Skip Menu |
 

Subject: Hash-based replay cache implementation
From: ghudson@mit.edu
Subject: git commit

Add tag to krb5_donot_replay

For each use of replay caches, supply a tag based on a ciphertext or
checksum associated with the use. Stop creating or checking replay
records for unencrypted KRB-CRED messages.

https://github.com/krb5/krb5/commit/f8bd89e4a87a758d74897e483cdc3049b5564240
Author: Greg Hudson <ghudson@mit.edu>
Commit: f8bd89e4a87a758d74897e483cdc3049b5564240
Branch: master
src/include/k5-int.h | 1 +
src/lib/krb5/krb/rd_req_dec.c | 10 +++++++---
src/tests/threads/t_rcache.c | 6 +++++-
3 files changed, 13 insertions(+), 4 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Add file2 rcache type

Add a new replay cache type using a hash-based file format.

https://github.com/krb5/krb5/commit/12117dbc61639ff3fb510f2feb2de8c41dd2bd23
Author: Greg Hudson <ghudson@mit.edu>
Commit: 12117dbc61639ff3fb510f2feb2de8c41dd2bd23
Branch: master
.gitignore | 2 +
doc/basic/rcache_def.rst | 24 ++-
doc/formats/index.rst | 1 +
doc/formats/rcache_file_format.rst | 50 ++++++
src/lib/krb5/rcache/Makefile.in | 13 ++-
src/lib/krb5/rcache/rc-int.h | 6 +
src/lib/krb5/rcache/rc_base.c | 3 +-
src/lib/krb5/rcache/rc_file2.c | 306 ++++++++++++++++++++++++++++++++++++
src/lib/krb5/rcache/t_rcfile2.c | 212 +++++++++++++++++++++++++
9 files changed, 607 insertions(+), 10 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Use file2 replay cache by default

Remove the existing default replay cache implementation and replace it
with a wrapper around the file2 replay cache code. Change the
filename to krb5_EUID.rcache2, ignoring the residual (and therefore
the server principal name). On Windows, use the local appdata
directory if KRB5RCACHEDIR is not set in the environment.

https://github.com/krb5/krb5/commit/e8a35f6962ce2d048616fb7457bff2d90398ca48
Author: Greg Hudson <ghudson@mit.edu>
Commit: e8a35f6962ce2d048616fb7457bff2d90398ca48
Branch: master
doc/basic/rcache_def.rst | 27 +-
src/kadmin/testing/Makefile.in | 2 +-
src/lib/krb5/libkrb5.exports | 23 -
src/lib/krb5/rcache/Makefile.in | 6 -
src/lib/krb5/rcache/README | 82 ----
src/lib/krb5/rcache/deps | 40 +-
src/lib/krb5/rcache/rc_dfl.c | 927 ++++++---------------------------------
src/lib/krb5/rcache/rc_dfl.h | 48 --
src/lib/krb5/rcache/rc_io.c | 518 ----------------------
src/lib/krb5/rcache/rc_io.h | 60 ---
src/lib/krb5/rcache/rcdef.c | 45 --
11 files changed, 179 insertions(+), 1599 deletions(-)
From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.2KiB

Add KRB5RCACHENAME and default_rcache_name

In krb5_get_server_rcache(), stop constructing a residual value based
on piece and the euid, and instead resolve default replay cache
(previously an unused operation, as krb5_rc_default() was not part of
the API and was never used).

To determine the default replay cache name, try the KRB5RCACHENAME
environment variable first, and then try KRB5RCACHETYPE for
compatibility. If neither of those environment variables are set, try
the default_rcache_name profile relation in [libdefaults] before
falling back to "dfl:".

https://github.com/krb5/krb5/commit/0e68760cb8dce4ea25fd73d6eab95bce103b6443
Author: Greg Hudson <ghudson@mit.edu>
Commit: 0e68760cb8dce4ea25fd73d6eab95bce103b6443
Branch: master
doc/admin/conf_files/krb5_conf.rst | 5 ++
doc/basic/rcache_def.rst | 29 ++++------
doc/user/user_config/kerberos.rst | 17 +++++--
src/include/k5-int.h | 1 +
src/include/krb5/krb5.hin | 11 ++--
src/lib/krb5/krb/srv_rcache.c | 58 ++-------------------
src/lib/krb5/rcache/rc_base.c | 98 +++++++++++++++++++++++-------------
src/man/kerberos.man | 21 ++++++--
src/man/krb5.conf.man | 5 ++
9 files changed, 126 insertions(+), 119 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Handle all-zero tags in file2 rcache type

In the unlikely case of an all-zero tag, rc_file2.c:store() could
mistake an empty record for a replay. Check that records from the
file are non-empty (by checking that the timestamp is non-zero) before
comparing them to the tag.

https://github.com/krb5/krb5/commit/6e1fdfb30bac750816da25d6dd4ed67d0149da12
Author: Greg Hudson <ghudson@mit.edu>
Commit: 6e1fdfb30bac750816da25d6dd4ed67d0149da12
Branch: master
src/lib/krb5/rcache/rc_file2.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)