oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
25,119 Commits 2 Branches 2 Tags
687db64c567b4529aa723a8f5f87946f7cde4cd5
Commit Graph

1371 Commits

Author SHA1 Message Date
Love Hornquist Astrand
c867fd3e2e Make libtool pull in the depenency on libldap 
Put in explicy depenency on libdap so that libtool
might to the right thing for us.

Patch from Jan Rekorajski
 2009-12-08 00:15:10 -08:00
Love Hornquist Astrand
55db6909fe _kdc_pk_initialize needs to be exported for kdc-replay 
prompted by patch from Gabor Gombas <gombasg@sztaki.hu>
 2009-11-25 05:08:44 -08:00
Asanka Herath
b191b1e12f Make kdc build on windows 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-11-24 22:19:37 -08:00
Asanka Herath
d00f9984a5 Make roken build on windows 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-11-24 21:42:02 -08:00
Love Hornquist Astrand
c6bbdb545b First drop of Windows build infrastructure from Secure Endpoints 2009-11-24 12:12:53 -08:00
Andrew Bartlett
25a2ac726b heimdal Fix invalid format string 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-11-23 20:36:54 -08:00
Love Hornquist Astrand
b1d26a6cba load pkinit bits 2009-11-22 17:34:57 -08:00
Love Hornquist Astrand
a895e85526 When a TS-ENC key was verified, send the salt for that key in the reply 2009-11-22 09:51:49 -08:00
Love Hornquist Astrand
2c14216733 don't override configuration if there is one 2009-11-22 08:41:10 -08:00
Love Hornquist Astrand
59d1bf12af use "headers.h", add usage 2009-11-22 06:54:11 -08:00
Love Hornquist Astrand
63db63e062 drop HAVE_CONFIG_H 2009-11-22 06:51:45 -08:00
Love Hornquist Astrand
ca6df0fffc remove sandbox for now since it also require a sandbox profile, and that is not ready yet 2009-11-22 06:46:25 -08:00
Love Hornquist Astrand
eeeff38603 switch to new syntax 2009-11-22 06:42:39 -08:00
Love Hornquist Astrand
270c4feaf1 add digest-service and announce 2009-11-22 06:42:14 -08:00
Love Hornquist Astrand
9fa76b8766 add missing argument 2009-11-22 06:41:57 -08:00
Love Hornquist Astrand
79fe41bbb9 cetype unused 2009-11-22 06:36:13 -08:00
Love Hornquist Astrand
6df0783c7e Redo client key handling for AS 
Pick the replykey to be the same as the preauth key, this allows
us to delay the picking of client key to when its needed, this
means that we can have a reply keys for PKINIT that is independant
of what keys the client have.
 2009-11-22 00:58:53 -08:00
Love Hornquist Astrand
dd67212157 add disable btmm support 2009-11-22 00:29:36 -08:00
Love Hornquist Astrand
847161193c constify pkinit conf 2009-11-22 00:28:33 -08:00
Love Hornquist Astrand
4d48b172ab add pkinit configration for btmm 2009-11-22 00:28:13 -08:00
Love Hornquist Astrand
72fbb8714f make pkinit non optional 2009-11-22 00:27:45 -08:00
Love Hornquist Astrand
010e7a9f5f announce realm via bonjour 2009-11-22 00:27:14 -08:00
Love Hornquist Astrand
71c6fa48f6 bonjour_announce 2009-11-22 00:26:57 -08:00
Love Hornquist Astrand
dbb5002e68 generic digest service 2009-11-22 00:26:32 -08:00
Love Hornquist Astrand
74cce43c8c make open log generic 2009-11-22 00:26:15 -08:00
Love Hornquist Astrand
04c3fc9882 add support for sandbox 2009-11-22 00:25:56 -08:00
Love Hornquist Astrand
b02039ae30 have require_hwauth 2009-11-22 00:25:31 -08:00
Love Hornquist Astrand
c5fffce8db abstract out adding dbinfo 2009-11-22 00:24:55 -08:00
Love Hornquist Astrand
b05756994b drop krb5_get_err_text 2009-11-04 20:03:55 -08:00
Love Hornquist Astrand
aa292cd80b use krb5_get_error_message() 2009-11-03 23:51:11 -08:00
Love Hornquist Astrand
97dd51a2da use krb5_get_error_message() 2009-11-03 23:50:45 -08:00
Love Hornquist Astrand
c01177976c use krb5_warn 2009-11-03 23:49:04 -08:00
Love Hornquist Astrand
79597c6a3a use krb5_get_error_message() 2009-11-03 23:33:50 -08:00
Love Hornquist Astrand
600b435d06 Spelling 
From Luke Howard
 2009-10-19 09:32:15 -07:00
Love Hornquist Astrand
91fd0b2f17 Spelling 
From Luke Howard
 2009-10-19 09:32:10 -07:00
Love Hornquist Astrand
678f9f9f07 [HEIMDAL-533] KDC sends TGS-REP encrypted in session key not authenticator 
From RFC 4120, page 35

   In preparing the authentication header, the client can select a sub-
   session key under which the response from the Kerberos server will be
   encrypted.  If the client selects a sub-session key, care must be
   taken to ensure the randomness of the selected sub-session key.

The client library alread handle this case.

Thanks to Sam Hartman to report this though Debian
 2009-10-11 08:46:53 -07:00
Matthias Dieter Wallnöfer
8457216616 heimdal kerberos - fix memory leak (free the plugin list always - not only in error cases) 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-10-03 11:13:09 -07:00
Love Hornquist Astrand
a5b04fe4b5 If et.authorization_data is not allocated, make it so. 
Patch from Johan Gadsjö
 2009-09-29 23:28:47 -07:00
Love Hornquist Astrand
af61cd2eb4 Use hx509_context that build from krb5_context 2009-09-29 13:13:32 -07:00
Love Hornquist Astrand
2ec7e6b4fa Use hx509_context that build from krb5_context 2009-09-29 13:13:21 -07:00
Love Hornquist Astrand
e27f40b032 update usage for _krb5_pk_load_id 2009-09-29 11:28:51 -07:00
Love Hornquist Astrand
7fbe96b164 Paranoid in checking that we parsed the complete buffer 2009-09-29 08:26:17 -07:00
Love Hornquist Astrand
6fada85f78 if the UDP packet is truncated, return too packet large 2009-09-16 16:06:11 -07:00
Love Hornquist Astrand
6061cb5ee7 use max_request_str instead of max_request 2009-09-16 16:00:47 -07:00
Love Hornquist Astrand
984dd76fda switch to EVP_MD_CTX_create() and thus make smaller 2009-08-21 07:15:06 -07:00
Love Hornquist Astrand
ec01d69f73 switch to use EVP interface instead of old crypto interface 2009-08-17 10:45:21 +02:00
Love Hornquist Astrand
c57fcae29a switch to use EVP interface instead of old MDX_ style interface 2009-08-16 20:35:40 +02:00
Love Hornquist Astrand
729a13a985 switch to use EVP interface instead of old MDX_ style interface 2009-08-16 20:10:41 +02:00
Love Hornquist Astrand
4378f084ef Switch to EVP_MD digest 2009-08-16 11:58:03 +02:00
Love Hornquist Astrand
c1a54a5e37 Make KRB5SignedPath less fragile, only sign trivial parts of the encTicketPart 
Sign the client and auth time (like its done in the PAC) and let that
be ehough for now. Add a Typed hole so that we don't break wireprotocol
next time.
 2009-08-12 23:05:36 +02:00