summaryrefslogtreecommitdiffstats
path: root/src/kdc/extern.h
Commit message (Collapse)AuthorAgeFilesLines
* Eliminate some KDC globalsTom Yu2012-10-151-68/+0
| | | | | | Make kdc_active_realm a local variable in every function that needs it. Pass it around in various state structures as needed. Keep the macros that reference its members remain for now.
* Add control over session key enctype negotiationNicolas Williams2012-06-061-0/+2
| | | | | | | | | | | | | | | | | | | Adds a principal string attribute named "session_enctypes" which can specify what enctypes the principal supports for session keys. (For what it's worth, this actually allows one to list des-cbc-md5 as a supported session key enctype, though obviously this hardly matters now.) Add a [realms] section parameter for specifying whether to assume that principals (which lack the session_enctypes attribute) support des-cbc-crc for session keys. This allows those who still need to use allow_weak_crypto=true, for whatever reason, to start reducing the number of tickets issued with des-cbc-crc session keys to clients which still give des-cbc-crc preference in their default_tgs_enctypes list. [ghudson@mit.edu: Miscellaneous edits, cleanups, and fixes; refactored test script; documented session_enctypes attribute]
* Only store master mey list in DAL handleGreg Hudson2012-03-211-3/+1
| | | | | | | | | | | | | | r24314 (#6778) created a hybrid owernship model for the master key list, with one virtual copy stored in the DAL handle and one provided to the caller of krb5_db_fetch_mkey_list. Replace this with a model where only the DAL handle owns the list, and a caller can get access to an alias pointer with a new function krb5_db_mkey_list_alias(). Functions which previously accepted the master key list as an input parameter now expect to find it in the DAL handle. Patch by Will Fiveash <will.fiveash@oracle.com>. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25781 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-091-5/+1
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Implement restrict_anonymous_to_tgt realm flagGreg Hudson2010-12-011-0/+2
| | | | | | | | | | | | | Implement a new realm flag to reject ticket requests from anonymous principals to any principal other than the local TGT. Allows FAST to be deployed using anonymous tickets as armor in realms where the set of authenticatable users must be constrained. ticket: 6829 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24547 dc483132-0cff-0310-8789-dd5450dbe970
* Remove KDC replay cacheGreg Hudson2010-10-191-1/+0
| | | | | | | | | | | | Now that SAM1 support has been removed, the KDC does not need a replay replay cache. Remove all code within USE_RCACHE and associated support. Rename --disable-kdc-replay-cache to --disable-kdc-lookaside-cache. ticket: 6804 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24464 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the unused realm_dbname field from krb5_realm_paramsGreg Hudson2010-05-041-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23968 dc483132-0cff-0310-8789-dd5450dbe970
* Merge users/raeburn/branches/network-mergeKen Raeburn2010-03-171-3/+0
| | | | | | | | | | Re-integrates the forked versions of network.c in kdc and kadmin/server. Server-specific initialization and SIGHUP-reset code is moved into other source files; the more generic network-servicing code is merged and moved into apputils library already used by both programs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23811 dc483132-0cff-0310-8789-dd5450dbe970
* Change db_args from being a global to only defined in the functionEzra Peisach2010-01-011-1/+0
| | | | | | | that uses it. This removes a warning of shadowed variable names. Change several functions to static when limited to main.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23563 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-311-42/+43
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Change "vague-errors" compile-time conditionals into run-timeKen Raeburn2009-08-211-0/+2
| | | | | | | | conditionals, based on a variable initialized based on the compile-time conditional (but probably eventually set from the config file or command line). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22569 dc483132-0cff-0310-8789-dd5450dbe970
* r22529@squish: raeburn | 2009-08-12 13:49:45 -0400Ken Raeburn2009-08-121-0/+2
| | | | | | | | | | | | | | | | | | | | | | . r22530@squish: raeburn | 2009-08-12 13:55:57 -0400 Change KRBCONF_KDC_MODIFIES_KDB to a mostly run-time option. Change all code conditionals to test a new global variable, the initial value of which is based on KRBCONF_KDC_MODIFIES_KDB. There is currently no way to alter the value from the command line; that will presumably be desired later. Change initialize_realms to store db_args in a global variable. In process_as_req, call db_open instead of the old set_name + init. Don't reopen if an error is reported by krb5_db_fini. Add a test of running kinit with an incorrect password, to trigger a kdb update if enabled. r22531@squish: raeburn | 2009-08-12 13:58:13 -0400 Fix trailing whitespace. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22518 dc483132-0cff-0310-8789-dd5450dbe970
* Master Key Migration ProjectWill Fiveash2009-01-301-0/+6
| | | | | | | | | | | | | | | Commit for the Master Key Migration Project. http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration This commit provides the ability to add a new master key (with an enctype differing from the current master key) to the master key principal and stash file and then migrate the encryption of existing principals long term keys to use the new master key. In addition deletion of master keys is provided. ticket: 6354 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the need for the domain_realm mapping table on the client side by ↵Zhanna Tsitkov2009-01-231-1/+6
| | | | | | implementing minimal referral support in the KDC git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21792 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unused macrosKen Raeburn2007-05-101-4/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19543 dc483132-0cff-0310-8789-dd5450dbe970
* Drop default_kdc_enctypes and all related codeTom Yu2003-06-031-7/+0
| | | | | | | | | ticket: 1553 target_version: 1.3 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15544 dc483132-0cff-0310-8789-dd5450dbe970
* Add TCP support to the KDC, turned off by default, and using separateKen Raeburn2002-09-191-1/+2
| | | | | | | | | | config file entries to indicate port numbers. Checkpointing a working version; debug code needs cleanup, doc needs writing. ticket: 1175 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14885 dc483132-0cff-0310-8789-dd5450dbe970
* better realm transit path checking for app serverKen Raeburn2001-09-261-1/+5
| | | | | | | transit path checking enforcement for kdc; supporting code, doc update [merged from 1.2.3 release branch] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13758 dc483132-0cff-0310-8789-dd5450dbe970
* Frank Cusack's patches, first two sets. Should be no incompatible changes,Ken Raeburn2000-02-071-0/+1
| | | | | | | | | | | except perhaps for a client talking to both a new and old KDC? Several improvements to guard against replay attacks when hardware preauth is in use, though they require re-enabling the USE_RCACHE code, which I haven't done yet. Several changes of mine for silencing a few compiler warnings, and adding some debugging log messages while I track what's going on with the preauth code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12010 dc483132-0cff-0310-8789-dd5450dbe970
* copyright notice updates from 1.1 branchKen Raeburn1999-09-241-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
* pull up 3des implementation from the marc-3des branchMarc Horowitz1998-10-301-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
* These additions cause the KDC to react to SIGHUP by closing andGeoffrey King1998-07-081-0/+1
| | | | | | | | reopening its log files, so that logfile management utilities may now compress old logs and then kill -HUP the KDC process to get them to use fresh log files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10627 dc483132-0cff-0310-8789-dd5450dbe970
* * extern.h: Added a krb5_keytab to the realm context. The keytabChris Provenzano1995-12-121-0/+5
| | | | | | | | | | should be associated with a krb5_db_context which will make having a krb5_context unnecessary in the realm context. * kdc_util.c kdc_process_tgs_req(): Use the realm keytab instead of faking up a user-to-user key to pass to krb5_rd_req_decode(). * main.c: Added code to use the new database keytab routines. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7200 dc483132-0cff-0310-8789-dd5450dbe970
* network.c (setup_network):Theodore Tso1995-10-061-2/+1
| | | | | | | | | | | | | | | | | | | | | main.c (initialize_realms): Massive revamp of how the network ports are setup. The default port list for a realm is read from [kdcdefaults]/kdc_ports from the kdc.conf file. For each realm, a list of ports can be specified in [realms]/<realm>/kdc_ports. extern.h (kdc_realm_t): Remove realm_pport and realm_sport, and added realm_ports. do_tgs_req.c (process_tgs_req): do_as_req.c (process_as_req): dispatch.c (dispatch): Pass the portnumber of the incoming request down to process_as_req and process_tgs_req, instead of the boolean "is_secondary". kerberos_v4.c (kerb_get_principal, kerberos_v4): Fix gcc -Wall flames, by fixing signed vs. unsigned types. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6937 dc483132-0cff-0310-8789-dd5450dbe970
* Add key/salt list to per-relm dataPaul Park1995-08-151-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6527 dc483132-0cff-0310-8789-dd5450dbe970
* Reorganize KDC profile and network port handlingPaul Park1995-07-121-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6287 dc483132-0cff-0310-8789-dd5450dbe970
* Multiple realm supportPaul Park1995-06-231-19/+56
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6137 dc483132-0cff-0310-8789-dd5450dbe970
* * *.[ch]: Avoid <krb5/...> and <com_err.h> includesJohn Gilmore1995-02-281-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5031 dc483132-0cff-0310-8789-dd5450dbe970
* Allow the primary port that the KDC listens on be configurable on theTheodore Tso1995-01-261-0/+2
| | | | | | | command line. If the appropriate /etc/services entries aren't found, use compiled in defaults. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4851 dc483132-0cff-0310-8789-dd5450dbe970
* Removed all references to DECLARG and OLDDECLARG.Chris Provenzano1995-01-131-3/+4
| | | | | | Added krb5_context to all krb5_*() routines. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4815 dc483132-0cff-0310-8789-dd5450dbe970
* stamp out rcs keywordsMark Eichin1994-08-181-3/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4190 dc483132-0cff-0310-8789-dd5450dbe970
* Change export warning notice from "is assumed to require an export license"Theodore Tso1993-09-011-2/+2
| | | | | | to "may require..." git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2638 dc483132-0cff-0310-8789-dd5450dbe970
* Principal type changesJohn Carr1992-08-211-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2367 dc483132-0cff-0310-8789-dd5450dbe970
* Update copyright noticeJohn Kohl1991-06-061-2/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2156 dc483132-0cff-0310-8789-dd5450dbe970
* add back rcacheJohn Kohl1991-02-131-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1684 dc483132-0cff-0310-8789-dd5450dbe970
* add TGS key cachingJohn Kohl1991-02-131-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1680 dc483132-0cff-0310-8789-dd5450dbe970
* change infinity to kdc_infinityJohn Kohl1990-11-011-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1392 dc483132-0cff-0310-8789-dd5450dbe970
* remove kdc_rcacheJohn Kohl1990-10-221-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1308 dc483132-0cff-0310-8789-dd5450dbe970
* fix reference to copyright/distribution provisionsJohn Kohl1990-05-251-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@945 dc483132-0cff-0310-8789-dd5450dbe970
* allocate for master_encblockJohn Kohl1990-04-241-1/+0
| | | | | | remove krb5_des_cs_entry; it's properly declared in <krb5/des.h> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@569 dc483132-0cff-0310-8789-dd5450dbe970
* remove krb5_mkey_pwd_prompt1, krb5_mkey_pwd_prompt2,John Kohl1990-02-071-2/+2
| | | | | | add signal_requests_exit, dbm_db_name git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@313 dc483132-0cff-0310-8789-dd5450dbe970
* add master_keyblock, master_princ, krb5_mkey_pwd_prompt1, krb5_mkey_pwd_prompt2John Kohl1990-02-061-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@288 dc483132-0cff-0310-8789-dd5450dbe970
* *** empty log message ***John Kohl1990-02-031-0/+30
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@255 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-09-24 02:07:31 +0000