e23a1efdc9
Fixes for updates of KADM5_KVNO but not KEY_DATA and vice-versa.
...
It turns out that updates of kvno but not key data and vice-versa are
both, allowed and actually done (e.g, in kadmin's ank). Doing the right
thing in these cases turns out to be a bit tricky, but this commit ought
to do it.
2011-07-22 16:07:10 -05:00
dae01950a2
add_enctype needs to set the kvno of the keys it adds!
...
add_enctype() was not fetching the kvno of the principal it was
modifying, and it was not setting the kvno of the new keys (instead it
set it to 0). This worked fine before multi-kvno, but broke then. The
fix is to fetch the kvno and set the new keys' kvno to that.
I'm thinking of adding a new kadmin command to prune old kvnos by date
or kvno differential...
2011-07-22 16:07:10 -05:00
1edc2cee45
Test multi-kvno support in kadmin and KDC (part 1).
2011-07-22 16:07:10 -05:00
1e14951592
Preserve set_time on historic keysets in kadm5_s_modify_principal() path.
2011-07-22 16:07:10 -05:00
0f53687346
Two mods from Roland to make kadm5_setkey_principal_3() work.
2011-07-22 16:07:09 -05:00
4f5dbf2f81
Two patches from Roland Dowdeswell to make n_keys/new_keys args optional.
2011-07-22 16:07:09 -05:00
c818890dd7
Re-write _kadm5_set_keys2() to handle key history.
2011-07-22 16:07:08 -05:00
1eb56edd86
Introduce Keys ::= SEQUENCE OF Key in hdb.asn1 so we can get convenience utils.
2011-07-22 16:07:08 -05:00
689d4f4dd9
Another HDB_F_DECRYPT-isn't-critical fix.
2011-07-22 16:07:08 -05:00
5335559845
Oops, HDB_F_DECRYPT isn't critical; making it so breaks tests.
2011-07-22 16:07:08 -05:00
a246c394d2
Fix warnings.
2011-07-22 16:07:08 -05:00
e020dc25b8
Fix a double free in ank.c.
2011-07-22 16:07:08 -05:00
f2897efd09
Make the KDC path work.
2011-07-22 16:07:08 -05:00
e23c7a7daf
How on earth did this build breaking thinko get through?
2011-07-22 16:07:07 -05:00
9d6d3ee5f3
Fixed a likely bug in modify_principal() where the memset() of ent happens after early error checking.
2011-07-22 16:07:07 -05:00
07370612bd
Remove policy name checking against krb5.conf code.
2011-07-22 16:07:07 -05:00
87742e8118
Add missing KADM5_AUTH_GET_KEYS error and use it.
2011-07-22 16:07:07 -05:00
ed511e06f9
Updated kadmind.8 and kadmin.8.
2011-07-22 16:07:07 -05:00
909653e50f
Add comment and assert about key history to kadm5_log_replay_modify()
2011-07-22 16:07:07 -05:00
b16ca34642
Fix incorrect key history check optimization. (NOT TESTED)
2011-07-22 16:07:07 -05:00
784e6a69df
Avoid useless work related to keepold.
2011-07-22 16:07:07 -05:00
9adb40a06e
Forgot to export the kadm5 policy functions.
2011-07-22 16:07:06 -05:00
31974aa24c
More s/int/size_t/ for iterators. Also fixed a stupid bug.
2011-07-22 16:07:06 -05:00
f2bb83c088
Add default to policy prompt and fix harmless bug in edit_policy()
2011-07-22 16:07:06 -05:00
a1203a703d
Re-fix an earlier mistake that fell out in a branch switcheroo.
2011-07-22 16:07:06 -05:00
0d90e0c4d0
Complete --keepold support and fix crasher in kadmin cpw -r --keepold.
2011-07-22 16:07:06 -05:00
2510d2d8fc
Oops, reverse sense of get-keys check...
2011-07-22 16:07:06 -05:00
f15745c60c
Forgot to save edits to kadmin/server.c to use the new get-keys authorization.
2011-07-22 16:07:06 -05:00
558a8d05a6
Forgot to export kadm5_store_principal_ent_nokeys().
2011-07-22 16:07:06 -05:00
fad463bbd9
Fix policy validation bug (parse_policy() should return success when the policy name is OK!)
2011-07-22 16:07:06 -05:00
a35ea4955a
create_principal() must memset(ent, 0, ...) before ever returning (fixes core dump)
2011-07-22 16:07:06 -05:00
cf1c898e95
Undo a s/size_t/int/. Iterators must be unsigned.
2011-07-22 16:07:05 -05:00
0674e4b13a
Ooops! Mind those tags when re-ordering ASN.1 SEQUENCEs! (hdb_keyset)
2011-07-22 16:07:05 -05:00
4b0245d096
Export the new kadm5 functions.
2011-07-22 16:07:05 -05:00
e16360e2db
Add --keepold option to cpw.
2011-07-22 16:07:05 -05:00
acc8cd4b22
Duh, act on keepold in randkey!
2011-07-22 16:06:25 -05:00
af23757829
Trivial policy bug fix.
2011-07-22 16:06:01 -05:00
e7ea698366
Fixed dumb bug that caused keys to not accumulate in history.
2011-07-22 16:06:01 -05:00
53ea8ac59b
Make changes to hdb_keyset type be backward-compatible.
2011-07-22 16:06:01 -05:00
a280ed4d4c
Forgot a file for the hdb_keyset backwards-compat extention.
2011-07-22 16:06:01 -05:00
fac34871be
More kadmin support for kvno diff policy.
2011-07-22 16:06:01 -05:00
3794d8b37b
Changed lib/hdb/Makefile.am to use --sequence=HDB-Ext-KeySet
2011-07-22 16:06:01 -05:00
355ae357eb
Moved set_time field of hdb_keyset to end and add extensibility marker.
2011-07-22 16:06:01 -05:00
c2ec368c36
Add HDB extension for storing policy regarding what historic keys may be used for
2011-07-22 16:06:00 -05:00
308e53a4a8
Initial support for filtering out "dead" historical keys.
2011-07-22 16:05:21 -05:00
7e0a801e28
Changed decrypt key history logic and added HDB_F_ALL_KVNOS.
2011-07-22 16:05:21 -05:00
1f349a6aba
kadmin support for policies.
2011-07-22 16:05:21 -05:00
a04721b737
Added basic policy support, w/ policy names listed in krb5.conf
2011-07-22 16:05:21 -05:00
c338446ede
More kadm5 policy stub stuff.
2011-07-22 16:04:53 -05:00
26f9924bb3
Added stubs for the kadm5 policy functions.
2011-07-22 16:04:53 -05:00
Nicolas Williams