oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,680 Commits 2 Branches 2 Tags
9a21fddb7057afaaff3a62ed5272f83d0a68c5c1
Commit Graph

1512 Commits

Author SHA1 Message Date
Love Hornquist Astrand
9a21fddb70 use kdc_request_t for add_enc_pa_req 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
6319f31ecf break out KRB5_PADATA_REQ_ENC_PA_REP 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
1e048065c1 switch to _kdc_r_log 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
68bd6f63e8 move PKINIT to a preauth mech too 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
07342aa138 Add and use _kdc_set_e_text() 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
13eeb30a1d Create a request structure 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
0332787e0f Hide client name of privacy reasons 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
65254713a2 log if we have FAST PA or not 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
17d5f8d19e make AS work with FAST 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
6c31f5a95f free ac after its used 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
a2bcf8bbdd break out mk_error 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
04983dfd94 Preserve outer error 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
4561012998 fix up to update kdc_db_fetch 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
79703dc3cc memory management 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
8eb256ea00 send enc challange in KDC reply 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
7151d4e66c partial handling of ENC-CHALLANGE 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
7d1a059f9e comment why we add cookie 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
1fac725de4 send cookie on error and send right error message 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
30cca73765 more fast bits 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
78bef36409 include fast.c 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
deed0642d0 Handle ticket checksum 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
bcbcc67ab7 try handle finished message, ticket processing missing 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
2f5d801156 change client access message 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
dfd7a43e44 change client access message 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
35d4b23a22 start error codes finish message 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
580b370e08 make pa-data optional 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
c6a9bdb140 spelling 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
5edb5d0275 move out generic fast packet building into fast.c 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
6a74bba8f9 move out generic fast packet building into fast.c 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
e372cc6b8a re-shuffle to make c90 compatible 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
1af9487bff got fetch armor key 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
a1feab396e more ticket bits 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
d04289855e more bits 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
96299ac2bb no warnings 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
3b034b231d more bits 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
7802e24170 first drop of the AS-REQ FAST + krb-error FAST codepath 2011-07-24 20:24:34 -07:00
Love Hornquist Astrand
f2c7370609 announce fx-fast 2011-07-24 20:24:34 -07:00
Love Hörnquist Åstrand
f102ee7831 compiler warning 2011-07-24 19:56:09 -07:00
Love Hörnquist Åstrand
1124c4872d KVNOs are krb5uint32 in RFC4120, make it so 2011-07-24 14:23:45 -07:00
Love Hörnquist Åstrand
af4aea85ae cast to avoid size_t vs int issue 2011-07-24 13:07:07 -07:00
Love Hörnquist Åstrand
c5db78a3c2 switch to use use_strongest_server_key 
use the same behavior as 1.4 release.
 2011-07-24 10:33:28 -07:00
Stefan Metzmacher
296548d34a kdc: pass down the delegated_proxy_principal to the verify_pac() function 
This is needed in order to add the S4U_DELEGATION_INFO to the pac.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-23 11:48:11 -07:00
Stefan Metzmacher
626d2607d5 kdc/windc_plugin.h: KRB5_WINDC_PLUGIN_MINOR 4 => 5 
commit "heimdal Add support for extracting a particular KVNO from the database"
(f469fc6d49 in heimdal/master
 and 9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e in samba/master)
changed the windc_plugin interface, so we need to change the
version number.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-23 11:48:11 -07:00
Stefan Metzmacher
aabb937b46 kdc: don't allow self delegation if a backend check_constrained_delegation() hook is given 
A service should use S4U2Self instead of S4U2Proxy.

Windows servers allow S4U2Proxy only to explicitly configured
target principals.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-23 11:48:11 -07:00
Stefan Metzmacher
6cb0e81760 kdc: pass down the server hdb_entry_ex to check_constrained_delegation() 
This way we can compare the already canonicalized principals,
while still passing the client specified target principal down
to the backend specific constrained_delegation() hook.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-23 11:48:11 -07:00
Stefan Metzmacher
d6a56b847b kdc: use the correct client realm in the EncTicketPart 
With S4U2Proxy tgt->crealm might be different from tgt_name->realm.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-23 11:48:11 -07:00
Love Hörnquist Åstrand
12403a31ce sprinkle more windows files 2011-07-23 11:18:21 -07:00
Love Hörnquist Åstrand
7aaba443bc add NTMakefile and windows directories 2011-07-17 12:16:59 -07:00
Love Hörnquist Åstrand
d756ad019a make tests pass again 2011-06-19 11:49:33 -07:00
Stefan Metzmacher
e54d07a9b6 kdc: check and regenerate the PAC in the s4u2proxy case 
TODO: we need to add a S4U_DELEGATION_INFO to the PAC later.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-19 10:26:11 -07:00