summaryrefslogtreecommitdiffstats
path: root/src/kdc
Commit message (Collapse)AuthorAgeFilesLines
* make mark-cstyleTom Yu2009-10-3118-5676/+5687
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* In process_tgs_req, fully initialize e_data since we may copy it inGreg Hudson2009-10-291-2/+1
| | | | | | prepare_error_tgs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23093 dc483132-0cff-0310-8789-dd5450dbe970
* remove times underflow/overflow checks, they break testsLuke Howard2009-10-291-7/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23084 dc483132-0cff-0310-8789-dd5450dbe970
* Print a "starting..." message on stderr if running in nofork mode, forTom Yu2009-10-281-0/+2
| | | | | | consistency with kadmind behavior. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23077 dc483132-0cff-0310-8789-dd5450dbe970
* Heimdal DB bridge plugin for KDC back endGreg Hudson2009-10-276-44/+121
| | | | | | | | | Merge Luke's users/lhoward/heimmig branch to trunk. Implements a KDC back-end plugin which interfaces to a Heimdal HDB plugin. ticket: 6578 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23073 dc483132-0cff-0310-8789-dd5450dbe970
* Account lockoutGreg Hudson2009-10-253-54/+4
| | | | | | | | | | | | Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
* Allow the constrained delegation authorization method to use the evidence ↵Luke Howard2009-10-211-1/+5
| | | | | | ticket client name as input to the authorization decision git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22963 dc483132-0cff-0310-8789-dd5450dbe970
* simplify logic fix introduced in r22960 for S4U2SelfLuke Howard2009-10-211-4/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22962 dc483132-0cff-0310-8789-dd5450dbe970
* remove some unneeded extensions from the Novell backend authdata SPILuke Howard2009-10-213-41/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22961 dc483132-0cff-0310-8789-dd5450dbe970
* ensure that forwardable flag is propagated along S4U2Self referral pathLuke Howard2009-10-211-1/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22960 dc483132-0cff-0310-8789-dd5450dbe970
* Increment authdata SPI to V2 (V1 was experimental) to account for additionalLuke Howard2009-10-211-3/+3
| | | | | | krbtgt key parameter. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22959 dc483132-0cff-0310-8789-dd5450dbe970
* Increment authdata SPI to V2 (V1 was experimental) to accountLuke Howard2009-10-211-24/+24
| | | | | | for additional krbtgt key parameter. This was at Sam's suggestion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22958 dc483132-0cff-0310-8789-dd5450dbe970
* Move destest to builtin/des, because it depends on overriding someTom Yu2009-10-101-37/+44
| | | | | | | | internals. Make depend. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
* Implement GSS naming extensions and authdata verificationGreg Hudson2009-10-094-25/+33
| | | | | | | | | Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize several variables - so that on error cleanup - we do not try to freeEzra Peisach2009-09-141-1/+3
| | | | | | | | | | | bogus memory. The ticket is still open as the kproplog test is failing - but no coredump. ticket: 6564 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22750 dc483132-0cff-0310-8789-dd5450dbe970
* Implement s4u extensionsGreg Hudson2009-09-135-147/+464
| | | | | | | | | Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
* Change "vague-errors" compile-time conditionals into run-timeKen Raeburn2009-08-213-18/+22
| | | | | | | | conditionals, based on a variable initialized based on the compile-time conditional (but probably eventually set from the config file or command line). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22569 dc483132-0cff-0310-8789-dd5450dbe970
* r22529@squish: raeburn | 2009-08-12 13:49:45 -0400Ken Raeburn2009-08-124-39/+46
| | | | | | | | | | | | | | | | | | | | | | . r22530@squish: raeburn | 2009-08-12 13:55:57 -0400 Change KRBCONF_KDC_MODIFIES_KDB to a mostly run-time option. Change all code conditionals to test a new global variable, the initial value of which is based on KRBCONF_KDC_MODIFIES_KDB. There is currently no way to alter the value from the command line; that will presumably be desired later. Change initialize_realms to store db_args in a global variable. In process_as_req, call db_open instead of the old set_name + init. Don't reopen if an error is reported by krb5_db_fini. Add a test of running kinit with an incorrect password, to trigger a kdb update if enabled. r22531@squish: raeburn | 2009-08-12 13:58:13 -0400 Fix trailing whitespace. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22518 dc483132-0cff-0310-8789-dd5450dbe970
* Get "make depend" to work in an unbuilt source tree, since bad depsGreg Hudson2009-08-031-1/+1
| | | | | | | | files can make it difficult to build the tree. To do this, make the depends target depend on generated header files and on header file copies or links into the main include directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486 dc483132-0cff-0310-8789-dd5450dbe970
* Check for principal expiration prior to checking for passwordTom Yu2009-06-261-16/+16
| | | | | | | | | | | expiration. Reported by Phil Pishioneri. ticket: 6428 version_reported: 1.7 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22422 dc483132-0cff-0310-8789-dd5450dbe970
* Fix vector initialization error in KDC preauth codeGreg Hudson2009-05-241-3/+2
| | | | | | | | | | | | | | In the KDC, get_preauth_hint_list had two bugs initializing the preauth array. It was allocating 21 extra entries instead of two due to a typo (harmless), and it was only zeroing up through one extra entry (harmful). Adjust the code to use calloc to avoid further disagreements of this nature. ticket: 6496 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22369 dc483132-0cff-0310-8789-dd5450dbe970
* Remove spurious assertion in handle_authdataGreg Hudson2009-05-221-1/+0
| | | | | | | | | | | | | In handle_authdata in the KDC, remove a spurious assertion (added in r21566 on the mskrb-integ branch) that authdata starts out empty. authdata can be legitimately added by check_padata, which precedes handle_authdata, and this happens with pkinit. ticket: 6492 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22360 dc483132-0cff-0310-8789-dd5450dbe970
* Add a comment to the r22168 change since it's not obvious why we'reGreg Hudson2009-05-201-0/+11
| | | | | | decrypting authdata that way. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22358 dc483132-0cff-0310-8789-dd5450dbe970
* Do not return PREAUTH_FAILED on unknown preauthSam Hartman2009-04-301-9/+3
| | | | | | | | | | | | | | If the KDC receives unknown pre-authentication data then ignore it. Do not get into a case where PREAUTH_FAILED is returned because of unknown pre-authentication. The main AS loop will cause PREAUTH_REQUIRED to be returned if the preauth_required flag is set and no valid preauth is found. ticket: 6480 Target_Version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22292 dc483132-0cff-0310-8789-dd5450dbe970
* Move KRB5_KDB_OK_AS_DELEGATE from kdb_ext.h to kdb.h. Add kadminGreg Hudson2009-04-271-4/+1
| | | | | | | | | | | support for the flag. In the KDC, remove the restriction on returning the flag on cross-realm TGTs since there is now a defined meaning for that (it allows ok-as-delegate to be honored on the foreign realm's service tickets). ticket: 5596 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22281 dc483132-0cff-0310-8789-dd5450dbe970
* Send explicit salt for SALTTYPE_NORMAL keysGreg Hudson2009-04-162-12/+19
| | | | | | | | | | | | | | | Change the signature of _make_etype_info_entry to take the canonical client principal instead of the request structure. Also fixes the salt we compute for SALTTYPE_NOREALM keys. Sending an explicit salt for SALTTYPE_NORMAL keys is believed to be necessary for some preauth scenarios involving aliases. ticket: 6470 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22264 dc483132-0cff-0310-8789-dd5450dbe970
* Require fast_req checksum to be keyedSam Hartman2009-04-141-1/+19
| | | | | | | | | | Since the fast_req checksum is unencrypted, a keyed checksum type needs to be used. ticket: 6461 Target_Version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22210 dc483132-0cff-0310-8789-dd5450dbe970
* kdc: handle_referral_params does not return ENOMEM errorsEzra Peisach2009-04-091-1/+1
| | | | | | | | | retval was set but never returned. ticket: 6450 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22186 dc483132-0cff-0310-8789-dd5450dbe970
* Fall through on error returnEzra Peisach2009-04-081-3/+4
| | | | | | | | | | | | | If decoding the encoded_req_body fails, proceed goto errout instead of falling through to fast handling. Looks like a merge error. Reindented code. ticket: 6449 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22183 dc483132-0cff-0310-8789-dd5450dbe970
* Implement KDC side of TGS FASTSam Hartman2009-04-051-3/+10
| | | | | | | | | | | Most of the KDC side of TGS FAST was already present. This adds correct generation of the reply key. ticket: 6439 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22171 dc483132-0cff-0310-8789-dd5450dbe970
* fix logic errorsSam Hartman2009-04-041-1/+1
| | | | | | ticket: 6436 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22170 dc483132-0cff-0310-8789-dd5450dbe970
* Handle authdata encrypted in subkeySam Hartman2009-04-031-0/+7
| | | | | | | | | | | | RFC 4120 requires that if a subkey is present in the TGS request that authorization data be encrypted in the subkey. Our KDC did not handle this correctly. ticket: 6438 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22168 dc483132-0cff-0310-8789-dd5450dbe970
* Merge fast branch at 22166 onto trunkSam Hartman2009-04-036-23/+123
| | | | | | ticket: 6436 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22167 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize request state in the TGS pathSam Hartman2009-03-311-0/+5
| | | | | | ticket: 6436 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22151 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2009-03-311-0/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22150 dc483132-0cff-0310-8789-dd5450dbe970
* Implement FAST from draft-ietf-krb-wg-preauth-frameworkSam Hartman2009-03-318-29/+598
| | | | | | | | | | | | Merge fast branch at 22146 onto trunk Implement the kerberos pre-authentication framework FAST feature per Projects/FAST on the wiki. ticket: 6436 Target_Version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
* Verify return code from krb5_db_set_mkey_listZhanna Tsitkov2009-03-162-5/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22100 dc483132-0cff-0310-8789-dd5450dbe970
* Call kdb_set_mkey_list from the KDCSam Hartman2009-03-162-1/+2
| | | | | | | | | | | In order for the kdb keytab to be used from within the KDC, the KDC needs to set the master key list in the context. ticket: 6424 Target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22093 dc483132-0cff-0310-8789-dd5450dbe970
* Report verbose error messages from KDCGreg Hudson2009-03-115-128/+142
| | | | | | | | | | | | | | | | We were losing verbose error messages when logging from the KDC because the context passed to krb5_klog_init did not match the realm-specific context used for most library function calls. Introduce a wrapper function kdc_err which copies the error state from the call context to the log context. The wrapper function also knows the program name, which removes the need to pass argv[0] around everywhere or make up program names. ticket: 6408 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22079 dc483132-0cff-0310-8789-dd5450dbe970
* Removed unneeded printf'sZhanna Tsitkov2009-03-091-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22070 dc483132-0cff-0310-8789-dd5450dbe970
* Correct the return codeZhanna Tsitkov2009-02-231-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22046 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust to the return value of isflagset routineZhanna Tsitkov2009-02-201-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22041 dc483132-0cff-0310-8789-dd5450dbe970
* Fix in handle_referral_paramsZhanna Tsitkov2009-02-191-9/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22037 dc483132-0cff-0310-8789-dd5450dbe970
* Be less verbose about routing-socket messagesKen Raeburn2009-02-131-4/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22005 dc483132-0cff-0310-8789-dd5450dbe970
* regenerateKen Raeburn2009-02-041-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21885 dc483132-0cff-0310-8789-dd5450dbe970
* Use macros for config parametersZhanna Tsitkov2009-02-042-18/+18
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21879 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-022-6/+4
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of casts of free() argument to char*, except where it'sKen Raeburn2009-02-021-1/+1
| | | | | | | | casting away const (so as to make this change warning-neutral), and in unicode source (which we may want to keep in sync with another source), and krb5_xfree macro (to be handled separately). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21870 dc483132-0cff-0310-8789-dd5450dbe970
* reapply memchr patchKen Raeburn2009-02-021-6/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21862 dc483132-0cff-0310-8789-dd5450dbe970
* small storage leak in KDC startupKen Raeburn2009-02-021-1/+0
| | | | | | | | | | Remove duplicate strdup call. ticket: 6356 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21860 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-09-30 12:14:28 +0000