oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,629 Commits 2 Branches 2 Tags
c7bd01c62a08b81dc68f62f4fba1e23e3c06c62b
Commit Graph

58 Commits

Author SHA1 Message Date
Chris Lamb
2f3f88e53a Correct "allignment" typos. 
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

(cherry-picked from Samba commit 8fcc49ecd44e69d7f9ada212c63896e0dcf488a4)
 2018-09-10 14:42:18 -04:00
Simon Wilkinson
e50faea7f0 krb5: Store a digest context in the crypto structure 
Creating and destroying an EVP_CTX_MD structure with every hash
operation is very expensive. Speed things up by caching one within
the krb5_crypto structure. krb5_crypto can already only be safely
used by one thread at a time - adding a message digest context here
shouldn't introduce any further threading risks.

Users of the stashed context must be careful to ensure that they
call no other hash functions whilst they are in the middle of using
the context.
 2018-05-23 09:54:27 -04:00
Simon Wilkinson
ca756f0f7f krb5: Use iovecs for internal checksum handling 
Modify the signature of the checksum operation in the
krb5_checksum_type structure so that it processes iovecs rather than
solid blocks of data.

Update all of the implementations of these functions for all of the
checksum types that we support so that they process iovecs, either
by iterating through the iovec in each function, or by calling
_krb5_evp_digest_iov or _krb5_evp_hmac_iov()

Update callers of these functions so that they turn their single blocks
of data into a single iovec of the correct type before calling checksum
 2018-05-23 09:54:27 -04:00
Nicolas Williams
122cdc578e Fix some krb5_storage_write() usages 2017-05-26 23:24:30 -04:00
Nicolas Williams
f38089257b Misc fixes (coverity) 2016-11-20 17:43:51 -06:00
Nicolas Williams
953dc07391 Round #1 of scan-build warnings cleanup 2016-11-15 21:27:20 -06:00
Andrew Bartlett
2ff110cfa6 Merge pull request #154 from metze-samba/heimdal-for-upstream 
lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CH…
 2016-05-14 22:32:13 +12:00
aaptel
08a2d1a320 lib/krb5/pac.c: fix NULL check typo 2016-03-10 10:33:53 +01:00
Stefan Metzmacher
7cd40a6105 lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CHECKSUM} elements in _krb5_pac_sign() 
A caller may want to specify an explicit order of PAC elements,
e.g. the PAC_UPN_DNS_INFO element should be placed after the PAC_LOGON_NAME
element.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2016-02-02 15:31:18 +01:00
Stefan Metzmacher
ae4d222f58 lib/krb5: verify_logonname() to handle multi component principal 
FreeIPA can generate tickets with a client principal of
'host/hostname.example.com'.

verify_logonname() should just verify the principal name
in the PAC_LOGON_NAME is the same as the principal of
the client principal (without realm) of the ticket.

Samba commit b7cc8c1187ff967e44587cd0d09185330378f366
break this. We try to compare ['host']['hostname.example.com']
with ['host/hostname.example.com]' (as we interpret it as enterprise principal)
this fail if we don't compare them as strings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2015-07-31 17:30:23 +12:00
Stefan Metzmacher
8c8a39b0b7 heimdal:lib/krb5: let build_logon_name() use KRB5_PRINCIPAL_UNPARSE_DISPLAY 
An ENTERPRISE principal should result in 'administrator@S4XDOM.BASE'
instead of 'administrator\@S4XDOM.BASE'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-06-17 17:41:27 -05:00
Stefan Metzmacher
2e6318f09a heimdal:lib/krb5: allow enterprise principals in verify_logonname() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-06-17 17:41:26 -05:00
Jeffrey Altman
5f138a16ef libkrb5: Add missing KRB5_LIB_FUNCTION/KRB5_LIB_CALL 
KRB5_LIB_FUNCTION and KRB5_LIB_CALL are necessary even on private
functions that are exported.

Change-Id: Iccd0cfe87ff0a9d851e29890e9cb55b3ae517ce1
 2013-06-22 21:17:32 -04:00
Harald Barth
3f52037382 Better error messages when UTF8 conversion fails 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-26 00:05:53 -07:00
Viktor Dukhovni
435c02fa26 Compare pac timestamp to unix timestamp right when neither are set 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:28:26 -07:00
Stefan Metzmacher
7ecbac23f6 lib/krb5: add utf8 support to build_logon_name() for the PAC 
Pair-Programmed-With: Arvid Requate <requate@univention.de>

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-11-16 19:42:45 -08:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Love Hornquist Astrand
03806492d9 prefix symbols that are _krb5_ structures 2011-03-12 13:45:09 -08:00
Love Hornquist Astrand
ea2534a55f export krb5_enomem 2010-11-24 14:35:56 -08:00
Asanka C. Herath
0f853405fe Add missing export and calling convention annotations 2010-11-24 15:32:49 -05:00
Love Hornquist Astrand
f178458310 use krb5_data_ct_cmp 2010-11-06 20:53:04 +01:00
Love Hornquist Astrand
55ccd5ff9c use _krb5_enomem and indent 2010-11-06 20:10:26 +01:00
Love Hornquist Astrand
5ab43b8520 plug memory leak 2010-11-06 20:01:02 +01:00
Andrew Bartlett
a42b77fb22 heimdal Add handling for PAC signatures over all encryption types 
There are exceptions from the expected behaviour of 'checksum type
matches key type' that we must deal with here, or else we can't serve
DES-only servers.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-06 19:56:48 +01:00
Love Hörnquist Åstrand
942a821fab remove RCSID 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25171 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-04 06:17:40 +00:00
Love Hörnquist Åstrand
a222d53b7f free utf8 string on failure, cid#87 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24098 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:59:18 +00:00
Love Hörnquist Åstrand
03babea1e3 switch to krb5_clear_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23911 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-14 02:55:39 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
ad4fcfd6d2 N_()ify 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23790 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-07 21:29:43 +00:00
Love Hörnquist Åstrand
39f62b79e4 Don't hide the checksums from the caller, From Andrew Bartlett. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23711 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-28 13:48:56 +00:00
Love Hörnquist Åstrand
1427d9773f add doxygen 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23703 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-28 01:12:16 +00:00
Love Hörnquist Åstrand
11752006c3 ignore error from crypto_destro to catch more intresting error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23506 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-11 10:00:28 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
b39eeb6c7a use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23299 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 03:29:14 +00:00
Love Hörnquist Åstrand
4212ec831b Cast size_t to unsigned long to avoid warning. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22989 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-15 15:55:12 +00:00
Love Hörnquist Åstrand
69c1f4ee7b Use libwind. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22562 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-02-03 17:38:35 +00:00
Love Hörnquist Åstrand
743ccd85cf make work with cpp again, reported by Hai Zaar 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21934 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-08-27 14:21:04 +00:00
Love Hörnquist Åstrand
d68b36bb90 make compile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21149 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-18 21:50:22 +00:00
Love Hörnquist Åstrand
c614532c87 (verify_checksum): memset cksum to avoid using pointer from stack. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21135 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-18 21:06:08 +00:00
Love Hörnquist Åstrand
6559e67d3c plug memory leaks. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20845 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-03 14:31:16 +00:00
Love Hörnquist Åstrand
a115c5af61 add PAC_CONSTRAINED_DELEGATION 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20302 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-04-11 11:14:06 +00:00
Love Hörnquist Åstrand
bebd317964 Create the PAC element in the same order as w2k3, 
maybe there's some broken code in windows which relies
on this... From metze.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20275 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-22 01:42:47 +00:00
Love Hörnquist Åstrand
f35bfaa82e (krb5_pac_add_buffer): unbreak buffer handling. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19824 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-11 02:08:01 +00:00
Love Hörnquist Åstrand
217a1f8aaf A tiny 2 char diffrence that make the code work for real. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19783 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-09 11:22:56 +00:00
Love Hörnquist Åstrand
4e6e594fc6 export some more pac functions. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19670 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-04 11:00:52 +00:00
Love Hörnquist Åstrand
0fac70e6c9 Support all keyed checksum types. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19624 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-03 15:28:00 +00:00
Love Hörnquist Åstrand
7b7419e387 (krb5_pac_get_types): gettypes. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19622 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-02 12:51:43 +00:00
Love Hörnquist Åstrand
7a2f244192 Add/remove pac buffer functions. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19617 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-02 12:18:20 +00:00