oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,982 Commits 2 Branches 2 Tags
971ccce043de1cc3fbedabb540e6954744652baa
Commit Graph

29 Commits

Author SHA1 Message Date
Nicolas Williams
69b0a8f4eb kadm5: kadmin modify must refuse bogus keys 
kadmin should not permit a modify that stores invalid keys into the
database.  Accepting bad key data into the database will result in
errors when those keys are eventually used.

This change does not address the general case.  It does address the
specific case of the kadmin client attempting to store the magic
bogus key since that is trivial to check for and can be unintentionally
returned to kadmind by a 1.6rc2 or prior client.  This can happen when
a user has get privilege but lacks the new get-keys privilege.

Change-Id: I44795e6428472b75ab1e4257ce7cb9160f0299f5
 2015-03-14 16:08:44 -04:00
Nicolas Williams
dfc7ec92fa Make kadm5_lock() and unlock work, and add kadmin commands for them. 
The libkadm5 functions hdb_open() and close around all HDB ops.  This
meant the previous implementation of kadm5_lock() and unlock would
always result in a core dump.  Now we hdb_open() for write in
kadm5_lock() and hdb_close() in kadm5_unlock(), with all kadm5_s_*()
functions now not opening nor closing the HDB when the server context
keep_open flag is set.

Also, there's now kadmin(8) lock and unlock commands.  These are there
primarily as a way to test the kadm5_lock()/unlock() operations, but
MIT's kadmin.local also has lock/unlock commands, and these can be
useful for scripting (though they require much care).
 2011-07-22 21:07:48 -05:00
Nicolas Williams
e23c7a7daf How on earth did this build breaking thinko get through? 2011-07-22 16:07:07 -05:00
Nicolas Williams
9d6d3ee5f3 Fixed a likely bug in modify_principal() where the memset() of ent happens after early error checking. 2011-07-22 16:07:07 -05:00
Nicolas Williams
07370612bd Remove policy name checking against krb5.conf code. 2011-07-22 16:07:07 -05:00
Nicolas Williams
a04721b737 Added basic policy support, w/ policy names listed in krb5.conf 2011-07-22 16:05:21 -05:00
Love Hornquist Astrand
965836509b switch to hdb_fetch_kvno 2010-11-28 11:43:02 -08:00
Love Hornquist Astrand
ff87429593 Make LDAP code fetch less attributes from LDAP server when KDC is asking 
Johan Gadsjö did a awesome analysis of the LDAP access pattens
and sent us a patch that reduced the calls the ldap server by 4
times as many. The patch was adopted and change to avoid compile
time depencies and make the determination runtime instead. Thanks!
 2009-10-03 13:20:41 -07:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
0317f622c9 Write log entry after store is successful. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20610 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-08 07:12:37 +00:00
Love Hörnquist Åstrand
cb704efeeb Rename u_intXX_t to uintXX_t 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17445 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-05 10:37:46 +00:00
Love Hörnquist Åstrand
eea5f34855 Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17313 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-27 11:18:52 +00:00
Love Hörnquist Åstrand
5f22b44baa Break out the that we request from principal from the entry and pass 
it in as a separate argument.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17310 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-27 11:09:30 +00:00
Love Hörnquist Åstrand
50fbd27e73 memset hdb_entry_ex before use 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16394 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-12-13 11:46:05 +00:00
Love Hörnquist Åstrand
0c2369acd0 Wrap hdb_entry with hdb_entry_ex, patch originally from Andrew Bartlet 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16378 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-12-12 12:40:12 +00:00
Love Hörnquist Åstrand
0540f13b86 prefix all struct HDB elements with hdb_ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12880 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-19 00:25:35 +00:00
Assar Westerlund
c7c19f07f3 adapt to new hdb_seal_keys and hdb_unseal_keys 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9595 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-01-30 01:24:29 +00:00
Johan Danielsson
bb90aecaee pass context to seal/unseal_keys 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8551 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-05 13:17:32 +00:00
Assar Westerlund
7513f3cc7d new _kadm5_setup_entry 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8062 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-03-23 23:04:25 +00:00
Johan Danielsson
c5b916ca6f remove advertising clause 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7464 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-02 17:05:13 +00:00
Assar Westerlund
83af691eb4 (kadm5_s_modify_principal): support key_data 
(kadm5_s_modify_principal_with_key): remove


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7438 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-11-25 22:34:42 +00:00
Assar Westerlund
45fbb9045b call new _kadm5_setup_entry 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6131 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-05-04 18:42:43 +00:00
Johan Danielsson
c3e59002fe add flags to fetch and store; seal keys before logging 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6097 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-05-03 17:09:58 +00:00
Johan Danielsson
153c1dc1e5 add kadm5_s_modify_principal_with_key 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6075 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-05-03 16:39:50 +00:00
Assar Westerlund
7b57e689ea (kadm5_s_modify_principal): add change to log 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4311 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1998-01-20 22:05:09 +00:00
Johan Danielsson
1f53eca284 Add argument to setup_entry. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3819 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-11-07 01:48:25 +00:00
Johan Danielsson
0e9fb80fbb Return values. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3780 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-11-05 23:23:12 +00:00
Johan Danielsson
68d77a285f Beginning of a kadm5-library 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3662 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-10-25 06:19:27 +00:00