Age | Commit message (Collapse) | Author | Files | Lines |
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23151 dc483132-0cff-0310-8789-dd5450dbe970
|
|
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Merge fast branch at 22146 onto trunk
Implement the kerberos pre-authentication framework FAST feature per
Projects/FAST on the wiki.
ticket: 6436
Target_Version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6303
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21448 dc483132-0cff-0310-8789-dd5450dbe970
|
|
for 1.6 because of code divergence.
ticket: 5919
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20280 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Patch from Nalin Dahyabhai at Redhat to implement a preauthentication
framework based on the plugin architecture. Currently. the API is
considered internal and the header is not installed.
See src/include/krb5/preauth_plugin.h for the interface.
ticket: new
Tags: enhancement
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18641 dc483132-0cff-0310-8789-dd5450dbe970
|
|
The replay lookaside cache includes the sending address, but the krb5
library replay cache does not. So, if the same message arrives from
two different source addresses, it is considered a replay by the KDC.
If the client isn't receiving the replies for some reason, and the
client has multiple addresses it uses to contact different addresses
on the KDC (and trying to reach the KDC via both IPv4 and IPv6 is an
obvious such case), this can cause errors to be returned by the KDC.
* replay.c (krb5_kdc_replay_ent): Remove "addrs" field.
(MATCH): Don't check it.
(kdc_check_lookaside, kdc_insert_lookaside): Remove "from" argument.
* kdc_util.h (kdc_check_lookaside, kdc_insert_lookaside): Update decls.
* dispatch.c (dispatch): Update calls.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17970 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17177 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14841 dc483132-0cff-0310-8789-dd5450dbe970
|
|
including k5-int.h
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14603 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* kdc_util.h (ADDRTYPE2FAMILY): New macro.
* do_as_req.c (process_as_req): Use inet_ntop instead of inet_ntoa.
* do_tgs_req.c (process_tgs_req): Ditto.
* dispatch.c (dispatch): Fix inet_ntop code, and use it always.
* kerberos_v4.c (process_v4): Check address family before copying out an IPv4
address. Log if not IPv4, but continue.
* network.c (set_sa_port): New function.
(setup_port): Use it. Combine IPv4 and IPv6 paths; IPv6 still disabled for
now. Modify supplied sockaddr instead of making a copy.
(process_packet): SADDR is now sockaddr_storage. Use socket-utils macros
instead of casting. Enable the IPv6 code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14602 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* do_as_req.c (process_as_req): Ditto.
* do_tgs_req.c (process_tgs_req): Ditto.
* kerberos_v4.c (process_v4): Remove arg "is_secondary"; update callers.
* kdc_util.h (dispatch, process_as_req, process_tgs_req, process_v4): Update
prototypes.
* main.c (init_realm): Remove unused variable.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14585 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14090 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12660 dc483132-0cff-0310-8789-dd5450dbe970
|
|
for real.
* dispatch.c: Include some more net-related headers.
(dispatch): Fix ifndef HAVE_INET_NTOP branch.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12091 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11977 dc483132-0cff-0310-8789-dd5450dbe970
|
|
replay attacks, since it can result from normal packet loss causing
retransmissions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11889 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
|
|
theoretically make certain attacks more difficult, but the replay cache is
disabled, the attack is very difficult compared to other existing attacks
(would need huge numbers of queries), and under heavy load the lookaside cache
degrades performance.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11538 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(kdc_insert_lookaside): Add code to originating address of packet,
as krb4 initial ticket requests don't contain an address. This
would cause a subtle problem wherein two simultaneous krb4 initial
ticket requests for the same principal originating from different
addresses would result in both replies containing the same
address.
* kdc_util.h: Modify prototype for lookaside functions.
* dispatch.c (dispatch): Update to new calling conventions of the
lookaside functions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10713 dc483132-0cff-0310-8789-dd5450dbe970
|
|
main.c (initialize_realms): Massive revamp of how the network ports
are setup. The default port list for a realm is read from
[kdcdefaults]/kdc_ports from the kdc.conf file. For each realm, a
list of ports can be specified in [realms]/<realm>/kdc_ports.
extern.h (kdc_realm_t): Remove realm_pport and realm_sport, and added
realm_ports.
do_tgs_req.c (process_tgs_req):
do_as_req.c (process_as_req):
dispatch.c (dispatch): Pass the portnumber of the incoming request down
to process_as_req and process_tgs_req, instead of the boolean
"is_secondary".
kerberos_v4.c (kerb_get_principal, kerberos_v4): Fix gcc -Wall flames,
by fixing signed vs. unsigned types.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6937 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6137 dc483132-0cff-0310-8789-dd5450dbe970
|
|
KRB4 for determining whether to compile in Kerberos V4 backwards
compatibility
configure.in: Remove standardized set of autoconf macros, which are
now handled by CONFIG_RULES.
do_as_req.c, do_tgs_req.c, kdc_util.c, kerberos_v4.c, main.c,
network.c: Fix -Wall nits.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6016 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5976 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5031 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Added krb5_context to all krb5_*() routines.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4815 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4190 dc483132-0cff-0310-8789-dd5450dbe970
|
|
to "may require..."
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2638 dc483132-0cff-0310-8789-dd5450dbe970
|
|
can be done, in case of ASN.1 screwup.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2578 dc483132-0cff-0310-8789-dd5450dbe970
|
|
primary port is logged.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2377 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2156 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2017 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1693 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1683 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1577 dc483132-0cff-0310-8789-dd5450dbe970
|
|
so that dispatch() will correspond to the real process_v4() in
kerberos_v4.c .
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1248 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1241 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1232 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@945 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@918 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@760 dc483132-0cff-0310-8789-dd5450dbe970
|
|
rearrange code to use new macros to predetermine packet types.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@556 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@251 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@232 dc483132-0cff-0310-8789-dd5450dbe970
|