| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Their previous location - kdc_util.c - seems to be overloaded with
various helper functions. No code changes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per project http://k5wiki.kerberos.org/wiki/Projects/Audit
The purpose of this project is to create an Audit infrastructure to monitor
security related events on the KDC.
The following events are targeted in the initial version:
- startup and shutdown of the KDC;
- AS_REQ and TGS_REQ exchanges. This includes client address and port, KDC
request and request ID, KDC reply, primary and derived ticket and their
ticket IDs, second ticket ID, cross-realm referral, was ticket renewed and
validated, local policy violation and protocol constraints, and KDC status
message.
Ticket ID is introduced to allow to link tickets to their initial TGT at any
stage of the Kerberos exchange. For the purpose of this project it is a private
to KDC ticket ID: each successfully created ticket is hashed and recorded
into audit log. The administrators can correlate the primary and derived
ticket IDs after the fact.
Request ID is a randomly generated alpha-numeric string. Using this ID an
administrator can easily correlate multiple audit events related to a single
request. It should be informative both in cases when the request is sent to
multiple KDCs, or to the same KDC multiple times.
For the purpose of testing and demo of the Audit, the JSON based modules are
implemented: "test" and "simple" audit modules respectively.
The file plugins/audit/j_dict.h is a dictionary used in this implememtations.
The new Audit system is build-time enabled and run-time pluggable.
[kaduk@mit.edu: remove potential KDC crashes, minor reordering]
ticket: 7712
target_version: 1.12
|
|
|
|
|
|
|
|
|
| |
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make
sure to use DEFINES for local defines (not DEFS). Remove some other
unnecessary makefile content.
|
|
|
|
|
|
| |
The old man pages are gone, so we can't install them anymore.
Also clean up install and install-unix targets that were installing
the old man pages by hand.
|
| |
|
|
|
|
|
|
|
| |
add_to_transited() is fairly large, and also fairly independent of the
other contents of kdc_util.c. Move it into kdc_transit.c. Also
simplifies the building of rtest by removing dependencies that
kdc_util.c previously needed to satisfy undefined symbols.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Install sphinx-generated manpages. Original nroff manpages remain for
reference until proofreading is complete. Modify
doc/rst_source/conf.py to better deal with shadow manpages -- sphinx
will now build k5login.5 instead of .k5login.5, and kadmin.1 instead
of both kadmin.1 and kadmin.local.8.
Proofreaders should ensure that the original nroff manpages (and
associated Makefile rules) are deleted once their reST format
equivalents have been proofread.
ticket: 7064
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a null pointer dereference condition that could cause a denial of
service.
ticket: 7042
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25525 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Break out the encrypted timestamp code from kdc_preauth.c and
preauth2.c into built-in modules, allowing admins to disable it and
reducing the size of the framework code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25319 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Since it has no external dependencies, split up encrypted preauth into
clpreauth and kdcpreauth chunks and link them directly into the
consumers.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25227 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
From npmccallum@redhat.com.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25132 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that SAM1 support has been removed, the KDC does not need a replay
replay cache. Remove all code within USE_RCACHE and associated support.
Rename --disable-kdc-replay-cache to --disable-kdc-lookaside-cache.
ticket: 6804
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24464 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Add support for a krb5kdc -w option which causes the KDC to spawn
worker processes which can process requests in parallel. See also:
http://k5wiki.kerberos.org/wiki/Projects/Parallel_KDC
ticket: 6783
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24328 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Re-integrates the forked versions of network.c in kdc and
kadmin/server. Server-specific initialization and SIGHUP-reset code
is moved into other source files; the more generic network-servicing
code is merged and moved into apputils library already used by both
programs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23811 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configure script:
$(SRCTOP) --> $(top_srcdir)
$(srcdir)/$(thisconfigdir) --> $(top_srcdir)
$(thisconfigdir) --> $(BUILDTOP)
$(myfulldir) --> $(mydir)
ticket: 6583
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
files can make it difficult to build the tree. To do this, make the
depends target depend on generated header files and on header file
copies or links into the main include directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge fast branch at 22146 onto trunk
Implement the kerberos pre-authentication framework FAST feature per
Projects/FAST on the wiki.
ticket: 6436
Target_Version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move automatically-generated dependencies into separate files in the
source tree, and take the data out of Makefile.in.
Keep the "make depend" rules for stripping out the dependencies from
Makefile.in, in case some optional directories were missed, but
everything that builds on my UNIX build has been converted.
(Converting a directory just requires creating an empty "deps" file so
that config.status can build the makefile, and then later running
"make depend" in that directory to get the correct content for it.)
Change configure scripts to incorporate the "deps" file when building
each Makefile. This change requires the existence of a file "deps" in
each source directory where we build a makefile, even if there are no
sources for which to compute dependencies; a switch to GNU make would
let us conditionalize that, but we can assess that later.
Update dependencies for the generate Makefile itself to list the deps
file.
This will also require some minor tweaking of the Windows build, to
make it incorporate the new deps file.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
ticket: 6303
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21448 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20965 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Rebuild dependencies for k5-buf.h, and without krb4 support.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20964 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a test authorization data scheme, in both built-in and plugin
forms; built-in version is #ifdef'ed out. Update configury to create
the build directory for the plugin, but don't build or install it by
default.
Create the new (and normally empty) authorization data plugin
directory at install time.
Add some (normally disabled) code to log authz data from rd_req.
Fix up some comments that still refer to preauth plugins. Add some
details in comments on the API, and why it's private for now.
Make the plugin init context support work, by not passing null
pointers.
ticket: 5565
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20691 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20386 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20142 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19198 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$(RUN_SETUP). Replaces old hack with MAYBE_VALGRIND added to RUN_ENV
in a way that would break in some of the tests.
Set VALGRIND in site.exp in tests/dejagnu. (Not used yet.)
Runs some shell scripts under valgrind, rather than changing them to
run only the executables under valgrind; this is mostly okay, just
creates lots of extra log data, and requires --trace-children=yes.
This should work for any instrumentation program invocation that gets
followed immediately by the name and argument list for the program
being instrumented. For example, VALGRIND="env LD_PRELOAD=..." should
work, though I haven't tested it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18699 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18652 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch from Nalin Dahyabhai at Redhat to implement a preauthentication
framework based on the plugin architecture. Currently. the API is
considered internal and the header is not installed.
See src/include/krb5/preauth_plugin.h for the interface.
ticket: new
Tags: enhancement
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18641 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
(kerberos_v4, kerb_err_reply): Replace uses of S_AD_SZ with sizeof(struct
sockaddr_in).
(kerb_get_principal): Delete fourth argument MAXN, which was always 1. Callers
updated.
* Makefile.in: Updated dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18275 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Ticket: 3013
Version_Reported: 1.3.6
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18109 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 3784
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18037 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Create include/krb5 directory, and put krb5.h and (k5-)locate.h there in the
build tree. Stub krb5.h in main include directory just includes krb5/krb5.h.
Update dependencies, and add dependencies in a couple Makefiles that didn't
have them.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18030 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
command. (And we link against libraries, not dependency lists, anyways...)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18008 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
of places where it's actually needed. Update dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17898 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17839 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17811 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
and exported from libkadm5srv, which the KDC links against. Stop
doing that.
* Makefile.in (logger.c, logger.o, $(OUTPRE)logger.$(OBJEXT)): Targets deleted.
(SRCS, OBJS, clean): Drop references to them.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17797 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17786 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
include directives sometimes using krb5/foo.h and sometimes using foo.h, and
-I options always given for both directories in both source and build trees,
push include/krb5/* up a level and drop the krb5 directory (except, for the
moment, the change log).
Updated #include directives, -I options, and dependencies accordingly, and
deleted one or two bits of old, unused code that was noticed in the process.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17730 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17708 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17505 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
and pthread libraries by name.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17265 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Will probably break things.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17258 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
N.B.: The version of gcc used this time ("gcc version 3.4.3 20041212
(Red Hat 3.4.3-9.EL4)") seems to emit some duplicate dependencies --
some header files get listed twice. This is annoying but shouldn't
cause any harm....
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17256 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17214 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
In most library directories, this just affects where the line breaks
are. In most other directories, it's just dropping a trailing blank
line. One or two files really do have updated dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16987 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
mostly static functions to be compiled in.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16314 dc483132-0cff-0310-8789-dd5450dbe970
|