oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,134 Commits 2 Branches 2 Tags
04b07ff8b68c6afd1deca6cfe3c00dc23468329c
Commit Graph

186 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
dd3405112f rename client_params and set proxy cert bit on the right context 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24994 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:04:00 +00:00
Love Hörnquist Åstrand
5ee06ffbff Make one verify context per client, this way we can add our own trust 
anchors for each client, so that self registed/special certificate are
allowed as trust anchors.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24987 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:02:44 +00:00
Love Hörnquist Åstrand
f4f623e7d8 comment on what to add 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24942 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-25 15:36:58 +00:00
Love Hörnquist Åstrand
eb32e1f0ff add generation of session key here 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24939 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-25 15:36:26 +00:00
Love Hörnquist Åstrand
143101e825 better printing of keyex mech 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24704 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:14:07 +00:00
Love Hörnquist Åstrand
985e9f898d mrore DH bits 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:12:55 +00:00
Love Hörnquist Åstrand
b86374c262 Implement ECDH in the KDC. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24695 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:12:36 +00:00
Love Hörnquist Åstrand
11876749d4 more bits for ECDH 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24688 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 04:17:05 +00:00
Love Hörnquist Åstrand
b370260466 Abstract out use of DH 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24687 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 04:16:54 +00:00
Love Hörnquist Åstrand
4aebfb78c0 Remove extra anonymous check. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24600 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:07:52 +00:00
Love Hörnquist Åstrand
c1e6b65501 use is_anonymous(), extra new argument to _krb5_pk_load_id() 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24593 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:06:42 +00:00
Love Hörnquist Åstrand
7f61137222 Use HX509_CMS_VS_ALLOW_ZERO_SIGNER for anonymous requests. 
Move the check client/anonoymous logic here

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24577 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:03:58 +00:00
Love Hörnquist Åstrand
cc20011567 deny non valid use of anonymous requests. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24574 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:03:27 +00:00
Love Hörnquist Åstrand
6d2fc59777 - Add switch to select friendly_name of the certificate. 
- Use HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH some CMS implementestions get the oid
wrong when they do evelopeddata.
- Use HX509_CMS_EV_NO_KU_CHECK since some clients send certs that are
not enveloped certs.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24196 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-15 04:31:32 +00:00
Love Hörnquist Åstrand
49ff682fff better error messages 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24179 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-15 04:28:43 +00:00
Love Hörnquist Åstrand
937e8ffe0a plug memory leak of DH public key 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24154 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:08:57 +00:00
Love Hörnquist Åstrand
e295c94913 allow freeing of client_params=NULL cid#54 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24131 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:05:00 +00:00
Love Hörnquist Åstrand
9c92a36dd8 return up kdc_cert from signing operation so that OSCP can do the right thing. cid#55 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24130 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:04:50 +00:00
Love Hörnquist Åstrand
a1ebdfc19c remove dead code: cid# 11 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24104 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:00:18 +00:00
Love Hörnquist Åstrand
a3107b9af4 free hx509_query on non matching cert. cid#120 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24101 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:59:48 +00:00
Love Hörnquist Åstrand
c0b677504f indent 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24000 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-11-02 07:04:46 +00:00
Love Hörnquist Åstrand
dd22b9cdde switch to krb5_clear_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23914 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-14 02:56:17 +00:00
Love Hörnquist Åstrand
fd676a5005 Patch from Shi Hosoda to add back windows XP SP2 compat that we have 
manged to break. This patch make it possible to use Samba4 with
Windows XP SP2, way cool!

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23861 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-22 06:32:28 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
31d0e293f6 drop time to verify context 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23265 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 03:23:16 +00:00
Love Hörnquist Åstrand
5c7bcf2941 Pass in time to hx509_cms_verify_signed 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23264 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 03:23:04 +00:00
Love Hörnquist Åstrand
4250b0a980 Rename the pkinit type enum. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22918 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-08 08:17:11 +00:00
Love Hörnquist Åstrand
55d84fe955 Drop krb5_pk_identity and rename constants to match global header. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22912 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-08 08:16:48 +00:00
Love Hörnquist Åstrand
1f5b3f1f1d Pick up krb5_pk_identity from krb5_locl.h. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22907 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-08 08:16:28 +00:00
Love Hörnquist Åstrand
71ec989edb Adapt to hx509 changes, use hdb_db_dir(). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22243 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-12-08 23:39:30 +00:00
Love Hörnquist Åstrand
b64da39b5f (pk_mk_pa_reply_enckey): only allow non-bound reply if its not required. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21290 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-25 14:13:23 +00:00
Love Hörnquist Åstrand
c2da08186b rename pkinit_princ_in_cert 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21286 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-25 14:08:34 +00:00
Love Hörnquist Åstrand
2430aab0de Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21095 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-15 20:01:45 +00:00
Love Hörnquist Åstrand
5286ace71e tell user when they got a pk-init request with pkinit disabled. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21087 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-13 18:19:08 +00:00
Love Hörnquist Åstrand
4f3369a872 Check for KRB5-PADATA-PK-AS-09-BINDING. Constify. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21039 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-10 06:20:31 +00:00
Love Hörnquist Åstrand
ad36551067 Break out loading of mappings file to a separate function and remove 
warning that it can't open the mapping file, there are now mappings in
the db, maybe the users uses that instead...


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20998 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-07 22:53:31 +00:00
Love Hörnquist Åstrand
a3f341f304 Push down the kdc time into the x509 library. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20960 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-07 04:48:11 +00:00
Love Hörnquist Åstrand
6f787893cd (_kdc_pk_rd_padata): accept both pkcs-7 and pkauthdata as the signeddata oid 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20943 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-06 22:14:36 +00:00
Love Hörnquist Åstrand
3d7fc2b1e7 (_kdc_pk_rd_padata): Try to log what went wrong. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20942 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-06 22:03:20 +00:00
Love Hörnquist Åstrand
a7169a17a6 Use oid_id_pkcs7_data for pkinit-9 encKey reply to match windows DC 
behavior better.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20927 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-05 17:23:44 +00:00
Love Hörnquist Åstrand
ceb434a58b In case of OCSP verification failure, referash every 5 min. In case of 
success, refreash 2 min before expiring or faster.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20812 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-03 03:35:32 +00:00
Love Hörnquist Åstrand
da1be13db5 Handle the ms san in a propper way, still cheat with the realm name. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20748 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-31 17:31:43 +00:00
Love Hörnquist Åstrand
6da3d7025b More logging for pk-init client mismatch. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20736 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-31 16:45:21 +00:00
Love Hörnquist Åstrand
60df0e8122 Force des3 for win2k. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20703 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-30 18:41:59 +00:00
Love Hörnquist Åstrand
2c99856c1c Add wrapping to ContentInfo wrapping to COMPAT_WIN2K. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20701 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-30 18:33:36 +00:00
Love Hörnquist Åstrand
dcf2f42e79 Allow matching by MS UPN SAN, note that this delta doesn't deal with 
case of realm.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20690 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-30 13:37:44 +00:00
Love Hörnquist Åstrand
97e369f300 don't check size since that currently leaks memory 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20430 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-04-19 10:33:30 +00:00
Love Hörnquist Åstrand
f37c85ba61 pass extra flags for detached signatures. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20171 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-03 22:47:25 +00:00