Skip Menu |
 

History Show all quoted textShow full headers
# Mon Jul 30 19:11:48 2012 ghudson@mit.edu (Greg Hudson) - Ticket created
From: ghudson@mit.edu
Subject: SVN Commit
Download (untitled) / with headers
text/plain 2.9KiB

Policy extensions + new policy: allowed ks types

This simply adds KADM5_API_VERSION_4 and various fields to the
policy structures:

- attributes (policy-ish principal attributes)
- max_life (max ticket life)
- max_renewable_life (max ticket renewable life)
- allowed_keysalts (allowed key/salt types)
- TL data (future policy extensions)

Of these only allowed_keysalts is currently implemented.

Some refactoring of TL data handling is also done.

https://github.com/krb5/krb5/commit/5829ca2b348974e52a67b553afc7f7491007c33a
Author: Nicolas Williams <nico@cryptonector.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 5829ca2b348974e52a67b553afc7f7491007c33a
Branch: master
.../krb_admins/admin_commands/kadmin_local.rst | 8 +
.../krb_admins/admin_commands/kdb5_util.rst | 15 +
src/clients/kinit/kinit_kdb.c | 2 +-
src/include/kdb.h | 15 +
src/kadmin/cli/kadmin.c | 73 +++--
src/kadmin/dbutil/dump.c | 316 ++++++++++++++++----
src/kadmin/dbutil/kadm5_create.c | 2 +-
src/kadmin/dbutil/kdb5_util.c | 4 +-
src/kadmin/server/ovsec_kadmd.c | 2 +-
src/kadmin/testing/util/tcl_kadm5.c | 2 +
src/lib/kadm5/admin.h | 32 ++-
src/lib/kadm5/admin_internal.h | 2 +-
src/lib/kadm5/clnt/client_init.c | 12 +-
src/lib/kadm5/clnt/clnt_policy.c | 2 +
src/lib/kadm5/kadm_err.et | 1 +
src/lib/kadm5/kadm_rpc_xdr.c | 40 ++-
src/lib/kadm5/misc_free.c | 15 +-
src/lib/kadm5/srv/server_init.c | 2 +-
src/lib/kadm5/srv/svr_policy.c | 190 +++++++++++-
src/lib/kadm5/srv/svr_principal.c | 258 ++++++++++++++---
src/lib/kadm5/unit-test/destroy-test.c | 2 +-
src/lib/kadm5/unit-test/handle-test.c | 2 +-
src/lib/kadm5/unit-test/init-test.c | 2 +-
src/lib/kadm5/unit-test/iter-test.c | 2 +-
src/lib/kadm5/unit-test/randkey-test.c | 2 +-
src/lib/kadm5/unit-test/setkey-test.c | 2 +-
src/lib/kdb/kdb5.c | 20 +-
src/lib/kdb/libkdb5.exports | 1 +
src/plugins/kdb/db2/pol_xdr.c | 75 ++---
src/plugins/kdb/db2/policy_db.h | 1 +
src/slave/kpropd.c | 2 +-
src/tests/Makefile.in | 1 +
src/tests/hist.c | 2 +-
src/tests/t_allowed_keysalts.py | 93 ++++++
src/tests/t_general.py | 16 +
35 files changed, 996 insertions(+), 220 deletions(-)
# Mon Jul 30 19:11:49 2012 ghudson@mit.edu (Greg Hudson) - Requestor ghudson@mit.edu (Greg Hudson) added
# Mon Jul 30 19:11:49 2012 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'review'
# Mon Jul 30 19:11:50 2012 ghudson@mit.edu (Greg Hudson) - Correspondence added
From: ghudson@mit.edu
Subject: SVN Commit
Download (untitled) / with headers
text/plain 515B

Add LDAP back end support for policy extensions

https://github.com/krb5/krb5/commit/5edafa053268fcc021d4f4ec091638efbbaac700
Author: Greg Hudson <ghudson@mit.edu>
Commit: 5edafa053268fcc021d4f4ec091638efbbaac700
Branch: master
src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif | 48 ++++++++++++++++++++
src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema | 38 +++++++++++++++-
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c | 43 +++++++++++++++++-
3 files changed, 127 insertions(+), 2 deletions(-)
# Wed Aug 15 15:33:58 2012 ghudson@mit.edu (Greg Hudson) - Correspondence added
From: ghudson@mit.edu
Subject: SVN Commit
Download (untitled) / with headers
text/plain 560B

Fix apply_keysalt_policy bug

If apply_keysalt_policy is called with null result arguments (as from
kadm5_setkey_principal_3), we would dereference a null pointer if the
principal has no policy or no policy allowed_keysalts field, due to an
incorrect optimization. Reported by Nico.

https://github.com/krb5/krb5/commit/b52d0c793c82e9c74f03b1d2a5d251a1adc4626f
Author: Greg Hudson <ghudson@mit.edu>
Commit: b52d0c793c82e9c74f03b1d2a5d251a1adc4626f
Branch: master
src/lib/kadm5/srv/svr_principal.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
# Mon Nov 19 16:09:48 2012 tlyu (Taylor Yu) - Version_Fixed 1.11 added
# Mon Nov 19 16:12:39 2012 tlyu (Taylor Yu) - Status changed from 'review' to 'resolved'