59f03abf38
Improve the default salt detection to avoid returning v4 password
...
salting to java that doesn't look at the returning padata for salting.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21411 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-07-04 20:13:29 +00:00
007d16660b
Split out krb5_kdc_set_dbinfo, From Andrew Bartlett
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21405 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-07-04 10:35:45 +00:00
27425a5654
Try harder to provide better error message for digest messages.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21398 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-07-02 17:17:14 +00:00
cd291596a6
On success, print username, not ip-adress.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21389 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-28 09:03:03 +00:00
36bcc8529e
Rename require_binding to win2k_require_binding to match client
...
configuration.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21296 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-25 14:49:11 +00:00
ea8a0d2891
Add [kdc]pkinit_require_binding option.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21291 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-25 14:14:41 +00:00
b64da39b5f
(pk_mk_pa_reply_enckey): only allow non-bound reply if its not required.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21290 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-25 14:13:23 +00:00
cd83aef979
rename pkinit_princ_in_cert and add pkinit_require_binding
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21288 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-25 14:09:55 +00:00
ced5a6d55f
rename pkinit_princ_in_cert and add pkinit_require_binding
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21287 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-25 14:09:03 +00:00
c2da08186b
rename pkinit_princ_in_cert
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21286 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-25 14:08:34 +00:00
4ad305a90c
Drop unused variable.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21262 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-21 15:18:37 +00:00
6c4ad61bd4
disable anonyous tgs requests
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21260 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-21 14:48:42 +00:00
85acea1b76
Don't check PAC on cross realm for now.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21258 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-21 14:11:01 +00:00
a0320981ed
Return an error message instead of dropping the packet for more
...
failure cases.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21241 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-20 11:30:19 +00:00
4b3ea33a6a
Factor out fetching of password and move it to the code that uses
...
it. This code would not hurt by factoring out some more code...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21181 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-19 20:52:29 +00:00
dd6d82336b
Remove extra \n.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21166 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-19 00:05:50 +00:00
50f2521922
Remove printing of ntlmv2 hash, was running wrong version of the kdc.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21114 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-18 13:17:23 +00:00
2ee2c22b2e
More logging for ntlm v2 digest hash mismatch case.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21112 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-18 12:59:12 +00:00
c561d08c04
export get_dbinfo as krb5_kdc_set_dbinfo and call from users. This to allows libkdc users to to specify their own databases
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21110 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-18 10:52:20 +00:00
30a0cc5d6a
(_kdc_db_fetch): set error string for failures.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21106 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-18 10:18:11 +00:00
2430aab0de
Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21095 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-15 20:01:45 +00:00
5286ace71e
tell user when they got a pk-init request with pkinit disabled.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21087 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-13 18:19:08 +00:00
247866e443
Constify.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21041 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-10 06:21:12 +00:00
6b687aaa00
Constify.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21040 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-10 06:20:59 +00:00
4f3369a872
Check for KRB5-PADATA-PK-AS-09-BINDING. Constify.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21039 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-10 06:20:31 +00:00
cc4333b758
remove cvs ignore files
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21026 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-09 03:09:59 +00:00
71bc52d5ac
EXTRA_DIST += version-script.map.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21020 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-08 15:35:50 +00:00
ad36551067
Break out loading of mappings file to a separate function and remove
...
warning that it can't open the mapping file, there are now mappings in
the db, maybe the users uses that instead...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20998 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 22:53:31 +00:00
501beea27a
add new symbols
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20978 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 15:28:40 +00:00
24cf0fdeae
Also update krb5_context view of what the time is.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20970 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 06:54:55 +00:00
ea26dbde83
Add --[version|help].
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20963 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 05:12:59 +00:00
a3f341f304
Push down the kdc time into the x509 library.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20960 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 04:48:11 +00:00
8b91b80a1e
Remove out2, no longer used.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20959 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 04:46:06 +00:00
23ed41b109
Move up krb5_kdc_save_request so we can catch the reply data too.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20958 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 04:35:05 +00:00
4fe154b2f9
verify reply by checking asn1 class, type and tag of the reply if
...
there is one.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20957 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 04:34:14 +00:00
43a028c82a
Save asn1 class, type and tag of the reply if there is one. Used to
...
verify the reply in kdc-replay.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20956 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 04:32:53 +00:00
1902040622
extern for request_log.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20954 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 03:30:15 +00:00
7d1da27427
Add kdc-replay.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20953 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 03:20:22 +00:00
162660bade
Replay kdc messages to the KDC library.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20952 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 03:19:07 +00:00
35a6f8ed22
Pick up request_log from [kdc]kdc-request-log.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20951 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 03:08:39 +00:00
44e3c4e620
Option to save the request to disk.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20950 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 03:07:42 +00:00
7e2f36b1d6
(krb5_kdc_save_request): save request to file.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20949 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 03:07:04 +00:00
01d0aa7e38
Update kdc time.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20948 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 02:20:45 +00:00
c42a34c36d
(krb5_kdc_process*): dont update _kdc_time automagicly.
...
(krb5_kdc_update_time): set or get current kdc-time.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20947 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-07 02:20:10 +00:00
6f787893cd
(_kdc_pk_rd_padata): accept both pkcs-7 and pkauthdata as the signeddata oid
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20943 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-06 22:14:36 +00:00
3d7fc2b1e7
(_kdc_pk_rd_padata): Try to log what went wrong.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20942 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-06 22:03:20 +00:00
a7169a17a6
Use oid_id_pkcs7_data for pkinit-9 encKey reply to match windows DC
...
behavior better.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20927 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-05 17:23:44 +00:00
f48ceb510e
(digest ntlm): provide log entires by setting ret to an error.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20877 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-04 04:07:26 +00:00
ceb434a58b
In case of OCSP verification failure, referash every 5 min. In case of
...
success, refreash 2 min before expiring or faster.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20812 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-03 03:35:32 +00:00
da1be13db5
Handle the ms san in a propper way, still cheat with the realm name.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20748 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-05-31 17:31:43 +00:00
Love Hörnquist Åstrand