oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,085 Commits 2 Branches 2 Tags
c844a1c62b187dc527e4b391e791ca62e6444ba5
Commit Graph

82 Commits

Author SHA1 Message Date
Jeffrey Altman
923067e099 lib/kadm5: kadm_connect do not close 's' more than once 
If 's' is closed before exiting, it must be set to rk_INVALID_SOCKET.

Change-Id: I63caf992aa3a6b2c86c918a660025fc054d396d6
 2022-01-14 23:21:16 -05:00
Nicolas Williams
69eee19541 kadm5: Fix warnings 2022-01-14 14:58:59 -06:00
Nicolas Williams
f2f2cd18b6 kadm5: Fix auth_context leak on reconnect 2020-09-14 17:11:08 -05:00
Nicolas Williams
ea83f068e9 kadm5/kadmin: Add read-only mode 
Now we can have read-only kadmind instances.
 2020-09-08 00:25:40 -05:00
Nicolas Williams
338d47120b Fix Appveyor Windows build 2019-10-03 13:09:18 -05:00
Nicolas Williams
c9b5a4df90 Use roken_get_loginname() when we want getlogin_r() 2019-09-25 23:09:20 -05:00
Radoslav Bodo
f3f06fcba9 kadmin selective prune of historic key for principal 2018-12-31 14:17:10 -06:00
Nicolas Williams
3f1451a4c3 Remove get_default_username() 2018-12-25 22:11:19 -06:00
Jeffrey Altman
db859520b4 lib/kadm5: use krb5_enomem() where possible 
Change-Id: I487fbc640a8f793f0aa02ef4c94099e09241d616
 2018-12-25 16:57:55 -06:00
Nicolas Williams
3ba12317a0 Misc fixes (coverity) 2016-11-28 15:09:55 -06:00
Viktor Dukhovni
579393c8b9 Optionally prune old keys when setting new keys. 
When new keys are added (typically via kadm5_setkey_principal_3),
truncate the key history to remove old keys, that is keys older than
the newest key which was in effect prior longer ago than the principal's
maximum ticket lifetime.  This feature is controlled via the "[kadmin]"
section's "prune-key-history" boolean parameter, which defaults to false.

Currently this happens only when kadm5_setkey_principal_3()
is called directly on the server, the client API simulates
kadm5_setkey_principal_3() via a get, update, modify sequence that does
not prune the key history.  The plan is to add a new kadm5 protocol RPC
and convert clients to call that instead.

In setkey_principal_3 seal keys after entry key update

Also, for now, don't check the return value of kadm5_log_modify() in
the new kadm5_s_setkey_principal_3().  This has to be addressed more
globally.

Censor stale keys in kadm5_s_get_principal
 2016-02-26 15:43:12 -05:00
Roland C. Dowdeswell
cc47c8fa7b Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues. 
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).

Notably, we fixed

	1.  a lot of missing structure initialisers,

	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),

	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and

	4.  a few stragglers here and there.

We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.

Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.

We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
 2012-02-20 19:45:41 +00:00
Nicolas Williams
58d72035f1 Added kadm5_lock() and unlock. 2011-07-22 16:04:52 -05:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Asanka Herath
869e970f5d Use rk_socket_t in lib/kadm5/init_c.c 2010-08-20 13:03:37 -04:00
Asanka Herath
aa058a6a63 Typos and fixes for init_c.c to not include stuff we don't have 2009-11-24 10:17:50 -08:00
Love Hornquist Astrand
0f5f5947aa make sure client is set before trying to use it [CID-50] 2009-07-30 13:20:00 +02:00
Love Hörnquist Åstrand
5b24268581 use krb5_cc_new_unique, use constants for cache types 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25056 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-03 04:06:57 +00:00
Love Hörnquist Åstrand
8cf907f08a switch to krb5_clear_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23912 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-14 02:55:55 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
d8587d0752 We are getting default_client, not client. this way the user can 
override the result.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21972 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-10-18 19:11:15 +00:00
Love Hörnquist Åstrand
b04ce096d4 (get_cache_principal): make sure id is reset if we fail. From Benjamin Bennet. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21703 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-07-26 19:21:39 +00:00
Love Hörnquist Åstrand
3523d2bfc5 Try harder to use the right principal. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21407 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-07-04 12:36:49 +00:00
Love Hörnquist Åstrand
eb71c96ac0 if the user have a kadmin/admin initial ticket, don't ask for 
password, just use the credential instead.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19376 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-15 21:27:12 +00:00
Love Hörnquist Åstrand
b8ee799cba (kadm_connect): clear error string before trying to print a errno, 
this way we don't pick up a random failure code


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19197 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-30 17:15:37 +00:00
Love Hörnquist Åstrand
ece5f9603e Make krb5_get_init_creds_opt_free take a context argument. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19078 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-20 18:12:41 +00:00
Love Hörnquist Åstrand
5d676c4509 (_kadm5_c_get_cred_cache): handle ccache case better in case no client 
name was passed in. Coverity, NetBSD CID#919


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17029 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-10 07:55:22 +00:00
Love Hörnquist Åstrand
86ee0aa773 (_kadm5_c_get_cred_cache): Free client principal in case of error. 
Coverity NetBSD CID#1908


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17028 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-10 07:50:22 +00:00
Love Hörnquist Åstrand
dbc39600e2 Clear error-string when introducing new errors. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16661 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-01-25 12:50:10 +00:00
Love Hörnquist Åstrand
f07d4690f6 (_kadm5_c_init_context): fix memory leak in case of failure 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15136 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-13 10:57:13 +00:00
Love Hörnquist Åstrand
4a712fedb8 rename get_cred_cache to _kadm5_c_get_cred_cache and export locally 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13916 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-06-02 20:32:32 +00:00
Johan Danielsson
26457b7135 replace krb5_free_creds_contents by krb5_free_cred_contents 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13790 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-25 19:25:35 +00:00
Love Hörnquist Åstrand
7f88773f69 (_kadm5_c_init_context): catch errors from strdup and other krb5_ functions 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13242 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-12-21 22:23:08 +00:00
Love Hörnquist Åstrand
5d190295aa add context argument to krb5_get_init_creds_opt_alloc 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12783 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-08 15:28:20 +00:00
Love Hörnquist Åstrand
61e14619de use krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12737 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-03 00:31:42 +00:00
Love Hörnquist Åstrand
fd2b38ca93 (kadm_connect): if a context realm was passed in, use that to form the 
kadmin/admin principal


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11950 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-04-01 15:06:41 +00:00
Jacques A. Vidrine
bc46f2ed8c Bug fix: the default credentials cache was not being used if a client 
name was specified.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11038 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-06-16 15:13:25 +00:00
Johan Danielsson
de239fe22f (get_cred_cache): when getting the default_client from the cred cache, 
make sure the instance part is "admin"; this should require fewer uses
of -p


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10894 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-03-25 13:17:38 +00:00
Johan Danielsson
94939f9b1b we have to create our own param struct before marshaling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10824 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-02-08 18:31:49 +00:00
Johan Danielsson
adb1ef4618 call krb5_get_init_creds_opt_set_default_flags 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10200 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-06-29 16:45:34 +00:00
Assar Westerlund
4dff86bc9f (init_context): handle krb5_init_context failure consistently 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9440 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-12-31 08:00:23 +00:00
Assar Westerlund
cb4baeb84f remove unused variable and handle some parameters being NULL 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8754 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-22 01:08:18 +00:00
Johan Danielsson
159d70b8df use krb5_write_priv_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8743 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-21 23:39:47 +00:00
Johan Danielsson
909da8dc41 break out connection code to separate function, and defer calling it 
until we actually do something


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8650 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-11 15:57:19 +00:00
Assar Westerlund
6fadf041d3 (set_funcs): add chpass_principal_with_key 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8061 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-03-23 23:03:38 +00:00
Assar Westerlund
aab3633ea8 (get_new_cache): make sure to request non-forwardable, non-proxiable 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7833 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-01-28 03:20:18 +00:00
Assar Westerlund
ff5c821bf1 (_kadm5_c_init_context): handle getting back port number from admin 
host
(kadm5_c_init_with_context): remove `proto/' part before doing
getaddrinfo()


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7639 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-20 14:05:49 +00:00
Assar Westerlund
0d560248f4 (kadm5_c_init_with_context): stupid fixes 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7571 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-07 05:20:33 +00:00