oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
24,215 Commits 2 Branches 2 Tags
5bb9a31a9ac22980f6dac6c0e17f9637042f80df
Commit Graph

142 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
0cac9adc37 one more HAVE_OPENSSL for EC 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25274 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-06 06:43:10 +00:00
Love Hörnquist Åstrand
00c0fcb461 Use OID variable instead of function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25249 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-28 01:20:27 +00:00
Love Hörnquist Åstrand
1530060a84 Assume old client if it doesn't send supportedCMSTypes. 
Add error message.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25167 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-04 06:16:40 +00:00
Love Hörnquist Åstrand
792da8685d don't leak memory 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25084 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-04 17:08:56 +00:00
Love Hörnquist Åstrand
27e41bf7d6 If the client sent more then 10 EDI, don't bother looking more then 10 
of performance reasons.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25002 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 19:49:09 +00:00
Love Hörnquist Åstrand
eb81f54da8 Flatten the reply 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25001 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 19:48:55 +00:00
Love Hörnquist Åstrand
dd3405112f rename client_params and set proxy cert bit on the right context 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24994 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:04:00 +00:00
Love Hörnquist Åstrand
5ee06ffbff Make one verify context per client, this way we can add our own trust 
anchors for each client, so that self registed/special certificate are
allowed as trust anchors.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24987 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:02:44 +00:00
Love Hörnquist Åstrand
f4f623e7d8 comment on what to add 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24942 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-25 15:36:58 +00:00
Love Hörnquist Åstrand
eb32e1f0ff add generation of session key here 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24939 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-25 15:36:26 +00:00
Love Hörnquist Åstrand
143101e825 better printing of keyex mech 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24704 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:14:07 +00:00
Love Hörnquist Åstrand
985e9f898d mrore DH bits 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:12:55 +00:00
Love Hörnquist Åstrand
b86374c262 Implement ECDH in the KDC. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24695 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:12:36 +00:00
Love Hörnquist Åstrand
11876749d4 more bits for ECDH 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24688 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 04:17:05 +00:00
Love Hörnquist Åstrand
b370260466 Abstract out use of DH 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24687 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 04:16:54 +00:00
Love Hörnquist Åstrand
4aebfb78c0 Remove extra anonymous check. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24600 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:07:52 +00:00
Love Hörnquist Åstrand
c1e6b65501 use is_anonymous(), extra new argument to _krb5_pk_load_id() 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24593 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:06:42 +00:00
Love Hörnquist Åstrand
7f61137222 Use HX509_CMS_VS_ALLOW_ZERO_SIGNER for anonymous requests. 
Move the check client/anonoymous logic here

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24577 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:03:58 +00:00
Love Hörnquist Åstrand
cc20011567 deny non valid use of anonymous requests. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24574 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:03:27 +00:00
Love Hörnquist Åstrand
6d2fc59777 - Add switch to select friendly_name of the certificate. 
- Use HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH some CMS implementestions get the oid
wrong when they do evelopeddata.
- Use HX509_CMS_EV_NO_KU_CHECK since some clients send certs that are
not enveloped certs.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24196 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-15 04:31:32 +00:00
Love Hörnquist Åstrand
49ff682fff better error messages 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24179 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-15 04:28:43 +00:00
Love Hörnquist Åstrand
937e8ffe0a plug memory leak of DH public key 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24154 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:08:57 +00:00
Love Hörnquist Åstrand
e295c94913 allow freeing of client_params=NULL cid#54 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24131 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:05:00 +00:00
Love Hörnquist Åstrand
9c92a36dd8 return up kdc_cert from signing operation so that OSCP can do the right thing. cid#55 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24130 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:04:50 +00:00
Love Hörnquist Åstrand
a1ebdfc19c remove dead code: cid# 11 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24104 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:00:18 +00:00
Love Hörnquist Åstrand
a3107b9af4 free hx509_query on non matching cert. cid#120 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24101 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:59:48 +00:00
Love Hörnquist Åstrand
c0b677504f indent 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24000 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-11-02 07:04:46 +00:00
Love Hörnquist Åstrand
dd22b9cdde switch to krb5_clear_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23914 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-14 02:56:17 +00:00
Love Hörnquist Åstrand
fd676a5005 Patch from Shi Hosoda to add back windows XP SP2 compat that we have 
manged to break. This patch make it possible to use Samba4 with
Windows XP SP2, way cool!

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23861 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-22 06:32:28 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
31d0e293f6 drop time to verify context 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23265 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 03:23:16 +00:00
Love Hörnquist Åstrand
5c7bcf2941 Pass in time to hx509_cms_verify_signed 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23264 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 03:23:04 +00:00
Love Hörnquist Åstrand
4250b0a980 Rename the pkinit type enum. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22918 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-08 08:17:11 +00:00
Love Hörnquist Åstrand
55d84fe955 Drop krb5_pk_identity and rename constants to match global header. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22912 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-08 08:16:48 +00:00
Love Hörnquist Åstrand
1f5b3f1f1d Pick up krb5_pk_identity from krb5_locl.h. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22907 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-08 08:16:28 +00:00
Love Hörnquist Åstrand
71ec989edb Adapt to hx509 changes, use hdb_db_dir(). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22243 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-12-08 23:39:30 +00:00
Love Hörnquist Åstrand
b64da39b5f (pk_mk_pa_reply_enckey): only allow non-bound reply if its not required. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21290 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-25 14:13:23 +00:00
Love Hörnquist Åstrand
c2da08186b rename pkinit_princ_in_cert 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21286 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-25 14:08:34 +00:00
Love Hörnquist Åstrand
2430aab0de Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21095 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-15 20:01:45 +00:00
Love Hörnquist Åstrand
5286ace71e tell user when they got a pk-init request with pkinit disabled. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21087 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-13 18:19:08 +00:00
Love Hörnquist Åstrand
4f3369a872 Check for KRB5-PADATA-PK-AS-09-BINDING. Constify. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21039 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-10 06:20:31 +00:00
Love Hörnquist Åstrand
ad36551067 Break out loading of mappings file to a separate function and remove 
warning that it can't open the mapping file, there are now mappings in
the db, maybe the users uses that instead...


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20998 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-07 22:53:31 +00:00
Love Hörnquist Åstrand
a3f341f304 Push down the kdc time into the x509 library. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20960 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-07 04:48:11 +00:00
Love Hörnquist Åstrand
6f787893cd (_kdc_pk_rd_padata): accept both pkcs-7 and pkauthdata as the signeddata oid 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20943 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-06 22:14:36 +00:00
Love Hörnquist Åstrand
3d7fc2b1e7 (_kdc_pk_rd_padata): Try to log what went wrong. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20942 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-06 22:03:20 +00:00
Love Hörnquist Åstrand
a7169a17a6 Use oid_id_pkcs7_data for pkinit-9 encKey reply to match windows DC 
behavior better.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20927 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-05 17:23:44 +00:00
Love Hörnquist Åstrand
ceb434a58b In case of OCSP verification failure, referash every 5 min. In case of 
success, refreash 2 min before expiring or faster.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20812 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-03 03:35:32 +00:00
Love Hörnquist Åstrand
da1be13db5 Handle the ms san in a propper way, still cheat with the realm name. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20748 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-31 17:31:43 +00:00