Commit Graph

990 Commits

Author SHA1 Message Date
Russ Allbery
5ca056969a Close memory leak in the client kadmin library
kadm5_c_destroy was not freeing the kadm5_client_context, just its
contents.  Also free the context itself.

Signed-off-by: Nicolas Williams <nico@cryptonector.com>
2011-12-22 18:36:17 -06:00
Nicolas Williams
417dff03ba Fix trailing whitespace 2011-11-29 14:50:44 -06:00
Roland C. Dowdeswell
af011f57fc Provide server side kadm5_chpass_principal_3() with ks_tuple implementation.
We enable kadm5_chpass_principal_3() in the server side of the
library.  The client kadm5 library calls will still return the
error KAMD5_KS_TUPLE_NO_SUPP.

Signed-off-by: Nicolas Williams <nico@cryptonector.com>
2011-11-29 14:47:37 -06:00
Roland C. Dowdeswell
2f6ad56c46 Reverse order of n_ks_tuple and ks_tuple in hdb_generate_key_set().
Signed-off-by: Nicolas Williams <nico@cryptonector.com>
2011-11-29 14:47:37 -06:00
Nicolas Williams
40a7d4b62f More fixes for -Werror (GCC 4.6 catches more stuff) 2011-11-02 23:20:55 -05:00
Nicolas Williams
104bb8ef53 Fix unitialized HDB_extension problem (specifically the mandatory field) 2011-10-31 00:20:05 -05:00
Love Hornquist Astrand
33f717edb2 Only set msg in case we have one, from Rangar Sundblad 2011-10-19 10:38:59 +02:00
Nicolas Williams
0c893d3980 Fixed booboos from kadm5 key history patch set
Also: add support for ignoring null enctype / zero-length keys,
    which *can* be found in MIT DB entries created in pre-historic
    times.

    Also: make the mitdb HDB backend more elegant (e.g., use the ASN.1
    compiler's generated sequence/array utility functions.

    Also: add a utility function needed for kadm5 kvno change
    improvements and make kadmin's mod --kvno work correctly and
    naturally.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-09-22 15:13:13 +02:00
Luke Howard
775a452313 some Windows build fixes 2011-09-12 20:11:36 +10:00
Love Hörnquist Åstrand
8fccb51d49 Merge pull request #12 from nicowilliams/krb5_admin_patches_2nd
Krb5 admin patches 2nd

This has all the patches needed for krb5_admind to build and pass most tests, that includes:
- more kadm5 API compatibility (including very basic profile functionality)
- multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc)

Unfinished:
- password history (currently uses key history, needs to be separated and use digests)
- policies (only default policy allowed)
- mit kdb changes not tested yet


Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-07-24 15:41:36 -07:00
Linus Nordberg
2e35198908 Add version-script.map to _DEPENDENCIES.
Added to 11 out of 14 directories with map files.  Not lib/ntlm,
lib/hcrypto and kdc which have the map file as an explicit dependency
to _OBBJECTS.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-07-24 14:07:59 -07:00
Nicolas Williams
a7717ae4f9 Use heim_assert() instead of assert() 2011-07-24 11:10:37 -05:00
Nicolas Williams
11c54cd6c8 Protect against negative n_ks_tuple values and against randkey returning negative n_keys 2011-07-24 11:08:58 -05:00
Love Hörnquist Åstrand
12403a31ce sprinkle more windows files 2011-07-23 11:18:21 -07:00
Nicolas Williams
dfc7ec92fa Make kadm5_lock() and unlock work, and add kadmin commands for them.
The libkadm5 functions hdb_open() and close around all HDB ops.  This
meant the previous implementation of kadm5_lock() and unlock would
always result in a core dump.  Now we hdb_open() for write in
kadm5_lock() and hdb_close() in kadm5_unlock(), with all kadm5_s_*()
functions now not opening nor closing the HDB when the server context
keep_open flag is set.

Also, there's now kadmin(8) lock and unlock commands.  These are there
primarily as a way to test the kadm5_lock()/unlock() operations, but
MIT's kadmin.local also has lock/unlock commands, and these can be
useful for scripting (though they require much care).
2011-07-22 21:07:48 -05:00
Nicolas Williams
43c5244ecc Fix from Roland Dowdeswell -- kadm5_setkey_principal() has to rev kvno earlier 2011-07-22 16:18:44 -05:00
Nicolas Williams
e23a1efdc9 Fixes for updates of KADM5_KVNO but not KEY_DATA and vice-versa.
It turns out that updates of kvno but not key data and vice-versa are
both, allowed and actually done (e.g, in kadmin's ank).  Doing the right
thing in these cases turns out to be a bit tricky, but this commit ought
to do it.
2011-07-22 16:07:10 -05:00
Nicolas Williams
1e14951592 Preserve set_time on historic keysets in kadm5_s_modify_principal() path. 2011-07-22 16:07:10 -05:00
Nicolas Williams
0f53687346 Two mods from Roland to make kadm5_setkey_principal_3() work. 2011-07-22 16:07:09 -05:00
Nicolas Williams
4f5dbf2f81 Two patches from Roland Dowdeswell to make n_keys/new_keys args optional. 2011-07-22 16:07:09 -05:00
Nicolas Williams
c818890dd7 Re-write _kadm5_set_keys2() to handle key history. 2011-07-22 16:07:08 -05:00
Nicolas Williams
e23c7a7daf How on earth did this build breaking thinko get through? 2011-07-22 16:07:07 -05:00
Nicolas Williams
9d6d3ee5f3 Fixed a likely bug in modify_principal() where the memset() of ent happens after early error checking. 2011-07-22 16:07:07 -05:00
Nicolas Williams
07370612bd Remove policy name checking against krb5.conf code. 2011-07-22 16:07:07 -05:00
Nicolas Williams
87742e8118 Add missing KADM5_AUTH_GET_KEYS error and use it. 2011-07-22 16:07:07 -05:00
Nicolas Williams
909653e50f Add comment and assert about key history to kadm5_log_replay_modify() 2011-07-22 16:07:07 -05:00
Nicolas Williams
b16ca34642 Fix incorrect key history check optimization. (NOT TESTED) 2011-07-22 16:07:07 -05:00
Nicolas Williams
784e6a69df Avoid useless work related to keepold. 2011-07-22 16:07:07 -05:00
Nicolas Williams
9adb40a06e Forgot to export the kadm5 policy functions. 2011-07-22 16:07:06 -05:00
Nicolas Williams
31974aa24c More s/int/size_t/ for iterators. Also fixed a stupid bug. 2011-07-22 16:07:06 -05:00
Nicolas Williams
0d90e0c4d0 Complete --keepold support and fix crasher in kadmin cpw -r --keepold. 2011-07-22 16:07:06 -05:00
Nicolas Williams
558a8d05a6 Forgot to export kadm5_store_principal_ent_nokeys(). 2011-07-22 16:07:06 -05:00
Nicolas Williams
a35ea4955a create_principal() must memset(ent, 0, ...) before ever returning (fixes core dump) 2011-07-22 16:07:06 -05:00
Nicolas Williams
4b0245d096 Export the new kadm5 functions. 2011-07-22 16:07:05 -05:00
Nicolas Williams
e16360e2db Add --keepold option to cpw. 2011-07-22 16:07:05 -05:00
Nicolas Williams
acc8cd4b22 Duh, act on keepold in randkey! 2011-07-22 16:06:25 -05:00
Nicolas Williams
e7ea698366 Fixed dumb bug that caused keys to not accumulate in history. 2011-07-22 16:06:01 -05:00
Nicolas Williams
c2ec368c36 Add HDB extension for storing policy regarding what historic keys may be used for 2011-07-22 16:06:00 -05:00
Nicolas Williams
7e0a801e28 Changed decrypt key history logic and added HDB_F_ALL_KVNOS. 2011-07-22 16:05:21 -05:00
Nicolas Williams
a04721b737 Added basic policy support, w/ policy names listed in krb5.conf 2011-07-22 16:05:21 -05:00
Nicolas Williams
c338446ede More kadm5 policy stub stuff. 2011-07-22 16:04:53 -05:00
Nicolas Williams
26f9924bb3 Added stubs for the kadm5 policy functions. 2011-07-22 16:04:53 -05:00
Nicolas Williams
56259efbac Added dummy kadm5_get_policies() 2011-07-22 16:04:52 -05:00
Nicolas Williams
58d72035f1 Added kadm5_lock() and unlock. 2011-07-22 16:04:52 -05:00
Nicolas Williams
45294a93a7 Added a disting get-keys authorization for kadmind. 2011-07-22 16:04:52 -05:00
Nicolas Williams
3d0019d3ce Added kadm5_setkey_principal*() and kadm5_decrypt_key(). 2011-07-22 16:04:52 -05:00
Nicolas Williams
e8e314bbb1 Beginning of another new kadm5 function. Need to switch branches for a bit. 2011-07-22 16:04:52 -05:00
Nicolas Williams
6e04b05e9d Initial support for kadm5_randkey_principal_3(), needed by krb5_admin.
NOT TESTED YET.
2011-07-22 16:04:52 -05:00
Nicolas Williams
51e9da4a66 Fixed (preemptively) a double free and added password history based on key history. 2011-07-22 16:04:52 -05:00
Nicolas Williams
b45ac85b65 Add support for fetching old keys via kadm5 API. 2011-07-22 16:04:51 -05:00