diff options
| author | Theodore Tso <tytso@mit.edu> | 1995-03-17 20:33:48 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1995-03-17 20:33:48 +0000 |
| commit | 98809275fc670d227400ad23d262a4b6738e91c6 (patch) | |
| tree | b966b236c238c95381d8b527f2273e0118a95246 /src | |
| parent | 6d31738320f240213facd970a2bb28c022ebb879 (diff) | |
| download | krb5-98809275fc670d227400ad23d262a4b6738e91c6.tar.gz krb5-98809275fc670d227400ad23d262a4b6738e91c6.tar.xz krb5-98809275fc670d227400ad23d262a4b6738e91c6.zip | |
configure.in, Makefile.in: Use the libdes425 library so that the DES
code doesn't get dragged in twice.
kdc_util.c (validate_as_request): Allow a client to obtain a password
changing ticket, even if the client's key is expired.
main.c (usage, process_args, main): The KDC will disassociate itself
from the terminal by default, unless the -n option is given.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5148 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdc/ChangeLog | 13 | ||||
| -rw-r--r-- | src/kdc/Makefile.in | 2 | ||||
| -rw-r--r-- | src/kdc/configure.in | 2 | ||||
| -rw-r--r-- | src/kdc/kdc_util.c | 6 | ||||
| -rw-r--r-- | src/kdc/main.c | 14 |
5 files changed, 31 insertions, 6 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 1bddf4764..e55dfe9d1 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,16 @@ +Tue Mar 14 15:25:38 1995 <tytso@rsx-11.mit.edu> + + * configure.in, Makefile.in: Use the libdes425 library so that the + DES code doesn't get dragged in twice. + + * kdc_util.c (validate_as_request): Allow a client to obtain a + password changing ticket, even if the client's key is + expired. + + * main.c (usage, process_args, main): The KDC will disassociate + itself from the terminal by default, unless the -n option + is given. + Thu Mar 2 12:16:50 1995 Theodore Y. Ts'o <tytso@dcl> * Makefile.in (ISODELIB): Remove reference to $(ISODELIB). diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in index 58c54e332..43081ad0b 100644 --- a/src/kdc/Makefile.in +++ b/src/kdc/Makefile.in @@ -55,7 +55,7 @@ kdc5_err.h: kdc5_err.et kdc5_err.o: kdc5_err.h krb5kdc: $(OBJS) $(KDBDEPLIB) $(DEPKLIB) - $(CC) $(CFLAGS) -o krb5kdc $(OBJS) $(KDBLIB) $(KLIB) $(K4LIB) $(LIBS) + $(CC) $(CFLAGS) -o krb5kdc $(OBJS) $(KDBLIB) $(K4LIB) $(KLIB) $(LIBS) install:: $(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc diff --git a/src/kdc/configure.in b/src/kdc/configure.in index 976dc6381..32a6b6986 100644 --- a/src/kdc/configure.in +++ b/src/kdc/configure.in @@ -15,7 +15,7 @@ AC_ARG_WITH([krb4], [ --with-krb4=KRB4DIR build with Kerberos V4 backwards compatibility], ADD_DEF(-DKRB4) ADD_DEF(-DBACKWARD_COMPAT) -K4LIB='$(KRB4)/lib/libkrb.a $(TOPLIBD)/libdes425.a $(KRB4)/lib/libdes.a', +K4LIB='$(KRB4)/lib/libkrb.a $(TOPLIBD)/libdes425.a', echo "warning: no krb4 support will be built in kdc" K4LIB=) AC_SUBST(K4LIB) diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 577c7b082..68f7c81fa 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -717,8 +717,10 @@ char **status; return KDC_ERR_BADOPTION; } - /* The client's password must not be expired */ - if (client.pw_expiration && client.pw_expiration < kdc_time) { + /* The client's password must not be expired, unless the server is + a KRB5_KDC_PWCHANGE_SERVICE. */ + if (client.pw_expiration && client.pw_expiration < kdc_time && + !isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) { *status = "CLIENT KEY EXPIRED"; #ifdef KRBCONF_VAGUE_ERRORS return(KRB_ERR_GENERIC); diff --git a/src/kdc/main.c b/src/kdc/main.c index 325627e60..731fb373d 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -39,6 +39,8 @@ #include "extern.h" #include "kdc5_err.h" +static int nofork = 0; + static void kdc_com_err_proc(whoami, code, format, pvar) const char *whoami; @@ -121,7 +123,7 @@ void usage(name) char *name; { - fprintf(stderr, "usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterkeytype] [-M masterkeyname] [-p port]\n", name); + fprintf(stderr, "usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterkeytype] [-M masterkeyname] [-p port] [-n]\n", name); return; } @@ -144,7 +146,7 @@ char **argv; extern char *optarg; - while ((c = getopt(argc, argv, "r:d:mM:k:R:e:p:")) != EOF) { + while ((c = getopt(argc, argv, "r:d:mM:k:R:e:p:n")) != EOF) { switch(c) { case 'r': /* realm name for db */ db_realm = optarg; @@ -158,6 +160,9 @@ char **argv; case 'M': /* master key name in DB */ mkey_name = optarg; break; + case 'n': + nofork++; /* don't detach from terminal */ + break; case 'k': /* keytype for master key */ master_keyblock.keytype = atoi(optarg); keytypedone++; @@ -452,6 +457,11 @@ char *argv[]; finish_args(argv[0]); return 1; } + if (!nofork && daemon(0, 0)) { + com_err(argv[0], errno, "while detaching from tty"); + finish_args(argv[0]); + return 1; + } syslog(LOG_INFO, "commencing operation"); if (retval = listen_and_process(argv[0])){ com_err(argv[0], retval, "while processing network requests"); |