Commit Graph

947 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
ce1b1b08af Signing outgoing tickets.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18075 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-09-11 13:39:48 +00:00
Love Hörnquist Åstrand
2db346fb7d Add signing and checking of tickets to s4u2self works securely.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18074 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-09-11 13:39:13 +00:00
Love Hörnquist Åstrand
647c78fdc2 indent.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17951 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-28 14:41:49 +00:00
Love Hörnquist Åstrand
1bb5708e19 Catch more error, add SASL DIGEST MD5.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17945 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-28 12:38:44 +00:00
Love Hörnquist Åstrand
687cb26c9e Remove _kdc_find_etype(), its no longer used.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17934 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 11:52:29 +00:00
Love Hörnquist Åstrand
821b7e5e20 Remove local error label and have just one exit label, set error
strings properly.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17932 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 11:27:42 +00:00
Love Hörnquist Åstrand
38bccc6e79 Simply the disabled-service case.
Check the allow-digest flag in the HDB entry for the client.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17930 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 11:05:55 +00:00
Love Hörnquist Åstrand
3e319eda30 (krb5_kdc_process_generic_request): check if we got a digest request
and process it.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17922 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 10:41:28 +00:00
Love Hörnquist Åstrand
99b5923af8 Register hdb keytab operations.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17921 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 10:40:40 +00:00
Love Hörnquist Åstrand
5033989d9b document [kdc]enable-digest=boolean
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17919 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 10:11:00 +00:00
Love Hörnquist Åstrand
72f5dab088 add digest to libkdc
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17918 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 10:08:20 +00:00
Love Hörnquist Åstrand
195903697a Make a return a goto to avoid freeing un-inited memory in cleanup code.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17917 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 10:06:26 +00:00
Love Hörnquist Åstrand
e26ef8b690 First revision of the digest (CHAP so far) code.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17913 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 08:53:55 +00:00
Love Hörnquist Åstrand
dfcd435953 (krb5_kdc_default_config): default to all bits set to zero.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17912 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 08:52:53 +00:00
Love Hörnquist Åstrand
2efd79caef (configure): Add enable_digest, default off
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17911 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 08:51:40 +00:00
Love Hörnquist Åstrand
7ae6f1fbd6 (krb5_kdc_configuration): Add enable_digest
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17910 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 08:51:15 +00:00
Love Hörnquist Åstrand
1bdc073a65 Include <digest_asn1.h>.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17909 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 08:46:48 +00:00
Love Hörnquist Åstrand
3ffb120454 (_kdc_get_preferred_key): new function, Use the order list of
preferred encryption types and sort the available keys and return the
most preferred key.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17907 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 08:40:56 +00:00
Love Hörnquist Åstrand
fb086a0312 Adapt to the new sigature of _kdc_find_keys().
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17906 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 08:33:53 +00:00
Love Hörnquist Åstrand
c97d034ed3 Handle session key etype separately from the tgt etype, now the krbtgt
can be a aes-only key without the need to support not-as-good etypes
for the krbtgt.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17905 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 08:33:09 +00:00
Love Hörnquist Åstrand
599d3cf216 Change _kdc_db_fetch() to return the database pointer too if needed by
the consumer.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17904 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-23 11:45:16 +00:00
Love Hörnquist Åstrand
615106f750 (_kdc_pk_check_client): make it not crash when there are no acl
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17831 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-07-13 18:37:58 +00:00
Love Hörnquist Åstrand
fea203a708 (_kdc_pk_check_client): use the acl in the kerberos database
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17830 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-07-13 18:32:45 +00:00
Love Hörnquist Åstrand
ce5ef410ee (tgs_build_reply): when checking for removed principals, check the
second component of the krbtgt, otherwise cross realm wont work.
Prompted by report from Mattias Amnefelt.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17806 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-07-06 15:38:31 +00:00
Love Hörnquist Åstrand
5f62c460c3 (handle_vanilla_tcp): use unsigned integer for for length(
(handle_tcp): if the high bit it set in the unknown case, send back a
KRB_ERR_FIELD_TOOLONG


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17798 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-07-05 12:00:16 +00:00
Love Hörnquist Åstrand
45067d5a62 Use enable_v4_per_principal and check the new hdb flag.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17647 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-14 18:27:28 +00:00
Love Hörnquist Åstrand
8e6754870a Add enable_v4_per_principal
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17646 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-14 18:26:18 +00:00
Love Hörnquist Åstrand
0f10ba4f2b (_kdc_as_rep): if kdc_time + config->kdc_warn_pwexpire is past pw_end,
add expiration message. From Bernard Antoine.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17643 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-12 21:42:01 +00:00
Love Hörnquist Åstrand
c69e1634dc (krb5_kdc_default_config): set kdc_warn_pwexpire to 0
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17642 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-12 21:35:22 +00:00
Love Hörnquist Åstrand
12b46a7841 indent.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17641 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-12 21:31:23 +00:00
Love Hörnquist Åstrand
372b23bf06 constify
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17634 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-07 06:03:34 +00:00
Love Hörnquist Åstrand
fb9ab0b9d9 (tgs_build_reply): add constrained delegation.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17625 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-06 16:35:26 +00:00
Love Hörnquist Åstrand
a060a07f20 Add impersonation.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17622 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-06 15:07:46 +00:00
Love Hörnquist Åstrand
049a354efd (do_request): clean reply with krb5_data_zero
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17604 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-01 17:52:09 +00:00
Love Hörnquist Åstrand
e030c0d5e1 Split up the reverse cross krbtgt check and local clien must exists test.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17603 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-01 17:43:03 +00:00
Love Hörnquist Åstrand
23478bc157 Plug old memory leaks, unify all goto's.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17602 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-01 16:40:14 +00:00
Love Hörnquist Åstrand
cb7d1402f1 Split tgs_rep2 into tgs_parse_request and tgs_build_reply.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17600 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-01 13:17:42 +00:00
Love Hörnquist Åstrand
b0a3fd3a9c Add krb5tgs.c
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17599 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-01 11:19:59 +00:00
Love Hörnquist Åstrand
379d35fc8f split out krb5 tgs req to make it easier to reorganize the code.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17598 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-01 11:15:20 +00:00
Love Hörnquist Åstrand
1d2a17eca0 (tgs_rep2): check for memory alloc failure
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17597 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-01 10:55:28 +00:00
Love Hörnquist Åstrand
4c970b550e Avoid shadowing.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17579 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-13 21:22:55 +00:00
Love Hörnquist Åstrand
eeb100abe7 Don't call DH_check_pubkey, it doesn't exists in older OpenSSL.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17489 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-06 13:22:33 +00:00
Love Hörnquist Åstrand
652da91adb Rename u_intXX_t to uintXX_t
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17447 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-05 10:52:01 +00:00
Love Hörnquist Åstrand
30c1b8e531 Use the new unsigned integer storage types.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17429 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-04 09:51:22 +00:00
Love Hörnquist Åstrand
8faf263b83 Use the new unsigned integer storage types. Sprinkle some error handling.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17428 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-04 09:50:56 +00:00
Love Hörnquist Åstrand
b5cc2fa7aa (krb5_kdc_configuration): add pkinit_kdc_ocsp_file
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17413 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-03 12:03:29 +00:00
Love Hörnquist Åstrand
a276f37c56 read [kdc]pki-kdc-ocsp
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17412 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-03 12:02:55 +00:00
Love Hörnquist Åstrand
044719a5bd (_kdc_pk_mk_pa_reply): send back ocsp response if it seems to be
valid, simplfy the pkinit-windows DH case (it doesn't exists).


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17410 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-02 14:04:34 +00:00
Love Hörnquist Åstrand
36b923f56a (_kdc_pk_check_client): reorganize and make log when a SAN matches.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17348 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-29 14:30:01 +00:00
Love Hörnquist Åstrand
76ee5cb311 (tgs_rep2): check that the client exists in the kerberos database if
its local request.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17317 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-27 12:01:09 +00:00