summaryrefslogtreecommitdiffstats
path: root/src/kdc/ChangeLog
Commit message (Collapse)AuthorAgeFilesLines
* Remove ChangeLog files from the source tree. From now on, theSam Hartman2006-04-111-2136/+0
| | | | | | | subversion commit log entry needs to include information that would have been in the changelog. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17893 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_preauth.c (verify_enc_timestamp): Initialize decrypt_errKen Raeburn2006-04-101-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17886 dc483132-0cff-0310-8789-dd5450dbe970
* more DEFS=Ken Raeburn2006-04-041-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17839 dc483132-0cff-0310-8789-dd5450dbe970
* Currently logger.c is built as part of the KDC, and also built intoKen Raeburn2006-03-301-0/+6
| | | | | | | | | | and exported from libkadm5srv, which the KDC links against. Stop doing that. * Makefile.in (logger.c, logger.o, $(OUTPRE)logger.$(OBJEXT)): Targets deleted. (SRCS, OBJS, clean): Drop references to them. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17797 dc483132-0cff-0310-8789-dd5450dbe970
* Instead of arbitrary division of headers into include and include/krb5, withKen Raeburn2006-03-111-0/+4
| | | | | | | | | | | | include directives sometimes using krb5/foo.h and sometimes using foo.h, and -I options always given for both directories in both source and build trees, push include/krb5/* up a level and drop the krb5 directory (except, for the moment, the change log). Updated #include directives, -I options, and dependencies accordingly, and deleted one or two bits of old, unused code that was noticed in the process. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17730 dc483132-0cff-0310-8789-dd5450dbe970
* * network.c (listen_and_process): Make local variable 'sout' staticKen Raeburn2005-11-291-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17513 dc483132-0cff-0310-8789-dd5450dbe970
* * fakeka.c (main): Pass extra null-pointer argument to kadm5_init_with_passwordKen Raeburn2005-11-181-0/+3
| | | | | | for new db_args argument added by DAL changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17496 dc483132-0cff-0310-8789-dd5450dbe970
* * fakeka.c: Include errno.hKen Raeburn2005-11-181-0/+4
| | | | | | ticket: 3236 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17495 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_preauth.c (etype_info_as_rep_helper): New function; sharedTom Yu2005-10-131-0/+9
| | | | | | | | | | | | | code for handling ETYPE-INFO and ETYPE-INFO2. Checks request for "newer" enctypes and does not return an ETYPE-INFO if any "newer" enctypes are present in the request. Reported by Will Fiveash. (return_etype_info2, return_etype_info): Implement in terms of etype_info_as_rep_helper. ticket: 3207 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17424 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_preauth.c (return_etype_info2): Apply patch from WillTom Yu2005-10-121-0/+6
| | | | | | | | | | Fiveash to use reply key's enctype, not the long-term key's enctype, to avoid some enctype similarity problems. ticket: 3205 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17420 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2005-002 KDC double-free and heap overflowTom Yu2005-07-121-0/+10
| | | | | | | | | | | | | | | Fix for MITKRB5-SA-2005-002 * KDC double-free [CAN-2005-1174, VU#259798] * krb5_unparse_name heap overflow [CAN-2005-1175, VU#885830] Thanks to Daniel Wachdorf. ticket: new flags: pullup target_version: 1.4.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17298 dc483132-0cff-0310-8789-dd5450dbe970
* Use DL_LIB and THREAD_LINKOPTS instead of explicitly specifying the dlKen Raeburn2005-06-211-0/+3
| | | | | | and pthread libraries by name. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17265 dc483132-0cff-0310-8789-dd5450dbe970
* Novell Database Abstraction Layer merge.Ken Raeburn2005-06-211-0/+6
| | | | | | Will probably break things. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17258 dc483132-0cff-0310-8789-dd5450dbe970
* * kerberos_v4.c: Include autoconf.h before testing KRB5_KRB4_COMPATKen Raeburn2005-05-131-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17213 dc483132-0cff-0310-8789-dd5450dbe970
* Delete definitions of unused macros NEED_SOCKETS and NEED_LOWLEVEL_IOKen Raeburn2005-04-131-0/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17177 dc483132-0cff-0310-8789-dd5450dbe970
* * network.c (closedown_network): Free each connection data structure whileKen Raeburn2004-09-241-0/+3
| | | | | | | | closing file descriptors. ticket: 1210 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16789 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_util.h (sockaddr2p): Don't declareKen Raeburn2004-09-241-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16788 dc483132-0cff-0310-8789-dd5450dbe970
* another krb4 ticket backdating fixTom Yu2004-07-241-0/+5
| | | | | | | | | | | | | * kerberos_v4.c (kerberos_v4): Duplicate backdating fix for APPL_REQUEST as well. Fix comments. ticket: new version_reported: 1.3.3 target_version: 1.3.5 tags: pullup component: krb5-kdc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16623 dc483132-0cff-0310-8789-dd5450dbe970
* * network.c (paddr): Use unsigned int for length.Ezra Peisach2004-06-071-0/+9
| | | | | | | | | | (kdc_conn_type): Declare CONN_ enumerated types in connection as distinct type. (add_fd): Declare as taking enum type instead of simply integer. Prevents assignment of interger to an enum. (process_tcp_connection): Remove variable assigned to but never used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16416 dc483132-0cff-0310-8789-dd5450dbe970
* Rename header file foreachaddr.c to foreachaddr.h, now that it isn'tKen Raeburn2004-05-051-0/+4
| | | | | | mostly static functions to be compiled in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16314 dc483132-0cff-0310-8789-dd5450dbe970
* * network.c (setup_a_tcp_listener): Try to turn the IPV6_V6ONLY socket optionKen Raeburn2004-04-031-0/+7
| | | | | | | | on, not off, and do it before calling bind. (setup_tcp_listener_ports): Don't do it here any more. (setup_udp_port): Ignore AF_DLI addresses. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16234 dc483132-0cff-0310-8789-dd5450dbe970
* * network.c (delete_fd): Free pointed-to data after removing it from theKen Raeburn2004-03-221-0/+8
| | | | | | | | | | | | connection set. (kill_tcp_connection): Move delete_fd call to the end. (accept_tcp_connection): Decrement connection counter again if we drop the incoming connection for lack of buffer space. ticket: 2384 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16201 dc483132-0cff-0310-8789-dd5450dbe970
* Free unparsed names in SAM response handlingSam Hartman2004-03-151-0/+4
| | | | | | | Ticket: 2219 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16173 dc483132-0cff-0310-8789-dd5450dbe970
* Change subdir processing so that SUBDIRS will contain the configuredKen Raeburn2004-03-081-0/+4
| | | | | | | | | | | | | | subdirs only for the makefile in the directory with the configure script, and will have only $(LOCAL_SUBDIRS) elsewhere. Drop the use of "MY_SUBDIRS=." to override SUBDIRS in favor of this way of keeping SUBDIRS empty. Drop other uses of MY_SUBDIRS in favor of LOCAL_SUBDIRS or (in one case, the top level) overriding the SUBDIRS setting from pre.in. One less thing to keep tweaking as configure scripts get reorganized and merged. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16158 dc483132-0cff-0310-8789-dd5450dbe970
* Merge configuration of kdc, krb524, and slave directories into topKen Raeburn2004-03-051-0/+7
| | | | | | level configure script. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16147 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Don't check for --enable-athena and don't define ↵Ken Raeburn2004-03-041-0/+5
| | | | | | ATHENA_DES3_KLUDGE git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16145 dc483132-0cff-0310-8789-dd5450dbe970
* * network.c (setup_a_tcp_listener): Call setreuseaddr before calling bind.Ken Raeburn2004-02-261-0/+7
| | | | | | | | | | (setup_tcp_listener_ports): Don't call setreuseaddr. Log info about socket option IPV6_V6ONLY in unsupported and success cases. ticket: 2285 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16124 dc483132-0cff-0310-8789-dd5450dbe970
* Remove ENCTYPE_LOCAL_DES3_HMAC_SHA1Sam Hartman2004-02-241-0/+8
| | | | | | | | | | Previously, MIT had support for a version of the des3 enctype with a 32-bit length prepended to encrypted data. Remove that support. This is non-standard and is no longer needed even at MIT. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16122 dc483132-0cff-0310-8789-dd5450dbe970
* Move daemon.c into a new library of utility routines for linking our programsKen Raeburn2004-02-241-0/+5
| | | | | | | | | | | | against but which we don't want to install as a separate library. Change Kerberos and application servers to link against the library if they might need the replacement daemon() function. Add a dummy file to the library in case daemon() is not needed, so we don't have an empty library, which we may not handle properly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16118 dc483132-0cff-0310-8789-dd5450dbe970
* Add missing ChangeLog entryTom Yu2004-02-231-0/+6
| | | | | | ticket: 2258 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16106 dc483132-0cff-0310-8789-dd5450dbe970
* Fix logic errorSam Hartman2004-02-131-0/+4
| | | | | | | | Ticket: 2234 Target_Version: 1.3.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16070 dc483132-0cff-0310-8789-dd5450dbe970
* * main.c (init_realm): Apply patch from Will Fiveash to useTom Yu2004-02-091-0/+5
| | | | | | | | | correct TCP listening ports. ticket: 2118 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16042 dc483132-0cff-0310-8789-dd5450dbe970
* Do not consider TGS options to be critical; ignore unknown optionsSam Hartman2004-02-061-0/+4
| | | | | | | Ticket: 2189 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16025 dc483132-0cff-0310-8789-dd5450dbe970
* Only backdate the ticket that is created. The KDC reply must containSam Hartman2004-01-051-0/+6
| | | | | | | | | | | the time from the client's request or the client will fail its clockskew check if the request is backdated too far. Ticket: 2058 Target_Version: 1.3.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15965 dc483132-0cff-0310-8789-dd5450dbe970
* Copy and build daemon.c in whatever directories need it, instead of building itKen Raeburn2003-08-301-0/+6
| | | | | | | | | | | | | | | | | | into the krb5 library. * aclocal.m4 (KRB5_AC_NEED_DAEMON): New macro. * appl/bsd/configure.in, kadmin/configure.in, kdc/configure.in, krb524/configure.in, slave/configure.in: Use it. Don't directly check if prototype for daemon() is needed. * kadmin/server/Makefile.in (OBJS), kadmin/v5passwdd/Makefile.in (SERV_OBJS), kdc/Makefile.in (OBJS, fakeka), krb524/Makefile.in (SERVER_OBJS), slave/Makefile.in (SERVEROBJS): Use LIBOBJS. * config/post.in (daemon.c): New rule for copying daemon.c locally from lib/krb5/posix. ticket: 1791 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15801 dc483132-0cff-0310-8789-dd5450dbe970
* Drop default_kdc_enctypes and all related codeTom Yu2003-06-031-0/+12
| | | | | | | | | ticket: 1553 target_version: 1.3 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15544 dc483132-0cff-0310-8789-dd5450dbe970
* * main.c (init_realm): Use KRB5_KDB_MAX_RLIFE, not KRB5_KDB_MAX_LIFE, asKen Raeburn2003-05-301-0/+5
| | | | | | | | | | | default for realm's max renewable lifetime. (KRB5_KDB_MAX_RLIFE is currently one week) ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15532 dc483132-0cff-0310-8789-dd5450dbe970
* When generating etype_info2 for DES style keys, use s2kparams toSam Hartman2003-05-241-0/+8
| | | | | | | | | | | | communicate the type if the key has afs3 salt. If such s2kparams are received by the client, use the afs string2key function to process the key. Ticket: 1512 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15489 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak in kdc etype_info2 preauthEzra Peisach2003-05-231-0/+6
| | | | | | | | | | | | * kdc_preauth.c (return_etype_info2): After encoding the etype_info2 and copying the pointers to the pa_data, free the krb5_data pointer. Ticket: new Target_Version: 1.3 Tags: pickup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15483 dc483132-0cff-0310-8789-dd5450dbe970
* Log transited checkd not done as info not errorSam Hartman2003-05-221-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15468 dc483132-0cff-0310-8789-dd5450dbe970
* Provide an explicit list of options not to be allowed in AS requestsSam Hartman2003-05-221-0/+6
| | | | | | | | | rather than disallowing all unknown options. Ticket: 1202 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15467 dc483132-0cff-0310-8789-dd5450dbe970
* Allow the KDC to return bad integrity errors to the client on preauthSam Hartman2003-05-141-0/+4
| | | | | | | | | | | | failure. This will be translated by the client into password incorrect. Ticket: 1488 Target_Version: 1.3 Tags: pullup Component: krb5-kdc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15439 dc483132-0cff-0310-8789-dd5450dbe970
* * IMplement etype_info in KDC. If the request contains any newSam Hartman2003-05-121-0/+13
| | | | | | | | | | | | | | | | | | | | enctypes (currently AES but anything not explicitly listed as old) then only etype_info2 is sent back in response. Send back etype_info2 all the time. Also send back etype_info2 to provide salt and s2kparams with AS reply not just for preauth errors. * Expose interface for getting string2key with parameters (previously implemented but not exported) * IN the client (at least for get_init_creds interface) prfer etype_info2 to etype_info and pw_salt. Pass s2kparams and use string2key_with_params. Ticket: 1454 Status: open Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15412 dc483132-0cff-0310-8789-dd5450dbe970
* Rename the local_subkey and remote_subkey fields in the auth_contextTom Yu2003-05-101-0/+5
| | | | | | | | | | | | | | | | | to send_subkey and recv_subkey, respectively. Add new APIs to query and set these fields. Change the behavior of mk_req_ext, rd_req_dec, and rd_rep to set both subkeys. Applications wanting to set unidirectional subkeys may still do so by saving the values of subkeys and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the send_subkey. ticket: 1415 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
* Reorganize kdc_preauth enctype handlingSam Hartman2003-05-071-0/+6
| | | | | | | | | | | Patch from Sun to reorganize and better abstract kdc_preauth.c's enctype info handling. This will make it easier to implement etype_info2 so I'm committing it. Ticket: new Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15400 dc483132-0cff-0310-8789-dd5450dbe970
* etype info handling infinite loopSam Hartman2003-04-091-0/+5
| | | | | | | | | | | If a request contains no des-cbc-crc enctype bumt des-cbc-crc or des-cbc-md5 existis in the database then an infinite loop is created. Fix etype info handling to avoid this. ticket: new Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15332 dc483132-0cff-0310-8789-dd5450dbe970
* Red Hat's krb5_princ_size fixesKen Raeburn2003-04-011-0/+7
| | | | | | | | ticket: 1397 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15312 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_preauth.c (verify_enc_timestamp): Save decryption error, inTom Yu2003-03-281-0/+7
| | | | | | | | | | | | | case we get NO_MATCHING_KEY later. This allows us to log a more sane error if an incorrect password is used for encrypting the enc-timestamp preauth. ticket: 1324 status: open target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15306 dc483132-0cff-0310-8789-dd5450dbe970
* Disable krb4 cross-realm in krb524d and krb5kdc. Provide an option toSam Hartman2003-03-171-0/+13
| | | | | | | | | | | | | | | | | | | reenable (-X) which prints a warning that you are creating a security hole. Remove support for generating krb4 tickets encrypted using 3DES service keys as it is insecure. They are still accepted however. The KDc is much more strict about accepting only tickets that it would have issued in the current configuration. In particular if the KDC would choose some enctype for writing a TGT, other enctypes will not be accepted when using a TGT. Ticket: 1385 Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
* use kdb keytab for kadmindTom Yu2003-03-061-0/+4
| | | | | | | | | | | | | kadmind previously required a file-based keytab to support its use of gssapi. For ease of administration, a kdb-based keytab would be beneficial. This commit includes changes to the kdb library to support this goal, as well as actual changes in the kadmind itself. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15237 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-01 22:34:02 +0000