oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,700 Commits 2 Branches 2 Tags
aaf9594429a97ca31bf5e42a6347c1239384132c
Commit Graph

981 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
8fccb51d49 Merge pull request #12 from nicowilliams/krb5_admin_patches_2nd 
Krb5 admin patches 2nd

This has all the patches needed for krb5_admind to build and pass most tests, that includes:
- more kadm5 API compatibility (including very basic profile functionality)
- multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc)

Unfinished:
- password history (currently uses key history, needs to be separated and use digests)
- policies (only default policy allowed)
- mit kdb changes not tested yet


Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 15:41:36 -07:00
Linus Nordberg
2e35198908 Add version-script.map to _DEPENDENCIES. 
Added to 11 out of 14 directories with map files.  Not lib/ntlm,
lib/hcrypto and kdc which have the map file as an explicit dependency
to _OBBJECTS.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 14:07:59 -07:00
Nicolas Williams
a7717ae4f9 Use heim_assert() instead of assert() 2011-07-24 11:10:37 -05:00
Nicolas Williams
11c54cd6c8 Protect against negative n_ks_tuple values and against randkey returning negative n_keys 2011-07-24 11:08:58 -05:00
Love Hörnquist Åstrand
12403a31ce sprinkle more windows files 2011-07-23 11:18:21 -07:00
Nicolas Williams
dfc7ec92fa Make kadm5_lock() and unlock work, and add kadmin commands for them. 
The libkadm5 functions hdb_open() and close around all HDB ops.  This
meant the previous implementation of kadm5_lock() and unlock would
always result in a core dump.  Now we hdb_open() for write in
kadm5_lock() and hdb_close() in kadm5_unlock(), with all kadm5_s_*()
functions now not opening nor closing the HDB when the server context
keep_open flag is set.

Also, there's now kadmin(8) lock and unlock commands.  These are there
primarily as a way to test the kadm5_lock()/unlock() operations, but
MIT's kadmin.local also has lock/unlock commands, and these can be
useful for scripting (though they require much care).
 2011-07-22 21:07:48 -05:00
Nicolas Williams
43c5244ecc Fix from Roland Dowdeswell -- kadm5_setkey_principal() has to rev kvno earlier 2011-07-22 16:18:44 -05:00
Nicolas Williams
e23a1efdc9 Fixes for updates of KADM5_KVNO but not KEY_DATA and vice-versa. 
It turns out that updates of kvno but not key data and vice-versa are
both, allowed and actually done (e.g, in kadmin's ank).  Doing the right
thing in these cases turns out to be a bit tricky, but this commit ought
to do it.
 2011-07-22 16:07:10 -05:00
Nicolas Williams
1e14951592 Preserve set_time on historic keysets in kadm5_s_modify_principal() path. 2011-07-22 16:07:10 -05:00
Nicolas Williams
0f53687346 Two mods from Roland to make kadm5_setkey_principal_3() work. 2011-07-22 16:07:09 -05:00
Nicolas Williams
4f5dbf2f81 Two patches from Roland Dowdeswell to make n_keys/new_keys args optional. 2011-07-22 16:07:09 -05:00
Nicolas Williams
c818890dd7 Re-write _kadm5_set_keys2() to handle key history. 2011-07-22 16:07:08 -05:00
Nicolas Williams
e23c7a7daf How on earth did this build breaking thinko get through? 2011-07-22 16:07:07 -05:00
Nicolas Williams
9d6d3ee5f3 Fixed a likely bug in modify_principal() where the memset() of ent happens after early error checking. 2011-07-22 16:07:07 -05:00
Nicolas Williams
07370612bd Remove policy name checking against krb5.conf code. 2011-07-22 16:07:07 -05:00
Nicolas Williams
87742e8118 Add missing KADM5_AUTH_GET_KEYS error and use it. 2011-07-22 16:07:07 -05:00
Nicolas Williams
909653e50f Add comment and assert about key history to kadm5_log_replay_modify() 2011-07-22 16:07:07 -05:00
Nicolas Williams
b16ca34642 Fix incorrect key history check optimization. (NOT TESTED) 2011-07-22 16:07:07 -05:00
Nicolas Williams
784e6a69df Avoid useless work related to keepold. 2011-07-22 16:07:07 -05:00
Nicolas Williams
9adb40a06e Forgot to export the kadm5 policy functions. 2011-07-22 16:07:06 -05:00
Nicolas Williams
31974aa24c More s/int/size_t/ for iterators. Also fixed a stupid bug. 2011-07-22 16:07:06 -05:00
Nicolas Williams
0d90e0c4d0 Complete --keepold support and fix crasher in kadmin cpw -r --keepold. 2011-07-22 16:07:06 -05:00
Nicolas Williams
558a8d05a6 Forgot to export kadm5_store_principal_ent_nokeys(). 2011-07-22 16:07:06 -05:00
Nicolas Williams
a35ea4955a create_principal() must memset(ent, 0, ...) before ever returning (fixes core dump) 2011-07-22 16:07:06 -05:00
Nicolas Williams
4b0245d096 Export the new kadm5 functions. 2011-07-22 16:07:05 -05:00
Nicolas Williams
e16360e2db Add --keepold option to cpw. 2011-07-22 16:07:05 -05:00
Nicolas Williams
acc8cd4b22 Duh, act on keepold in randkey! 2011-07-22 16:06:25 -05:00
Nicolas Williams
e7ea698366 Fixed dumb bug that caused keys to not accumulate in history. 2011-07-22 16:06:01 -05:00
Nicolas Williams
c2ec368c36 Add HDB extension for storing policy regarding what historic keys may be used for 2011-07-22 16:06:00 -05:00
Nicolas Williams
7e0a801e28 Changed decrypt key history logic and added HDB_F_ALL_KVNOS. 2011-07-22 16:05:21 -05:00
Nicolas Williams
a04721b737 Added basic policy support, w/ policy names listed in krb5.conf 2011-07-22 16:05:21 -05:00
Nicolas Williams
c338446ede More kadm5 policy stub stuff. 2011-07-22 16:04:53 -05:00
Nicolas Williams
26f9924bb3 Added stubs for the kadm5 policy functions. 2011-07-22 16:04:53 -05:00
Nicolas Williams
56259efbac Added dummy kadm5_get_policies() 2011-07-22 16:04:52 -05:00
Nicolas Williams
58d72035f1 Added kadm5_lock() and unlock. 2011-07-22 16:04:52 -05:00
Nicolas Williams
45294a93a7 Added a disting get-keys authorization for kadmind. 2011-07-22 16:04:52 -05:00
Nicolas Williams
3d0019d3ce Added kadm5_setkey_principal*() and kadm5_decrypt_key(). 2011-07-22 16:04:52 -05:00
Nicolas Williams
e8e314bbb1 Beginning of another new kadm5 function. Need to switch branches for a bit. 2011-07-22 16:04:52 -05:00
Nicolas Williams
6e04b05e9d Initial support for kadm5_randkey_principal_3(), needed by krb5_admin. 
NOT TESTED YET.
 2011-07-22 16:04:52 -05:00
Nicolas Williams
51e9da4a66 Fixed (preemptively) a double free and added password history based on key history. 2011-07-22 16:04:52 -05:00
Nicolas Williams
b45ac85b65 Add support for fetching old keys via kadm5 API. 2011-07-22 16:04:51 -05:00
Nicolas Williams
fca53990e4 Initial commit for second approach for multiple kvno. NOT TESTED! 2011-07-22 16:04:51 -05:00
Love Hörnquist Åstrand
7aaba443bc add NTMakefile and windows directories 2011-07-17 12:16:59 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Thomas Klausner
97df66c0a0 Put Nd argument after Nd macro. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-05-21 11:54:27 -07:00
Thomas Klausner
db8e287e41 Use "Fl Fl" for long options. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-05-21 11:54:14 -07:00
Love Hornquist Astrand
b1909b2daa Fixes from NetBSD via Thomas Klausner and Roland C. Dowdeswell 2011-05-04 21:31:10 -07:00
Love Hornquist Astrand
9a1a5e5da6 Mandoc and spelling fixes from Thomas Klausner 2011-04-29 20:37:33 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Love Hornquist Astrand
b3811999f7 fix error condition 2011-04-23 20:03:57 -07:00