aboutsummaryrefslogtreecommitdiff
path: root/kadmin
diff options
context:
space:
mode:
Diffstat (limited to 'kadmin')
-rw-r--r--kadmin/Makefile.in174
-rw-r--r--kadmin/ank.c4
-rw-r--r--kadmin/cpw.c4
-rw-r--r--kadmin/ext.c2
-rw-r--r--kadmin/kadmin.cat1127
-rw-r--r--kadmin/kadmind.c4
-rw-r--r--kadmin/kadmind.cat876
-rw-r--r--kadmin/mod.c13
-rw-r--r--kadmin/rpc.c2
-rw-r--r--kadmin/stash.c8
10 files changed, 260 insertions, 154 deletions
diff --git a/kadmin/Makefile.in b/kadmin/Makefile.in
index f8bab1cf8871..b3c8caf3171c 100644
--- a/kadmin/Makefile.in
+++ b/kadmin/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -103,7 +103,6 @@ subdir = kadmin
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
$(top_srcdir)/cf/auth-modules.m4 \
- $(top_srcdir)/cf/broken-getaddrinfo.m4 \
$(top_srcdir)/cf/broken-glob.m4 \
$(top_srcdir)/cf/broken-realloc.m4 \
$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
@@ -210,7 +209,19 @@ am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/add-random-users.Po \
+ ./$(DEPDIR)/add_enctype.Po ./$(DEPDIR)/ank.Po \
+ ./$(DEPDIR)/check.Po ./$(DEPDIR)/cpw.Po ./$(DEPDIR)/del.Po \
+ ./$(DEPDIR)/del_enctype.Po ./$(DEPDIR)/dump.Po \
+ ./$(DEPDIR)/ext.Po ./$(DEPDIR)/get.Po ./$(DEPDIR)/init.Po \
+ ./$(DEPDIR)/kadm_conn.Po ./$(DEPDIR)/kadmin-commands.Po \
+ ./$(DEPDIR)/kadmin.Po ./$(DEPDIR)/kadmind.Po \
+ ./$(DEPDIR)/load.Po ./$(DEPDIR)/mod.Po \
+ ./$(DEPDIR)/pw_quality.Po ./$(DEPDIR)/random_password.Po \
+ ./$(DEPDIR)/rename.Po ./$(DEPDIR)/rpc.Po ./$(DEPDIR)/server.Po \
+ ./$(DEPDIR)/stash.Po ./$(DEPDIR)/test_util.Po \
+ ./$(DEPDIR)/util.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -287,8 +298,6 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
am__tty_colors_dummy = \
mgn= red= grn= lgn= blu= brg= std=; \
am__color_tests=no
@@ -444,6 +453,7 @@ am__set_TESTS_bases = \
bases='$(TEST_LOGS)'; \
bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
RECHECK_LOGS = $(TEST_LOGS)
AM_RECURSIVE_TARGETS = check recheck
TEST_SUITE_LOG = test-suite.log
@@ -491,9 +501,12 @@ CATMANEXT = @CATMANEXT@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
+CLANG_FORMAT = @CLANG_FORMAT@
COMPILE_ET = @COMPILE_ET@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DB1LIB = @DB1LIB@
DB3LIB = @DB3LIB@
@@ -511,8 +524,10 @@ ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
ENABLE_AFS_STRING_TO_KEY = @ENABLE_AFS_STRING_TO_KEY@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FILECMD = @FILECMD@
GCD_MIG = @GCD_MIG@
GREP = @GREP@
GROFF = @GROFF@
@@ -621,6 +636,11 @@ PKG_CONFIG = @PKG_CONFIG@
PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
PTHREAD_LDADD = @PTHREAD_LDADD@
PTHREAD_LIBADD = @PTHREAD_LIBADD@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -680,9 +700,14 @@ mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@@ -817,8 +842,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__empty):
@@ -969,31 +994,37 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/add-random-users.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/add_enctype.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ank.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cpw.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/del.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/del_enctype.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dump.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadm_conn.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadmin-commands.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadmin.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadmind.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/load.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pw_quality.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random_password.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rename.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rpc.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stash.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_util.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/add-random-users.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/add_enctype.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ank.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cpw.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/del.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/del_enctype.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dump.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadm_conn.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadmin-commands.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadmin.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadmind.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/load.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pw_quality.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random_password.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rename.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rpc.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stash.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_util.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -1267,7 +1298,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
fi; \
echo "$${col}$$br$${std}"; \
- echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
+ echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \
echo "$${col}$$br$${std}"; \
create_testsuite_report --maybe-color; \
echo "$$col$$br$$std"; \
@@ -1280,7 +1311,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(check_PROGRAMS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -1322,8 +1353,10 @@ test_util.log: test_util$(EXEEXT)
@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -1406,7 +1439,31 @@ clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/add-random-users.Po
+ -rm -f ./$(DEPDIR)/add_enctype.Po
+ -rm -f ./$(DEPDIR)/ank.Po
+ -rm -f ./$(DEPDIR)/check.Po
+ -rm -f ./$(DEPDIR)/cpw.Po
+ -rm -f ./$(DEPDIR)/del.Po
+ -rm -f ./$(DEPDIR)/del_enctype.Po
+ -rm -f ./$(DEPDIR)/dump.Po
+ -rm -f ./$(DEPDIR)/ext.Po
+ -rm -f ./$(DEPDIR)/get.Po
+ -rm -f ./$(DEPDIR)/init.Po
+ -rm -f ./$(DEPDIR)/kadm_conn.Po
+ -rm -f ./$(DEPDIR)/kadmin-commands.Po
+ -rm -f ./$(DEPDIR)/kadmin.Po
+ -rm -f ./$(DEPDIR)/kadmind.Po
+ -rm -f ./$(DEPDIR)/load.Po
+ -rm -f ./$(DEPDIR)/mod.Po
+ -rm -f ./$(DEPDIR)/pw_quality.Po
+ -rm -f ./$(DEPDIR)/random_password.Po
+ -rm -f ./$(DEPDIR)/rename.Po
+ -rm -f ./$(DEPDIR)/rpc.Po
+ -rm -f ./$(DEPDIR)/server.Po
+ -rm -f ./$(DEPDIR)/stash.Po
+ -rm -f ./$(DEPDIR)/test_util.Po
+ -rm -f ./$(DEPDIR)/util.Po
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1454,7 +1511,31 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/add-random-users.Po
+ -rm -f ./$(DEPDIR)/add_enctype.Po
+ -rm -f ./$(DEPDIR)/ank.Po
+ -rm -f ./$(DEPDIR)/check.Po
+ -rm -f ./$(DEPDIR)/cpw.Po
+ -rm -f ./$(DEPDIR)/del.Po
+ -rm -f ./$(DEPDIR)/del_enctype.Po
+ -rm -f ./$(DEPDIR)/dump.Po
+ -rm -f ./$(DEPDIR)/ext.Po
+ -rm -f ./$(DEPDIR)/get.Po
+ -rm -f ./$(DEPDIR)/init.Po
+ -rm -f ./$(DEPDIR)/kadm_conn.Po
+ -rm -f ./$(DEPDIR)/kadmin-commands.Po
+ -rm -f ./$(DEPDIR)/kadmin.Po
+ -rm -f ./$(DEPDIR)/kadmind.Po
+ -rm -f ./$(DEPDIR)/load.Po
+ -rm -f ./$(DEPDIR)/mod.Po
+ -rm -f ./$(DEPDIR)/pw_quality.Po
+ -rm -f ./$(DEPDIR)/random_password.Po
+ -rm -f ./$(DEPDIR)/rename.Po
+ -rm -f ./$(DEPDIR)/rpc.Po
+ -rm -f ./$(DEPDIR)/server.Po
+ -rm -f ./$(DEPDIR)/stash.Po
+ -rm -f ./$(DEPDIR)/test_util.Po
+ -rm -f ./$(DEPDIR)/util.Po
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1479,8 +1560,8 @@ uninstall-man: uninstall-man1 uninstall-man8
.MAKE: check-am install-am install-data-am install-strip uninstall-am
-.PHONY: CTAGS GTAGS TAGS all all-am all-local check check-TESTS \
- check-am check-local clean clean-binPROGRAMS \
+.PHONY: CTAGS GTAGS TAGS all all-am all-local am--depfiles check \
+ check-TESTS check-am check-local clean clean-binPROGRAMS \
clean-checkPROGRAMS clean-generic clean-libexecPROGRAMS \
clean-libtool clean-noinstPROGRAMS cscopelist-am ctags \
ctags-am dist-hook distclean distclean-compile \
@@ -1581,11 +1662,20 @@ check-local::
test "$$failed" -eq 0 || exit 1; \
fi
+# It's useful for debugging to format generated sources. The default for all
+# clang-format styles is to sort includes, but in many cases in-tree we really
+# don't want to do that.
.x.c:
- @cmp -s $< $@ 2> /dev/null || cp $< $@
+ @if [ -z "$(CLANG_FORMAT)" ]; then \
+ cmp -s $< $@ 2> /dev/null || cp $< $@; \
+ else \
+ cp $< $@.tmp.c; \
+ $(CLANG_FORMAT) -style='{BasedOnStyle: Chromium, SortIncludes: false}' -i $@.tmp.c; \
+ cmp -s $@.tmp.c $@ 2> /dev/null || mv $@.tmp.c $@; \
+ fi
.hx.h:
- @cmp -s $< $@ 2> /dev/null || cp $< $@
+ @cmp -s $< $@ 2> /dev/null || cp $< $@;
#NROFF_MAN = nroff -man
.1.cat1:
$(NROFF_MAN) $< > $@
diff --git a/kadmin/ank.c b/kadmin/ank.c
index ffa5b7439fc0..474a54334351 100644
--- a/kadmin/ank.c
+++ b/kadmin/ank.c
@@ -137,7 +137,9 @@ add_one_principal (const char *name,
krb5_set_error_message(context, ret, "out of memory");
goto out;
}
- ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1);
+ ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt,
+ UI_UTIL_FLAG_VERIFY |
+ UI_UTIL_FLAG_VERIFY_SILENT);
free (prompt);
if (ret) {
ret = KRB5_LIBOS_BADPWDMATCH;
diff --git a/kadmin/cpw.c b/kadmin/cpw.c
index 28cd30b52b16..fae47a5a316a 100644
--- a/kadmin/cpw.c
+++ b/kadmin/cpw.c
@@ -98,7 +98,9 @@ set_password (krb5_principal principal, char *password, int keepold)
free (princ_name);
if (aret == -1)
return ENOMEM;
- ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
+ ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt,
+ UI_UTIL_FLAG_VERIFY |
+ UI_UTIL_FLAG_VERIFY_SILENT);
free (prompt);
if(ret){
return 0; /* XXX error code? */
diff --git a/kadmin/ext.c b/kadmin/ext.c
index 32e3a12f69b7..e0443b3cf738 100644
--- a/kadmin/ext.c
+++ b/kadmin/ext.c
@@ -144,7 +144,7 @@ do_ext_keytab(krb5_principal principal, void *data)
}
free(unparsed);
free(keys);
- return 0;
+ return ret;
}
int
diff --git a/kadmin/kadmin.cat1 b/kadmin/kadmin.cat1
index e93a1ee6a74a..89650e6378e5 100644
--- a/kadmin/kadmin.cat1
+++ b/kadmin/kadmin.cat1
@@ -1,97 +1,96 @@
-
KADMIN(1) BSD General Commands Manual KADMIN(1)
-NNAAMMEE
- kkaaddmmiinn -- Kerberos administration utility
+NAME
+ kadmin -- Kerberos administration utility
-SSYYNNOOPPSSIISS
- kkaaddmmiinn [--pp _s_t_r_i_n_g | ----pprriinncciippaall==_s_t_r_i_n_g] [--KK _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g]
- [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
- [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t]
- [--ss _p_o_r_t _n_u_m_b_e_r | ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall]
- [--hh | ----hheellpp] [--vv | ----vveerrssiioonn] [_c_o_m_m_a_n_d]
+SYNOPSIS
+ kadmin [-p string | --principal=string] [-K string | --keytab=string]
+ [-c file | --config-file=file] [-k file | --key-file=file]
+ [-r realm | --realm=realm] [-a host | --admin-server=host]
+ [-s port number | --server-port=port number] [-l | --local]
+ [-h | --help] [-v | --version] [command]
-DDEESSCCRRIIPPTTIIOONN
- The kkaaddmmiinn program is used to make modifications to the Kerberos data-
- base, either remotely via the kadmind(8) daemon, or locally (with the --ll
+DESCRIPTION
+ The kadmin program is used to make modifications to the Kerberos data-
+ base, either remotely via the kadmind(8) daemon, or locally (with the -l
option).
Supported options:
- --pp _s_t_r_i_n_g, ----pprriinncciippaall==_s_t_r_i_n_g
+ -p string, --principal=string
principal to authenticate as
- --KK _s_t_r_i_n_g, ----kkeeyyttaabb==_s_t_r_i_n_g
+ -K string, --keytab=string
keytab for authentication principal
- --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
+ -c file, --config-file=file
location of config file
- --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+ -k file, --key-file=file
location of master key file
- --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
+ -r realm, --realm=realm
realm to use
- --aa _h_o_s_t, ----aaddmmiinn--sseerrvveerr==_h_o_s_t
+ -a host, --admin-server=host
server to contact
- --ss _p_o_r_t _n_u_m_b_e_r, ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r
+ -s port number, --server-port=port number
port to use
- --ll, ----llooccaall
+ -l, --local
local admin mode
- If no _c_o_m_m_a_n_d is given on the command line, kkaaddmmiinn will prompt for com-
+ If no command is given on the command line, kadmin will prompt for com-
mands to process. Some of the commands that take one or more principals
- as argument (ddeelleettee, eexxtt__kkeeyyttaabb, ggeett, mmooddiiffyy, and ppaasssswwdd) will accept a
+ as argument (delete, ext_keytab, get, modify, and passwd) will accept a
glob style wildcard, and perform the operation on all matching princi-
pals.
Commands include:
- aadddd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
- ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e]
- [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] [----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
- [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e]
- [----ppoolliiccyy==_p_o_l_i_c_y_-_n_a_m_e] _p_r_i_n_c_i_p_a_l_._._.
+ add [-r | --random-key] [--random-password] [-p string |
+ --password=string] [--key=string] [--max-ticket-life=lifetime]
+ [--max-renewable-life=lifetime] [--attributes=attributes]
+ [--expiration-time=time] [--pw-expiration-time=time]
+ [--policy=policy-name] principal...
Adds a new principal to the database. The options not passed on the
command line will be promped for. The only policy supported by
Heimdal servers is `default'.
- aadddd__eennccttyyppee [--rr | ----rraannddoomm--kkeeyy] _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._.
+ add_enctype [-r | --random-key] principal enctypes...
Adds a new encryption type to the principal, only random key are
supported.
- ddeelleettee _p_r_i_n_c_i_p_a_l_._._.
+ delete principal...
Removes a principal.
- ddeell__eennccttyyppee _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._.
+ del_enctype principal enctypes...
Removes some enctypes from a principal; this can be useful if the
service belonging to the principal is known to not handle certain
enctypes.
- eexxtt__kkeeyyttaabb [--kk _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
+ ext_keytab [-k string | --keytab=string] principal...
- Creates a keytab with the keys of the specified principals.
- Requires get-keys rights, otherwise the principal's keys are
- changed and saved in the keytab.
+ Creates a keytab with the keys of the specified principals. Re-
+ quires get-keys rights, otherwise the principal's keys are changed
+ and saved in the keytab.
- ggeett [--ll | ----lloonngg] [--ss | ----sshhoorrtt] [--tt | ----tteerrssee] [--oo _s_t_r_i_n_g |
- ----ccoolluummnn--iinnffoo==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
+ get [-l | --long] [-s | --short] [-t | --terse] [-o string |
+ --column-info=string] principal...
Lists the matching principals, short prints the result as a table,
while long format produces a more verbose output. Which columns to
- print can be selected with the --oo option. The argument is a comma
+ print can be selected with the -o option. The argument is a comma
separated list of column names optionally appended with an equal
- sign (`=') and a column header. Which columns are printed by
- default differ slightly between short and long output.
+ sign (`=') and a column header. Which columns are printed by de-
+ fault differ slightly between short and long output.
- The default terse output format is similar to --ss --oo _p_r_i_n_c_i_p_a_l_=,
+ The default terse output format is similar to -s -o principal=,
just printing the names of matched principals.
Possible column names include: principal, princ_expire_time,
@@ -99,10 +98,10 @@ DDEESSCCRRIIPPTTIIOONN
mod_name, attributes, kvno, mkvno, last_success, last_failed,
fail_auth_count, policy, and keytypes.
- mmooddiiffyy [--aa _a_t_t_r_i_b_u_t_e_s | ----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
- [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e]
- [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----kkvvnnoo==_n_u_m_b_e_r]
- [----ppoolliiccyy==_p_o_l_i_c_y_-_n_a_m_e] _p_r_i_n_c_i_p_a_l_._._.
+ modify [-a attributes | --attributes=attributes]
+ [--max-ticket-life=lifetime] [--max-renewable-life=lifetime]
+ [--expiration-time=time] [--pw-expiration-time=time] [--kvno=number]
+ [--policy=policy-name] principal...
Modifies certain attributes of a principal. If run without command
line options, you will be prompted. With command line options, it
@@ -120,12 +119,12 @@ DDEESSCCRRIIPPTTIIOONN
kadmin -l modify -a -disallow-proxiable user
- ppaasssswwdd [----kkeeeeppoolldd] [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
- ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
+ passwd [--keepold] [-r | --random-key] [--random-password] [-p string |
+ --password=string] [--key=string] principal...
Changes the password of an existing principal.
- vveerriiffyy--ppaasssswwoorrdd--qquuaalliittyy _p_r_i_n_c_i_p_a_l _p_a_s_s_w_o_r_d
+ verify-password-quality principal password
Run the password quality check function locally. You can run this
on the host that is configured to run the kadmind process to verify
@@ -133,61 +132,61 @@ DDEESSCCRRIIPPTTIIOONN
locally, if kadmin is run in remote mode, no rpc call is done to
the server. NOTE: if the environment has verify-password-quality
configured to use a back-end that stores password history (such as
- heimdal-history), running verify-quality-password will cause an
- update to the password database meaning that merely verifying the
+ heimdal-history), running verify-quality-password will cause an up-
+ date to the password database meaning that merely verifying the
quality of the password using verify-quality-password invalidates
the use of that principal/password in the future.
- pprriivviilleeggeess
+ privileges
Lists the operations you are allowed to perform. These include add,
add_enctype, change-password, delete, del_enctype, get, get-keys,
list, and modify.
- rreennaammee _f_r_o_m _t_o
+ rename from to
Renames a principal. This is normally transparent, but since keys
are salted with the principal name, they will have a non-standard
salt, and clients which are unable to cope with this will fail.
Kerberos 4 suffers from this.
- cchheecckk [_r_e_a_l_m]
+ check [realm]
Check database for strange configurations on important principals.
If no realm is given, the default realm is used.
When running in local mode, the following commands can also be used:
- dduummpp [--dd | ----ddeeccrryypptt] [--ff_f_o_r_m_a_t | ----ffoorrmmaatt==_f_o_r_m_a_t] [_d_u_m_p_-_f_i_l_e]
+ dump [-d | --decrypt] [-fformat | --format=format] [dump-file]
- Writes the database in ``machine readable text'' form to the speci-
+ Writes the database in "machine readable text" form to the speci-
fied file, or standard out. If the database is encrypted, the dump
- will also have encrypted keys, unless ----ddeeccrryypptt is used. If
- ----ffoorrmmaatt==MMIITT is used then the dump will be in MIT format. Other-
+ will also have encrypted keys, unless --decrypt is used. If
+ --format=MIT is used then the dump will be in MIT format. Other-
wise it will be in Heimdal format.
- iinniitt [----rreeaallmm--mmaaxx--ttiicckkeett--lliiffee==_s_t_r_i_n_g] [----rreeaallmm--mmaaxx--rreenneewwaabbllee--lliiffee==_s_t_r_i_n_g]
- _r_e_a_l_m
+ init [--realm-max-ticket-life=string] [--realm-max-renewable-life=string]
+ realm
Initializes the Kerberos database with entries for a new realm.
It's possible to have more than one realm served by one server.
- llooaadd _f_i_l_e
+ load file
Reads a previously dumped database, and re-creates that database
from scratch.
- mmeerrggee _f_i_l_e
+ merge file
- Similar to llooaadd but just modifies the database with the entries in
+ Similar to load but just modifies the database with the entries in
the dump file.
- ssttaasshh [--ee _e_n_c_t_y_p_e | ----eennccttyyppee==_e_n_c_t_y_p_e] [--kk _k_e_y_f_i_l_e | ----kkeeyy--ffiillee==_k_e_y_f_i_l_e]
- [----ccoonnvveerrtt--ffiillee] [----mmaasstteerr--kkeeyy--ffdd==_f_d]
+ stash [-e enctype | --enctype=enctype] [-k keyfile | --key-file=keyfile]
+ [--convert-file] [--master-key-fd=fd]
Writes the Kerberos master key to a file used by the KDC.
-SSEEEE AALLSSOO
+SEE ALSO
kadmind(8), kdc(8)
HEIMDAL Feb 22, 2007 HEIMDAL
diff --git a/kadmin/kadmind.c b/kadmin/kadmind.c
index 12abaa598262..cdb93150ff89 100644
--- a/kadmin/kadmind.c
+++ b/kadmin/kadmind.c
@@ -130,7 +130,11 @@ main(int argc, char **argv)
errx (1, "krb5_init_context failed: %d", ret);
argc -= optidx;
+#ifndef __clang_analyzer__
argv += optidx;
+#endif
+ if (argc != 0)
+ usage(1);
if (config_file == NULL) {
int aret;
diff --git a/kadmin/kadmind.cat8 b/kadmin/kadmind.cat8
index b344db7c270d..0a97c49b33b1 100644
--- a/kadmin/kadmind.cat8
+++ b/kadmin/kadmind.cat8
@@ -1,21 +1,20 @@
-
KADMIND(8) BSD System Manager's Manual KADMIND(8)
-NNAAMMEE
- kkaaddmmiinndd -- server for administrative access to Kerberos database
+NAME
+ kadmind -- server for administrative access to Kerberos database
-SSYYNNOOPPSSIISS
- kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
- [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp
- _p_o_r_t | ----ppoorrttss==_p_o_r_t]
+SYNOPSIS
+ kadmind [-c file | --config-file=file] [-k file | --key-file=file]
+ [--keytab=keytab] [-r realm | --realm=realm] [-d | --debug] [-p
+ port | --ports=port]
-DDEESSCCRRIIPPTTIIOONN
- kkaaddmmiinndd listens for requests for changes to the Kerberos database and
+DESCRIPTION
+ kadmind listens for requests for changes to the Kerberos database and
performs these, subject to permissions. When starting, if stdin is a
- socket it assumes that it has been started by inetd(8), otherwise it
- behaves as a daemon, forking processes for each new connection. The
- ----ddeebbuugg option causes kkaaddmmiinndd to accept exactly one connection, which is
- useful for debugging.
+ socket it assumes that it has been started by inetd(8), otherwise it be-
+ haves as a daemon, forking processes for each new connection. The --debug
+ option causes kadmind to accept exactly one connection, which is useful
+ for debugging.
The kpasswdd(8) daemon is responsible for the Kerberos 5 password chang-
ing protocol (used by kpasswd(1)).
@@ -25,56 +24,55 @@ DDEESSCCRRIIPPTTIIOONN
Principals are always allowed to change their own password and list their
own principal. Apart from that, doing any operation requires permission
- explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of
+ explicitly added in the ACL file /var/heimdal/kadmind.acl. The format of
this file is:
- _p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n]
+ principal rights [principal-pattern]
Where rights is any (comma separated) combination of:
- ++oo change-password or cpw
- ++oo list
- ++oo delete
- ++oo modify
- ++oo add
- ++oo get
- ++oo get-keys
- ++oo all (everything except get-keys)
-
- And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to operations on
+ +o change-password or cpw
+ +o list
+ +o delete
+ +o modify
+ +o add
+ +o get
+ +o get-keys
+ +o all (everything except get-keys)
+
+ And the optional principal-pattern restricts the rights to operations on
principals that match the glob-style pattern.
Supported options:
- --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
+ -c file, --config-file=file
location of config file
- --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+ -k file, --key-file=file
location of master key file
- ----kkeeyyttaabb==_k_e_y_t_a_b
+ --keytab=keytab
what keytab to use
- --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
+ -r realm, --realm=realm
realm to use
- --dd, ----ddeebbuugg
+ -d, --debug
enable debugging
- --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t
+ -p port, --ports=port
ports to listen to. By default, if run as a daemon, it listens to
port 749, but you can add any number of ports with this option.
The port string is a whitespace separated list of port specifica-
- tions, with the special string ``+'' representing the default
- port.
+ tions, with the special string "+" representing the default port.
-FFIILLEESS
- _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l
+FILES
+ /var/heimdal/kadmind.acl
-EEXXAAMMPPLLEESS
- This will cause kkaaddmmiinndd to listen to port 4711 in addition to any com-
+EXAMPLES
+ This will cause kadmind to listen to port 4711 in addition to any com-
piled in defaults:
- kkaaddmmiinndd ----ppoorrttss="+ 4711" &
+ kadmind --ports="+ 4711" &
This acl file will grant Joe all rights, and allow Mallory to view and
add host principals, as well as extract host principal keys (e.g., into
@@ -83,7 +81,7 @@ EEXXAAMMPPLLEESS
joe/admin@EXAMPLE.COM all
mallory/admin@EXAMPLE.COM add,get-keys host/*@EXAMPLE.COM
-SSEEEE AALLSSOO
+SEE ALSO
kpasswd(1), kadmin(1), kdc(8), kpasswdd(8)
HEIMDAL December 8, 2004 HEIMDAL
diff --git a/kadmin/mod.c b/kadmin/mod.c
index 4a88a85a4da8..ba435a517e44 100644
--- a/kadmin/mod.c
+++ b/kadmin/mod.c
@@ -106,7 +106,7 @@ static void
add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
struct getarg_strings *strings)
{
- krb5_error_code ret;
+ krb5_error_code ret = 0;
HDB_extension ext;
krb5_data buf;
krb5_principal p;
@@ -127,9 +127,16 @@ add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
sizeof(ext.data.u.aliases.aliases.val[0]));
ext.data.u.aliases.aliases.len = strings->num_strings;
- for (i = 0; i < strings->num_strings; i++) {
+ for (i = 0; ret == 0 && i < strings->num_strings; i++) {
ret = krb5_parse_name(contextp, strings->strings[i], &p);
- ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
+ if (ret)
+ krb5_err(contextp, 1, ret, "Could not parse alias %s",
+ strings->strings[i]);
+ if (ret == 0)
+ ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
+ if (ret)
+ krb5_err(contextp, 1, ret, "Could not copy parsed alias %s",
+ strings->strings[i]);
krb5_free_principal(contextp, p);
}
}
diff --git a/kadmin/rpc.c b/kadmin/rpc.c
index 770e0a0c4aff..edaeb786b34d 100644
--- a/kadmin/rpc.c
+++ b/kadmin/rpc.c
@@ -931,7 +931,7 @@ process_stream(krb5_context contextp,
INSIST(gctx.ctx == NULL);
gctx.inprogress = 1;
- /* FALL THOUGH */
+ /* FALLTHROUGH */
case RPG_CONTINUE_INIT: {
gss_name_t src_name = GSS_C_NO_NAME;
krb5_data in;
diff --git a/kadmin/stash.c b/kadmin/stash.c
index 1eb56b36fc2f..c33623038ce4 100644
--- a/kadmin/stash.c
+++ b/kadmin/stash.c
@@ -99,13 +99,17 @@ stash(struct stash_options *opt, int argc, char **argv)
random_password (buf, sizeof(buf));
printf("Using random master stash password: %s\n", buf);
} else {
- if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) {
+ if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ",
+ UI_UTIL_FLAG_VERIFY)) {
hdb_free_master_key(context, mkey);
return 0;
}
}
ret = krb5_string_to_key_salt(context, enctype, buf, salt, &key);
- ret = hdb_add_master_key(context, &key, &mkey);
+ if (ret == 0)
+ ret = hdb_add_master_key(context, &key, &mkey);
+ if (ret)
+ krb5_warn(context, errno, "setting master key");
krb5_free_keyblock_contents(context, &key);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-03 17:34:08 +0000