15796ce63d
Add missing export
...
Patchset 0c893d3980
2011-09-23 15:26:32 -04:00
0c893d3980
Fixed booboos from kadm5 key history patch set
...
Also: add support for ignoring null enctype / zero-length keys,
which *can* be found in MIT DB entries created in pre-historic
times.
Also: make the mitdb HDB backend more elegant (e.g., use the ASN.1
compiler's generated sequence/array utility functions.
Also: add a utility function needed for kadm5 kvno change
improvements and make kadmin's mod --kvno work correctly and
naturally.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2011-09-22 15:13:13 +02:00
775a452313
some Windows build fixes
2011-09-12 20:11:36 +10:00
c9e37efbe1
try get spelling right
2011-07-30 14:27:32 -07:00
272d7511ca
lib/hdb: add HDB_F_FOR_AS_REQ and HDB_F_FOR_TGS_REQ flags
...
This will be used to indicate to the backend if a fetch is for
an AS REQ or TGS REQ. Samba needs to take some action in the
HDB_F_FOR_TGS_REQ case and always canonicalize the principal
names, even without HDB_F_CANON.
metze
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-07-30 11:56:46 -07:00
5fc3d6fffa
spelling
2011-07-27 08:28:44 -07:00
5732d85e29
generate sequence for HDB-Ext-KeySet and Keys
2011-07-26 20:18:57 -07:00
8b7e31c301
plug memory leak
2011-07-26 20:15:33 -07:00
74ec640500
Only free ext on replace
2011-07-24 20:23:30 -07:00
2ae9bbb915
update (c)
2011-07-24 20:04:02 -07:00
1a6195153f
start to use KRB5_ENCTYPE_
2011-07-24 20:02:10 -07:00
f9afd37eed
use add_HDB_Ext_KeySet and plug memory leak
2011-07-24 18:14:25 -07:00
e32186d9de
expore more
2011-07-24 16:15:06 -07:00
8fccb51d49
Merge pull request #12 from nicowilliams/krb5_admin_patches_2nd
...
Krb5 admin patches 2nd
This has all the patches needed for krb5_admind to build and pass most tests, that includes:
- more kadm5 API compatibility (including very basic profile functionality)
- multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc)
Unfinished:
- password history (currently uses key history, needs to be separated and use digests)
- policies (only default policy allowed)
- mit kdb changes not tested yet
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-07-24 15:41:36 -07:00
2e35198908
Add version-script.map to _DEPENDENCIES.
...
Added to 11 out of 14 directories with map files. Not lib/ntlm,
lib/hcrypto and kdc which have the map file as an explicit dependency
to _OBBJECTS.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-07-24 14:07:59 -07:00
f60ec15834
partly unify enctype/keytype since there is only enctypes
2011-07-24 14:03:08 -07:00
95262936c7
s/assert/heim_assert/ and remove dead code
2011-07-24 11:07:27 -05:00
12403a31ce
sprinkle more windows files
2011-07-23 11:18:21 -07:00
1eb56edd86
Introduce Keys ::= SEQUENCE OF Key in hdb.asn1 so we can get convenience utils.
2011-07-22 16:07:08 -05:00
689d4f4dd9
Another HDB_F_DECRYPT-isn't-critical fix.
2011-07-22 16:07:08 -05:00
5335559845
Oops, HDB_F_DECRYPT isn't critical; making it so breaks tests.
2011-07-22 16:07:08 -05:00
a246c394d2
Fix warnings.
2011-07-22 16:07:08 -05:00
f2897efd09
Make the KDC path work.
2011-07-22 16:07:08 -05:00
31974aa24c
More s/int/size_t/ for iterators. Also fixed a stupid bug.
2011-07-22 16:07:06 -05:00
cf1c898e95
Undo a s/size_t/int/. Iterators must be unsigned.
2011-07-22 16:07:05 -05:00
0674e4b13a
Ooops! Mind those tags when re-ordering ASN.1 SEQUENCEs! (hdb_keyset)
2011-07-22 16:07:05 -05:00
53ea8ac59b
Make changes to hdb_keyset type be backward-compatible.
2011-07-22 16:06:01 -05:00
a280ed4d4c
Forgot a file for the hdb_keyset backwards-compat extention.
2011-07-22 16:06:01 -05:00
3794d8b37b
Changed lib/hdb/Makefile.am to use --sequence=HDB-Ext-KeySet
2011-07-22 16:06:01 -05:00
355ae357eb
Moved set_time field of hdb_keyset to end and add extensibility marker.
2011-07-22 16:06:01 -05:00
c2ec368c36
Add HDB extension for storing policy regarding what historic keys may be used for
2011-07-22 16:06:00 -05:00
308e53a4a8
Initial support for filtering out "dead" historical keys.
2011-07-22 16:05:21 -05:00
7e0a801e28
Changed decrypt key history logic and added HDB_F_ALL_KVNOS.
2011-07-22 16:05:21 -05:00
a04721b737
Added basic policy support, w/ policy names listed in krb5.conf
2011-07-22 16:05:21 -05:00
abd94953e2
Fixes to lock nesting code.
2011-07-22 16:04:52 -05:00
58d72035f1
Added kadm5_lock() and unlock.
2011-07-22 16:04:52 -05:00
109607a355
Fix uninitialized variable.
2011-07-22 16:04:52 -05:00
6e04b05e9d
Initial support for kadm5_randkey_principal_3(), needed by krb5_admin.
...
NOT TESTED YET.
2011-07-22 16:04:52 -05:00
51e9da4a66
Fixed (preemptively) a double free and added password history based on key history.
2011-07-22 16:04:52 -05:00
34189a23fe
Added a flag to ensure that we don't mod/store hdb entries fetched with specified kvno.
2011-07-22 16:04:51 -05:00
e7f385ad0d
Initial patch to make the MIT KDB backend for HDB handle multiple kvnos.
2011-07-22 16:04:51 -05:00
34bb7ae363
Fix double free.
2011-07-22 16:04:51 -05:00
a095933ee0
We want the time that a keyset was set, not the time it was replaced.
2011-07-22 16:04:51 -05:00
08650b573b
Also encrypt the history when storing the entry.
2011-07-22 16:04:51 -05:00
fca53990e4
Initial commit for second approach for multiple kvno. NOT TESTED!
2011-07-22 16:04:51 -05:00
7aaba443bc
add NTMakefile and windows directories
2011-07-17 12:16:59 -07:00
0879b9831a
remove trailing whitespace
2011-05-21 11:57:31 -07:00
6850d6a65f
avoid uninit variable and unreachable code warnings
...
most of these warnings are not problems because of ample
use of abort() calls. However, the large number of warnings
makes it difficult to identify real problems. Initialize
the variables to shut up the compilers.
Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
2011-05-17 12:02:16 -04:00
f5f9014c90
Warning fixes from Christos Zoulas
...
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
2011-04-29 20:25:05 -07:00
7a4d4c5f4e
Add HAVE_SQLITE3 that allows control if you want sqlite or not
2011-04-16 10:26:43 -07:00
Jeffrey Altman