summaryrefslogtreecommitdiffstats
path: root/src/kdc
Commit message (Collapse)AuthorAgeFilesLines
...
* * dispatch.c (dispatch): inet_ntop() returns const char *Ezra Peisach2000-09-202-4/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12660 dc483132-0cff-0310-8789-dd5450dbe970
* * main.c (initialize_realms): For "cannot initialize realm" messages, tell theKen Raeburn2000-08-233-3/+18
| | | | | | | | | | user to check the log file. Print out an error message as well as logging it if retrieving the default realm name fails. * kerberos_v4.c (kerberos_v4): Mask requested-life byte value with 0xff to avoid sign-extension problems. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12631 dc483132-0cff-0310-8789-dd5450dbe970
* Makefile.in (rtest): Link in the kdb5 libraryEzra Peisach2000-07-032-2/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12520 dc483132-0cff-0310-8789-dd5450dbe970
* pullup from 1.2-beta4Ken Raeburn2000-06-304-32/+129
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12472 dc483132-0cff-0310-8789-dd5450dbe970
* Change wsanchez@apple -> tritan@mitWilfredo Sanchez2000-06-011-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12331 dc483132-0cff-0310-8789-dd5450dbe970
* * sock2p.c: New file.Ken Raeburn2000-03-145-34/+188
| | | | | | | | | | | | | | | | | (inet_ntop): Define if system doesn't provide it. (sockaddr2p): New function. * Makefile.in (SRCS, OBJS): Add sock2p. * kdc_util.h (inet_ntop, sockaddr2p): Declare them. * network.c (add_fd): New function. Reallocate udp_port_fds array as needed here. (setup_port): Use add_fd to record new sockets. Use inet_ntop unconditionally. Disable ipv6 support until process_packet and friends will support it. (process_packet): Ignore ECONNREFUSED when reading UDP packets. Fill in port field of faddr properly, dependent on address family. Use sockaddr2p when logging source address. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12109 dc483132-0cff-0310-8789-dd5450dbe970
* Also change kdc_insert_lookaside() to take a const krb5_fulladdr *Ezra Peisach2000-03-123-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12103 dc483132-0cff-0310-8789-dd5450dbe970
* * replay.c, kdb_util.h (kdc_check_lookaside): Make second argumentEzra Peisach2000-03-123-2/+7
| | | | | | const to allow passing a const krb5_fulladdr * and keeping the compiler happy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12102 dc483132-0cff-0310-8789-dd5450dbe970
* * main.c: Move kdc_initialize_rcache() to kdc_util.cTom Yu2000-03-014-56/+59
| | | | | | | | | | | | * kdc_util.c (kdc_initialize_rcache): Move kdc_initialize_rcache() back here since it's needed for rtest to work. process_tgs_req() which is called from rtest needs to call kdc_intiialize_rcache() and we can't very well link rtest with main.o * kdc_preauth.c (verify_sam_response): Ooops. Get rc_lifetime from kdc_util, since it's actually declared there. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12093 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Fix --enable-kdc-replay-cache to actually defaultTom Yu2000-03-012-2/+4
| | | | | | to "yes". git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12092 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_preauth.c (verify_sam_response): Declare and set rc_lifetimeTom Yu2000-03-013-1/+20
| | | | | | | | | for real. * dispatch.c: Include some more net-related headers. (dispatch): Fix ifndef HAVE_INET_NTOP branch. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12091 dc483132-0cff-0310-8789-dd5450dbe970
* new --enable/--disable-kdc-replay-cache configure hooksKen Raeburn2000-02-283-1/+33
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12090 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Check for sys/sockio.hTom Yu2000-02-253-1/+16
| | | | | | | | | * network.c: Conditionally include sys/sockio.h for SIOC* if necessary. (process_packet): Bracket AF_INET6 branch of a switch statement with an ifdef. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12074 dc483132-0cff-0310-8789-dd5450dbe970
* fix udp_port_fds allocation bug; partial ipv6 supportKen Raeburn2000-02-253-15/+92
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12073 dc483132-0cff-0310-8789-dd5450dbe970
* oops, update changelog for bug fixKen Raeburn2000-02-251-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12072 dc483132-0cff-0310-8789-dd5450dbe970
* Fix off-by-one error in previous code, spotted at the last minute.Ken Raeburn2000-02-251-3/+1
| | | | | | | | | | | This is why things weren't working without the loopback addresses, which showed up last in the list, after the address my client was trying to use, thus hiding the error. (I tried to abort the previous checkin, but cvs went ahead with it despite the "editor session failed" report...hm.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12071 dc483132-0cff-0310-8789-dd5450dbe970
* Patches from Alec Peterson, plus some work of my own, to let a multihomedKen Raeburn2000-02-253-24/+218
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | KDC respond to requests from the same IP address that the requests were sent to. **N.B. This will perform worse in the case of addresses dynamically added and removed after the KDC has started, since it will be incapable of using any new addresses. I'm unclear on why the loopback interface address needs to be included in the list of addresses. Apparently, on NetBSD-current, if it's not, packets sent to other local addresses but over the loopback interface are queued but not received?? Needs further investigation; could just be a NetBSD bug. * configure.in: Invoke KRB5_SOCKADDR_SA_LEN. * network.c: Include <sys/ioctl.h>, <syslog.h>, <net/if.h>. (foreach_localaddr): New function, copied from lib/krb5/os/localaddr.c. Tweaked to not exclude loopback interface. (NEED_SOCKETS): Define before including k5-int.h. (n_sockets): New variable. (setup_port): New function; creates listening udp ports given an address. (setup_network): Call foreach_localaddr to set up listening sockets on each local address, so we can always respond from the receiving address. (listen_and_process): Use n_sockets as upper bound of loop. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12070 dc483132-0cff-0310-8789-dd5450dbe970
* * kerberos_v4.c (v4_klog): Don't treat the formatted text as a format stringKen Raeburn2000-02-252-1/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12067 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_preauth.c (return_sam_data): Just return 0 if no input preauth data is ↵Ken Raeburn2000-02-072-1/+5
| | | | | | available git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12015 dc483132-0cff-0310-8789-dd5450dbe970
* fix my email address in log headerKen Raeburn2000-02-071-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12013 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_preauth.c (get_preauth_hint_list): Log a message if preauth is requiredKen Raeburn2000-02-072-1/+20
| | | | | | | | but no preauth types are available. (return_sam_data): Fix typo in figuring length of data to XOR when merging keys. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12011 dc483132-0cff-0310-8789-dd5450dbe970
* Frank Cusack's patches, first two sets. Should be no incompatible changes,Ken Raeburn2000-02-075-22/+306
| | | | | | | | | | | except perhaps for a client talking to both a new and old KDC? Several improvements to guard against replay attacks when hardware preauth is in use, though they require re-enabling the USE_RCACHE code, which I haven't done yet. Several changes of mine for silencing a few compiler warnings, and adding some debugging log messages while I track what's going on with the preauth code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12010 dc483132-0cff-0310-8789-dd5450dbe970
* * dispatch.c (dispatch): Log address and port number of detected retransmitsKen Raeburn2000-01-272-1/+23
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11977 dc483132-0cff-0310-8789-dd5450dbe970
* permit use of non-des session keys nowKen Raeburn2000-01-272-26/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11976 dc483132-0cff-0310-8789-dd5450dbe970
* * dispatch.c (dispatch): Make message in lookaside case less suggestive ofKen Raeburn1999-10-292-1/+7
| | | | | | | replay attacks, since it can result from normal packet loss causing retransmissions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11889 dc483132-0cff-0310-8789-dd5450dbe970
* log tritan's changesTom Yu1999-10-261-0/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11877 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, LOCAL_INCLUDES suchWilfredo Sanchez1999-10-261-2/+2
| | | | | | | that one can override CFLAGS from the command line without losing CPP search patchs and defines. Some associated Makefile cleanup. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11876 dc483132-0cff-0310-8789-dd5450dbe970
* copyright notice updates from 1.1 branchKen Raeburn1999-09-2418-18/+72
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
* Tom's patch:Ken Raeburn1999-09-212-9/+24
| | | | | | | * do_tgs_req.c (process_tgs_req): Don't try to take the 2nd component of a principal that doesn't have 2 components. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11839 dc483132-0cff-0310-8789-dd5450dbe970
* force single-des session keys until we've got multiple-cryptosystem stuff ↵Ken Raeburn1999-09-012-3/+32
| | | | | | working better git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11761 dc483132-0cff-0310-8789-dd5450dbe970
* * kerberos_v4.c (compat_decrypt_key): Align DES3 enctypes withTom Yu1999-08-182-2/+8
| | | | | | | current names. (kerb_get_principal): Align DES3 enctypes with current names. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11685 dc483132-0cff-0310-8789-dd5450dbe970
* Disable lookaside cache. It's needed if the replay cache is enabled, and couldKen Raeburn1999-06-304-2/+22
| | | | | | | | | theoretically make certain attacks more difficult, but the replay cache is disabled, the attack is very difficult compared to other existing attacks (would need huge numbers of queries), and under heavy load the lookaside cache degrades performance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11538 dc483132-0cff-0310-8789-dd5450dbe970
* * replay.c (MATCH): Fix up to compare the correct components ofTom Yu1999-06-292-1/+7
| | | | | | the input address. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11533 dc483132-0cff-0310-8789-dd5450dbe970
* * kerberos_v4.c (kerberos_v4): Fix bug where krb_create_ticket()Tom Yu1999-04-302-5/+22
| | | | | | | was getting called for an APPL_REQUEST even when there was no single-DES key, resulting in random weirdness. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11412 dc483132-0cff-0310-8789-dd5450dbe970
* * do_as_req.c (process_as_req): Fix to assign kvno toTom Yu1999-02-172-1/+7
| | | | | | | reply.enc_part after encryption, since krb5_c_encrypt() now explicitly initializes all fields of a krb5_enc_data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11175 dc483132-0cff-0310-8789-dd5450dbe970
* kdc_preauth.c (check_padata): If preauth fails because the preauthTheodore Tso1999-01-272-0/+14
| | | | | | | | data from the client was of an unknown type, and the principal does not require preauth, then the preauth should be disregarded. [krb5-kdc/652] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11130 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in (withval): Conditinalize ATHENA_DES3_KLUDGE onTom Yu1999-01-053-1/+32
| | | | | | | | | --enable-athena. * main.c (initialize_realms): Kludge to disable des3-marc-hmac-sha1 from the command line. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11100 dc483132-0cff-0310-8789-dd5450dbe970
* Makefile.in: Set the myfulldir and mydir variables (which are relativeTheodore Tso1998-12-052-0/+7
| | | | | | to buildtop and thisconfigdir, respectively.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11073 dc483132-0cff-0310-8789-dd5450dbe970
* pull up 3des implementation from the marc-3des branchMarc Horowitz1998-10-308-325/+511
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
* * replay.c (kdc_check_lookaside):Tom Yu1998-07-224-16/+51
| | | | | | | | | | | | | | | | (kdc_insert_lookaside): Add code to originating address of packet, as krb4 initial ticket requests don't contain an address. This would cause a subtle problem wherein two simultaneous krb4 initial ticket requests for the same principal originating from different addresses would result in both replies containing the same address. * kdc_util.h: Modify prototype for lookaside functions. * dispatch.c (dispatch): Update to new calling conventions of the lookaside functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10713 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Add CHECK_SIGNALS so that POSIX_SIGNALS getsTom Yu1998-07-153-5/+12
| | | | | | | | | | | defined. * main.c (request_hup): Remove call to signal, as this isn't needed on BSD-ish systems and for sysV-ish systems we use sigaction anyway. (setup_signal_handlers): Fix typo. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10648 dc483132-0cff-0310-8789-dd5450dbe970
* Added a call to signal() in request_hup() so that the signal handlerGeoffrey King1998-07-112-0/+12
| | | | | | | gets reset after each SIGHUP, since this does not happen automatically in System V's signal handling system. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10631 dc483132-0cff-0310-8789-dd5450dbe970
* These additions cause the KDC to react to SIGHUP by closing andGeoffrey King1998-07-085-1/+51
| | | | | | | | reopening its log files, so that logfile management utilities may now compress old logs and then kill -HUP the KDC process to get them to use fresh log files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10627 dc483132-0cff-0310-8789-dd5450dbe970
* Print 4 digit years in Krb4 log entries to avoid Y2K issuesTheodore Tso1998-05-082-1/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10555 dc483132-0cff-0310-8789-dd5450dbe970
* POSIX states that getopt returns -1 when it is done parsing options,Theodore Tso1998-05-062-1/+6
| | | | | | not EOF. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10550 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_util.c (add_to_transited): Check lengths, fix up commaTom Yu1998-03-202-28/+103
| | | | | | quoting somewhat (though things are still way broken). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10502 dc483132-0cff-0310-8789-dd5450dbe970
* kdc_preauth.c (get_preauth_hint_list): Don't add the pseudo preauthTheodore Tso1998-02-202-1/+12
| | | | | | | | type KRB5_PADATA_PW_SALT to the hint list of supported preauthentication systems, since it doesn't help to send it. (And it may screw up Cygnus KerbNet clients.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10466 dc483132-0cff-0310-8789-dd5450dbe970
* Remove trailing slash from thisconfigdir. Change directory syntaxTom Yu1998-02-182-2/+6
| | | | | | used in BUILDTOP. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10464 dc483132-0cff-0310-8789-dd5450dbe970
* Mass makefile/configure.in build system revampTheodore Tso1998-02-122-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10424 dc483132-0cff-0310-8789-dd5450dbe970
* * kerberos_v4.c: Move macro definition of klog earlier so that itTom Yu1998-02-062-1/+6
| | | | | | actually gets used inside process_v4(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10423 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-01 00:54:56 +0000