diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2000-02-07 04:15:58 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2000-02-07 04:15:58 +0000 |
| commit | ef44719127fadfd95dbc2ce2a12b3d3c02d8efbd (patch) | |
| tree | b83bdfb19ba8144115ab6335ee97609c46b87c58 /src/kdc/ChangeLog | |
| parent | 4d5d309d8a0198ca49fd0f9cde7d3f990fcf8e52 (diff) | |
Frank Cusack's patches, first two sets. Should be no incompatible changes,
except perhaps for a client talking to both a new and old KDC? Several
improvements to guard against replay attacks when hardware preauth is in use,
though they require re-enabling the USE_RCACHE code, which I haven't done yet.
Several changes of mine for silencing a few compiler warnings, and adding some
debugging log messages while I track what's going on with the preauth code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12010 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/ChangeLog')
| -rw-r--r-- | src/kdc/ChangeLog | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 7ec1f457f..0e85c758d 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,39 @@ +2000-02-06 Ken Raeburn <raeburn@mit.edu> + + * kdc_preauth.c: Include <syslog.h>. + (struct _krb5_preauth_systems, preauth_systems): Add new NAME + field, for logging debug info. + (check_padata): Call krb5_klog_syslog instead of com_err. + (missing_required_preauth, check_padata): Added debugging + krb5_klog_syslog calls, currently disabled. + (sam_inst_map): Add {} around array element initializers to keep + gcc quiet. + (get_sam_edata): Delete unused variable I. + + Patches from Frank Cusack for hw-preauth replay detection. + * main.c (rc_lifetime): New global variables. + (kdc_initialize_rcache): Initialize rc_lifetime from context + clockskew. + (setup_sam): New function; initializes psr_key. + (main): Call setup_sam. + * kdc_preauth.c (get_sam_edata): Fill in new fields of PSR. Use + psr_key for encrypting instead of database master key. + (verify_sam_response): Use psr_key instead of database master + key. Do replay detection if USE_RCACHE is defined. + (get_sam_edata): Clear SC and PSR structures before using them. + Set new FLAGS field of PSR. + (return_sam_data): New function. + (preauth_systems): Use return_sam_data in sam-response entry. + * extern.c (psr_key): Define. + * extern.h (psr_key): Declare. + + * kdc_preauth.c (get_sam_edata, verify_sam_response): Add parens + around assignments in if statements, to keep "gcc -Wall" quiet. + (return_sam_data): Delete unused variable padata. + + * main.c (kdc_current_rcname): Declare only if USE_RCACHE is + defined. + 2000-01-27 Ken Raeburn <raeburn@mit.edu> * dispatch.c (dispatch): Log address and port number of detected |