oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
25,119 Commits 2 Branches 2 Tags
687db64c567b4529aa723a8f5f87946f7cde4cd5
Commit Graph

1371 Commits

Author SHA1 Message Date
Love Hornquist Astrand
013fb45a7f Make the send e_text on time skew error default to make it work with windows clients. 2009-08-04 20:19:44 +02:00
Andrew Bartlett
f8c121b282 Add support for user principal names in certificates [HEIMDAL-602] 
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ.  (This was a TODO in
the Heimdal KDC)

The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
 2009-08-04 09:34:58 +02:00
Love Hornquist Astrand
09f64eb7c5 Free ent on failure [CID-171] 2009-07-30 09:59:23 +02:00
Love Hornquist Astrand
1ca716bbc7 Free buf on random generator error [CID-177] 2009-07-30 07:42:12 +02:00
Love Hornquist Astrand
9b710bed81 store is never read again 2009-07-29 22:37:58 +02:00
Love Hornquist Astrand
5d152d70eb Indent 2009-07-16 22:56:59 -07:00
Love Hornquist Astrand
3634423f36 Allow specifying runing user and chroot() enviroment 
Allow the admin to switch the user the kdc is running under and
specify the chroot() directory to run in.

Please note you need a very special setup to get this working.
 2009-07-16 22:15:26 -07:00
Love Hörnquist Åstrand
2076c1c93e Add PAC to the first entry in the array since Windows and samba3 expects it there. 
The problem was found by Matthieu Patou, whom also created the first
patch which I changed to look what the current code looks like.

History is tracked in [HEIMDAL-582].

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25338 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:28:56 +00:00
Love Hörnquist Åstrand
97b8122bc6 Report HDB_AUTH_SUCCESS for PK-INIT too. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25308 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:34:18 +00:00
Love Hörnquist Åstrand
7829e74641 Provide auth_status to backend. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25307 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:33:06 +00:00
Love Hörnquist Åstrand
d3de015b79 Check locked-out flag for client and server. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25306 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:32:56 +00:00
Love Hörnquist Åstrand
8e2e176812 make compile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25305 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:27:09 +00:00
Love Hörnquist Åstrand
5136167f15 if client delegates to itself, that ok 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25304 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:26:57 +00:00
Love Hörnquist Åstrand
90de65f2be If backend implements ->hdb_check_constrained_delegation, use it for processing. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25303 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:26:39 +00:00
Love Hörnquist Åstrand
868bd2dd69 sync check flags 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25300 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:26:00 +00:00
Love Hörnquist Åstrand
deef966478 sync check flags 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25299 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:25:46 +00:00
Love Hörnquist Åstrand
326381bfc6 fix error message in constrained delegation, from andrew bartlett 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25295 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 03:23:25 +00:00
Love Hörnquist Åstrand
506b98d110 Patch from Andrew bartlett via heimdal-bugs@h5l.org 
kdc Allow a password change when the password is expired

    This requires a rework on Heimdal's windc plugin layer, as we want
    full control over what tickets Heimdal will issue.  (In particular, in
    case our requirements become more complex in future).

    The original problem was that Heimdal's check would permit the ticket,
    but Samba would then deny it, not knowing it was for kadmin/changepw

    Andrew Bartlett

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25294 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 03:16:46 +00:00
Love Hörnquist Åstrand
ba04bad361 From Andrew Bartlet via heimdal-bugs@h5l.org 
s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups

    The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
    list user principal name) in an AS-REQ.  Evidence from the wild
    (Win2k8 reportadely) indicates that this is instead valid for all
    types of requests.

    While this is now handled in heimdal/kdc/misc.c, a flag is now defined
    in Heimdal's hdb so that we can take over this handling in future (once we start
    using a system Heimdal, and if we find out there is more to be done
    here).

    Andrew

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25293 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 03:16:35 +00:00
Love Hörnquist Åstrand
0cac9adc37 one more HAVE_OPENSSL for EC 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25274 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-06 06:43:10 +00:00
Love Hörnquist Åstrand
8bdfc86327 Use OID variable instead of function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25250 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-28 01:20:37 +00:00
Love Hörnquist Åstrand
00c0fcb461 Use OID variable instead of function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25249 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-28 01:20:27 +00:00
Love Hörnquist Åstrand
6d379afd2a catch extra data 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25225 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-25 23:44:08 +00:00
Love Hörnquist Åstrand
c0d30cc7d3 handle out of memory 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25206 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-09 14:22:05 +00:00
Love Hörnquist Åstrand
0cd989c99e Turn else info else if to avoid falling of into FALSE. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25205 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-09 14:21:54 +00:00
Love Hörnquist Åstrand
1530060a84 Assume old client if it doesn't send supportedCMSTypes. 
Add error message.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25167 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-04 06:16:40 +00:00
Love Hörnquist Åstrand
5baf2e3d1a Simplify datagram_reply 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25132 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-25 16:26:10 +00:00
Love Hörnquist Åstrand
4aa92f9db1 Less empty if statements. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25120 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-16 08:17:26 +00:00
Love Hörnquist Åstrand
27316b9a1f use krb5_principal_get_realm 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25111 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-16 08:01:40 +00:00
Love Hörnquist Åstrand
98e7ac2226 spelling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25099 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-06 02:50:54 +00:00
Love Hörnquist Åstrand
542528a7ce try to clean up ckey handling, esp when there is no ckey 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25098 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-06 02:50:39 +00:00
Love Hörnquist Åstrand
b8071a368c spelling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25097 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-06 02:50:08 +00:00
Love Hörnquist Åstrand
7f6001e81c disable deprecated warning since this module uses 425 function and we 
don't want warnings for that.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25096 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-04 17:11:26 +00:00
Love Hörnquist Åstrand
01cf29a91a disable deprecated warning since this module uses 425 function and we 
don't want warnings for that.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25095 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-04 17:11:15 +00:00
Love Hörnquist Åstrand
792da8685d don't leak memory 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25084 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-04 17:08:56 +00:00
Love Hörnquist Åstrand
1033b89779 make comile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25048 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-03 04:05:28 +00:00
Love Hörnquist Åstrand
7c97293c1e rename S4U2SELF to FOR_USER 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25044 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-03 04:04:33 +00:00
Love Hörnquist Åstrand
51d0f65fb8 use krb5_cc_new_unique, use constants for cache types 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25041 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-03 04:04:01 +00:00
Love Hörnquist Åstrand
27e41bf7d6 If the client sent more then 10 EDI, don't bother looking more then 10 
of performance reasons.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25002 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 19:49:09 +00:00
Love Hörnquist Åstrand
eb81f54da8 Flatten the reply 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25001 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 19:48:55 +00:00
Love Hörnquist Åstrand
6b95eec5c9 new signature for _kdc_pk_rd_padata 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25000 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:05:00 +00:00
Love Hörnquist Åstrand
1d0eb4dad8 add proxy bit 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24999 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:04:50 +00:00
Love Hörnquist Åstrand
dd3405112f rename client_params and set proxy cert bit on the right context 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24994 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:04:00 +00:00
Love Hörnquist Åstrand
5ee06ffbff Make one verify context per client, this way we can add our own trust 
anchors for each client, so that self registed/special certificate are
allowed as trust anchors.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24987 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:02:44 +00:00
Love Hörnquist Åstrand
4205308775 Always generate session key 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24975 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-28 17:08:31 +00:00
Love Hörnquist Åstrand
f4f623e7d8 comment on what to add 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24942 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-25 15:36:58 +00:00
Love Hörnquist Åstrand
033c14110f simplify 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24941 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-25 15:36:47 +00:00
Love Hörnquist Åstrand
3aa4a14ef3 move generation of session key to preauth hook. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24940 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-25 15:36:36 +00:00
Love Hörnquist Åstrand
eb32e1f0ff add generation of session key here 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24939 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-25 15:36:26 +00:00
Love Hörnquist Åstrand
7665dbc0be openlog failed, exit 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24922 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-22 17:23:54 +00:00