oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,933 Commits 2 Branches 2 Tags
bbff216dc659954a76bb395ee36aa1a1c8571941
Commit Graph

49 Commits

Author SHA1 Message Date
Stefan Metzmacher
ae4d222f58 lib/krb5: verify_logonname() to handle multi component principal 
FreeIPA can generate tickets with a client principal of
'host/hostname.example.com'.

verify_logonname() should just verify the principal name
in the PAC_LOGON_NAME is the same as the principal of
the client principal (without realm) of the ticket.

Samba commit b7cc8c1187ff967e44587cd0d09185330378f366
break this. We try to compare ['host']['hostname.example.com']
with ['host/hostname.example.com]' (as we interpret it as enterprise principal)
this fail if we don't compare them as strings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2015-07-31 17:30:23 +12:00
Stefan Metzmacher
8c8a39b0b7 heimdal:lib/krb5: let build_logon_name() use KRB5_PRINCIPAL_UNPARSE_DISPLAY 
An ENTERPRISE principal should result in 'administrator@S4XDOM.BASE'
instead of 'administrator\@S4XDOM.BASE'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-06-17 17:41:27 -05:00
Stefan Metzmacher
2e6318f09a heimdal:lib/krb5: allow enterprise principals in verify_logonname() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-06-17 17:41:26 -05:00
Jeffrey Altman
5f138a16ef libkrb5: Add missing KRB5_LIB_FUNCTION/KRB5_LIB_CALL 
KRB5_LIB_FUNCTION and KRB5_LIB_CALL are necessary even on private
functions that are exported.

Change-Id: Iccd0cfe87ff0a9d851e29890e9cb55b3ae517ce1
 2013-06-22 21:17:32 -04:00
Harald Barth
3f52037382 Better error messages when UTF8 conversion fails 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-26 00:05:53 -07:00
Viktor Dukhovni
435c02fa26 Compare pac timestamp to unix timestamp right when neither are set 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:28:26 -07:00
Stefan Metzmacher
7ecbac23f6 lib/krb5: add utf8 support to build_logon_name() for the PAC 
Pair-Programmed-With: Arvid Requate <requate@univention.de>

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-11-16 19:42:45 -08:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Love Hornquist Astrand
03806492d9 prefix symbols that are _krb5_ structures 2011-03-12 13:45:09 -08:00
Love Hornquist Astrand
ea2534a55f export krb5_enomem 2010-11-24 14:35:56 -08:00
Asanka C. Herath
0f853405fe Add missing export and calling convention annotations 2010-11-24 15:32:49 -05:00
Love Hornquist Astrand
f178458310 use krb5_data_ct_cmp 2010-11-06 20:53:04 +01:00
Love Hornquist Astrand
55ccd5ff9c use _krb5_enomem and indent 2010-11-06 20:10:26 +01:00
Love Hornquist Astrand
5ab43b8520 plug memory leak 2010-11-06 20:01:02 +01:00
Andrew Bartlett
a42b77fb22 heimdal Add handling for PAC signatures over all encryption types 
There are exceptions from the expected behaviour of 'checksum type
matches key type' that we must deal with here, or else we can't serve
DES-only servers.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-06 19:56:48 +01:00
Love Hörnquist Åstrand
942a821fab remove RCSID 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25171 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-04 06:17:40 +00:00
Love Hörnquist Åstrand
a222d53b7f free utf8 string on failure, cid#87 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24098 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:59:18 +00:00
Love Hörnquist Åstrand
03babea1e3 switch to krb5_clear_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23911 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-14 02:55:39 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
ad4fcfd6d2 N_()ify 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23790 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-07 21:29:43 +00:00
Love Hörnquist Åstrand
39f62b79e4 Don't hide the checksums from the caller, From Andrew Bartlett. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23711 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-28 13:48:56 +00:00
Love Hörnquist Åstrand
1427d9773f add doxygen 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23703 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-28 01:12:16 +00:00
Love Hörnquist Åstrand
11752006c3 ignore error from crypto_destro to catch more intresting error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23506 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-11 10:00:28 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
b39eeb6c7a use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23299 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 03:29:14 +00:00
Love Hörnquist Åstrand
4212ec831b Cast size_t to unsigned long to avoid warning. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22989 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-15 15:55:12 +00:00
Love Hörnquist Åstrand
69c1f4ee7b Use libwind. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22562 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-02-03 17:38:35 +00:00
Love Hörnquist Åstrand
743ccd85cf make work with cpp again, reported by Hai Zaar 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21934 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-08-27 14:21:04 +00:00
Love Hörnquist Åstrand
d68b36bb90 make compile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21149 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-18 21:50:22 +00:00
Love Hörnquist Åstrand
c614532c87 (verify_checksum): memset cksum to avoid using pointer from stack. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21135 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-18 21:06:08 +00:00
Love Hörnquist Åstrand
6559e67d3c plug memory leaks. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20845 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-03 14:31:16 +00:00
Love Hörnquist Åstrand
a115c5af61 add PAC_CONSTRAINED_DELEGATION 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20302 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-04-11 11:14:06 +00:00
Love Hörnquist Åstrand
bebd317964 Create the PAC element in the same order as w2k3, 
maybe there's some broken code in windows which relies
on this... From metze.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20275 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-22 01:42:47 +00:00
Love Hörnquist Åstrand
f35bfaa82e (krb5_pac_add_buffer): unbreak buffer handling. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19824 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-11 02:08:01 +00:00
Love Hörnquist Åstrand
217a1f8aaf A tiny 2 char diffrence that make the code work for real. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19783 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-09 11:22:56 +00:00
Love Hörnquist Åstrand
4e6e594fc6 export some more pac functions. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19670 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-04 11:00:52 +00:00
Love Hörnquist Åstrand
0fac70e6c9 Support all keyed checksum types. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19624 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-03 15:28:00 +00:00
Love Hörnquist Åstrand
7b7419e387 (krb5_pac_get_types): gettypes. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19622 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-02 12:51:43 +00:00
Love Hörnquist Åstrand
7a2f244192 Add/remove pac buffer functions. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19617 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-02 12:18:20 +00:00
Love Hörnquist Åstrand
4f4857b16c sprinkle const 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19616 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-02 09:32:26 +00:00
Love Hörnquist Åstrand
cb206ff3bf rename DCHECK to CHECK 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19613 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-02 09:05:44 +00:00
Love Hörnquist Åstrand
073e1a2052 (fill_zeros): stop using MIN. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19029 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-13 17:45:27 +00:00
Love Hörnquist Åstrand
6d50466262 Spelling. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18996 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-12 17:30:48 +00:00
Love Hörnquist Åstrand
bfb5987861 Add code to sign PACs, only arcfour for now. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18992 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-12 08:37:27 +00:00
Love Hörnquist Åstrand
33b12f5ffd Sprinkle error strings. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18988 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-10 07:36:48 +00:00
Love Hörnquist Åstrand
ce3af21b1e Verify LOGON_NAME. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18987 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-10 07:22:55 +00:00
Love Hörnquist Åstrand
a84d691b26 Almost enough code to do PAC parsing and verification, missing in the 
unix2NTTIME and ucs2 corner. The later will be adressed by finally
adding libwind.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18965 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-09 02:55:17 +00:00