oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,647 Commits 2 Branches 2 Tags
ee58c256f42f6e005b444360c1c64fed17049c6f
Commit Graph

26647 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Metzmacher
2c031ca78c kdc: let check_PAC() to verify the incoming server and krbtgt cheksums 
For a normal TGS-REQ they're both signed with krbtgt key.
But for S4U2Proxy requests which ask for contrained delegation,
the keys differ.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-19 10:26:11 -07:00
Asanka C. Herath
adb8cba7ee Windows: Version 1.4.9930.630 2011-06-15 12:38:56 -04:00
Asanka C. Herath
8f51d5a8dc Windows: Use WixUI_FeatureTree for installer. 2011-06-15 01:55:21 -04:00
Asanka C. Herath
7236505bf0 Windows: Multiplatform installer should have a different name. 2011-06-15 01:55:21 -04:00
Asanka C. Herath
8aaf3183ca Windows: Make the 32-bit tools install directory customizable. 2011-06-15 01:55:20 -04:00
Asanka C. Herath
3048545de3 Windows: Use Software/Heimdal registry key for Heimdal specific configuration 
The 'plugin_dir' value is Heimdal specific.  So keep it in the
Software/Heimdal registry key.  The Software/Kerberos registry key
will also be loaded and will contain generic Kerberos configuration.
 2011-06-15 01:55:19 -04:00
Love Hörnquist Åstrand
b8ddbe73c4 quite down clang analyzer warnings for the generate asn1 code 2011-06-14 22:29:49 -07:00
Love Hörnquist Åstrand
e9e4f99f01 add missing space in log message 2011-06-14 22:00:25 -07:00
Love Hörnquist Åstrand
63565137d3 don't set i = 0, its never read 2011-06-14 21:57:34 -07:00
Love Hörnquist Åstrand
7dccddc6fb count number of enctypes too 2011-06-14 21:44:23 -07:00
Love Hörnquist Åstrand
0f489b7b28 unexport krb5_init_etype, remove duplicate code 2011-06-14 21:08:52 -07:00
Nicolas Williams
f93a56f931 Set improved enctypes parameter defaults to better match the RFC. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
016193ac6a Added manpage documentation for krb5_{as, tgs}_enctypes. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
2fbad6432b Initial support for default_{as, tgs}_etypes. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
c06d5ebfda Fixes to patches that add *use-strong* parameters. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
8ada355954 Forgot to default use_strongest_server_key... 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
76a192b906 Forgot to default preauth_use_strongest_session_key... 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
256cf6ea12 This patch adds support for a use-strongest-server-key krb5.conf kdc parameter that controls how the KDC (AS and TGS) selects a long-term key from a service principal's HDB entry. If TRUE the KDC picks the strongest supported key from the service principal's current keyset. If FALSE the KDC picks the first supported key from the service principal's current keyset. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
481fe133b2 Also added preauth-use-strongest-session-key krb5.conf kdc parameter, similar to {as, tgs}-use-strongest-session-key. The latter two control ticket session key enctype selection in the AS and TGS cases, respectively, while the former controls PA-ETYPE-INFO2 enctype selection in the AS case. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
a7a8a7e95c Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Love Hörnquist Åstrand
ec35b8d4a2 add option to disable --disable-heimdal-documentation 2011-06-14 20:33:44 -07:00
Love Hörnquist Åstrand
4a6fa9a979 distribute version-script.map 2011-06-14 07:18:32 -07:00
Love Hörnquist Åstrand
277bec06e7 simplify error printing, context contains error 2011-06-14 07:11:43 -07:00
Love Hörnquist Åstrand
40a53bae5f Don't build ppc any more, don't have a compiler for that any more 2011-06-13 21:23:23 -07:00
Love Hörnquist Åstrand
e72940c962 more frameworks for test_name 2011-06-13 21:19:10 -07:00
ghudson@MIT.EDU
3c725a465e Initialize zero before using it in unwrap_des(). 
Heimdal since fc702a97f5 (August 2009)
can't process DES wrap tokens unless the stack garbage in the zero
array happens to be all zeros.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-13 21:18:07 -07:00
Love Hörnquist Åstrand
9c040227a5 1.5pre2 2011-06-13 20:29:47 -07:00
Love Hörnquist Åstrand
afd8627f61 GSS names 2011-05-31 20:25:33 -07:00
Love Hornquist Astrand
ade3d65e73 more limits 2011-05-22 20:57:30 -07:00
Love Hornquist Astrand
9d4addf9c1 fix preferences 2011-05-22 20:47:32 -07:00
Love Hornquist Astrand
8b1b47035d Switch to krb5_enomem 2011-05-22 20:43:31 -07:00
Love Hörnquist Åstrand
5829bfe476 add LIB_heimbase 2011-05-22 17:28:24 -07:00
Love Hörnquist Åstrand
27f3d822cf Maybe include <sys/types.h> and <sys/select.h> 2011-05-22 17:14:29 -07:00
Love Hörnquist Åstrand
b019c085bd handle leaks excluded 2011-05-22 14:26:59 -07:00
Love Hörnquist Åstrand
48a91b7fc5 change prefix ETYPE_ to KRB5_ENCTYPE_ and provide compat symbols 2011-05-22 14:06:40 -07:00
Love Hornquist Astrand
3564726537 support NT_USER_NAME for real 2011-05-22 13:02:08 -07:00
Love Hornquist Astrand
9dc505a721 cred is no longer a name, handle that 2011-05-22 13:01:32 -07:00
Love Hornquist Astrand
12c3c12160 pass in client name 2011-05-22 13:01:00 -07:00
Love Hornquist Astrand
9a5019156c remove debug and don't check targetname since it doesn't really matter 2011-05-21 13:27:57 -07:00
Love Hornquist Astrand
5564106268 use client-amel 2011-05-21 13:25:51 -07:00
Love Hornquist Astrand
26085dfbc0 allocate enough memory 2011-05-21 13:25:24 -07:00
Love Hornquist Astrand
58ffee93b7 allow GSS_C_NT_USER_NAME too 2011-05-21 13:07:22 -07:00
Love Hornquist Astrand
cb7cbbb906 add more people that have contributed 2011-05-21 12:23:47 -07:00
Love Hornquist Astrand
58ea513056 fix error message 2011-05-21 12:11:04 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
25e86d6f4d check for execinfo.h and backtrace() 2011-05-21 11:55:21 -07:00
Thomas Klausner
97df66c0a0 Put Nd argument after Nd macro. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-05-21 11:54:27 -07:00
Thomas Klausner
3772533acd Convert to UTF-8. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-05-21 11:54:21 -07:00
Thomas Klausner
db8e287e41 Use "Fl Fl" for long options. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-05-21 11:54:14 -07:00
Love Hornquist Astrand
05a432aaed let try to exclude __CFInitialize 2011-05-20 08:42:29 -07:00