oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
25,798 Commits 2 Branches 2 Tags
667ec8eb81e6397bcfcdc4750692df1aeb4e90d1
Commit Graph

25798 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Love Hornquist Astrand
667ec8eb81 Use version 0 for issuer name serial number and version 2 for ski 
Pointed by subject Michael Wood <esiotrot@gmail.com> on samba-technical
 2010-10-07 00:22:09 -07:00
Love Hornquist Astrand
ef543041fc moving on top of ourself is simple 2010-10-07 00:01:24 -07:00
Love Hornquist Astrand
3789b1111e stop if there is not enough data 2010-10-07 00:01:06 -07:00
Love Hornquist Astrand
c50d442375 release cred too 2010-10-06 23:47:37 -07:00
Love Hornquist Astrand
a3746c9f07 handle unix credentials 2010-10-06 23:32:36 -07:00
Love Hornquist Astrand
f225af82c1 if db_create() returns non zero, fail 2010-10-06 21:37:50 -07:00
Love Hornquist Astrand
34e5278ae4 random bits 2010-10-04 00:03:12 -07:00
Love Hornquist Astrand
106689c7a0 add rsakey2048 and rsakey4096 2010-10-03 18:13:58 -07:00
Love Hornquist Astrand
b7b40b1ef9 add more speed (or maybe non speed numbers) 2010-10-03 18:13:16 -07:00
Love Hornquist Astrand
4c1b29346f test rsakey2048 2010-10-03 17:06:48 -07:00
Love Hornquist Astrand
b4181e4560 rsakey2048 2010-10-03 17:04:48 -07:00
Love Hornquist Astrand
48ad3e1e65 add import/export type for private keys 2010-10-03 16:32:01 -07:00
Love Hornquist Astrand
dfc54c6eea now that we use 2k rsa keys, don't make ca keys twise as large 2010-10-03 14:59:43 -07:00
Love Hornquist Astrand
97390e087d default to 2k rsa keys, for performance reasons you might want to generate 1k rsa keys though 2010-10-03 14:58:18 -07:00
Andrew Bartlett
5cc4d5d2bd heimdal Use a seperate krb5_auth_context for the delegated credentials 
This makes it much more clear that the timestamp written here is not
used in mutual authentication.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 20:47:12 -07:00
Andrew Bartlett
b78419f126 heimdal use returned server entry from HDB to compare realms 
Some hdb modules (samba4) may change the case of the realm in
a returned result.  Use that to determine if it matches the krbtgt
realm also returned from the DB (the DB will return it in the 'right' case)

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 20:46:49 -07:00
Andrew Bartlett
0225db7152 Don't redefine socket() if socket_wrapper is already in use 
In Samba, we may have already included socket_wrapper.h at this point

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 20:46:16 -07:00
Love Hornquist Astrand
c6fb9428dd Drop imath for ltm for speed reasons 2010-10-02 12:28:27 -07:00
Love Hornquist Astrand
0a608964a4 only set error code in case of failure, add comment 2010-10-02 12:13:19 -07:00
Love Hornquist Astrand
6cdf8104f7 do is deprecated, so lets stop using it 2010-10-02 12:05:41 -07:00
Love Hornquist Astrand
0789271ebb indent, return error code 2010-10-02 11:59:53 -07:00
Andrew Bartlett
7ea9ccf737 heimdal: added verbose logging of hemimdal crypto errors 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 11:56:26 -07:00
Andrew Bartlett
c434086ba0 Add error code to use when a secret is not in this database 
This will happen on an RODC, which has the entry, but not the full
secret.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 11:52:28 -07:00
Andrew Bartlett
1d09e39d45 Don't segfault when in --one-file mode 
The problem is that on Linux, fclose() of a NULL pointer segfaults

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 11:51:42 -07:00
Buck Huppmann
799956e9b7 Check if we should enable weak crypto before parsing enctypes list 
This since the enctypes lists doesn't include weak crypto alg in the
resulting list.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 11:28:20 -07:00
Love Hornquist Astrand
0d64a7830b 1.5 items 2010-10-02 10:54:03 -07:00
Love Hornquist Astrand
6beb058640 Handle picky windows RODC servers 2010-10-01 17:49:05 -07:00
Patrik Lundin
d5e4619738 Fix order of arguments given to memchr(). 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-09-30 21:30:33 -07:00
Love Hornquist Astrand
3128a7a416 SHA384 2010-09-30 18:36:58 -07:00
Love Hornquist Astrand
b206aeb016 SHA384 2010-09-30 18:22:00 -07:00
Love Hornquist Astrand
1b48afda47 add sha512 2010-09-30 01:04:19 -07:00
Love Hornquist Astrand
9dbcb98f84 clue in sha512 in rsa signature 2010-09-30 01:00:42 -07:00
Love Hornquist Astrand
1072afd6bf Andrew Bartlet pointed out that the patch was incomplete, update and write doxygen. 2010-09-30 00:44:35 -07:00
Love Hornquist Astrand
6699b5e59a get padding size right 2010-09-30 00:20:52 -07:00
Love Hornquist Astrand
42727fc891 glue in sha512 2010-09-30 00:18:03 -07:00
Love Hornquist Astrand
150f1401d1 Add SHA512 2010-09-30 00:08:48 -07:00
Love Hornquist Astrand
b32651c830 SHA512 support 2010-09-29 23:41:15 -07:00
Love Hornquist Astrand
5fc132d888 add _der_gmtime, use and test it 2010-09-29 13:32:39 -07:00
Love Hornquist Astrand
f454f45fbf If the hostname contains a dot, assumes it's a FQAN and don't use 
search domains since that might be painfully slow when machine is
disconnected from that network.

Found by Tridge
 2010-09-28 22:37:01 -07:00
Love Hornquist Astrand
5410614330 free more bn that was allocated 2010-09-28 22:12:20 -07:00
Love Hornquist Astrand
97d939d9af don't allocate n twice, indent 2010-09-28 22:08:00 -07:00
Andrew Bartlett
76266ab5ac s4:heimdal Create a new PAC when impersonating a user with S4U2Self 
If we don't do this, the PAC is given for the machine accout, not the
account being impersonated.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-09-26 15:15:18 -07:00
Karolin Seeger
035106be97 s4-krb5: Fix typos in comment. 
Karolin

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-09-26 15:12:09 -07:00
Andrew Bartlett
0e128912af s4:heimdal Add hooks to check with the DB before we allow s4u2self 
This allows us to resolve multiple forms of a name, allowing for
example machine$@REALM to get an S4U2Self ticket for
host/machine@REALM.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-09-26 15:11:05 -07:00
Karolin Seeger
77a6204452 s4-heimdal: Fix typo in comment. 
Karolin

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-09-26 15:08:28 -07:00
Karolin Seeger
260e19ac09 s4-heimdal: Fix typo in comment. 
Karolin

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-09-26 15:06:58 -07:00
Love Hornquist Astrand
07e7cdd4f0 Support PADDING_NONE for encryption too 2010-09-23 11:11:00 -07:00
Love Hornquist Astrand
74e46d59c1 add back hx509_crypto_allow_weak 2010-09-22 15:00:13 -07:00
Love Hornquist Astrand
6f328a9194 add padding support via hx509_crypto_set_padding 2010-09-22 14:41:17 -07:00
Love Hornquist Astrand
2f9f212980 remove unused header file 2010-09-19 01:47:32 -07:00