Add get_principal_keys RPC to kadmin Change the prototype of kadm5_get_principal_keys() to report kvno and salt information along with each key. Add an RPC for extracting keys, requiring a new permission bit (which is not implied by 'x' or '*' in kadm5.acl). Add kadm5_free_kadm5_key_data(). In kadmin, deconditionalize "kadmin ktadd -norandkey". Use the new information from kadm5_get_principal_keys() to correctly set the kvno for each key when existing keys are extracted, fixing issue #7852. Add tests to t_keytab.py for the #7852 fix. Add tests to lib/kadm5/unit-test for the get_principal_keys RPC. [ghudson@mit.edu: factor out fetch_new_keys() from add_principal(); rewrite commit message to describe new RPC; add #7852 test cases; squash with lib/kadm5/unit-test commit] https://github.com/krb5/krb5/commit/8a64a49c3c836a2f4f03a0cbbdb89cfde9b29d1d Author: Simo Sorce Committer: Greg Hudson Commit: 8a64a49c3c836a2f4f03a0cbbdb89cfde9b29d1d Branch: master doc/admin/conf_files/kadm5_acl.rst | 3 +- src/kadmin/cli/keytab.c | 111 ++++++++++++++++----------- src/kadmin/server/kadm_rpc_svc.c | 7 ++ src/kadmin/server/server_stubs.c | 61 +++++++++++++++ src/kadmin/testing/scripts/init_db | 2 +- src/lib/kadm5/admin.h | 14 ++-- src/lib/kadm5/admin_xdr.h | 2 + src/lib/kadm5/clnt/Makefile.in | 2 +- src/lib/kadm5/clnt/client_principal.c | 27 +++++++ src/lib/kadm5/clnt/client_rpc.c | 15 ++++ src/lib/kadm5/clnt/libkadm5clnt_mit.exports | 4 + src/lib/kadm5/kadm_err.et | 1 + src/lib/kadm5/kadm_rpc.h | 21 +++++- src/lib/kadm5/kadm_rpc_xdr.c | 34 ++++++++ src/lib/kadm5/misc_free.c | 18 +++++ src/lib/kadm5/srv/Makefile.in | 2 +- src/lib/kadm5/srv/libkadm5srv_mit.exports | 3 + src/lib/kadm5/srv/server_acl.c | 1 + src/lib/kadm5/srv/server_acl.h | 2 +- src/lib/kadm5/srv/svr_principal.c | 40 +++++++--- src/lib/kadm5/unit-test/setkey-test.c | 26 ++++++ src/tests/t_keytab.py | 21 +++++- src/util/k5test.py | 2 +- 23 files changed, 348 insertions(+), 71 deletions(-)