Age | Commit message (Collapse) | Author | Files | Lines |
|
closing file descriptors.
ticket: 1210
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16789 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16788 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* kerberos_v4.c (kerberos_v4): Duplicate backdating fix for
APPL_REQUEST as well. Fix comments.
ticket: new
version_reported: 1.3.3
target_version: 1.3.5
tags: pullup
component: krb5-kdc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16623 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(kdc_conn_type): Declare CONN_ enumerated types in connection as
distinct type.
(add_fd): Declare as taking enum type instead of simply
integer. Prevents assignment of interger to an enum.
(process_tcp_connection): Remove variable assigned to but never used.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16416 dc483132-0cff-0310-8789-dd5450dbe970
|
|
mostly static functions to be compiled in.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16314 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16269 dc483132-0cff-0310-8789-dd5450dbe970
|
|
on, not off, and do it before calling bind.
(setup_tcp_listener_ports): Don't do it here any more.
(setup_udp_port): Ignore AF_DLI addresses.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16234 dc483132-0cff-0310-8789-dd5450dbe970
|
|
connection set.
(kill_tcp_connection): Move delete_fd call to the end.
(accept_tcp_connection): Decrement connection counter again if we drop the
incoming connection for lack of buffer space.
ticket: 2384
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16201 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Ticket: 2219
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16173 dc483132-0cff-0310-8789-dd5450dbe970
|
|
subdirs only for the makefile in the directory with the configure
script, and will have only $(LOCAL_SUBDIRS) elsewhere. Drop the use
of "MY_SUBDIRS=." to override SUBDIRS in favor of this way of keeping
SUBDIRS empty. Drop other uses of MY_SUBDIRS in favor of
LOCAL_SUBDIRS or (in one case, the top level) overriding the SUBDIRS
setting from pre.in.
One less thing to keep tweaking as configure scripts get reorganized
and merged.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16158 dc483132-0cff-0310-8789-dd5450dbe970
|
|
level configure script.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16147 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ATHENA_DES3_KLUDGE
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16145 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(setup_tcp_listener_ports): Don't call setreuseaddr. Log info about socket
option IPV6_V6ONLY in unsupported and success cases.
ticket: 2285
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16124 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Previously, MIT had support for a version of the des3 enctype with a
32-bit length prepended to encrypted data. Remove that support. This
is non-standard and is no longer needed even at MIT.
Ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16122 dc483132-0cff-0310-8789-dd5450dbe970
|
|
against but which we don't want to install as a separate library.
Change Kerberos and application servers to link against the library if they
might need the replacement daemon() function.
Add a dummy file to the library in case daemon() is not needed, so we don't
have an empty library, which we may not handle properly.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16118 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 2258
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16106 dc483132-0cff-0310-8789-dd5450dbe970
|
|
by me during conversion from bcopy() to memcpy().
ticket: 2258
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16104 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Ticket: 2234
Target_Version: 1.3.2
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16070 dc483132-0cff-0310-8789-dd5450dbe970
|
|
correct TCP listening ports.
ticket: 2118
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16042 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Ticket: 2189
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16025 dc483132-0cff-0310-8789-dd5450dbe970
|
|
the time from the client's request or the client will fail its
clockskew check if the request is backdated too far.
Ticket: 2058
Target_Version: 1.3.2
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15965 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15928 dc483132-0cff-0310-8789-dd5450dbe970
|
|
into the krb5 library.
* aclocal.m4 (KRB5_AC_NEED_DAEMON): New macro.
* appl/bsd/configure.in, kadmin/configure.in, kdc/configure.in,
krb524/configure.in, slave/configure.in: Use it. Don't directly check if
prototype for daemon() is needed.
* kadmin/server/Makefile.in (OBJS), kadmin/v5passwdd/Makefile.in (SERV_OBJS),
kdc/Makefile.in (OBJS, fakeka), krb524/Makefile.in (SERVER_OBJS),
slave/Makefile.in (SERVEROBJS): Use LIBOBJS.
* config/post.in (daemon.c): New rule for copying daemon.c locally
from lib/krb5/posix.
ticket: 1791
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15801 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 1553
target_version: 1.3
status: open
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15544 dc483132-0cff-0310-8789-dd5450dbe970
|
|
default for realm's max renewable lifetime.
(KRB5_KDB_MAX_RLIFE is currently one week)
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15532 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15490 dc483132-0cff-0310-8789-dd5450dbe970
|
|
communicate the type if the key has afs3 salt.
If such s2kparams are received by the client, use the afs string2key
function to process the key.
Ticket: 1512
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15489 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* kdc_preauth.c (return_etype_info2): After encoding the
etype_info2 and copying the pointers to the pa_data, free the
krb5_data pointer.
Ticket: new
Target_Version: 1.3
Tags: pickup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15483 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15468 dc483132-0cff-0310-8789-dd5450dbe970
|
|
rather than disallowing all unknown options.
Ticket: 1202
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15467 dc483132-0cff-0310-8789-dd5450dbe970
|
|
failure. This will be translated by the client into password
incorrect.
Ticket: 1488
Target_Version: 1.3
Tags: pullup
Component: krb5-kdc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15439 dc483132-0cff-0310-8789-dd5450dbe970
|
|
enctypes (currently AES but anything not explicitly listed as old)
then only etype_info2 is sent back in response. Send back etype_info2
all the time. Also send back etype_info2 to provide salt and
s2kparams with AS reply not just for preauth errors.
* Expose interface for getting string2key with parameters (previously
implemented but not exported)
* IN the client (at least for get_init_creds interface) prfer
etype_info2 to etype_info and pw_salt. Pass s2kparams and use
string2key_with_params.
Ticket: 1454
Status: open
Target_Version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15412 dc483132-0cff-0310-8789-dd5450dbe970
|
|
to send_subkey and recv_subkey, respectively. Add new APIs to query
and set these fields. Change the behavior of mk_req_ext, rd_req_dec,
and rd_rep to set both subkeys. Applications wanting to set
unidirectional subkeys may still do so by saving the values of subkeys
and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use
the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the
send_subkey.
ticket: 1415
status: open
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Patch from Sun to reorganize and better abstract kdc_preauth.c's
enctype info handling. This will make it easier to implement
etype_info2 so I'm committing it.
Ticket: new
Target_Version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15400 dc483132-0cff-0310-8789-dd5450dbe970
|
|
If a request contains no des-cbc-crc enctype bumt des-cbc-crc or
des-cbc-md5 existis in the database then an infinite loop is created.
Fix etype info handling to avoid this.
ticket: new
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15332 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 1397
status: open
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15312 dc483132-0cff-0310-8789-dd5450dbe970
|
|
case we get NO_MATCHING_KEY later. This allows us to log a more
sane error if an incorrect password is used for encrypting the
enc-timestamp preauth.
ticket: 1324
status: open
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15306 dc483132-0cff-0310-8789-dd5450dbe970
|
|
reenable (-X) which prints a warning that you are creating a security
hole.
Remove support for generating krb4 tickets encrypted using 3DES
service keys as it is insecure. They are still accepted however.
The KDc is much more strict about accepting only tickets that it would
have issued in the current configuration. In particular if the KDC
would choose some enctype for writing a TGT, other enctypes will not
be accepted when using a TGT.
Ticket: 1385
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kadmind previously required a file-based keytab to support its use of
gssapi. For ease of administration, a kdb-based keytab would be
beneficial.
This commit includes changes to the kdb library to support this goal,
as well as actual changes in the kadmind itself.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15237 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15221 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Ticket: 1006
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15195 dc483132-0cff-0310-8789-dd5450dbe970
|
|
enctypes that it requested or that are similar to ones it requested
first.
The KDC only includes enctypes in etype_info if they were requested by
the client.
ticket: 1006
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15191 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15161 dc483132-0cff-0310-8789-dd5450dbe970
|
|
into the MIT distribution. It's compilation is enabled with --enable-fakeka.
ticket: 1281
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15158 dc483132-0cff-0310-8789-dd5450dbe970
|
|
By default, we disable krb4 in the KDC. This means that -4 none is
the default mode.
Krb4 is reenabled for the dejagnu tests.
ticket: new
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15149 dc483132-0cff-0310-8789-dd5450dbe970
|
|
When the user supplies the correct password, but has a timestamp that
is out of bounds, the server should reply with a clock skew error
rather than a preauth required error.
ticket: new
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15130 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kdc_free_lookaside() instead of per realm one - which has been
freed by time invoked.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15113 dc483132-0cff-0310-8789-dd5450dbe970
|
|
realm_tcp_ports data, kdc_realmlist, close the replay cache, and
free the lookaside cache.
* network.c (FREE_SET_DATA): Do not free a NULL pointer.
* replay.c, kdc_util.h: Add kdc_free_lookaside() to clear the lookaside
cache on shutdown - to search for memory leaks.
* rtest.c (main): Do not allocate or free a NULL pointer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15080 dc483132-0cff-0310-8789-dd5450dbe970
|
|
instead of an incorrect pointer cast.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15072 dc483132-0cff-0310-8789-dd5450dbe970
|
|
variables, to allow correct behavior when krb4 is disabled.
ticket: 1276
owner: tlyu
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15070 dc483132-0cff-0310-8789-dd5450dbe970
|