsid" variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25141 dc483132-0cff-0310-8789-dd5450dbe970
* Remember and close the kadmin socket we openedGreg Hudson2011-08-262-1/+9
| | | | | | | | | | | Prior to ticket #6746, the RPC library opened the kadmin socket and took responsibility for closing. When we added IPv6 support, the calling code became the owner of the socket but wasn't closing it, resulting in a file descriptor leak. ticket: 6949 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25115 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify and fix chpass_util error generationGreg Hudson2011-07-061-34/+20
| | | | | | | | | | | | | | If a principal has no associated kadm5 policy, we may still get password quality errors from a module (KDB or pwqual). There was a bug in the error generation for this case which caused only a generic error to be returned. Also use snprintf() instead of multiple string operations to compose errors. From Simo Sorce <ssorce@redhat.com>. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25014 dc483132-0cff-0310-8789-dd5450dbe970
* isspace should only get unsigned-char values or EOFKen Raeburn2011-07-011-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25010 dc483132-0cff-0310-8789-dd5450dbe970
* make dependEzra Peisach2011-07-011-4/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25007 dc483132-0cff-0310-8789-dd5450dbe970
* Make fewer db lookups in kadm5_create_principal_3Greg Hudson2011-06-241-19/+10
| | | | | | | | By creating the password history entry earlier in the function, we can avoid the need to look up the principal entry twice just to save a copy of the key data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24990 dc483132-0cff-0310-8789-dd5450dbe970
* Use zapfree in krb5_free_key_data_contents()Greg Hudson2011-06-241-6/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24989 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a minor memory leak in the pwqual loaderGreg Hudson2011-06-231-0/+1
| | | | | | | k5_pwqual_free_handles() wasn't freeing the container structure for each handle. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24986 dc483132-0cff-0310-8789-dd5450dbe970
* Use AI_ADDRCONFIG for more efficient getaddrinfoGreg Hudson2011-06-232-2/+3
| | | | | | | | | | | | | | | Add AI_ADDRCONFIG to the hint flags for every invocation of getaddrinfo which wasn't already using it. This is often the default behavior when no hints are specified, but we tend to specify hints a lot, so we have to say it ourselves. AI_ADDRCONFIG causes AAAA lookups to be skipped if the system has no public IPv6 interface addresses, usually saving a couple of DNS queries per getaddrinfo call and allowing DNS caching to be much more effective without the need for negative caching. ticket: 6923 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24978 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-1011-52/+58
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Resolve a few miscellaneous warningsGreg Hudson2011-03-142-6/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24703 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-0913-60/+30
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-254-45/+47
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* In kadm5_rename_principal, fix an oversight which would cause errorsGreg Hudson2011-02-131-1/+2
| | | | | | from krb5_principal2salt_norealm to be ignored. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24637 dc483132-0cff-0310-8789-dd5450dbe970
* Make principal renaming work in libkadm5srv by converting to explicitGreg Hudson2011-01-251-15/+49
| | | | | | | | | | | salts as necessary. Add a principal rename command to the client. (The RPC infrastructure was already present.) Adapted from patches submitted by mdw@umich.edu and lha@apple.com. ticket: 6323 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24604 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2010-12-051-15/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24561 dc483132-0cff-0310-8789-dd5450dbe970
* Implement restrict_anonymous_to_tgt realm flagGreg Hudson2010-12-012-0/+8
| | | | | | | | | | | | | Implement a new realm flag to reject ticket requests from anonymous principals to any principal other than the local TGT. Allows FAST to be deployed using anonymous tickets as armor in realms where the set of authenticatable users must be constrained. ticket: 6829 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24547 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-284-4/+4
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_error_message cannot return NULL, and returns "Success" onGreg Hudson2010-11-011-4/+2
| | | | | | error code 0. Simplify some overly paranoid code accordingly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24489 dc483132-0cff-0310-8789-dd5450dbe970
* Declare xdr_purgekeys_argKen Raeburn2010-10-231-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24476 dc483132-0cff-0310-8789-dd5450dbe970
* Add a kadm5 RPC for purging old keys from the KDB (e.g., fromTom Yu2010-10-088-0/+135
| | | | | | | | | | | | | | | change_password -keepold), and add a kadmin CLI command for it. Keeping ticket open because an automated test needs to be added. Long-term future work includes start/expire dates on keys, or not-yet-valid flags. ticket: 1219 status: open target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24442 dc483132-0cff-0310-8789-dd5450dbe970
* Performance issue in LDAP policy fetchGreg Hudson2010-10-071-4/+4
| | | | | | | | | | Instead of performing a tree search to fill in the refcnt field of a policy object whenever a policy is fetched, set the refcnt to 0 and perform a check when policies are deleted. ticket: 6799 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24440 dc483132-0cff-0310-8789-dd5450dbe970
* Add a name field to the pwqual plugin vtable and log pwqual moduleGreg Hudson2010-10-057-1/+28
| | | | | | rejections. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24425 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-09-302-42/+30
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24392 dc483132-0cff-0310-8789-dd5450dbe970
* Use a different construction for defaulting ks_tuple and n_ks_tuple inGreg Hudson2010-09-301-33/+31
| | | | | | | the libkadm5 server principal routines, to avoid repeated conditional expressions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24391 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2010-09-291-2/+24
| | | | | | Add kadm5_hook test plugin to toplevel Makefile.in git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24377 dc483132-0cff-0310-8789-dd5450dbe970
* kadm5_hook: new plugin interfaceSam Hartman2010-09-295-9/+321
| | | | | | | | | | | Implement http://k5wiki.kerberos.org/wiki/Projects/Kadmin_hook_interface This provides an interface that allows a plugin to track kadmin operations. This can be used for projects like the krb5-sync project. ticket: 6791 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24375 dc483132-0cff-0310-8789-dd5450dbe970
* Formatting fixGreg Hudson2010-09-151-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24317 dc483132-0cff-0310-8789-dd5450dbe970
* kdb: store mkey list in context and permit NULL mkey for ↵Sam Hartman2010-09-151-37/+16
| | | | | | | | | | | | | | | | | | | | | | | | kdb_dbe_decrypt_key_data Previously, code needed to run a loop to find the current master key, possibly fetch a new master key list and try finding the master key again around each key decryption. This was not universally done; there are cases where only the current master key was used. In addition, the correct ideom for decrypting key data is too complicated and is potentially unavailable to plugins that do not have access to the master key. Instead, store the master key list in the dal_handle whenever it is fetched and permit a NULL master key for krb5_dbe_decrypt_key_data. * Remove APIs for krb5_db_{get|set}_mkey_list * krb5_db_fetch_mkey_list: memoize master key list in dal_handle * krb5_db_free_mkey_list: don't free the memoized list; arrange for it to be freed later * krb5_dbe_decrypt_key_data: Search for correct master key on NULL argument * change call sites to take advantage ticket: 6778 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24314 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-084-66/+145
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* In k5_pwqual_load(), if the last vtable initializer fails, return 0Greg Hudson2010-09-041-0/+1
| | | | | | and not its exit value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24290 dc483132-0cff-0310-8789-dd5450dbe970
* Fix output argument ordering and handling in k5_pwqual_load()Greg Hudson2010-09-033-7/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24289 dc483132-0cff-0310-8789-dd5450dbe970
* Prevent a double free in k5_pwqual_load()Greg Hudson2010-09-031-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24288 dc483132-0cff-0310-8789-dd5450dbe970
* Password quality pluggable interfaceGreg Hudson2010-09-0113-365/+818
| | | | | | | | | | | Merge branches/plugins2 to trunk. Adds a password quality pluggable interface described in this project page: http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface ticket: 6765 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24284 dc483132-0cff-0310-8789-dd5450dbe970
* Use xdr_int32 instead of xdr_u_int in xdr_krb5_enctype(), sinceGreg Hudson2010-07-261-1/+1
| | | | | | | enctypes are signed 32-bit values. Wire representation does not change. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24211 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in libkadm5clnt's get_init_creds()Greg Hudson2010-07-081-4/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24179 dc483132-0cff-0310-8789-dd5450dbe970
* Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modulesGreg Hudson2010-07-081-1/+2
| | | | | | | | | | | should return in-realm aliases. Set it where appropriate, and use it in the LDAP module instead of intuiting the result based on other flags. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-066-297/+247
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2010-07-021-12/+0
| | | | | | | | | | | libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-022-33/+22
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the set_master_key and get_master_key DAL interfaces and theirGreg Hudson2010-07-021-1/+0
| | | | | | | | | | | | corresponding libkdb5 APIs, as they were not productively used. In kdb5_ldap_util, stop using the realm data's mkey field as a container to communicate the master key to static helper functions, since the field no longer exists. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
* Make kadmin work over IPv6Greg Hudson2010-06-263-27/+65
| | | | | | | | | | | | | | | | | | | | | | | | Make gssrpc work over IPv6 TCP sockets provided that the client creates and connects/binds the sockets and doesn't query their addresses or use bindresvport(). Make kadmin work within those constraints and handle IPv6. Specific changes: * Make svctcp_create() able to extract the port from an IPv6 socket, using a new helper function getport(). * Make clnttcp_create() handle a null raddr value if *sockp is set. * Make kadm5_get_service_name() use getaddrinfo() to canonicalize the admin server name. * Make libkadm5clnt's init_any() responsible for connecting its socket using a new helper function connect_to_server(), which uses getaddrinfo instead of gethostbyname. Pass a null address to clnttcp_create(). * Make libapputil's net-server.c set up IPv6 as well as IPv4 listener ports for RPC connections. * Adjust the error code expected in a libkadm5 unit test. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24147 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust function names and declarations in libkadm5's client_init.c; inGreg Hudson2010-06-251-149/+95
| | | | | | | particular, avoid the use of library namespace prefixes for static helper functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24146 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify the iprop conditionalization of _kadm5_init_any()Greg Hudson2010-06-251-25/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24145 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-074-44/+45
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* When parsing a KDC or admin server string, allow the name or addressGreg Hudson2010-05-181-7/+32
| | | | | | | | | to be enclosed in brackets so that IPv6 addresses can be represented. (IPv6 addresses contain colons, which look like port separators.) ticket: 6562 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24055 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-25 11:16:28 +0000