summaryrefslogtreecommitdiffstats
path: root/src/kdc
Commit message (Collapse)AuthorAgeFilesLines
...
* Split signal setup into loop_setup_signals()Greg Hudson2011-09-141-1/+18
| | | | | | | In the KDC, set up signals in the worker process child after forking from the monitor process. From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25176 dc483132-0cff-0310-8789-dd5450dbe970
* Reinitialize verto after creating worker childGreg Hudson2011-09-141-0/+2
| | | | | | | Also mark fd events as reinitiable so they survive the fork. From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25175 dc483132-0cff-0310-8789-dd5450dbe970
* Fix verto.h dependencies for system libvertoGreg Hudson2011-09-091-30/+30
| | | | | | | | When we have conditionally built bundled source, we need logic in depfix.pl and variables in pre.in to avoid depending on the bundled verto.h in generated dependencies. Add that logic for verto. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25170 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-043-3/+3
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2011-09-041-70/+76
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25137 dc483132-0cff-0310-8789-dd5450dbe970
* Migrate net-server loop to use libvertoGreg Hudson2011-09-022-54/+58
| | | | | | From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25132 dc483132-0cff-0310-8789-dd5450dbe970
* Add a loop_ prefix to net-server.c functionsGreg Hudson2011-09-021-5/+5
| | | | | | From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25128 dc483132-0cff-0310-8789-dd5450dbe970
* Fix accidental KDC use of replay cacheGreg Hudson2011-08-081-0/+4
| | | | | | | | | | | | | | | | | r24464 (ticket #6804) intended to remove the KDC replay cache by eliminating all of the USE_RCACHE code, but it had the unintended side effect of causing krb5_rd_req_decoded to use the default server rcache. Using this cache is much less efficient because it is opened and re-read for each request. Set appropriate flags on the auth context to disable replay cache use for TGS requests altogether. ticket: 6941 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25076 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify KDC realm initialization slightlyGreg Hudson2011-07-251-3/+1
| | | | | | | krb5_aprof_init() can no longer return 0 with a null profile, so we can call krb5_aprof_finish() unconditionally. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25043 dc483132-0cff-0310-8789-dd5450dbe970
* Convert preauth_plugin.h to new plugin frameworkGreg Hudson2011-06-173-341/+252
| | | | | | | | | | | | | | | | | | | | | | | | The preauth plugin interface was introduced in 1.6 but was never made a public API. In preparation for making it public in 1.10, convert it to use the new plugin framework. This will require changes to any existing preauth plugins. A number of symbols were renamed for namespace cleanliness, and abstract types were introduced for module data and module per-request data for better type safety. On the consumer end (preauth2.c and kdc_preauth.c), this is a pretty rough conversion. Eventually we should create proper consumer APIs with module handles, and the flat lists of preauth types should hold pointers to module handles rather than copies of the vtables. The built-in preauth type handlers should then be converted to built-in module providers linked into the consumer code (as should encrypted challenge, since it has no external dependencies). None of this will impact the provider API for preauth plugins, so it can wait. ticket: 6921 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24970 dc483132-0cff-0310-8789-dd5450dbe970
* Add setlocale() calls to main functionsGreg Hudson2011-06-101-0/+1
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24963 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-107-114/+115
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r5233 and mark get_age as deprecated in the DAL documentation.Greg Hudson2011-05-201-12/+4
| | | | | | | | We do not need to check reply retransmissions for staleness any more than TCP needs to. A genuinely new request will have a different nonce. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24936 dc483132-0cff-0310-8789-dd5450dbe970
* typo fixLuke Howard2011-04-021-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24792 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a potential uninitialized free in prepare_error_as()Greg Hudson2011-04-011-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24779 dc483132-0cff-0310-8789-dd5450dbe970
* Use a helper function to clarify prepare_error_as() in the KDCGreg Hudson2011-03-181-63/+82
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24725 dc483132-0cff-0310-8789-dd5450dbe970
* KDC memory leak of reply padata for FAST repliesGreg Hudson2011-03-171-0/+1
| | | | | | | | | | | | kdc_fast_response_handle_padata() replaces rep->padata, causing the old value to be leaked. As a minimal fix, free the old value of rep->padata before replacing it. ticket: 6885 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24724 dc483132-0cff-0310-8789-dd5450dbe970
* Don't leak the default realm name when initializing the default realmGreg Hudson2011-03-171-1/+8
| | | | | | in the KDC. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24723 dc483132-0cff-0310-8789-dd5450dbe970
* KDC memory leak in FAST error pathGreg Hudson2011-03-174-20/+23
| | | | | | | | | | | | | | When kdc_fast_handle_error() produces a FAST-encoded error, it puts it into err->e_data and it never gets freed (since in the non-FAST case, err->e_data contains aliased pointers). Fix this by storing the encoded error in an output variable which is placed into the error's e_data by the caller and then freed. ticket: 6884 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24722 dc483132-0cff-0310-8789-dd5450dbe970
* KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]Tom Yu2011-03-151-0/+2
| | | | | | | | | | | Fix a double-free condition in the KDC that can occur during an AS-REQ when PKINIT is enabled. ticket: 6881 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24705 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-0917-67/+20
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some declarations from kdc_preauth.c which are no longer neededGreg Hudson2011-03-021-9/+0
| | | | | | after r24403. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24676 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-251-50/+43
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 ↵Tom Yu2011-02-091-1/+2
| | | | | | | | | | | | | | | CVE-2011-0282 CVE-2011-0283] [CVE-2011-0281 CVE-2011-0282] Fix some LDAP back end principal name handling that could cause the KDC to hang or crash. [CVE-2011-0283] Fix a KDC null pointer dereference introduced in krb5-1.9. ticket: 6860 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24622 dc483132-0cff-0310-8789-dd5450dbe970
* Implement restrict_anonymous_to_tgt realm flagGreg Hudson2010-12-013-5/+43
| | | | | | | | | | | | | Implement a new realm flag to reject ticket requests from anonymous principals to any principal other than the local TGT. Allows FAST to be deployed using anonymous tickets as armor in realms where the set of authenticatable users must be constrained. ticket: 6829 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24547 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_error_message cannot return NULL, and returns "Success" onGreg Hudson2010-11-012-18/+12
| | | | | | error code 0. Simplify some overly paranoid code accordingly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24489 dc483132-0cff-0310-8789-dd5450dbe970
* securID code fixesSam Hartman2010-10-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | Fixes to get securID preauth plugin working. A separate patch will address error handling and build issues. * Permit a preauth plugin to return KRB5KDC_ERR_PREAUTH_REQUIRED from the verify entry point. * If verify_securid2 fails, save the return value and return that rather than success after dealing with encoding the out_edata * Use the client key not the securid principal key for the sam checksum * indicate that securID is hardware authentication ticket: 6805 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24465 dc483132-0cff-0310-8789-dd5450dbe970
* Remove KDC replay cacheGreg Hudson2010-10-196-111/+3
| | | | | | | | | | | | Now that SAM1 support has been removed, the KDC does not need a replay replay cache. Remove all code within USE_RCACHE and associated support. Rename --disable-kdc-replay-cache to --disable-kdc-lookaside-cache. ticket: 6804 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24464 dc483132-0cff-0310-8789-dd5450dbe970
* CVE-2010-1322 KDC uninitialized pointer crash in authorization data handling ↵Tom Yu2010-10-051-4/+4
| | | | | | | | | | | | | | | | | | | (MITKRB5-SA-2010-006) When the KDC receives certain TGS-REQ messages, it may dereference an uninitialized pointer while processing authorization data, causing a crash, or in rare cases, unauthorized information disclosure, ticket modification, or execution of arbitrary code. The crash may be triggered by legitimate requests. Correctly implement the filtering of authorization data items to avoid leaving uninitialized pointers when omitting items. ticket: 6797 tags: pullup target_version: 1.8.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24429 dc483132-0cff-0310-8789-dd5450dbe970
* Add an error to be returned by a preauth mechanism indicating that the KDC ↵Sam Hartman2010-10-012-1/+4
| | | | | | | | | | | should not respond to a packet * Do not generate an error response in this case * Drop a TCP connection if we are not going to respond to it. kdc: add KRB5KDC_ERR_DISCARD git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24406 dc483132-0cff-0310-8789-dd5450dbe970
* Remove support for the old pa-sam-challenge and pa-sam-responseSam Hartman2010-10-011-725/+0
| | | | | | | | | preauth type per discussion on krbdev. The pa-sam-challenge-2 code remains in the client. preauth: remove pa-sam-challenge git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24403 dc483132-0cff-0310-8789-dd5450dbe970
* Slight revisions to create_workers() in the KDC:Greg Hudson2010-09-191-6/+9
| | | | | | | | | * Use calloc() to allocate the pids array; squashes a Coverity false positive. * Don't leak the pids array in worker processes. * Use consistent terminology in comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24329 dc483132-0cff-0310-8789-dd5450dbe970
* KDC worker processes featureGreg Hudson2010-09-174-7/+160
| | | | | | | | | | Add support for a krb5kdc -w option which causes the KDC to spawn worker processes which can process requests in parallel. See also: http://k5wiki.kerberos.org/wiki/Projects/Parallel_KDC ticket: 6783 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24328 dc483132-0cff-0310-8789-dd5450dbe970
* kdb: store mkey list in context and permit NULL mkey for ↵Sam Hartman2010-09-155-152/+10
| | | | | | | | | | | | | | | | | | | | | | | | kdb_dbe_decrypt_key_data Previously, code needed to run a loop to find the current master key, possibly fetch a new master key list and try finding the master key again around each key decryption. This was not universally done; there are cases where only the current master key was used. In addition, the correct ideom for decrypting key data is too complicated and is potentially unavailable to plugins that do not have access to the master key. Instead, store the master key list in the dal_handle whenever it is fetched and permit a NULL master key for krb5_dbe_decrypt_key_data. * Remove APIs for krb5_db_{get|set}_mkey_list * krb5_db_fetch_mkey_list: memoize master key list in dal_handle * krb5_db_free_mkey_list: don't free the memoized list; arrange for it to be freed later * krb5_dbe_decrypt_key_data: Search for correct master key on NULL argument * change call sites to take advantage ticket: 6778 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24314 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-081-36/+43
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* Properly search for MANDATORY-FOR-KDC authdata elements. Reported byGreg Hudson2010-09-021-1/+1
| | | | | | | | | | Mike Roszkowski. ticket: 6764 tags: pullup target_version: 1.8.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24286 dc483132-0cff-0310-8789-dd5450dbe970
* Fix an account lockout error-handling regression by converting theGreg Hudson2010-08-291-11/+23
| | | | | | | result of krb5_db_check_policy_as/tgs from a krb5_error_code to a protocol error number. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24268 dc483132-0cff-0310-8789-dd5450dbe970
* In AS replies, set the key-expiration field to the minimum of accountGreg Hudson2010-08-121-1/+12
| | | | | | | | | and password expiration time as specified in RFC 4120. Reported by Mary Cushion <mary@eiger.demon.co.uk>. ticket: 2032 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24240 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_allowed_to_delegate to the DAL with a corresponding libkdb5Greg Hudson2010-07-151-33/+4
| | | | | | | | | API, replacing the last method (CHECK_ALLOWED_TO_DELEGATE) of db_invoke. Remove db_invoke since it no longer has any methods. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24189 dc483132-0cff-0310-8789-dd5450dbe970
* Add refresh_config to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-151-3/+1
| | | | | | | | | replacing the REFRESH_POLICY method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
* Addendum to r24185: make audit_as_req return void, since it's anGreg Hudson2010-07-131-2/+2
| | | | | | | | | | informational method and we're not going to do anything with the result. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
* Add audit_as_req to the DAL with a corresponding libkdb5 API,Greg Hudson2010-07-131-27/+2
| | | | | | | | | | | | replacing the AUDIT_AS_REQ method of db_invoke. Remove the AUDIT_TGS_REQ method of db_invoke without adding a replacement, as there was no KDC support for it. (It can be added at a later time if necessary.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_policy_as and check_policy_tgs to the DAL table withGreg Hudson2010-07-132-79/+16
| | | | | | | | | | corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and CHECK_POLICY_TGS methods of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
* Add check_transited_realms to the DAL table with a correspondingGreg Hudson2010-07-121-25/+4
| | | | | | | | | libkdb5 API, replacing the CHECK_TRANSITED_REALMS method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24183 dc483132-0cff-0310-8789-dd5450dbe970
* Add sign_authdata to the DAL table with a corresponding libkdb5 API,Greg Hudson2010-07-123-83/+7
| | | | | | | | | replacing the SIGN_AUTH_DATA method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
* Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modulesGreg Hudson2010-07-082-0/+3
| | | | | | | | | | | should return in-realm aliases. Set it where appropriate, and use it in the LDAP module instead of intuiting the result based on other flags. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
* Add a missing break in the parsing of krb5kdc's -P option. ReportedGreg Hudson2010-07-071-0/+1
| | | | | | | | | | by nalin@redhat.com. ticket: 6750 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24176 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-065-305/+173
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Use KRB5_PLUGIN_OP_NOTSUPP uniformly as the error code for operationsGreg Hudson2010-07-033-5/+5
| | | | | | | | | | not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
* Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2010-07-021-17/+0
| | | | | | | | | | | libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 13:42:19 +0000