heimdal

Author	SHA1	Message	Date
Andrew Bartlett	2ff110cfa6	Merge pull request #154 from metze-samba/heimdal-for-upstream lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CH…	2016-05-14 22:32:13 +12:00
aaptel	08a2d1a320	lib/krb5/pac.c: fix NULL check typo	2016-03-10 10:33:53 +01:00
Stefan Metzmacher	7cd40a6105	lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CHECKSUM} elements in _krb5_pac_sign() A caller may want to specify an explicit order of PAC elements, e.g. the PAC_UPN_DNS_INFO element should be placed after the PAC_LOGON_NAME element. Signed-off-by: Stefan Metzmacher <metze@samba.org>	2016-02-02 15:31:18 +01:00
Stefan Metzmacher	ae4d222f58	lib/krb5: verify_logonname() to handle multi component principal FreeIPA can generate tickets with a client principal of 'host/hostname.example.com'. verify_logonname() should just verify the principal name in the PAC_LOGON_NAME is the same as the principal of the client principal (without realm) of the ticket. Samba commit b7cc8c1187ff967e44587cd0d09185330378f366 break this. We try to compare ['host']['hostname.example.com'] with ['host/hostname.example.com]' (as we interpret it as enterprise principal) this fail if we don't compare them as strings. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-07-31 17:30:23 +12:00
Stefan Metzmacher	8c8a39b0b7	heimdal:lib/krb5: let build_logon_name() use KRB5_PRINCIPAL_UNPARSE_DISPLAY An ENTERPRISE principal should result in 'administrator@S4XDOM.BASE' instead of 'administrator\@S4XDOM.BASE'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-06-17 17:41:27 -05:00
Stefan Metzmacher	2e6318f09a	heimdal:lib/krb5: allow enterprise principals in verify_logonname() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-06-17 17:41:26 -05:00
Jeffrey Altman	5f138a16ef	libkrb5: Add missing KRB5_LIB_FUNCTION/KRB5_LIB_CALL KRB5_LIB_FUNCTION and KRB5_LIB_CALL are necessary even on private functions that are exported. Change-Id: Iccd0cfe87ff0a9d851e29890e9cb55b3ae517ce1	2013-06-22 21:17:32 -04:00
Harald Barth	3f52037382	Better error messages when UTF8 conversion fails Signed-off-by: Love Hornquist Astrand <lha@h5l.org>	2013-04-26 00:05:53 -07:00
Viktor Dukhovni	435c02fa26	Compare pac timestamp to unix timestamp right when neither are set Signed-off-by: Love Hornquist Astrand <lha@h5l.org>	2013-04-24 16:28:26 -07:00
Stefan Metzmacher	7ecbac23f6	lib/krb5: add utf8 support to build_logon_name() for the PAC Pair-Programmed-With: Arvid Requate <requate@univention.de> metze Signed-off-by: Love Hornquist Astrand <lha@h5l.org>	2011-11-16 19:42:45 -08:00
Love Hornquist Astrand	0879b9831a	remove trailing whitespace	2011-05-21 11:57:31 -07:00
Love Hornquist Astrand	f5f9014c90	Warning fixes from Christos Zoulas - shadowed variables - signed/unsigned confusion - const lossage - incomplete structure initializations - unused code	2011-04-29 20:25:05 -07:00
Love Hornquist Astrand	03806492d9	prefix symbols that are _krb5_ structures	2011-03-12 13:45:09 -08:00
Love Hornquist Astrand	ea2534a55f	export krb5_enomem	2010-11-24 14:35:56 -08:00
Asanka C. Herath	0f853405fe	Add missing export and calling convention annotations	2010-11-24 15:32:49 -05:00
Love Hornquist Astrand	f178458310	use krb5_data_ct_cmp	2010-11-06 20:53:04 +01:00
Love Hornquist Astrand	55ccd5ff9c	use _krb5_enomem and indent	2010-11-06 20:10:26 +01:00
Love Hornquist Astrand	5ab43b8520	plug memory leak	2010-11-06 20:01:02 +01:00
Andrew Bartlett	a42b77fb22	heimdal Add handling for PAC signatures over all encryption types There are exceptions from the expected behaviour of 'checksum type matches key type' that we must deal with here, or else we can't serve DES-only servers. Andrew Bartlett Signed-off-by: Love Hornquist Astrand <lha@h5l.org>	2010-11-06 19:56:48 +01:00
Love Hörnquist Åstrand	942a821fab	remove RCSID git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25171 ec53bebd-3082-4978-b11e-865c3cabbd6b	2009-05-04 06:17:40 +00:00
Love Hörnquist Åstrand	a222d53b7f	free utf8 string on failure, cid#87 git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24098 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-12-11 04:59:18 +00:00
Love Hörnquist Åstrand	03babea1e3	switch to krb5_clear_error_message git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23911 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-10-14 02:55:39 +00:00
Love Hörnquist Åstrand	6937d41a02	remove trailing whitespace git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand	e172367898	switch to utf8 encoding of all files git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand	ad4fcfd6d2	N_()ify git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23790 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-09-07 21:29:43 +00:00
Love Hörnquist Åstrand	39f62b79e4	Don't hide the checksums from the caller, From Andrew Bartlett. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23711 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-08-28 13:48:56 +00:00
Love Hörnquist Åstrand	1427d9773f	add doxygen git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23703 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-08-28 01:12:16 +00:00
Love Hörnquist Åstrand	11752006c3	ignore error from crypto_destro to catch more intresting error git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23506 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-08-11 10:00:28 +00:00
Love Hörnquist Åstrand	7fcd266fdd	use krb5_set_error_message git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand	b39eeb6c7a	use krb5_set_error_message git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23299 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-06-23 03:29:14 +00:00
Love Hörnquist Åstrand	4212ec831b	Cast size_t to unsigned long to avoid warning. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22989 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-04-15 15:55:12 +00:00
Love Hörnquist Åstrand	69c1f4ee7b	Use libwind. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22562 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-02-03 17:38:35 +00:00
Love Hörnquist Åstrand	743ccd85cf	make work with cpp again, reported by Hai Zaar git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21934 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-08-27 14:21:04 +00:00
Love Hörnquist Åstrand	d68b36bb90	make compile git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21149 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-06-18 21:50:22 +00:00
Love Hörnquist Åstrand	c614532c87	(verify_checksum): memset cksum to avoid using pointer from stack. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21135 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-06-18 21:06:08 +00:00
Love Hörnquist Åstrand	6559e67d3c	plug memory leaks. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20845 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-06-03 14:31:16 +00:00
Love Hörnquist Åstrand	a115c5af61	add PAC_CONSTRAINED_DELEGATION git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20302 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-04-11 11:14:06 +00:00
Love Hörnquist Åstrand	bebd317964	Create the PAC element in the same order as w2k3, maybe there's some broken code in windows which relies on this... From metze. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20275 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-02-22 01:42:47 +00:00
Love Hörnquist Åstrand	f35bfaa82e	(krb5_pac_add_buffer): unbreak buffer handling. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19824 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-01-11 02:08:01 +00:00
Love Hörnquist Åstrand	217a1f8aaf	A tiny 2 char diffrence that make the code work for real. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19783 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-01-09 11:22:56 +00:00
Love Hörnquist Åstrand	4e6e594fc6	export some more pac functions. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19670 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-01-04 11:00:52 +00:00
Love Hörnquist Åstrand	0fac70e6c9	Support all keyed checksum types. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19624 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-01-03 15:28:00 +00:00
Love Hörnquist Åstrand	7b7419e387	(krb5_pac_get_types): gettypes. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19622 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-01-02 12:51:43 +00:00
Love Hörnquist Åstrand	7a2f244192	Add/remove pac buffer functions. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19617 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-01-02 12:18:20 +00:00
Love Hörnquist Åstrand	4f4857b16c	sprinkle const git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19616 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-01-02 09:32:26 +00:00
Love Hörnquist Åstrand	cb206ff3bf	rename DCHECK to CHECK git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19613 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-01-02 09:05:44 +00:00
Love Hörnquist Åstrand	073e1a2052	(fill_zeros): stop using MIN. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19029 ec53bebd-3082-4978-b11e-865c3cabbd6b	2006-11-13 17:45:27 +00:00
Love Hörnquist Åstrand	6d50466262	Spelling. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18996 ec53bebd-3082-4978-b11e-865c3cabbd6b	2006-11-12 17:30:48 +00:00
Love Hörnquist Åstrand	bfb5987861	Add code to sign PACs, only arcfour for now. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18992 ec53bebd-3082-4978-b11e-865c3cabbd6b	2006-11-12 08:37:27 +00:00
Love Hörnquist Åstrand	33b12f5ffd	Sprinkle error strings. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18988 ec53bebd-3082-4978-b11e-865c3cabbd6b	2006-11-10 07:36:48 +00:00

1 2

52 Commits