0205e1ebe3
Use unsigned where appropriate.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22870 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-07 18:50:28 +00:00
921fee6f9c
use the correct server name for logging.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22795 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-03-28 08:21:23 +00:00
424eede709
Rename tgs_build_referral to build_server_referral since it can be
...
used for AS-REQ too.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22739 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-03-24 12:07:31 +00:00
203a4ad7f1
Send SERVER-REFERRAL data in rep.padata instead of auth_data in ticket.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22735 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-03-24 12:07:13 +00:00
294999cc14
kill trailing whitespace
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22733 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-03-24 12:07:05 +00:00
f57e7c4d5f
Better referrals support, use canonicalize flag.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22729 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-03-24 12:06:50 +00:00
50901132f0
Also check KDCOptions->canonicalize when looking for referrals requests.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22713 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-03-24 12:05:45 +00:00
b9f88cce4c
first version of the tgs referrals pathcheck
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22703 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-03-24 12:05:02 +00:00
5fed824f37
its vs it\'s etc. From Bjorn Sandell
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22071 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-11-14 20:04:50 +00:00
be8c8799d8
Should pass different key usage constants depending on whether or not
...
optional sub-session key was passed by the client for the check of
authorization data. The constant is used to derive "specific key" and
its values are specified in 7.5.1 of RFC4120.
Patch from Andy Polyakov.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22068 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-11-14 19:56:15 +00:00
86e58a1b60
Don't send auth data in referrals, microsoft clients have started to
...
not like that. Thanks to Andy Polyakov for excellent research.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22066 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-11-14 19:49:24 +00:00
4808b585af
More prettier printing of enctype, from KAMADA Ken'ichi.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21949 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-10-04 18:49:27 +00:00
4ad305a90c
Drop unused variable.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21262 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-21 15:18:37 +00:00
6c4ad61bd4
disable anonyous tgs requests
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21260 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-21 14:48:42 +00:00
85acea1b76
Don't check PAC on cross realm for now.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21258 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-21 14:11:01 +00:00
247866e443
Constify.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21041 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-10 06:21:12 +00:00
45ebb9c7f2
Only check service key for cross realm PACs.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20265 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-02-18 08:34:36 +00:00
126ea0e595
Don't check PACs on cross realm requests.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20254 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-02-17 07:52:01 +00:00
82f3dca5ec
Rename keys to be more obvious what they do.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19809 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-10 19:43:35 +00:00
7e21610a7c
Pass down server entry to verify_pac function.
...
from Andrew Bartlett <abartlet@samba.org >
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19797 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-10 15:22:11 +00:00
bee6d08ff3
(tgs_build_reply): check if krb5_generate_random_keyblock failes.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19685 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-04 12:49:45 +00:00
8588cd9ebd
Scope etype.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19684 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-04 12:42:51 +00:00
f2807ae2c8
rename functions after export some more pac functions.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19672 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-04 11:02:33 +00:00
9b7ae5c640
Resign the PAC in tgsreq if we have a PAC.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19669 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-04 10:56:23 +00:00
9140e58024
Get right key for PAC krbtgt verification.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19643 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-03 19:34:27 +00:00
11c02517ae
Call callbacks for emulating a Windows Domain Controller.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19630 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-03 15:37:52 +00:00
9fed7e931e
(_kdc_tkt_add_if_relevant_ad): use _kdc_tkt_add_if_relevant_ad to add the SignedPath.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19260 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-12-06 21:16:03 +00:00
772ed07a25
Reply KRB5KRB_ERR_RESPONSE_TOO_BIG for too large packets when using
...
datagram based transports.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19163 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-11-27 14:17:58 +00:00
b9624a871d
Use KRB5_KU_OTHER_CKSUM for the impersonate checksum.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19081 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-11-21 05:14:43 +00:00
87500b6c61
(check_KRB5SignedPath): free KRB5SignedPath on successful completion
...
too, not just the error cases.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18827 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-10-22 15:54:37 +00:00
69883abf62
Prefix der primitives with der_.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18460 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-10-14 10:16:45 +00:00
8b981cc040
(tgs_parse_request): set cusec, not csec from auth->cusec.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18366 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-10-09 06:51:57 +00:00
c7b54c3372
Adapt to signature change of _krb5_principalname2krb5_principal.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18270 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-10-06 17:06:30 +00:00
cafd935d88
Check the adtkt in the constrained delegation case too.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18101 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-09-18 17:30:19 +00:00
2db346fb7d
Add signing and checking of tickets to s4u2self works securely.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18074 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-09-11 13:39:13 +00:00
687cb26c9e
Remove _kdc_find_etype(), its no longer used.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17934 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 11:52:29 +00:00
fb086a0312
Adapt to the new sigature of _kdc_find_keys().
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17906 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-24 08:33:53 +00:00
599d3cf216
Change _kdc_db_fetch() to return the database pointer too if needed by
...
the consumer.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17904 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-23 11:45:16 +00:00
ce5ef410ee
(tgs_build_reply): when checking for removed principals, check the
...
second component of the krbtgt, otherwise cross realm wont work.
Prompted by report from Mattias Amnefelt.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17806 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-07-06 15:38:31 +00:00
fb9ab0b9d9
(tgs_build_reply): add constrained delegation.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17625 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-06 16:35:26 +00:00
a060a07f20
Add impersonation.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17622 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-06 15:07:46 +00:00
e030c0d5e1
Split up the reverse cross krbtgt check and local clien must exists test.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17603 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-01 17:43:03 +00:00
23478bc157
Plug old memory leaks, unify all goto's.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17602 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-01 16:40:14 +00:00
cb7d1402f1
Split tgs_rep2 into tgs_parse_request and tgs_build_reply.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17600 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-01 13:17:42 +00:00
379d35fc8f
split out krb5 tgs req to make it easier to reorganize the code.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17598 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-06-01 11:15:20 +00:00
Love Hörnquist Åstrand