oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,873 Commits 2 Branches 2 Tags
ba8c3dbc6261ab397ce5bb4fc0ca6b0ea23eb46a
Commit Graph

41 Commits

Author SHA1 Message Date
Stefan Metzmacher
ba8c3dbc62 lib/gssapi/krb5: implement GSS_C_CHANNEL_BOUND_FLAG for gss_init_sec_context() 
This will force KERB_AP_OPTIONS_CBT to be sent.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2024-07-06 16:14:43 -04:00
Luke Howard
85756bd228 krb5: make keyed checksums mandatory where possible 
Make keyed checksums mandatory when generating and verifying checksums, with
the following exceptions:

* the checksum is being generated or verified as part of encrypting data for
  a legacy (DES) encryption type

* the KRB5_CRYPTO_FLAG_ALLOW_UNKEYED_CHECKSUM flag was set on the crypto
  context, used to allow unkeyed checksums in krb5 authenticators

By making unkeyed checksums opt-in, we eliminate a class of potential
vulnerabilities where callers could pass unkeyed checksums.

Any code that uses the mandatory checksum type for a given non-legacy
encryption type should not be affected by this change. It could potentially
break, say, a client trying to do FAST with DES keys but, that should not be
supported (because FAST KDCs also support AES).

Closes: #835
 2021-09-21 18:02:25 +10:00
Jeffrey Altman
5f138a16ef libkrb5: Add missing KRB5_LIB_FUNCTION/KRB5_LIB_CALL 
KRB5_LIB_FUNCTION and KRB5_LIB_CALL are necessary even on private
functions that are exported.

Change-Id: Iccd0cfe87ff0a9d851e29890e9cb55b3ae517ce1
 2013-06-22 21:17:32 -04:00
Love Hornquist Astrand
687db64c56 Patch from Secure Endpoints/Asanka Herath for windows support 2009-12-21 08:45:28 +01:00
Love Hornquist Astrand
a132ffe757 Simplify krb5_build_authenticator and unexport 2009-10-05 19:52:28 -07:00
Love Hörnquist Åstrand
942a821fab remove RCSID 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25171 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-04 06:17:40 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
874a6ccd1c (_krb5_mk_req_internal): use md5 for des-cbc-md4 and des-cbc-md5. 
This is for (older) windows that will be unhappy anything older.
From Inna Bort-Shatsky


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19511 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-27 12:07:22 +00:00
Love Hörnquist Åstrand
5a9da5632c (_krb5_mk_req_internal): Indent and remove unused code block. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16798 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-19 20:33:13 +00:00
Love Hörnquist Åstrand
4740e4a03a (_krb5_mk_req_internal): on failure, goto error handling. 
Fixes Coverity NetBSD CID 2591 by catching a failing krb5_copy_keyblock()


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16797 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-19 20:30:34 +00:00
Luke Howard
191db4ab4f support ETYPE_ARCFOUR_HMAC_MD5_56 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14468 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-01-05 06:31:01 +00:00
Love Hörnquist Åstrand
91351971f7 add KRB5_LIB_FUNCTION to all exported functions 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13863 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-05-25 21:46:46 +00:00
Love Hörnquist Åstrand
c1f83887ae unexport krb5_mk_req_internal to external users by prefixing it with _ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13623 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-23 12:06:33 +00:00
Love Hörnquist Åstrand
310984c158 (krb5_mk_req_internal): when using arcfour-hmac-md5, use an unkeyed 
checksum (rsa-md5), since Microsoft calculates the keyed checksum with
the subkey of the authenticator.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12409 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-06-28 21:05:12 +00:00
Johan Danielsson
2e1f72ec6b generate a local subkey if AP_OPTS_USE_SUBKEY is set 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11332 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-09-02 17:13:52 +00:00
Assar Westerlund
27753b359b (krb5_mk_req_internal): new krb5_create_checksum 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9871 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-05-09 07:15:00 +00:00
Assar Westerlund
931a0e0c03 (krb5_mk_req_internal): allow different usages for the encryption. 
change callers


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9169 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-11-15 07:01:26 +00:00
Assar Westerlund
accdd87f82 check return value from krb5_crypto_init 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8975 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-08-18 06:50:26 +00:00
Assar Westerlund
725515efbb (krb5_mk_req_internal): add comment on checksum type selection 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8929 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-08-10 20:15:41 +00:00
Johan Danielsson
c5b916ca6f remove advertising clause 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7464 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-02 17:05:13 +00:00
Assar Westerlund
3623dc5593 (krb5_mk_req_internal): try to handle old DCE secd's that are not able 
to handle MD5 checksums by defaulting to MD4 if the keytype was
DES-CBC-CRC


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6053 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-04-25 17:44:01 +00:00
Johan Danielsson
aaae186ab9 merge new-crypto branch 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5332 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-02-11 21:03:59 +00:00
Assar Westerlund
7ad34e19fc (krb5_mk_req_extended): more type-correctness 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5306 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-01-30 18:29:36 +00:00
Assar Westerlund
4d35cba165 (krb5_mk_req_extended): only set encryption type in auth_context if 
it's compatible with the type of the session key


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4866 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1998-05-12 19:10:59 +00:00
Johan Danielsson
22065c9623 Use same enctype as in ticket. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4743 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1998-04-05 19:13:35 +00:00
Assar Westerlund
40fe0f4135 (krb5_mk_req_ext): figure out the correct `enctype' 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4016 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-11-16 06:26:39 +00:00
Johan Danielsson
fb0f4ca9c3 Make authcontext->keyblock a pointer. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3916 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-11-11 01:51:35 +00:00
Johan Danielsson
6bb7d68279 x 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3596 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-10-13 21:05:16 +00:00
Assar Westerlund
47e156ec98 (krb5_mk_req_extended): figure out what cksumtype to use from the 
keytype.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3572 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-09-29 20:50:00 +00:00
Assar Westerlund
eb5df0ad88 (krb5_mk_req_extended): free the checksum 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2795 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-08-08 03:53:57 +00:00
Assar Westerlund
d7928440a3 free more 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2569 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-07-23 23:54:37 +00:00
Assar Westerlund
f6496cf162 initialize `r' 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2503 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-07-20 14:40:20 +00:00
Johan Danielsson
e10934272c Make an auth_context if none passed in. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2412 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-07-17 22:57:05 +00:00
Johan Danielsson
5a32a5c8e7 Add copyright notice. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2389 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-07-16 21:40:05 +00:00
Assar Westerlund
9a3939461e simply and support keyed checksums 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2254 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-07-13 07:26:41 +00:00
Assar Westerlund
71279c4d2d allow no checksum 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2188 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-07-12 14:39:18 +00:00
Assar Westerlund
f79e8aeda5 dynamic checksumtype 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2106 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-07-09 04:57:31 +00:00
Assar Westerlund
2b911eac5f removed extra free 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2021 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-07-07 09:52:14 +00:00
Johan Danielsson
50900e67c9 Rename contents to keyvalue. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1888 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-06-10 14:20:42 +00:00
Assar Westerlund
2182769575 new file 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1372 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-03-12 11:34:50 +00:00