oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,559 Commits 2 Branches 2 Tags
2f3f88e53a83a1033ec57b51b85aad3a88fa5b10
Commit Graph

1696 Commits

Author SHA1 Message Date
Love Hornquist Astrand
b94080696a indent 2011-09-09 10:31:46 +02:00
Andrew Bartlett
714d166d04 heimdal: Try to handle the PAC checking when we are in a cross-realm environment 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-09-09 10:20:52 +02:00
Love Hörnquist Åstrand
7cb8e7f742 no more krb4 2011-08-10 09:24:43 -07:00
Love Hörnquist Åstrand
4a43975270 drop unused KRB4 bits 2011-07-30 14:14:52 -07:00
Love Hörnquist Åstrand
378f34b4be Always to CANON for tgs 2011-07-30 13:43:00 -07:00
Stefan Metzmacher
c98d9f4387 kdc: fix comparision between krb5uint32 and (unsigned int) 
We don't need a cast in that case.

Before commit 1124c4872d
(KVNOs are krb5uint32 in RFC4120, make it so),
we compared krb5int32 casted to size_t with unsigned int,
which resulted in the following problem:

Casting krb5int32 to (size_t) is wrong, as sizeof(int)==4 != sizeof(size_t)== 8.

If you cast negative int values to size_t you'll get this:

int ival = -5000; // 0xFFFFEC78
size_t sval = (size_t)ival; // this will be 0xFFFFFFFFFFFFEC78

So we better compare while casting to (unsigned int).

This is important for Active Directory RODC support,
which adds a random number into the higher 16-bits of the
32-bit kvno value.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-30 11:57:01 -07:00
Andrew Bartlett
880a98df1a kdc: Build ticket with the canonical server name 
We need to use the name that the HDB entry returned, otherwise we
will not canonicalise the reply if requested.

Andrew Bartlett

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-30 11:56:46 -07:00
Stefan Metzmacher
83a22ce18f kdc: pass down HDB_F_FOR_AS_REQ and HDB_F_FOR_TGS_REQ to the hdb layer 
metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-30 11:56:46 -07:00
Stefan Metzmacher
7995bbcb24 kdc: only pass HDB_F_CANON if the client specified b->kdc_options.canonicalize 
metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-30 11:56:46 -07:00
Love Hörnquist Åstrand
61f69ea5b1 spelling 2011-07-24 22:36:27 -07:00
Love Hörnquist Åstrand
5a31cf1a52 spelling 2011-07-24 22:36:21 -07:00
Love Hörnquist Åstrand
0941d6dbce add constant for WELLKNOWN:ORG.H5L realm 2011-07-24 21:29:27 -07:00
Love Hörnquist Åstrand
fb5e32e0f6 goto out 2011-07-24 21:23:53 -07:00
Love Hörnquist Åstrand
f0371bb2ee fast cookie expiration 2011-07-24 21:21:39 -07:00
Love Hörnquist Åstrand
46f285bcc9 encode fast state in the fast cookie 2011-07-24 21:16:42 -07:00
Love Hörnquist Åstrand
7f6f4206c6 make compile after rebase 2011-07-24 20:24:40 -07:00
Love Hörnquist Åstrand
721c5634d5 make compile after rebase 2011-07-24 20:24:39 -07:00
Linus Nordberg
12203f0fab s/krb5_decode_EncryptedData/krb5_decrypt_EncryptedData/1. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 20:24:39 -07:00
Linus Nordberg
294c2786fa Fix typo. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 20:24:39 -07:00
Love Hörnquist Åstrand
6b942e6ec2 free fast cookie 2011-07-24 20:24:39 -07:00
Love Hörnquist Åstrand
72308645a2 fast cookie 2011-07-24 20:24:39 -07:00
Love Hörnquist Åstrand
e5c66a70cd parse fast cookie 2011-07-24 20:24:39 -07:00
Love Hörnquist Åstrand
d99c2eda40 use else if 2011-07-24 20:24:39 -07:00
Love Hörnquist Åstrand
eaa23ce96f proxy request if needed 2011-07-24 20:24:39 -07:00
Love Hornquist Astrand
b00f1ceeb9 should use hide_client_names 2011-07-24 20:24:39 -07:00
Love Hornquist Astrand
7e1468ca52 new call order too _krb5_fast_armor_key 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
57b96a269e different logging 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
99ed826f7f use _krb5_fast_armor_key() 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
b6e56322f3 Check if message too large 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
035afb17db use et, ek from r-> 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
4d63c98125 Break out PAC generation 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
94157d4410 dont pass req buffer to _kdc_encode_reply 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
333471097d break out fast unwrap 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
b8c168e565 check return length 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
9a21fddb70 use kdc_request_t for add_enc_pa_req 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
6319f31ecf break out KRB5_PADATA_REQ_ENC_PA_REP 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
1e048065c1 switch to _kdc_r_log 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
68bd6f63e8 move PKINIT to a preauth mech too 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
07342aa138 Add and use _kdc_set_e_text() 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
13eeb30a1d Create a request structure 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
0332787e0f Hide client name of privacy reasons 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
65254713a2 log if we have FAST PA or not 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
17d5f8d19e make AS work with FAST 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
6c31f5a95f free ac after its used 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
a2bcf8bbdd break out mk_error 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
04983dfd94 Preserve outer error 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
4561012998 fix up to update kdc_db_fetch 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
79703dc3cc memory management 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
8eb256ea00 send enc challange in KDC reply 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
7151d4e66c partial handling of ENC-CHALLANGE 2011-07-24 20:24:36 -07:00