Don't explicitly include system headers in hash.h. These get pulled
in anyway through roken.h, and explicitly including them here makes
compiling hcrypto in the kernel much harder.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
The fortuna PRNG has an statically held internal state. Prevent
concurrent access to this internal state by adding mutexes around
all of the access classes.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
This bug was introduced when kpasswd was migrated to a local getarg()
call, in Heimdal commit 7dd146072c
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Only send an error reply if the request passes basic verification.
Otherwise, kpasswdd would reply to every UDP packet, allowing an
attacker to set up a ping-pong DoS attack via a spoofed UDP packet with
a source address of another UDP service that also replies to every
packet.
Also suppress the error reply if ap_req_len is 0, since this indicates
an error packet. An error packet may be the result of a ping-pong
attacker pointing us at another kpasswdd.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
An MIT dump file may contain multiple key sets for one principal, with
different kvnos. The Heimdal database can only represent a single
kvno, and previously the kvno was set to the last key found in the entry
and all keys were added to the entry. Since kvnos are given from high
to low in the database dump, this would result in the principal getting
the kvno of the oldest key and all keys stored without regard for kvno.
Instead, ignore all keys with kvnos lower than the first kvno we see and
only store keys with a kvno matching it. If we see a key with a kvno
higher than the first kvno we see, exit with an error since that case is
not currently handled (and should not happen in a typical MIT database
dump).
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
