Commit Graph

167 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
fea203a708 (_kdc_pk_check_client): use the acl in the kerberos database
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17830 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-07-13 18:32:45 +00:00
Love Hörnquist Åstrand
4c970b550e Avoid shadowing.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17579 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-13 21:22:55 +00:00
Love Hörnquist Åstrand
eeb100abe7 Don't call DH_check_pubkey, it doesn't exists in older OpenSSL.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17489 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-06 13:22:33 +00:00
Love Hörnquist Åstrand
044719a5bd (_kdc_pk_mk_pa_reply): send back ocsp response if it seems to be
valid, simplfy the pkinit-windows DH case (it doesn't exists).


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17410 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-05-02 14:04:34 +00:00
Love Hörnquist Åstrand
36b923f56a (_kdc_pk_check_client): reorganize and make log when a SAN matches.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17348 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-29 14:30:01 +00:00
Love Hörnquist Åstrand
61be59e8c7 make compile
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17290 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-26 18:53:52 +00:00
Love Hörnquist Åstrand
459f0648f1 Add option [kdc]pki-allow-proxy-certificate=bool to allow using proxy certificate.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17287 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-26 18:42:48 +00:00
Love Hörnquist Åstrand
d7bc1efbc8 (_kdc_pk_check_client): Use hx509_cert_get_base_subject to get subject
name of the certificate, needed for proxy certificates.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17285 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-26 18:36:22 +00:00
Love Hörnquist Åstrand
313fa917d5 Adapt to change in hx509_cms_create_signed_1.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17171 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-22 12:10:16 +00:00
Love Hörnquist Åstrand
1b73708904 (_kdc_pk_rd_padata): use hx509_cms_unwrap_ContentInfo.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17117 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-20 19:55:09 +00:00
Love Hörnquist Åstrand
2ad7b45365 Handle diffrences between libhcrypto and libcrypto.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17111 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-20 18:15:48 +00:00
Love Hörnquist Åstrand
6815452550 Added certificate revoke information from configuration file.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17054 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-12 13:21:46 +00:00
Love Hörnquist Åstrand
945efb8a96 Add pool of certificates to help certificate path building for clients
sending incomplete path in the signedData.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16854 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-03-28 19:57:25 +00:00
Love Hörnquist Åstrand
cd6acf1200 Allow passing in related certificates used to build the chain.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16850 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-03-28 04:38:14 +00:00
Love Hörnquist Åstrand
56057ad91b (pk_mk_pa_reply_dh): encode the DH public key with asn1 wrapping
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16822 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-03-27 02:27:59 +00:00
Love Hörnquist Åstrand
b6350decc0 (_kdc_pk_check_client): More logging.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16821 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-03-27 02:15:12 +00:00
Love Hörnquist Åstrand
f024392e81 Switch to hx509.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16814 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-03-26 23:55:17 +00:00
Love Hörnquist Åstrand
5290184954 update to new paChecksum definition, use hdb_entry_ex
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16733 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-02-13 11:48:21 +00:00
Love Hörnquist Åstrand
3bfded2697 (get_dh_param): Pass down config so this function can check pkinit_dh_min_bits
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16210 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-10-21 17:14:19 +00:00
Love Hörnquist Åstrand
1ef128fbff Removing PK-INIT-19 support.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16141 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-10-07 11:00:05 +00:00
Love Hörnquist Åstrand
b1fffa7079 Save DH group name and print it on success.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16139 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-10-07 10:40:00 +00:00
Love Hörnquist Åstrand
776512783d Check dh group parameters from client.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16137 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-10-07 08:57:51 +00:00
Love Hörnquist Åstrand
61b1ea80de The public DH key is encoded as an INTEGER in subjectPublicKey.
Don't verify OID's for now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16098 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-09-25 15:18:14 +00:00
Love Hörnquist Åstrand
f498bc66ae Implement correct DH for -27, now working with client.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16088 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-09-22 13:41:01 +00:00
Love Hörnquist Åstrand
28d0ef8d96 Move DH support from -19 to -27.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16086 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-09-21 00:40:32 +00:00
Love Hörnquist Åstrand
39b04f72d8 Support PK-INIT-27 DH (and remove -19)
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16080 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-09-20 19:10:29 +00:00
Love Hörnquist Åstrand
aa0dc9b533 Switch over logging and comments to -27.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15923 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-08-12 09:21:40 +00:00
Love Hörnquist Åstrand
761074d9a4 (pk_mk_pa_reply_enckey): add missing break;
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15922 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-08-12 09:14:52 +00:00
Love Hörnquist Åstrand
9c7e1cc84a Make compile.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15920 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-08-12 08:58:10 +00:00
Love Hörnquist Åstrand
d8b8b146cc Fill in asChecksum, we now implements -27 in the KDC.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15915 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-08-12 08:17:13 +00:00
Love Hörnquist Åstrand
7e8fdbc14d update to pkinit-27
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15760 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-07-26 18:37:02 +00:00
Love Hörnquist Åstrand
9af7efed48 prefix pkinit symbols with _kdc
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15544 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-07-01 15:37:24 +00:00
Love Hörnquist Åstrand
de92125f9d adapt pkinit code to libkdc split
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15540 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-07-01 04:42:59 +00:00
Love Hörnquist Åstrand
7a3fc5e663 Don't pollute namespace, generate public headerfile
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15532 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-06-30 01:54:49 +00:00
Love Hörnquist Åstrand
7132a9b084 Merge in the libkdc/kdc configuration split from Andrew Bartlet <abartlet@samba.org>
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15529 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-06-30 01:03:35 +00:00
Love Hörnquist Åstrand
10cedfe58e (pk_principal_from_X509): remember to free KRB5PrincipalName
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15365 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-06-11 00:42:20 +00:00
Love Hörnquist Åstrand
a3c6124483 handle pkinit-9, pkinit-19, and pkinit-25 enckey, still no DH
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15116 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-05-10 19:40:39 +00:00
Love Hörnquist Åstrand
2446dccfda pass a NULL prompter data to _krb5_pk_load_openssl_id
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15041 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-04-30 16:15:45 +00:00
Love Hörnquist Åstrand
01f52d48e6 use generated oid's
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14628 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-03-09 15:49:23 +00:00
Love Hörnquist Åstrand
2b0b4dc044 update to the asn1 structures used in -25's
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14625 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-03-08 22:17:46 +00:00
Love Hörnquist Åstrand
9f52383628 match new error names
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14317 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-10-14 15:49:51 +00:00
Love Hörnquist Åstrand
4feb3c1abd use ETYPE_DES3_CBC_NONE_CMS
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14302 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-10-12 21:25:43 +00:00
Love Hörnquist Åstrand
1212f664ea free openssl engine
deal with RecipientIdentifier -> CMSIdentifier and heim_any -> name change


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14293 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-10-06 22:37:46 +00:00
Love Hörnquist Åstrand
31b9ad59ba improve error logging
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14282 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-10-03 16:54:11 +00:00
Love Hörnquist Åstrand
15994aadba stop using AlgorithmIdentifierNonOpt
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14280 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-10-03 16:43:24 +00:00
Love Hörnquist Åstrand
af2494e41a (pk_principal_from_X509): reverse test, makes principal in cert work
From: Mayur Patel <patelm4@rpi.edu>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14055 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-07-19 20:45:50 +00:00
Love Hörnquist Åstrand
4347dadb27 Check certificate for Kerberos Principal in OtherName of subjectAltName
Based on patch from Mayur Patel <patelm4@rpi.edu>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13990 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-06-24 14:34:46 +00:00
Love Hörnquist Åstrand
713ea798a8 use krb5_enctype_to_oid
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13816 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-04-26 21:21:54 +00:00
Love Hörnquist Åstrand
36033ab9d4 use krb5_crypto_set_params
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13808 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-04-26 20:08:42 +00:00
Love Hörnquist Åstrand
4fa6529707 use IV for envelopeddata encryption, patch originally from Luke Howard
<lukeh@padl.com>, tweeked by me.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13776 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-04-25 14:29:33 +00:00