From: | ghudson@mit.edu |
Subject: | git commit |
Add get_principal_keys RPC to kadmin
Change the prototype of kadm5_get_principal_keys() to report kvno and
salt information along with each key. Add an RPC for extracting keys,
requiring a new permission bit (which is not implied by 'x' or '*' in
kadm5.acl). Add kadm5_free_kadm5_key_data().
In kadmin, deconditionalize "kadmin ktadd -norandkey". Use the new
information from kadm5_get_principal_keys() to correctly set the kvno
for each key when existing keys are extracted, fixing issue #7852.
Add tests to t_keytab.py for the #7852 fix. Add tests to
lib/kadm5/unit-test for the get_principal_keys RPC.
[ghudson@mit.edu: factor out fetch_new_keys() from add_principal();
rewrite commit message to describe new RPC; add #7852 test cases;
squash with lib/kadm5/unit-test commit]
https://github.com/krb5/krb5/commit/8a64a49c3c836a2f4f03a0cbbdb89cfde9b29d1d
Author: Simo Sorce <simo@redhat.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 8a64a49c3c836a2f4f03a0cbbdb89cfde9b29d1d
Branch: master
doc/admin/conf_files/kadm5_acl.rst | 3 +-
src/kadmin/cli/keytab.c | 111 ++++++++++++++++-----------
src/kadmin/server/kadm_rpc_svc.c | 7 ++
src/kadmin/server/server_stubs.c | 61 +++++++++++++++
src/kadmin/testing/scripts/init_db | 2 +-
src/lib/kadm5/admin.h | 14 ++--
src/lib/kadm5/admin_xdr.h | 2 +
src/lib/kadm5/clnt/Makefile.in | 2 +-
src/lib/kadm5/clnt/client_principal.c | 27 +++++++
src/lib/kadm5/clnt/client_rpc.c | 15 ++++
src/lib/kadm5/clnt/libkadm5clnt_mit.exports | 4 +
src/lib/kadm5/kadm_err.et | 1 +
src/lib/kadm5/kadm_rpc.h | 21 +++++-
src/lib/kadm5/kadm_rpc_xdr.c | 34 ++++++++
src/lib/kadm5/misc_free.c | 18 +++++
src/lib/kadm5/srv/Makefile.in | 2 +-
src/lib/kadm5/srv/libkadm5srv_mit.exports | 3 +
src/lib/kadm5/srv/server_acl.c | 1 +
src/lib/kadm5/srv/server_acl.h | 2 +-
src/lib/kadm5/srv/svr_principal.c | 40 +++++++---
src/lib/kadm5/unit-test/setkey-test.c | 26 ++++++
src/tests/t_keytab.py | 21 +++++-
src/util/k5test.py | 2 +-
23 files changed, 348 insertions(+), 71 deletions(-)