oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
22,139 Commits 2 Branches 2 Tags
31d0e293f6f08e6fae9d53d96b64ac1140ca92f5
Commit Graph

110 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
31d0e293f6 drop time to verify context 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23265 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 03:23:16 +00:00
Love Hörnquist Åstrand
5c7bcf2941 Pass in time to hx509_cms_verify_signed 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23264 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 03:23:04 +00:00
Love Hörnquist Åstrand
4250b0a980 Rename the pkinit type enum. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22918 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-08 08:17:11 +00:00
Love Hörnquist Åstrand
55d84fe955 Drop krb5_pk_identity and rename constants to match global header. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22912 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-08 08:16:48 +00:00
Love Hörnquist Åstrand
1f5b3f1f1d Pick up krb5_pk_identity from krb5_locl.h. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22907 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-08 08:16:28 +00:00
Love Hörnquist Åstrand
71ec989edb Adapt to hx509 changes, use hdb_db_dir(). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22243 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-12-08 23:39:30 +00:00
Love Hörnquist Åstrand
b64da39b5f (pk_mk_pa_reply_enckey): only allow non-bound reply if its not required. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21290 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-25 14:13:23 +00:00
Love Hörnquist Åstrand
c2da08186b rename pkinit_princ_in_cert 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21286 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-25 14:08:34 +00:00
Love Hörnquist Åstrand
2430aab0de Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21095 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-15 20:01:45 +00:00
Love Hörnquist Åstrand
5286ace71e tell user when they got a pk-init request with pkinit disabled. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21087 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-13 18:19:08 +00:00
Love Hörnquist Åstrand
4f3369a872 Check for KRB5-PADATA-PK-AS-09-BINDING. Constify. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21039 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-10 06:20:31 +00:00
Love Hörnquist Åstrand
ad36551067 Break out loading of mappings file to a separate function and remove 
warning that it can't open the mapping file, there are now mappings in
the db, maybe the users uses that instead...


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20998 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-07 22:53:31 +00:00
Love Hörnquist Åstrand
a3f341f304 Push down the kdc time into the x509 library. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20960 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-07 04:48:11 +00:00
Love Hörnquist Åstrand
6f787893cd (_kdc_pk_rd_padata): accept both pkcs-7 and pkauthdata as the signeddata oid 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20943 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-06 22:14:36 +00:00
Love Hörnquist Åstrand
3d7fc2b1e7 (_kdc_pk_rd_padata): Try to log what went wrong. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20942 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-06 22:03:20 +00:00
Love Hörnquist Åstrand
a7169a17a6 Use oid_id_pkcs7_data for pkinit-9 encKey reply to match windows DC 
behavior better.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20927 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-05 17:23:44 +00:00
Love Hörnquist Åstrand
ceb434a58b In case of OCSP verification failure, referash every 5 min. In case of 
success, refreash 2 min before expiring or faster.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20812 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-03 03:35:32 +00:00
Love Hörnquist Åstrand
da1be13db5 Handle the ms san in a propper way, still cheat with the realm name. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20748 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-31 17:31:43 +00:00
Love Hörnquist Åstrand
6da3d7025b More logging for pk-init client mismatch. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20736 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-31 16:45:21 +00:00
Love Hörnquist Åstrand
60df0e8122 Force des3 for win2k. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20703 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-30 18:41:59 +00:00
Love Hörnquist Åstrand
2c99856c1c Add wrapping to ContentInfo wrapping to COMPAT_WIN2K. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20701 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-30 18:33:36 +00:00
Love Hörnquist Åstrand
dcf2f42e79 Allow matching by MS UPN SAN, note that this delta doesn't deal with 
case of realm.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20690 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-30 13:37:44 +00:00
Love Hörnquist Åstrand
97e369f300 don't check size since that currently leaks memory 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20430 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-04-19 10:33:30 +00:00
Love Hörnquist Åstrand
f37c85ba61 pass extra flags for detached signatures. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20171 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-03 22:47:25 +00:00
Love Hörnquist Åstrand
80ada635f1 (_kdc_as_rep): check if krb5_generate_random_keyblock failes. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19686 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-04 12:54:09 +00:00
Love Hörnquist Åstrand
c7d5dd6b32 Less verbose error message. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19304 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-10 01:12:00 +00:00
Love Hörnquist Åstrand
8300ee6ee2 (_kdc_add_inital_verified_cas): new function, adds an empty (for now) 
AD_INITIAL_VERIFIED_CAS to tell the clients that we vouches for the CA.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19261 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 21:21:11 +00:00
Love Hörnquist Åstrand
85bcc19262 (_kdc_pk_rd_padata): leak less memory for ExternalPrincipalIdentifiers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19250 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 13:10:21 +00:00
Love Hörnquist Åstrand
24ce3844d0 update (c) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19248 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 12:31:09 +00:00
Love Hörnquist Åstrand
a36abf458c Remove unused function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19247 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 12:25:47 +00:00
Love Hörnquist Åstrand
528e4e53e7 Parse and use PA-PK-AS-REQ.trustedCertifiers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19244 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 12:21:02 +00:00
Love Hörnquist Åstrand
65d743807c Add comment that the anchors in the signed data really should be the 
trust anchors of the client.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19241 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 10:42:41 +00:00
Love Hörnquist Åstrand
5b304e5f20 Need better code in the DH parameter rejection case, add comment to 
that effect.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19165 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-28 03:41:55 +00:00
Love Hörnquist Åstrand
480aff7f9b (_kdc_pk_rd_padata): Pick up supportedCMSTypes and pass in into 
hx509_cms_create_signed_1 via hx509_peer_info blob.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19125 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-26 16:38:51 +00:00
Love Hörnquist Åstrand
ddfe47e5e1 Update hx509_cms_create_signed_1. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19120 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-26 15:50:48 +00:00
Love Hörnquist Åstrand
61623b636c Make app pkinit options prefixed with pkinit_ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19068 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-17 22:20:25 +00:00
Love Hörnquist Åstrand
204ec47405 (_kdc_pk_check_client): drop client_princ as an argument 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18984 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-10 03:37:43 +00:00
Love Hörnquist Åstrand
9956ae0200 Catch error string from hx509_cms_verify_signed. 
Check for id-pKKdcEkuOID and warn if its not there.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18933 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-07 17:24:57 +00:00
Love Hörnquist Åstrand
896bc81f54 Default to always print subject dn for pk-init authorization. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18874 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 17:51:33 +00:00
Love Hörnquist Åstrand
69883abf62 Prefix der primitives with der_. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18460 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-14 10:16:45 +00:00
Love Hörnquist Åstrand
ca35d60f1e (pk_mk_pa_reply_enckey): add missing break. From Olga Kornievskaia. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18427 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-12 20:00:25 +00:00
Love Hörnquist Åstrand
760f9f5bee Sign the request in the encKey case. 
Bug reported by Olga Kornievskaia of Umich.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18220 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-04 20:54:25 +00:00
Love Hörnquist Åstrand
615106f750 (_kdc_pk_check_client): make it not crash when there are no acl 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17831 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-07-13 18:37:58 +00:00
Love Hörnquist Åstrand
fea203a708 (_kdc_pk_check_client): use the acl in the kerberos database 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17830 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-07-13 18:32:45 +00:00
Love Hörnquist Åstrand
4c970b550e Avoid shadowing. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17579 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-13 21:22:55 +00:00
Love Hörnquist Åstrand
eeb100abe7 Don't call DH_check_pubkey, it doesn't exists in older OpenSSL. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17489 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-06 13:22:33 +00:00
Love Hörnquist Åstrand
044719a5bd (_kdc_pk_mk_pa_reply): send back ocsp response if it seems to be 
valid, simplfy the pkinit-windows DH case (it doesn't exists).


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17410 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-02 14:04:34 +00:00
Love Hörnquist Åstrand
36b923f56a (_kdc_pk_check_client): reorganize and make log when a SAN matches. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17348 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-29 14:30:01 +00:00
Love Hörnquist Åstrand
61be59e8c7 make compile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17290 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 18:53:52 +00:00
Love Hörnquist Åstrand
459f0648f1 Add option [kdc]pki-allow-proxy-certificate=bool to allow using proxy certificate. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17287 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 18:42:48 +00:00