aboutsummaryrefslogtreecommitdiff
path: root/src/kdc
AgeCommit message (Collapse)AuthorFilesLines
2004-09-24* network.c (closedown_network): Free each connection data structure whileKen Raeburn2-0/+8
closing file descriptors. ticket: 1210 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16789 dc483132-0cff-0310-8789-dd5450dbe970
2004-09-24* kdc_util.h (sockaddr2p): Don't declareKen Raeburn2-3/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16788 dc483132-0cff-0310-8789-dd5450dbe970
2004-07-24another krb4 ticket backdating fixTom Yu2-6/+11
* kerberos_v4.c (kerberos_v4): Duplicate backdating fix for APPL_REQUEST as well. Fix comments. ticket: new version_reported: 1.3.3 target_version: 1.3.5 tags: pullup component: krb5-kdc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16623 dc483132-0cff-0310-8789-dd5450dbe970
2004-06-07 * network.c (paddr): Use unsigned int for length.Ezra Peisach2-5/+14
(kdc_conn_type): Declare CONN_ enumerated types in connection as distinct type. (add_fd): Declare as taking enum type instead of simply integer. Prevents assignment of interger to an enum. (process_tcp_connection): Remove variable assigned to but never used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16416 dc483132-0cff-0310-8789-dd5450dbe970
2004-05-05Rename header file foreachaddr.c to foreachaddr.h, now that it isn'tKen Raeburn3-2/+6
mostly static functions to be compiled in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16314 dc483132-0cff-0310-8789-dd5450dbe970
2004-04-24updated dependenciesKen Raeburn1-58/+63
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16269 dc483132-0cff-0310-8789-dd5450dbe970
2004-04-03* network.c (setup_a_tcp_listener): Try to turn the IPV6_V6ONLY socket optionKen Raeburn2-8/+23
on, not off, and do it before calling bind. (setup_tcp_listener_ports): Don't do it here any more. (setup_udp_port): Ignore AF_DLI addresses. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16234 dc483132-0cff-0310-8789-dd5450dbe970
2004-03-22* network.c (delete_fd): Free pointed-to data after removing it from theKen Raeburn2-2/+12
connection set. (kill_tcp_connection): Move delete_fd call to the end. (accept_tcp_connection): Decrement connection counter again if we drop the incoming connection for lack of buffer space. ticket: 2384 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16201 dc483132-0cff-0310-8789-dd5450dbe970
2004-03-15Free unparsed names in SAM response handlingSam Hartman2-0/+6
Ticket: 2219 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16173 dc483132-0cff-0310-8789-dd5450dbe970
2004-03-08Change subdir processing so that SUBDIRS will contain the configuredKen Raeburn2-1/+4
subdirs only for the makefile in the directory with the configure script, and will have only $(LOCAL_SUBDIRS) elsewhere. Drop the use of "MY_SUBDIRS=." to override SUBDIRS in favor of this way of keeping SUBDIRS empty. Drop other uses of MY_SUBDIRS in favor of LOCAL_SUBDIRS or (in one case, the top level) overriding the SUBDIRS setting from pre.in. One less thing to keep tweaking as configure scripts get reorganized and merged. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16158 dc483132-0cff-0310-8789-dd5450dbe970
2004-03-05Merge configuration of kdc, krb524, and slave directories into topKen Raeburn3-84/+10
level configure script. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16147 dc483132-0cff-0310-8789-dd5450dbe970
2004-03-04* configure.in: Don't check for --enable-athena and don't define ↵Ken Raeburn2-6/+5
ATHENA_DES3_KLUDGE git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16145 dc483132-0cff-0310-8789-dd5450dbe970
2004-02-26* network.c (setup_a_tcp_listener): Call setreuseaddr before calling bind.Ken Raeburn2-8/+18
(setup_tcp_listener_ports): Don't call setreuseaddr. Log info about socket option IPV6_V6ONLY in unsupported and success cases. ticket: 2285 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16124 dc483132-0cff-0310-8789-dd5450dbe970
2004-02-24Remove ENCTYPE_LOCAL_DES3_HMAC_SHA1Sam Hartman4-23/+9
Previously, MIT had support for a version of the des3 enctype with a 32-bit length prepended to encrypted data. Remove that support. This is non-standard and is no longer needed even at MIT. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16122 dc483132-0cff-0310-8789-dd5450dbe970
2004-02-24Move daemon.c into a new library of utility routines for linking our programsKen Raeburn2-6/+10
against but which we don't want to install as a separate library. Change Kerberos and application servers to link against the library if they might need the replacement daemon() function. Add a dummy file to the library in case daemon() is not needed, so we don't have an empty library, which we may not handle properly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16118 dc483132-0cff-0310-8789-dd5450dbe970
2004-02-23Add missing ChangeLog entryTom Yu1-0/+6
ticket: 2258 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16106 dc483132-0cff-0310-8789-dd5450dbe970
2004-02-19Bug from David Thompson <thomas@cs.wisc.edu>. Bug originally introducedKen Hornstein1-1/+1
by me during conversion from bcopy() to memcpy(). ticket: 2258 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16104 dc483132-0cff-0310-8789-dd5450dbe970
2004-02-13Fix logic errorSam Hartman2-1/+5
Ticket: 2234 Target_Version: 1.3.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16070 dc483132-0cff-0310-8789-dd5450dbe970
2004-02-09 * main.c (init_realm): Apply patch from Will Fiveash to useTom Yu2-1/+6
correct TCP listening ports. ticket: 2118 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16042 dc483132-0cff-0310-8789-dd5450dbe970
2004-02-06Do not consider TGS options to be critical; ignore unknown optionsSam Hartman2-6/+7
Ticket: 2189 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16025 dc483132-0cff-0310-8789-dd5450dbe970
2004-01-05Only backdate the ticket that is created. The KDC reply must containSam Hartman2-5/+10
the time from the client's request or the client will fail its clockskew check if the request is backdated too far. Ticket: 2058 Target_Version: 1.3.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15965 dc483132-0cff-0310-8789-dd5450dbe970
2003-12-15make dependKen Raeburn1-53/+60
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15928 dc483132-0cff-0310-8789-dd5450dbe970
2003-08-30Copy and build daemon.c in whatever directories need it, instead of building itKen Raeburn3-6/+11
into the krb5 library. * aclocal.m4 (KRB5_AC_NEED_DAEMON): New macro. * appl/bsd/configure.in, kadmin/configure.in, kdc/configure.in, krb524/configure.in, slave/configure.in: Use it. Don't directly check if prototype for daemon() is needed. * kadmin/server/Makefile.in (OBJS), kadmin/v5passwdd/Makefile.in (SERV_OBJS), kdc/Makefile.in (OBJS, fakeka), krb524/Makefile.in (SERVER_OBJS), slave/Makefile.in (SERVEROBJS): Use LIBOBJS. * config/post.in (daemon.c): New rule for copying daemon.c locally from lib/krb5/posix. ticket: 1791 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15801 dc483132-0cff-0310-8789-dd5450dbe970
2003-06-03Drop default_kdc_enctypes and all related codeTom Yu3-150/+12
ticket: 1553 target_version: 1.3 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15544 dc483132-0cff-0310-8789-dd5450dbe970
2003-05-30* main.c (init_realm): Use KRB5_KDB_MAX_RLIFE, not KRB5_KDB_MAX_LIFE, asKen Raeburn2-1/+6
default for realm's max renewable lifetime. (KRB5_KDB_MAX_RLIFE is currently one week) ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15532 dc483132-0cff-0310-8789-dd5450dbe970
2003-05-24make-depend updatesKen Raeburn1-34/+34
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15490 dc483132-0cff-0310-8789-dd5450dbe970
2003-05-24When generating etype_info2 for DES style keys, use s2kparams toSam Hartman2-10/+37
communicate the type if the key has afs3 salt. If such s2kparams are received by the client, use the afs string2key function to process the key. Ticket: 1512 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15489 dc483132-0cff-0310-8789-dd5450dbe970
2003-05-23Memory leak in kdc etype_info2 preauthEzra Peisach2-2/+14
* kdc_preauth.c (return_etype_info2): After encoding the etype_info2 and copying the pointers to the pa_data, free the krb5_data pointer. Ticket: new Target_Version: 1.3 Tags: pickup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15483 dc483132-0cff-0310-8789-dd5450dbe970
2003-05-22Log transited checkd not done as info not errorSam Hartman2-1/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15468 dc483132-0cff-0310-8789-dd5450dbe970
2003-05-22Provide an explicit list of options not to be allowed in AS requestsSam Hartman2-5/+10
rather than disallowing all unknown options. Ticket: 1202 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15467 dc483132-0cff-0310-8789-dd5450dbe970
2003-05-14Allow the KDC to return bad integrity errors to the client on preauthSam Hartman2-0/+5
failure. This will be translated by the client into password incorrect. Ticket: 1488 Target_Version: 1.3 Tags: pullup Component: krb5-kdc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15439 dc483132-0cff-0310-8789-dd5450dbe970
2003-05-12* IMplement etype_info in KDC. If the request contains any newSam Hartman2-4/+139
enctypes (currently AES but anything not explicitly listed as old) then only etype_info2 is sent back in response. Send back etype_info2 all the time. Also send back etype_info2 to provide salt and s2kparams with AS reply not just for preauth errors. * Expose interface for getting string2key with parameters (previously implemented but not exported) * IN the client (at least for get_init_creds interface) prfer etype_info2 to etype_info and pw_salt. Pass s2kparams and use string2key_with_params. Ticket: 1454 Status: open Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15412 dc483132-0cff-0310-8789-dd5450dbe970
2003-05-10Rename the local_subkey and remote_subkey fields in the auth_contextTom Yu2-2/+7
to send_subkey and recv_subkey, respectively. Add new APIs to query and set these fields. Change the behavior of mk_req_ext, rd_req_dec, and rd_rep to set both subkeys. Applications wanting to set unidirectional subkeys may still do so by saving the values of subkeys and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the send_subkey. ticket: 1415 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
2003-05-07Reorganize kdc_preauth enctype handlingSam Hartman2-39/+81
Patch from Sun to reorganize and better abstract kdc_preauth.c's enctype info handling. This will make it easier to implement etype_info2 so I'm committing it. Ticket: new Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15400 dc483132-0cff-0310-8789-dd5450dbe970
2003-04-09etype info handling infinite loopSam Hartman2-2/+9
If a request contains no des-cbc-crc enctype bumt des-cbc-crc or des-cbc-md5 existis in the database then an infinite loop is created. Fix etype info handling to avoid this. ticket: new Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15332 dc483132-0cff-0310-8789-dd5450dbe970
2003-04-01Red Hat's krb5_princ_size fixesKen Raeburn3-3/+12
ticket: 1397 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15312 dc483132-0cff-0310-8789-dd5450dbe970
2003-03-28 * kdc_preauth.c (verify_enc_timestamp): Save decryption error, inTom Yu2-1/+20
case we get NO_MATCHING_KEY later. This allows us to log a more sane error if an incorrect password is used for encrypting the enc-timestamp preauth. ticket: 1324 status: open target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15306 dc483132-0cff-0310-8789-dd5450dbe970
2003-03-17Disable krb4 cross-realm in krb524d and krb5kdc. Provide an option toSam Hartman4-46/+106
reenable (-X) which prints a warning that you are creating a security hole. Remove support for generating krb4 tickets encrypted using 3DES service keys as it is insecure. They are still accepted however. The KDc is much more strict about accepting only tickets that it would have issued in the current configuration. In particular if the KDC would choose some enctype for writing a TGT, other enctypes will not be accepted when using a TGT. Ticket: 1385 Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
2003-03-06use kdb keytab for kadmindTom Yu2-1/+5
kadmind previously required a file-based keytab to support its use of gssapi. For ease of administration, a kdb-based keytab would be beneficial. This commit includes changes to the kdb library to support this goal, as well as actual changes in the kadmind itself. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15237 dc483132-0cff-0310-8789-dd5450dbe970
2003-03-05* configure.in: Default to --disable-fakekaKen Raeburn2-1/+5
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15221 dc483132-0cff-0310-8789-dd5450dbe970
2003-02-21Fix typo that caused infinite loop in previous patchSam Hartman2-1/+6
Ticket: 1006 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15195 dc483132-0cff-0310-8789-dd5450dbe970
2003-02-15The client sorts the enctype list returned by etype_info orderingSam Hartman2-1/+26
enctypes that it requested or that are similar to ones it requested first. The KDC only includes enctypes in etype_info if they were requested by the client. ticket: 1006 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15191 dc483132-0cff-0310-8789-dd5450dbe970
2003-02-06Sorry, forgot this ChangeLog on the last commitKen Hornstein1-0/+5
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15161 dc483132-0cff-0310-8789-dd5450dbe970
2003-02-06This is the integration of "fakeka" (a program to emulate a kaserver)Ken Hornstein3-1/+1411
into the MIT distribution. It's compilation is enabled with --enable-fakeka. ticket: 1281 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15158 dc483132-0cff-0310-8789-dd5450dbe970
2003-02-04disable krb4 by defaultSam Hartman3-2/+9
By default, we disable krb4 in the KDC. This means that -4 none is the default mode. Krb4 is reenabled for the dejagnu tests. ticket: new Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15149 dc483132-0cff-0310-8789-dd5450dbe970
2003-01-21Timestamp preauth should return clock skew errorsSam Hartman2-1/+13
When the user supplies the correct password, but has a timestamp that is out of bounds, the server should reply with a clock skew error rather than a preauth required error. ticket: new Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15130 dc483132-0cff-0310-8789-dd5450dbe970
2003-01-12 * kdc_util.h, replay.c, main.c: Pass global krb5_context toEzra Peisach4-7/+13
kdc_free_lookaside() instead of per realm one - which has been freed by time invoked. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15113 dc483132-0cff-0310-8789-dd5450dbe970
2003-01-03 * main.c: On exit, free more allocated memory, including:Ezra Peisach6-4/+55
realm_tcp_ports data, kdc_realmlist, close the replay cache, and free the lookaside cache. * network.c (FREE_SET_DATA): Do not free a NULL pointer. * replay.c, kdc_util.h: Add kdc_free_lookaside() to clear the lookaside cache on shutdown - to search for memory leaks. * rtest.c (main): Do not allocate or free a NULL pointer. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15080 dc483132-0cff-0310-8789-dd5450dbe970
2002-12-30* kerberos_v4.c (process_v4): Use a temporary variable for the current timeKen Raeburn2-1/+9
instead of an incorrect pointer cast. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15072 dc483132-0cff-0310-8789-dd5450dbe970
2002-12-23Replace dependencies on generated krb524 and krb4 headers withTom Yu1-1/+1
variables, to allow correct behavior when krb4 is disabled. ticket: 1276 owner: tlyu git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15070 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-09-08 07:47:31 +0000