Only send an error reply if the request passes basic verification.
Otherwise, kpasswdd would reply to every UDP packet, allowing an
attacker to set up a ping-pong DoS attack via a spoofed UDP packet with
a source address of another UDP service that also replies to every
packet.
Also suppress the error reply if ap_req_len is 0, since this indicates
an error packet. An error packet may be the result of a ping-pong
attacker pointing us at another kpasswdd.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
An MIT dump file may contain multiple key sets for one principal, with
different kvnos. The Heimdal database can only represent a single
kvno, and previously the kvno was set to the last key found in the entry
and all keys were added to the entry. Since kvnos are given from high
to low in the database dump, this would result in the principal getting
the kvno of the oldest key and all keys stored without regard for kvno.
Instead, ignore all keys with kvnos lower than the first kvno we see and
only store keys with a kvno matching it. If we see a key with a kvno
higher than the first kvno we see, exit with an error since that case is
not currently handled (and should not happen in a typical MIT database
dump).
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
When kadm5_add_passwd_quality_verifier is called with a NULL
check_library parameter and [password_quality].policy_libraries
is set, the function calls add_verifier() for each string in the
policy_libraries section and then falls through to the non-NULL
case and calls add_verifier() a final time with a NULL argument.
This leads to dlopening the running executable and then failing
since it contains no password quality verifier.
If the check_library argument is NULL, only call add_verifier()
for the configured policy_libraries and do not fall through to
the non-NULL case.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Use calloc instead of malloc when allocating data structures while
importing a dump in hprop. Fixes a crash in hprop when reading MIT
dump files due unintialized memory in the Salt data structure, plus
will be more robust against any future changes to the data model.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Add some header comments and an introductory comment explaining how to
check that no rule ignores files present in the repository.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
These files are included in the repository and don't have makefile
rules to generate them, so don't ignore them.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
When the principal is retrieved from the database via libkadm5srv, the
keys are always decrypted, so the reported mkvno is always 0. Rather
than returning 0 and implying that the key in the database is not
encrypted, report the mkvno as unknown for right now.
A better fix is required to either not decrypt the keys when retrieving
get information or to get the mkvno before keys are decrypted.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
If a Berkeley DB database is used as the underlying database, renaming
the database before closing it can produce error messages like the
following on close:
/var/lib/heimdal-kdc/heimdal~.db: unable to flush: No such file or directory
since the underlying database library caches the old file name. There
is a rename() method in the Berkeley DB API, but it also invalidates
the database handle and requires that it be reopened. Since the
hdb_rename implementation does not require that the database be open,
close the database before renaming it to avoid this problem.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
