Commit Graph

75 Commits

Author SHA1 Message Date
Russ Allbery
97648fc257 Disable kpasswdd error replies to completely malformed requests
Only send an error reply if the request passes basic verification.
Otherwise, kpasswdd would reply to every UDP packet, allowing an
attacker to set up a ping-pong DoS attack via a spoofed UDP packet with
a source address of another UDP service that also replies to every
packet.

Also suppress the error reply if ap_req_len is 0, since this indicates
an error packet.  An error packet may be the result of a ping-pong
attacker pointing us at another kpasswdd.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-03-16 11:50:22 -07:00
Love Hornquist Astrand
290255ee0b Drop optind variable since its only set (and -Wshadow libsystem)
From Matthias Dieter Wallnöfer
2009-10-16 08:26:43 -07:00
Love Hörnquist Åstrand
aa5b66d1e8 plug a memory leak.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25324 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-07-15 22:16:49 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
185e54925d use krb5_free_error_message
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23321 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-06-24 23:49:06 +00:00
Love Hörnquist Åstrand
d26d184367 Use hdb_db_dir().
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22252 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-12-09 05:59:34 +00:00
Love Hörnquist Åstrand
2cfc283d68 Fix pointer vs strict alias rules.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21511 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-07-12 12:43:46 +00:00
Love Hörnquist Åstrand
99cfea62c1 (change): select the realm based on the target principal
From Gabor Gombas


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17571 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-13 18:51:41 +00:00
Love Hörnquist Åstrand
652da91adb Rename u_intXX_t to uintXX_t
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17447 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-05 10:52:01 +00:00
Love Hörnquist Åstrand
135a36efb2 (doit): when done, close all fd in the sockets array and free it.
Coverity NetBSD CID#1916


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17024 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-09 17:45:44 +00:00
Love Hörnquist Åstrand
44370849ea Send back a better error-message to the client in case the password
change was rejected.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16698 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-02-03 12:54:28 +00:00
Love Hörnquist Åstrand
d9e04327fb (doit): krb5_addr2sockaddr takes a krb5_socklen_t
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15684 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-07-20 08:46:02 +00:00
Love Hörnquist Åstrand
f4cf20b4df Support multi-realms databases, requires that all the realms are
configured on the KDC in krb5.conf with [libdefaults]default_realm
stanzas.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14884 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-04-22 11:03:11 +00:00
Love Hörnquist Åstrand
5921574969 add verifier libraries with kadm5_add_passwd_quality_verifier
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14803 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-04-15 11:16:32 +00:00
Love Hörnquist Åstrand
0ae2572c5c add --addresses, controls what addresses kpasswd should listen too
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14480 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-01-05 18:07:22 +00:00
Love Hörnquist Åstrand
d7b12004a6 (change): use the right password when changing the password
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13284 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-01-25 18:24:36 +00:00
Love Hörnquist Åstrand
4fd9447d78 (main): parse kdc.conf
From: Jeffrey Hutzelman <jhutz@cmu.edu>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13122 ec53bebd-3082-4978-b11e-865c3cabbd6b
2003-11-18 22:17:12 +00:00
Love Hörnquist Åstrand
20a96e4876 (process): don't free ticket, krb5_free_ticket does that now
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13104 ec53bebd-3082-4978-b11e-865c3cabbd6b
2003-11-09 01:12:09 +00:00
Love Hörnquist Åstrand
9442843786 (process): remove a abort()
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12893 ec53bebd-3082-4978-b11e-865c3cabbd6b
2003-09-20 20:27:22 +00:00
Love Hörnquist Åstrand
a87bc35edc add support for Set password protocol as defined by RFC3244 --
Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12888 ec53bebd-3082-4978-b11e-865c3cabbd6b
2003-09-20 00:08:06 +00:00
Johan Danielsson
d021221027 (doit): initialise sa_size to size of sockaddr_storage
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11551 ec53bebd-3082-4978-b11e-865c3cabbd6b
2002-12-02 14:31:52 +00:00
Johan Danielsson
d0af49b56e include <kadm5/private.h>
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11130 ec53bebd-3082-4978-b11e-865c3cabbd6b
2002-08-19 15:07:31 +00:00
Assar Westerlund
60263ed4cd (doit): make failing to bind a socket a non-fatal error, and abort if
no sockets were bound


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10213 ec53bebd-3082-4978-b11e-865c3cabbd6b
2001-07-02 16:27:09 +00:00
Assar Westerlund
4aaf97e1b0 adapt to new address functions
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9944 ec53bebd-3082-4978-b11e-865c3cabbd6b
2001-05-14 06:19:16 +00:00
Assar Westerlund
138e781b89 update to new krb5_mk_error
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9769 ec53bebd-3082-4978-b11e-865c3cabbd6b
2001-03-26 03:10:33 +00:00
Assar Westerlund
3fe84f5476 add --port option
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9471 ec53bebd-3082-4978-b11e-865c3cabbd6b
2001-01-11 21:33:53 +00:00
Johan Danielsson
835f8fc8e0 de-pointerise auth_context parameter to krb5_mk_rep
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9290 ec53bebd-3082-4978-b11e-865c3cabbd6b
2000-12-06 21:03:34 +00:00
Assar Westerlund
eeea826567 (add_new_tcp): check for the socket fd being too large to select on
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9113 ec53bebd-3082-4978-b11e-865c3cabbd6b
2000-10-08 21:38:27 +00:00
Assar Westerlund
5f648d3799 use socklen_t where appropriate instead of int
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8923 ec53bebd-3082-4978-b11e-865c3cabbd6b
2000-08-09 20:53:11 +00:00
Johan Danielsson
bfb5ec5f4e write a pid file
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8895 ec53bebd-3082-4978-b11e-865c3cabbd6b
2000-08-04 11:23:03 +00:00
Assar Westerlund
abe927a06c use kadm5_s_chpass_principal_cond instead of mis-doing it here
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8769 ec53bebd-3082-4978-b11e-865c3cabbd6b
2000-07-22 05:57:07 +00:00
Assar Westerlund
61d9788d74 remove sequence numbers
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8753 ec53bebd-3082-4978-b11e-865c3cabbd6b
2000-07-22 01:07:37 +00:00
Assar Westerlund
f18f6770ca (doit): catch SIGTERM
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8211 ec53bebd-3082-4978-b11e-865c3cabbd6b
2000-05-12 11:42:49 +00:00
Johan Danielsson
c5b916ca6f remove advertising clause
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7464 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-12-02 17:05:13 +00:00
Assar Westerlund
5e0b1e89c7 move out password quality functions
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6914 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-09-10 10:20:42 +00:00
Johan Danielsson
43c3f079e3 use HDB keytabs; change some error messages; add --realm flag
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6877 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-08-27 09:00:26 +00:00
Johan Danielsson
fe7dc12efd (main): init keytab
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6867 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-08-25 20:46:20 +00:00
Johan Danielsson
8242798b66 add `--keytab' flag
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6861 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-08-24 18:34:38 +00:00
Assar Westerlund
d377c71ac6 (*): simplify by using `struct sockaddr_storage'
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6524 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-07-24 18:41:32 +00:00
Assar Westerlund
e2a3a36c3d initialize kadm5 connection for every change (otherwise the modifier
in the database doesn't get set)


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6483 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-07-22 09:53:26 +00:00
Assar Westerlund
1e74b92b89 (change): fetch the salt-type from the entry
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6410 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-07-04 14:56:36 +00:00
Assar Westerlund
cc83d2275d (setup_passwd_quality_check): conditionalize on RTLD_NOW
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6286 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-05-31 16:42:16 +00:00
Johan Danielsson
285943de7f don't try to load library by default; get library and function name
from krb5.conf


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6013 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-04-20 10:46:03 +00:00
Johan Danielsson
5572b39553 add support for dlopen:ing password quality check library
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6005 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-04-19 16:31:43 +00:00
Johan Danielsson
bc0c128e38 (doit): pass context to krb5_get_all_client_addrs
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5842 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-04-01 18:26:45 +00:00
Johan Danielsson
433dca9ff4 use getarg
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5823 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-04-01 15:03:57 +00:00
Assar Westerlund
402f08ad92 (doit): more braces to make gcc happy
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5727 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-03-24 03:04:37 +00:00
Johan Danielsson
020e420df1 x
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5606 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-03-18 11:56:27 +00:00
Johan Danielsson
a3b6ab3f47 admin.h -> kadm5/admin.h
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5601 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-03-18 11:52:51 +00:00