oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
22,113 Commits 2 Branches 2 Tags
a4975b1602b8fe2d31315387bce6e284759516ed
Commit Graph

133 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
e46ef6c72a Try both kdc server referral and the old client chasing mode. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22770 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:09:29 +00:00
Love Hörnquist Åstrand
2523a24965 Don't do canonicalize by default, make add_cred() sane, make loop 
detection in credential fetching better.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22768 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:09:21 +00:00
Love Hörnquist Åstrand
526b428c75 Make work for constrained delegation and impersonation. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22758 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:08:43 +00:00
Love Hörnquist Åstrand
e33ec47aaf Try moving referrals checking into _krb5_extract_ticket(). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22743 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:07:46 +00:00
Love Hörnquist Åstrand
1da2a3782e Add code to check PA_ServerReferralData. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22737 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:07:22 +00:00
Love Hörnquist Åstrand
d6845ca8a4 kill trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22734 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:07:09 +00:00
Love Hörnquist Åstrand
a86c4ec9ab Insecure tgs referrals. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22723 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:06:26 +00:00
Love Hörnquist Åstrand
756ead1cd9 Find_cred to try krb5_cc_retrieve_cred first, remove comment. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22719 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:06:08 +00:00
Love Hörnquist Åstrand
92e7251a36 Refactor code to flatten the call-tree. 
Make the ticket request in the TGS-REQ inherit the address-ness of the
krbtgt if the address is not specified in the function call.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22717 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:06:00 +00:00
Love Hörnquist Åstrand
e5baf09800 Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ. This drop 
compatibility with pre 0.3d KDCs.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22714 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:05:49 +00:00
Love Hörnquist Åstrand
829360b3f6 Catch KRB5_GC_CANONICALIZE. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22708 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:05:26 +00:00
Love Hörnquist Åstrand
fd82ee85e7 Remove support for [libdefaults]capath (not [libdefaults] capaths though). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22530 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-01-27 11:48:16 +00:00
Love Hörnquist Åstrand
b3ce2858da Make krb5_get_renewed_creds work, from Gunther Deschner. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21668 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-07-22 11:28:05 +00:00
Love Hörnquist Åstrand
55473ae4f7 Add krb5_get_renewed_creds. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21327 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-26 10:54:15 +00:00
Love Hörnquist Åstrand
d5bb7a7c56 (krb5_get_creds): if KRB5_GC_CONSTRAINED_DELEGATION is set, set both 
request_anonymous and constrained_delegation.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21253 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-21 04:24:24 +00:00
Love Hörnquist Åstrand
18278b0bef use krb5_sendto_context to talk to the KDC. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21063 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-12 17:59:36 +00:00
Love Hörnquist Åstrand
9df9f6a9da revert 21003 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21004 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-08 01:53:10 +00:00
Love Hörnquist Åstrand
12df8538af use "roken.h" consitantly 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21003 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-08 01:42:05 +00:00
Love Hörnquist Åstrand
6348a6849a Tell what principal we are not finding for all KRB5_CC_NOTFOUND. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20301 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-04-11 11:13:31 +00:00
Love Hörnquist Åstrand
dc0a5d69f2 Use EXTRACT_TICKET_* flags. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20226 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-16 03:31:50 +00:00
Love Hörnquist Åstrand
b9624a871d Use KRB5_KU_OTHER_CKSUM for the impersonate checksum. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19081 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-21 05:14:43 +00:00
Love Hörnquist Åstrand
390dc0d2ab Allow setting additional tickets in the tgs-req 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17628 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-06 21:22:54 +00:00
Love Hörnquist Åstrand
f030cab6b9 (krb5_get_creds): add KRB5_GC_NO_TRANSIT_CHECK 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17618 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-06 15:04:13 +00:00
Love Hörnquist Åstrand
eb409f99aa Add impersonate. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17615 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-06 14:57:16 +00:00
Love Hörnquist Åstrand
2b37c08fa7 (get_cred_from_kdc_flags): Use KRB5_ADDRESSLESS_DEFAULT when checking 
[appdefault]no-addresses.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16688 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-02-03 11:41:02 +00:00
Love Hörnquist Åstrand
0f1c19edb9 (krb5_get_credentials_with_flags): only call krb5_cc_retrieve_cred 
once, and plug memory leak.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15639 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-07-13 07:38:02 +00:00
Love Hörnquist Åstrand
552b026c14 remove cast that to avoid dropping const 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15463 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-06-16 22:57:14 +00:00
Love Hörnquist Åstrand
6c3ab75789 Remove expired credentials, based on patches and comments from Anders 
Magnusson <ragge@ltu.se> and Wynn Wilkes <wwilkes@vintela.com>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15160 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-17 11:48:06 +00:00
Luke Howard
6152d507ad pass all options to cc_retrieve_cred 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14530 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-02-02 07:30:04 +00:00
Love Hörnquist Åstrand
317fc43716 (get_cred_kdc_usage): retry using "large message safe" transport if we 
get back KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther
Deschner <gd@sernet.de>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14269 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-09-28 17:29:39 +00:00
Love Hörnquist Åstrand
3225e16607 (set_auth_data): set pointer to NULL after free 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14145 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-08-23 19:33:34 +00:00
Love Hörnquist Åstrand
abe49e97aa (init_tgs_req): if subkey not avaible, use session key for authorization-data 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13972 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-06-21 21:39:27 +00:00
Love Hörnquist Åstrand
91351971f7 add KRB5_LIB_FUNCTION to all exported functions 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13863 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-05-25 21:46:46 +00:00
Johan Danielsson
26457b7135 replace krb5_free_creds_contents by krb5_free_cred_contents 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13790 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-25 19:25:35 +00:00
Love Hörnquist Åstrand
111658f363 s/krb5_mk_req_internal/_&/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13624 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-23 12:07:23 +00:00
Love Hörnquist Åstrand
74ee19a354 (make_pa_tgs_req): abort on internal asn1 encode error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13302 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-02-03 16:59:37 +00:00
Love Hörnquist Åstrand
ff5bd23572 rename get_krbtgt to _krb5_get_krbtgt and export it 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13254 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-01-05 14:08:04 +00:00
Johan Danielsson
e7a40f2d44 get capath info from [capaths] section 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13024 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-10-20 16:40:14 +00:00
Johan Danielsson
7bfff16231 krb5_princ_realm -> krb5_principal_get_realm 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13023 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-10-20 16:38:53 +00:00
Love Hörnquist Åstrand
1a22071676 (init_tgs_req): make generation of subkey optional on configuration parameter 
[realms]realm={tgs_require_subkey=bool}
defaults to off. The RFC1510 weakly defines the correct behavior,
so old DCE secd apparently required the subkey to be there, and MS will
use it when its there. But the request isn't encrypted in the subkey,
so you get to choose if you want to talk to a MS mdc or a old DCE secd.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12550 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-08-16 16:25:14 +00:00
Love Hörnquist Åstrand
283630104a prefix libasn1 types with heim_ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12439 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-07-15 14:05:49 +00:00
Love Hörnquist Åstrand
63711b92db (init_tgs_req): in case of error, don't free in the req_body addresses 
since they where pass in by caller
(find_cred): use krb5_cc_clear_mcred


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12423 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-07-06 23:28:34 +00:00
Johan Danielsson
6a8ce7e86f (init_tgs_req): init ret 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11385 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-09-04 21:12:46 +00:00
Johan Danielsson
ddc308c36f use ASN1_MALLOC_ENCODE 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11372 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-09-04 16:26:05 +00:00
Johan Danielsson
9012f55e7c (init_tgs_req): use in_creds->session.keytype literally instead of 
trying to convert to a list of enctypes (it should already be an
enctype)


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11366 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-09-04 12:04:19 +00:00
Assar Westerlund
7985d3edff get a ticket with no addresses if no-addresses is set 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10868 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-03-10 23:11:29 +00:00
Assar Westerlund
47db784d92 (get_cred_kdc_la): fix typo 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10275 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-07-03 18:45:03 +00:00
Johan Danielsson
c1943c71a9 (get_cred_kdc_la): treat no addresses as wildcard 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10240 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-07-02 22:30:07 +00:00
Assar Westerlund
d27aa3b62e add some krb5_{set,clear}_error_string 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9937 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-05-14 06:14:52 +00:00
Assar Westerlund
414594d275 (get_cred_kdc): add support for falling back to KRB5_KU_AP_REQ_AUTH 
when KRB5_KU_TGS_REQ_AUTH gives `bad integrity'.  this helps for
talking to old (pre 0.3d) KDCs


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9749 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-03-13 04:29:36 +00:00