summaryrefslogtreecommitdiffstats
path: root/src/kdc
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix logic errorSam Hartman2004-02-132-1/+5
| | | | | | | | Ticket: 2234 Target_Version: 1.3.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16070 dc483132-0cff-0310-8789-dd5450dbe970
* * main.c (init_realm): Apply patch from Will Fiveash to useTom Yu2004-02-092-1/+6
| | | | | | | | | correct TCP listening ports. ticket: 2118 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16042 dc483132-0cff-0310-8789-dd5450dbe970
* Do not consider TGS options to be critical; ignore unknown optionsSam Hartman2004-02-062-6/+7
| | | | | | | Ticket: 2189 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16025 dc483132-0cff-0310-8789-dd5450dbe970
* Only backdate the ticket that is created. The KDC reply must containSam Hartman2004-01-052-5/+10
| | | | | | | | | | | the time from the client's request or the client will fail its clockskew check if the request is backdated too far. Ticket: 2058 Target_Version: 1.3.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15965 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2003-12-151-53/+60
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15928 dc483132-0cff-0310-8789-dd5450dbe970
* Copy and build daemon.c in whatever directories need it, instead of building itKen Raeburn2003-08-303-6/+11
| | | | | | | | | | | | | | | | | | into the krb5 library. * aclocal.m4 (KRB5_AC_NEED_DAEMON): New macro. * appl/bsd/configure.in, kadmin/configure.in, kdc/configure.in, krb524/configure.in, slave/configure.in: Use it. Don't directly check if prototype for daemon() is needed. * kadmin/server/Makefile.in (OBJS), kadmin/v5passwdd/Makefile.in (SERV_OBJS), kdc/Makefile.in (OBJS, fakeka), krb524/Makefile.in (SERVER_OBJS), slave/Makefile.in (SERVEROBJS): Use LIBOBJS. * config/post.in (daemon.c): New rule for copying daemon.c locally from lib/krb5/posix. ticket: 1791 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15801 dc483132-0cff-0310-8789-dd5450dbe970
* Drop default_kdc_enctypes and all related codeTom Yu2003-06-033-150/+12
| | | | | | | | | ticket: 1553 target_version: 1.3 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15544 dc483132-0cff-0310-8789-dd5450dbe970
* * main.c (init_realm): Use KRB5_KDB_MAX_RLIFE, not KRB5_KDB_MAX_LIFE, asKen Raeburn2003-05-302-1/+6
| | | | | | | | | | | default for realm's max renewable lifetime. (KRB5_KDB_MAX_RLIFE is currently one week) ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15532 dc483132-0cff-0310-8789-dd5450dbe970
* make-depend updatesKen Raeburn2003-05-241-34/+34
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15490 dc483132-0cff-0310-8789-dd5450dbe970
* When generating etype_info2 for DES style keys, use s2kparams toSam Hartman2003-05-242-10/+37
| | | | | | | | | | | | communicate the type if the key has afs3 salt. If such s2kparams are received by the client, use the afs string2key function to process the key. Ticket: 1512 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15489 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak in kdc etype_info2 preauthEzra Peisach2003-05-232-2/+14
| | | | | | | | | | | | * kdc_preauth.c (return_etype_info2): After encoding the etype_info2 and copying the pointers to the pa_data, free the krb5_data pointer. Ticket: new Target_Version: 1.3 Tags: pickup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15483 dc483132-0cff-0310-8789-dd5450dbe970
* Log transited checkd not done as info not errorSam Hartman2003-05-222-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15468 dc483132-0cff-0310-8789-dd5450dbe970
* Provide an explicit list of options not to be allowed in AS requestsSam Hartman2003-05-222-5/+10
| | | | | | | | | rather than disallowing all unknown options. Ticket: 1202 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15467 dc483132-0cff-0310-8789-dd5450dbe970
* Allow the KDC to return bad integrity errors to the client on preauthSam Hartman2003-05-142-0/+5
| | | | | | | | | | | | failure. This will be translated by the client into password incorrect. Ticket: 1488 Target_Version: 1.3 Tags: pullup Component: krb5-kdc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15439 dc483132-0cff-0310-8789-dd5450dbe970
* * IMplement etype_info in KDC. If the request contains any newSam Hartman2003-05-122-4/+139
| | | | | | | | | | | | | | | | | | | | enctypes (currently AES but anything not explicitly listed as old) then only etype_info2 is sent back in response. Send back etype_info2 all the time. Also send back etype_info2 to provide salt and s2kparams with AS reply not just for preauth errors. * Expose interface for getting string2key with parameters (previously implemented but not exported) * IN the client (at least for get_init_creds interface) prfer etype_info2 to etype_info and pw_salt. Pass s2kparams and use string2key_with_params. Ticket: 1454 Status: open Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15412 dc483132-0cff-0310-8789-dd5450dbe970
* Rename the local_subkey and remote_subkey fields in the auth_contextTom Yu2003-05-102-2/+7
| | | | | | | | | | | | | | | | | to send_subkey and recv_subkey, respectively. Add new APIs to query and set these fields. Change the behavior of mk_req_ext, rd_req_dec, and rd_rep to set both subkeys. Applications wanting to set unidirectional subkeys may still do so by saving the values of subkeys and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the send_subkey. ticket: 1415 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
* Reorganize kdc_preauth enctype handlingSam Hartman2003-05-072-39/+81
| | | | | | | | | | | Patch from Sun to reorganize and better abstract kdc_preauth.c's enctype info handling. This will make it easier to implement etype_info2 so I'm committing it. Ticket: new Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15400 dc483132-0cff-0310-8789-dd5450dbe970
* etype info handling infinite loopSam Hartman2003-04-092-2/+9
| | | | | | | | | | | If a request contains no des-cbc-crc enctype bumt des-cbc-crc or des-cbc-md5 existis in the database then an infinite loop is created. Fix etype info handling to avoid this. ticket: new Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15332 dc483132-0cff-0310-8789-dd5450dbe970
* Red Hat's krb5_princ_size fixesKen Raeburn2003-04-013-3/+12
| | | | | | | | ticket: 1397 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15312 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_preauth.c (verify_enc_timestamp): Save decryption error, inTom Yu2003-03-282-1/+20
| | | | | | | | | | | | | case we get NO_MATCHING_KEY later. This allows us to log a more sane error if an incorrect password is used for encrypting the enc-timestamp preauth. ticket: 1324 status: open target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15306 dc483132-0cff-0310-8789-dd5450dbe970
* Disable krb4 cross-realm in krb524d and krb5kdc. Provide an option toSam Hartman2003-03-174-46/+106
| | | | | | | | | | | | | | | | | | | reenable (-X) which prints a warning that you are creating a security hole. Remove support for generating krb4 tickets encrypted using 3DES service keys as it is insecure. They are still accepted however. The KDc is much more strict about accepting only tickets that it would have issued in the current configuration. In particular if the KDC would choose some enctype for writing a TGT, other enctypes will not be accepted when using a TGT. Ticket: 1385 Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
* use kdb keytab for kadmindTom Yu2003-03-062-1/+5
| | | | | | | | | | | | | kadmind previously required a file-based keytab to support its use of gssapi. For ease of administration, a kdb-based keytab would be beneficial. This commit includes changes to the kdb library to support this goal, as well as actual changes in the kadmind itself. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15237 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Default to --disable-fakekaKen Raeburn2003-03-052-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15221 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typo that caused infinite loop in previous patchSam Hartman2003-02-212-1/+6
| | | | | | Ticket: 1006 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15195 dc483132-0cff-0310-8789-dd5450dbe970
* The client sorts the enctype list returned by etype_info orderingSam Hartman2003-02-152-1/+26
| | | | | | | | | | | | enctypes that it requested or that are similar to ones it requested first. The KDC only includes enctypes in etype_info if they were requested by the client. ticket: 1006 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15191 dc483132-0cff-0310-8789-dd5450dbe970
* Sorry, forgot this ChangeLog on the last commitKen Hornstein2003-02-061-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15161 dc483132-0cff-0310-8789-dd5450dbe970
* This is the integration of "fakeka" (a program to emulate a kaserver)Ken Hornstein2003-02-063-1/+1411
| | | | | | | | into the MIT distribution. It's compilation is enabled with --enable-fakeka. ticket: 1281 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15158 dc483132-0cff-0310-8789-dd5450dbe970
* disable krb4 by defaultSam Hartman2003-02-043-2/+9
| | | | | | | | | | | | By default, we disable krb4 in the KDC. This means that -4 none is the default mode. Krb4 is reenabled for the dejagnu tests. ticket: new Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15149 dc483132-0cff-0310-8789-dd5450dbe970
* Timestamp preauth should return clock skew errorsSam Hartman2003-01-212-1/+13
| | | | | | | | | | | When the user supplies the correct password, but has a timestamp that is out of bounds, the server should reply with a clock skew error rather than a preauth required error. ticket: new Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15130 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_util.h, replay.c, main.c: Pass global krb5_context toEzra Peisach2003-01-124-7/+13
| | | | | | | kdc_free_lookaside() instead of per realm one - which has been freed by time invoked. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15113 dc483132-0cff-0310-8789-dd5450dbe970
* * main.c: On exit, free more allocated memory, including:Ezra Peisach2003-01-036-4/+55
| | | | | | | | | | | | | | realm_tcp_ports data, kdc_realmlist, close the replay cache, and free the lookaside cache. * network.c (FREE_SET_DATA): Do not free a NULL pointer. * replay.c, kdc_util.h: Add kdc_free_lookaside() to clear the lookaside cache on shutdown - to search for memory leaks. * rtest.c (main): Do not allocate or free a NULL pointer. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15080 dc483132-0cff-0310-8789-dd5450dbe970
* * kerberos_v4.c (process_v4): Use a temporary variable for the current timeKen Raeburn2002-12-302-1/+9
| | | | | | instead of an incorrect pointer cast. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15072 dc483132-0cff-0310-8789-dd5450dbe970
* Replace dependencies on generated krb524 and krb4 headers withTom Yu2002-12-231-1/+1
| | | | | | | | | variables, to allow correct behavior when krb4 is disabled. ticket: 1276 owner: tlyu git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15070 dc483132-0cff-0310-8789-dd5450dbe970
* More KfM merge workTom Yu2002-12-122-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | Create new file FSp-glue.c including KfM functions that had previously been scattered through various other files. Port RealmsConfig-glue.c from KfM, including old Unix-ish krb4 configuration code as fallback. Remove other files containing old realm/config file support. Add KRB5_CALLCONV to krb_get_in_tkt_creds. Fix various functions to take const char* as arguments now that tkt_string() returns const. Assorted minor cleanup. Implement krb_get_err_text in terms of com_err. Implement gross kludge to force krb_err_txt to remain in sync with com_err. ticket: 1189 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15046 dc483132-0cff-0310-8789-dd5450dbe970
* Merge more KfM krb4 thingsTom Yu2002-11-273-2/+15
| | | | | | | | | | | | | | | | | | Implement *_in_tkt_creds, mk_req_creds, and rd_req_int functions. Implement KfM krb4 kadm password changing, mostly by pulling in the client side of the kadm library into the krb4 library. Do some more header file cleanup of des.h and krb.h. Remove some ancient krb4 dead weight. Some Mac-specific functionality still needs to be merged. ticket: 1189 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15014 dc483132-0cff-0310-8789-dd5450dbe970
* * do_as_req.c (process_as_req): Fix previous patch; it caused anTom Yu2002-11-042-1/+7
| | | | | | | | | uninitialized pointer to be dereferenced under certain error conditions. ticket: 1206 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14964 dc483132-0cff-0310-8789-dd5450dbe970
* Don't include trailing null in the transited encoding produced by the KDC.Sam Hartman2002-10-282-2/+6
| | | | | | | | | | Other routines do not expect the null to be included in the length so policy checks fail. Also, sending the null over the wire is wrong. ticket: 1230 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14940 dc483132-0cff-0310-8789-dd5450dbe970
* * do_as_req.c (process_as_req): Apply fix from Kevin Coffman toTom Yu2002-10-062-1/+9
| | | | | | | | avoid leaking padata. ticket: 1206 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14910 dc483132-0cff-0310-8789-dd5450dbe970
* Limit the number of TCP connections that will be handled at one time.Ken Raeburn2002-09-272-55/+82
| | | | | | | | | | | | | | | | | Remove some debugging calls. * network.c (struct connection): New field start_time. (tcp_data_counter, max_tcp_data_connections): New variables. (kill_tcp_connection): New function. (process_tcp_connection): Use it. Log reason for rejecting connection if the requested buffer size is too large. (accept_tcp_connection): If there are too many TCP connections already, shut down the oldest one. (setup_network, listen_and_process, process_tcp_connection, service_conn): Delete debugging code. (process_packet): Use socklen_t where appropriate. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14903 dc483132-0cff-0310-8789-dd5450dbe970
* updated dependenciesKen Raeburn2002-09-191-2/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14889 dc483132-0cff-0310-8789-dd5450dbe970
* * network.c: Include sys/filio.h if availableKen Raeburn2002-09-192-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14888 dc483132-0cff-0310-8789-dd5450dbe970
* Add TCP support to the KDC, turned off by default, and using separateKen Raeburn2002-09-194-145/+864
| | | | | | | | | | config file entries to indicate port numbers. Checkpointing a working version; debug code needs cleanup, doc needs writing. ticket: 1175 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14885 dc483132-0cff-0310-8789-dd5450dbe970
* * main.c (DEFAULT_KDC_PORTLIST): Define as DEFAULT_KDC_UDP_PORTLISTKen Raeburn2002-09-192-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14880 dc483132-0cff-0310-8789-dd5450dbe970
* * kerberos_v4.c (check_princ): Call strftime() with correct numberTom Yu2002-09-152-1/+7
| | | | | | of arguments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14869 dc483132-0cff-0310-8789-dd5450dbe970
* * kerberos_v4.c: Always include stdarg.h, not varargs.h.Ken Raeburn2002-09-152-44/+14
| | | | | | | | (v4_klog): Always declare and define stdarg version. (krb4_stime): Deleted. (check_princ): Use strftime instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14865 dc483132-0cff-0310-8789-dd5450dbe970
* * kerberos_v4.c (kerb_get_principal): Include kvno when logging failure to findKen Raeburn2002-09-132-5/+10
| | | | | | | a key. (v4_klog): Include explicit do-nothing default case in switch statement. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14849 dc483132-0cff-0310-8789-dd5450dbe970
* * main.c (initialize_realms): Include replay cache name in error if it can't ↵Ken Raeburn2002-09-132-1/+7
| | | | | | be initialized git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14848 dc483132-0cff-0310-8789-dd5450dbe970
* protoizeKen Raeburn2002-09-1112-292/+131
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14841 dc483132-0cff-0310-8789-dd5450dbe970
* Try a little harder to avoid returning e-text that says "Generic error (seeKen Raeburn2002-09-113-25/+31
| | | | | | | | | | | | | | | | e-text)" for out-of-range codes where we haven't explicitly decided to return a vague error message. * do_as_req.c (prepare_error_as): New argument, the error message text as determined *before* possibly replacing the error code with "generic error". (process_as_req): Fill it in based on 'status', or the error message corresponding to the error code to be returned. * do_tgs_req.c (prepare_error_tgs): New argument, the error message text as determined *before* possibly replacing the error code with "generic error". (process_tgs_req): Fill it in based on 'status', or the error message corresponding to the error code to be returned. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14835 dc483132-0cff-0310-8789-dd5450dbe970
* * network.c (process_packet): Call inet_ntop directly.Ken Raeburn2002-09-104-122/+12
| | | | | | | * sock2p.c: Deleted. * Makefile.in (SRCS, OBJS): Drop it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14834 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-30 19:08:31 +0000