5 # Note: MIT may be interested in these configuration options though they may |
5 # Note: MIT may be interested in these configuration options though they may |
6 # want a more dynamic solution for handling maximum RPC and TCP connections |
6 # want a more dynamic solution for handling maximum RPC and TCP connections |
7 # through kdc_max_tcp_connections. |
7 # through kdc_max_tcp_connections. |
8 # Patch source: in-house |
8 # Patch source: in-house |
9 # |
9 # |
10 diff --git a/src/include/k5-int.h b/src/include/k5-int.h |
|
11 --- a/src/include/k5-int.h |
10 --- a/src/include/k5-int.h |
12 +++ b/src/include/k5-int.h |
11 +++ b/src/include/k5-int.h |
13 @@ -264,6 +264,7 @@ typedef unsigned char u_char; |
12 @@ -264,6 +264,7 @@ typedef unsigned char u_char; |
14 #define KRB5_CONF_MASTER_KEY_TYPE "master_key_type" |
13 #define KRB5_CONF_MASTER_KEY_TYPE "master_key_type" |
15 #define KRB5_CONF_MAX_LIFE "max_life" |
14 #define KRB5_CONF_MAX_LIFE "max_life" |
16 #define KRB5_CONF_MAX_RENEWABLE_LIFE "max_renewable_life" |
15 #define KRB5_CONF_MAX_RENEWABLE_LIFE "max_renewable_life" |
17 +#define KRB5_CONF_MAX_TCP_CONNECTIONS "kdc_max_tcp_connections" |
16 +#define KRB5_CONF_MAX_TCP_CONNECTIONS "kdc_max_tcp_connections" |
18 #define KRB5_CONF_MODULE "module" |
17 #define KRB5_CONF_MODULE "module" |
19 #define KRB5_CONF_NOADDRESSES "noaddresses" |
18 #define KRB5_CONF_NOADDRESSES "noaddresses" |
20 #define KRB5_CONF_NO_HOST_REFERRAL "no_host_referral" |
19 #define KRB5_CONF_NO_HOST_REFERRAL "no_host_referral" |
21 diff --git a/src/include/net-server.h b/src/include/net-server.h |
|
22 --- a/src/include/net-server.h |
20 --- a/src/include/net-server.h |
23 +++ b/src/include/net-server.h |
21 +++ b/src/include/net-server.h |
24 @@ -52,6 +52,7 @@ krb5_error_code loop_setup_network(verto_ctx *ctx, void *handle, |
22 @@ -52,6 +52,7 @@ krb5_error_code loop_setup_network(verto_ctx *ctx, void *handle, |
25 krb5_error_code loop_setup_signals(verto_ctx *ctx, void *handle, |
23 krb5_error_code loop_setup_signals(verto_ctx *ctx, void *handle, |
26 void (*reset)()); |
24 void (*reset)()); |
27 void loop_free(verto_ctx *ctx); |
25 void loop_free(verto_ctx *ctx); |
28 +void setup_kdc_options(krb5_int32); |
26 +void setup_kdc_options(krb5_int32); |
29 |
27 |
30 /* to be supplied by the server application */ |
28 /* to be supplied by the server application */ |
31 |
29 |
32 diff --git a/src/include/osconf.hin b/src/include/osconf.hin |
|
33 --- a/src/include/osconf.hin |
30 --- a/src/include/osconf.hin |
34 +++ b/src/include/osconf.hin |
31 +++ b/src/include/osconf.hin |
35 @@ -94,6 +94,10 @@ |
32 @@ -94,6 +94,10 @@ |
36 #define DEFAULT_KDC_UDP_PORTLIST "88,750" |
33 #define DEFAULT_KDC_UDP_PORTLIST "88,750" |
37 #define DEFAULT_KDC_TCP_PORTLIST "88" |
34 #define DEFAULT_KDC_TCP_PORTLIST "88" |
41 +#define MIN_KDC_TCP_CONNECTIONS 10 |
38 +#define MIN_KDC_TCP_CONNECTIONS 10 |
42 + |
39 + |
43 /* |
40 /* |
44 * Defaults for the KADM5 admin system. |
41 * Defaults for the KADM5 admin system. |
45 */ |
42 */ |
46 diff --git a/src/kdc/main.c b/src/kdc/main.c |
|
47 --- a/src/kdc/main.c |
43 --- a/src/kdc/main.c |
48 +++ b/src/kdc/main.c |
44 +++ b/src/kdc/main.c |
49 @@ -203,7 +203,8 @@ static krb5_error_code |
45 @@ -203,7 +203,8 @@ static krb5_error_code |
50 init_realm(kdc_realm_t *rdp, krb5_pointer aprof, char *realm, char *def_mpname, |
46 init_realm(kdc_realm_t *rdp, krb5_pointer aprof, char *realm, char *def_mpname, |
51 krb5_enctype def_enctype, char *def_udp_ports, char *def_tcp_ports, |
47 krb5_enctype def_enctype, char *def_udp_ports, char *def_tcp_ports, |
114 + setup_kdc_options(shandle.kdc_realmlist[0]->realm_max_tcp); |
110 + setup_kdc_options(shandle.kdc_realmlist[0]->realm_max_tcp); |
115 + |
111 + |
116 /* Handle each realm's ports */ |
112 /* Handle each realm's ports */ |
117 for (i=0; i< shandle.kdc_numrealms; i++) { |
113 for (i=0; i< shandle.kdc_numrealms; i++) { |
118 char *cp = shandle.kdc_realmlist[i]->realm_ports; |
114 char *cp = shandle.kdc_realmlist[i]->realm_ports; |
119 diff --git a/src/kdc/realm_data.h b/src/kdc/realm_data.h |
|
120 --- a/src/kdc/realm_data.h |
115 --- a/src/kdc/realm_data.h |
121 +++ b/src/kdc/realm_data.h |
116 +++ b/src/kdc/realm_data.h |
122 @@ -66,6 +66,7 @@ typedef struct __kdc_realm_data { |
117 @@ -66,6 +66,7 @@ typedef struct __kdc_realm_data { |
123 */ |
118 */ |
124 char *realm_ports; /* Per-realm KDC UDP port */ |
119 char *realm_ports; /* Per-realm KDC UDP port */ |
125 char *realm_tcp_ports; /* Per-realm KDC TCP port */ |
120 char *realm_tcp_ports; /* Per-realm KDC TCP port */ |
126 + krb5_int32 realm_max_tcp; /* Maximum TCP connections allowed */ |
121 + krb5_int32 realm_max_tcp; /* Maximum TCP connections allowed */ |
127 /* |
122 /* |
128 * Per-realm parameters. |
123 * Per-realm parameters. |
129 */ |
124 */ |
130 diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c |
|
131 --- a/src/lib/apputils/net-server.c |
125 --- a/src/lib/apputils/net-server.c |
132 +++ b/src/lib/apputils/net-server.c |
126 +++ b/src/lib/apputils/net-server.c |
133 @@ -348,6 +348,12 @@ loop_add_tcp_port(int port) |
127 @@ -348,6 +348,12 @@ loop_add_tcp_port(int port) |
134 return 0; |
128 return 0; |
135 } |
129 } |
141 +} |
135 +} |
142 + |
136 + |
143 krb5_error_code |
137 krb5_error_code |
144 loop_add_rpc_service(int port, u_long prognum, |
138 loop_add_rpc_service(int port, u_long prognum, |
145 u_long versnum, void (*dispatchfn)()) |
139 u_long versnum, void (*dispatchfn)()) |
146 diff --git a/src/lib/krb5/os/localauth.c b/src/lib/krb5/os/localauth.c |
|
147 --- a/src/lib/krb5/os/localauth.c |
140 --- a/src/lib/krb5/os/localauth.c |
148 +++ b/src/lib/krb5/os/localauth.c |
141 +++ b/src/lib/krb5/os/localauth.c |
149 @@ -258,6 +258,49 @@ parse_mapping_value(const char *value, char **type_out, char **residual_out) |
142 @@ -258,6 +258,49 @@ parse_mapping_value(const char *value, char **type_out, char **residual_out) |
150 return 0; |
143 return 0; |
151 } |
144 } |