aboutsummaryrefslogtreecommitdiff
path: root/src/kdc/dispatch.c
AgeCommit message (Collapse)AuthorFilesLines
2009-11-12Post-great-reindent check. Part IZhanna Tsitkov1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23151 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-31make mark-cstyleTom Yu1-44/+45
make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
2009-03-31Implement FAST from draft-ietf-krb-wg-preauth-frameworkSam Hartman1-1/+2
Merge fast branch at 22146 onto trunk Implement the kerberos pre-authentication framework FAST feature per Projects/FAST on the wiki. ticket: 6436 Target_Version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
2008-12-15In the KDC, remove krb4 request handling support and fakeka codeGreg Hudson1-4/+0
ticket: 6303 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21448 dc483132-0cff-0310-8789-dd5450dbe970
2008-03-18Fix MITKRB5-SA-2008-001 on trunk. Patch differs from the released oneKen Raeburn1-1/+1
for 1.6 because of code divergence. ticket: 5919 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20280 dc483132-0cff-0310-8789-dd5450dbe970
2006-10-03Preauthentication Plugin FrameworkSam Hartman1-1/+1
Patch from Nalin Dahyabhai at Redhat to implement a preauthentication framework based on the plugin architecture. Currently. the API is considered internal and the header is not installed. See src/include/krb5/preauth_plugin.h for the interface. ticket: new Tags: enhancement Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18641 dc483132-0cff-0310-8789-dd5450dbe970
2006-04-29ipv4+ipv6 messages can trip up KDC replay detectionKen Raeburn1-2/+2
The replay lookaside cache includes the sending address, but the krb5 library replay cache does not. So, if the same message arrives from two different source addresses, it is considered a replay by the KDC. If the client isn't receiving the replies for some reason, and the client has multiple addresses it uses to contact different addresses on the KDC (and trying to reach the KDC via both IPv4 and IPv6 is an obvious such case), this can cause errors to be returned by the KDC. * replay.c (krb5_kdc_replay_ent): Remove "addrs" field. (MATCH): Don't check it. (kdc_check_lookaside, kdc_insert_lookaside): Remove "from" argument. * kdc_util.h (kdc_check_lookaside, kdc_insert_lookaside): Update decls. * dispatch.c (dispatch): Update calls. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17970 dc483132-0cff-0310-8789-dd5450dbe970
2005-04-13Delete definitions of unused macros NEED_SOCKETS and NEED_LOWLEVEL_IOKen Raeburn1-1/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17177 dc483132-0cff-0310-8789-dd5450dbe970
2002-09-11protoizeKen Raeburn1-4/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14841 dc483132-0cff-0310-8789-dd5450dbe970
2002-07-05* dispatch.c, do_as_req.c, do_tgs_req.c: Define NEED_SOCKETS before ↵Ken Raeburn1-0/+1
including k5-int.h git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14603 dc483132-0cff-0310-8789-dd5450dbe970
2002-07-05Reduce or localize dependencies on address families.Ken Raeburn1-11/+2
* kdc_util.h (ADDRTYPE2FAMILY): New macro. * do_as_req.c (process_as_req): Use inet_ntop instead of inet_ntoa. * do_tgs_req.c (process_tgs_req): Ditto. * dispatch.c (dispatch): Fix inet_ntop code, and use it always. * kerberos_v4.c (process_v4): Check address family before copying out an IPv4 address. Log if not IPv4, but continue. * network.c (set_sa_port): New function. (setup_port): Use it. Combine IPv4 and IPv6 paths; IPv6 still disabled for now. Modify supplied sockaddr instead of making a copy. (process_packet): SADDR is now sockaddr_storage. Use socket-utils macros instead of casting. Enable the IPv6 code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14602 dc483132-0cff-0310-8789-dd5450dbe970
2002-06-26* dispatch.c (dispatch): Remove arg "portnum"; update callers.Ken Raeburn1-7/+6
* do_as_req.c (process_as_req): Ditto. * do_tgs_req.c (process_tgs_req): Ditto. * kerberos_v4.c (process_v4): Remove arg "is_secondary"; update callers. * kdc_util.h (dispatch, process_as_req, process_tgs_req, process_v4): Update prototypes. * main.c (init_realm): Remove unused variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14585 dc483132-0cff-0310-8789-dd5450dbe970
2002-01-08KDC support for new PRNGSam Hartman1-1/+23
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14090 dc483132-0cff-0310-8789-dd5450dbe970
2000-09-20 * dispatch.c (dispatch): inet_ntop() returns const char *Ezra Peisach1-4/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12660 dc483132-0cff-0310-8789-dd5450dbe970
2000-03-01 * kdc_preauth.c (verify_sam_response): Declare and set rc_lifetimeTom Yu1-1/+4
for real. * dispatch.c: Include some more net-related headers. (dispatch): Fix ifndef HAVE_INET_NTOP branch. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12091 dc483132-0cff-0310-8789-dd5450dbe970
2000-01-27* dispatch.c (dispatch): Log address and port number of detected retransmitsKen Raeburn1-1/+20
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11977 dc483132-0cff-0310-8789-dd5450dbe970
1999-10-29* dispatch.c (dispatch): Make message in lookaside case less suggestive ofKen Raeburn1-1/+1
replay attacks, since it can result from normal packet loss causing retransmissions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11889 dc483132-0cff-0310-8789-dd5450dbe970
1999-09-24copyright notice updates from 1.1 branchKen Raeburn1-1/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
1999-06-30Disable lookaside cache. It's needed if the replay cache is enabled, and couldKen Raeburn1-0/+4
theoretically make certain attacks more difficult, but the replay cache is disabled, the attack is very difficult compared to other existing attacks (would need huge numbers of queries), and under heavy load the lookaside cache degrades performance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11538 dc483132-0cff-0310-8789-dd5450dbe970
1998-07-22 * replay.c (kdc_check_lookaside):Tom Yu1-2/+2
(kdc_insert_lookaside): Add code to originating address of packet, as krb4 initial ticket requests don't contain an address. This would cause a subtle problem wherein two simultaneous krb4 initial ticket requests for the same principal originating from different addresses would result in both replies containing the same address. * kdc_util.h: Modify prototype for lookaside functions. * dispatch.c (dispatch): Update to new calling conventions of the lookaside functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10713 dc483132-0cff-0310-8789-dd5450dbe970
1995-10-06network.c (setup_network):Theodore Tso1-5/+5
main.c (initialize_realms): Massive revamp of how the network ports are setup. The default port list for a realm is read from [kdcdefaults]/kdc_ports from the kdc.conf file. For each realm, a list of ports can be specified in [realms]/<realm>/kdc_ports. extern.h (kdc_realm_t): Remove realm_pport and realm_sport, and added realm_ports. do_tgs_req.c (process_tgs_req): do_as_req.c (process_as_req): dispatch.c (dispatch): Pass the portnumber of the incoming request down to process_as_req and process_tgs_req, instead of the boolean "is_secondary". kerberos_v4.c (kerb_get_principal, kerberos_v4): Fix gcc -Wall flames, by fixing signed vs. unsigned types. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6937 dc483132-0cff-0310-8789-dd5450dbe970
1995-06-23Multiple realm supportPaul Park1-1/+7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6137 dc483132-0cff-0310-8789-dd5450dbe970
1995-06-09dispatch.c, kdc_util.h, kerberos_v4.c: Use KRB5_KRB4_COMPAT instead ofTheodore Tso1-1/+1
KRB4 for determining whether to compile in Kerberos V4 backwards compatibility configure.in: Remove standardized set of autoconf macros, which are now handled by CONFIG_RULES. do_as_req.c, do_tgs_req.c, kdc_util.c, kerberos_v4.c, main.c, network.c: Fix -Wall nits. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6016 dc483132-0cff-0310-8789-dd5450dbe970
1995-06-08Update kadmind5 to use new logging routinesPaul Park1-1/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5976 dc483132-0cff-0310-8789-dd5450dbe970
1995-02-28* *.[ch]: Avoid <krb5/...> and <com_err.h> includesJohn Gilmore1-5/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5031 dc483132-0cff-0310-8789-dd5450dbe970
1995-01-13Removed all references to DECLARG and OLDDECLARG.Chris Provenzano1-1/+2
Added krb5_context to all krb5_*() routines. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4815 dc483132-0cff-0310-8789-dd5450dbe970
1994-08-18stamp out rcs keywordsMark Eichin1-6/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4190 dc483132-0cff-0310-8789-dd5450dbe970
1993-09-01Change export warning notice from "is assumed to require an export license"Theodore Tso1-2/+2
to "may require..." git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2638 dc483132-0cff-0310-8789-dd5450dbe970
1993-06-03Pass in actual packet to process_tgs_req so that two different checksummingTheodore Tso1-5/+1
can be done, in case of ASN.1 screwup. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2578 dc483132-0cff-0310-8789-dd5450dbe970
1992-09-01Modifications so that whether something came in on the secondary orTheodore Tso1-7/+8
primary port is logged. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2377 dc483132-0cff-0310-8789-dd5450dbe970
1991-06-06Update copyright noticeJohn Kohl1-2/+16
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2156 dc483132-0cff-0310-8789-dd5450dbe970
1991-04-19XXX not appropriateJohn Kohl1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2017 dc483132-0cff-0310-8789-dd5450dbe970
1991-02-14only insert the replay if we succeeded in generating a replyJohn Kohl1-1/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1693 dc483132-0cff-0310-8789-dd5450dbe970
1991-02-13add replay lookaside call-outsJohn Kohl1-1/+12
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1683 dc483132-0cff-0310-8789-dd5450dbe970
1990-12-20conditionalize v4 supportJohn Kohl1-1/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1577 dc483132-0cff-0310-8789-dd5450dbe970
1990-10-11changed process_v4() stub & its call to have three arguments,Donald Davis1-1/+1
so that dispatch() will correspond to the real process_v4() in kerberos_v4.c . git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1248 dc483132-0cff-0310-8789-dd5450dbe970
1990-10-10packet can be modified by decode_krb5_as_req, so we can't be constJohn Kohl1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1241 dc483132-0cff-0310-8789-dd5450dbe970
1990-10-10change data structure namesJohn Kohl1-4/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1232 dc483132-0cff-0310-8789-dd5450dbe970
1990-05-25fix reference to copyright/distribution provisionsJohn Kohl1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@945 dc483132-0cff-0310-8789-dd5450dbe970
1990-05-23fix include filesJohn Kohl1-2/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@918 dc483132-0cff-0310-8789-dd5450dbe970
1990-05-07call process_tgs_req, which calls the othersJohn Kohl1-3/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@760 dc483132-0cff-0310-8789-dd5450dbe970
1990-04-23add const to argsJohn Kohl1-21/+15
rearrange code to use new macros to predetermine packet types. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@556 dc483132-0cff-0310-8789-dd5450dbe970
1990-02-03add more args, pass more args downJohn Kohl1-4/+7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@251 dc483132-0cff-0310-8789-dd5450dbe970
1990-02-02*** empty log message ***John Kohl1-0/+60
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@232 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-09-08 03:43:36 +0000