oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,304 Commits 2 Branches 2 Tags
3ba12317a0e1948820827987ae9d222b85efae10
Commit Graph

73 Commits

Author SHA1 Message Date
Nicolas Williams
3ba12317a0 Misc fixes (coverity) 2016-11-28 15:09:55 -06:00
Viktor Dukhovni
579393c8b9 Optionally prune old keys when setting new keys. 
When new keys are added (typically via kadm5_setkey_principal_3),
truncate the key history to remove old keys, that is keys older than
the newest key which was in effect prior longer ago than the principal's
maximum ticket lifetime.  This feature is controlled via the "[kadmin]"
section's "prune-key-history" boolean parameter, which defaults to false.

Currently this happens only when kadm5_setkey_principal_3()
is called directly on the server, the client API simulates
kadm5_setkey_principal_3() via a get, update, modify sequence that does
not prune the key history.  The plan is to add a new kadm5 protocol RPC
and convert clients to call that instead.

In setkey_principal_3 seal keys after entry key update

Also, for now, don't check the return value of kadm5_log_modify() in
the new kadm5_s_setkey_principal_3().  This has to be addressed more
globally.

Censor stale keys in kadm5_s_get_principal
 2016-02-26 15:43:12 -05:00
Roland C. Dowdeswell
cc47c8fa7b Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues. 
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).

Notably, we fixed

	1.  a lot of missing structure initialisers,

	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),

	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and

	4.  a few stragglers here and there.

We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.

Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.

We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
 2012-02-20 19:45:41 +00:00
Nicolas Williams
58d72035f1 Added kadm5_lock() and unlock. 2011-07-22 16:04:52 -05:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Asanka Herath
869e970f5d Use rk_socket_t in lib/kadm5/init_c.c 2010-08-20 13:03:37 -04:00
Asanka Herath
aa058a6a63 Typos and fixes for init_c.c to not include stuff we don't have 2009-11-24 10:17:50 -08:00
Love Hornquist Astrand
0f5f5947aa make sure client is set before trying to use it [CID-50] 2009-07-30 13:20:00 +02:00
Love Hörnquist Åstrand
5b24268581 use krb5_cc_new_unique, use constants for cache types 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25056 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-03 04:06:57 +00:00
Love Hörnquist Åstrand
8cf907f08a switch to krb5_clear_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23912 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-14 02:55:55 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
d8587d0752 We are getting default_client, not client. this way the user can 
override the result.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21972 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-10-18 19:11:15 +00:00
Love Hörnquist Åstrand
b04ce096d4 (get_cache_principal): make sure id is reset if we fail. From Benjamin Bennet. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21703 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-07-26 19:21:39 +00:00
Love Hörnquist Åstrand
3523d2bfc5 Try harder to use the right principal. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21407 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-07-04 12:36:49 +00:00
Love Hörnquist Åstrand
eb71c96ac0 if the user have a kadmin/admin initial ticket, don't ask for 
password, just use the credential instead.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19376 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-15 21:27:12 +00:00
Love Hörnquist Åstrand
b8ee799cba (kadm_connect): clear error string before trying to print a errno, 
this way we don't pick up a random failure code


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19197 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-30 17:15:37 +00:00
Love Hörnquist Åstrand
ece5f9603e Make krb5_get_init_creds_opt_free take a context argument. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19078 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-20 18:12:41 +00:00
Love Hörnquist Åstrand
5d676c4509 (_kadm5_c_get_cred_cache): handle ccache case better in case no client 
name was passed in. Coverity, NetBSD CID#919


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17029 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-10 07:55:22 +00:00
Love Hörnquist Åstrand
86ee0aa773 (_kadm5_c_get_cred_cache): Free client principal in case of error. 
Coverity NetBSD CID#1908


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17028 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-10 07:50:22 +00:00
Love Hörnquist Åstrand
dbc39600e2 Clear error-string when introducing new errors. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16661 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-01-25 12:50:10 +00:00
Love Hörnquist Åstrand
f07d4690f6 (_kadm5_c_init_context): fix memory leak in case of failure 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15136 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-13 10:57:13 +00:00
Love Hörnquist Åstrand
4a712fedb8 rename get_cred_cache to _kadm5_c_get_cred_cache and export locally 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13916 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-06-02 20:32:32 +00:00
Johan Danielsson
26457b7135 replace krb5_free_creds_contents by krb5_free_cred_contents 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13790 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-25 19:25:35 +00:00
Love Hörnquist Åstrand
7f88773f69 (_kadm5_c_init_context): catch errors from strdup and other krb5_ functions 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13242 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-12-21 22:23:08 +00:00
Love Hörnquist Åstrand
5d190295aa add context argument to krb5_get_init_creds_opt_alloc 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12783 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-08 15:28:20 +00:00
Love Hörnquist Åstrand
61e14619de use krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12737 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-03 00:31:42 +00:00
Love Hörnquist Åstrand
fd2b38ca93 (kadm_connect): if a context realm was passed in, use that to form the 
kadmin/admin principal


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11950 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-04-01 15:06:41 +00:00
Jacques A. Vidrine
bc46f2ed8c Bug fix: the default credentials cache was not being used if a client 
name was specified.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11038 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-06-16 15:13:25 +00:00
Johan Danielsson
de239fe22f (get_cred_cache): when getting the default_client from the cred cache, 
make sure the instance part is "admin"; this should require fewer uses
of -p


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10894 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-03-25 13:17:38 +00:00
Johan Danielsson
94939f9b1b we have to create our own param struct before marshaling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10824 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-02-08 18:31:49 +00:00
Johan Danielsson
adb1ef4618 call krb5_get_init_creds_opt_set_default_flags 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10200 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-06-29 16:45:34 +00:00
Assar Westerlund
4dff86bc9f (init_context): handle krb5_init_context failure consistently 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9440 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-12-31 08:00:23 +00:00
Assar Westerlund
cb4baeb84f remove unused variable and handle some parameters being NULL 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8754 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-22 01:08:18 +00:00
Johan Danielsson
159d70b8df use krb5_write_priv_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8743 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-21 23:39:47 +00:00
Johan Danielsson
909da8dc41 break out connection code to separate function, and defer calling it 
until we actually do something


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8650 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-11 15:57:19 +00:00
Assar Westerlund
6fadf041d3 (set_funcs): add chpass_principal_with_key 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8061 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-03-23 23:03:38 +00:00
Assar Westerlund
aab3633ea8 (get_new_cache): make sure to request non-forwardable, non-proxiable 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7833 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-01-28 03:20:18 +00:00
Assar Westerlund
ff5c821bf1 (_kadm5_c_init_context): handle getting back port number from admin 
host
(kadm5_c_init_with_context): remove `proto/' part before doing
getaddrinfo()


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7639 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-20 14:05:49 +00:00
Assar Westerlund
0d560248f4 (kadm5_c_init_with_context): stupid fixes 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7571 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-07 05:20:33 +00:00
Assar Westerlund
da4cebd749 (kadm5_c_init_with_context): don't use unitialized stuff 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7569 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-07 04:49:53 +00:00
Assar Westerlund
5ef2c74608 use krb5_warn{,x} 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7508 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-04 19:50:03 +00:00
Assar Westerlund
661312f68b re-write to use getaddrinfo 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7492 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-04 18:02:18 +00:00
Johan Danielsson
c5b916ca6f remove advertising clause 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7464 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-02 17:05:13 +00:00
Assar Westerlund
3338703f46 (_kadm5_c_init_context): call krb5_add_et_list so that we aren't 
dependent on the layout of krb5_context_data


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7389 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-11-14 16:31:51 +00:00
Johan Danielsson
e62be9c527 (kadm5_c_init_with_context): try to cope with old servers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7328 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-11-09 17:54:55 +00:00
Assar Westerlund
5e05184149 (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'. check return 
value from strdup


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7101 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-10-03 20:14:20 +00:00
Assar Westerlund
f284b5472f (get_cred_cache): band-aid instead of rewriting 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6437 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-07-07 10:05:41 +00:00
Assar Westerlund
2a50031890 (get_cred_cache): you cannot reuse the cred cache if the principals 
are different.  close and NULL the old one so that we create a new one.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6349 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-06-23 10:19:40 +00:00