oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
25,489 Commits 2 Branches 2 Tags
faa1528394c80af1f5d34984523a3c1eb2bcec04
Commit Graph

78 Commits

Author SHA1 Message Date
Love Hornquist Astrand
7ecd5b5f9d Check NULL pointer before dereference them 
Found by Russ Allbery
 2010-05-26 11:45:17 -05:00
Love Hornquist Astrand
d3efb7d043 don't bother supporting KRB5_AUTHDATA_SIGNTICKET_OLD 2010-03-19 13:58:45 -07:00
Love Hornquist Astrand
24e2001f51 support old SIGNTICKET too 2010-03-19 13:56:20 -07:00
Love Hornquist Astrand
dde9ae659b drop RCSID 2010-03-16 12:50:09 -07:00
Andrew Bartlett
25a2ac726b heimdal Fix invalid format string 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-11-23 20:36:54 -08:00
Love Hornquist Astrand
6df0783c7e Redo client key handling for AS 
Pick the replykey to be the same as the preauth key, this allows
us to delay the picking of client key to when its needed, this
means that we can have a reply keys for PKINIT that is independant
of what keys the client have.
 2009-11-22 00:58:53 -08:00
Love Hornquist Astrand
b05756994b drop krb5_get_err_text 2009-11-04 20:03:55 -08:00
Love Hornquist Astrand
678f9f9f07 [HEIMDAL-533] KDC sends TGS-REP encrypted in session key not authenticator 
From RFC 4120, page 35

   In preparing the authentication header, the client can select a sub-
   session key under which the response from the Kerberos server will be
   encrypted.  If the client selects a sub-session key, care must be
   taken to ensure the randomness of the selected sub-session key.

The client library alread handle this case.

Thanks to Sam Hartman to report this though Debian
 2009-10-11 08:46:53 -07:00
Love Hornquist Astrand
a5b04fe4b5 If et.authorization_data is not allocated, make it so. 
Patch from Johan Gadsjö
 2009-09-29 23:28:47 -07:00
Love Hornquist Astrand
c1a54a5e37 Make KRB5SignedPath less fragile, only sign trivial parts of the encTicketPart 
Sign the client and auth time (like its done in the PAC) and let that
be ehough for now. Add a Typed hole so that we don't break wireprotocol
next time.
 2009-08-12 23:05:36 +02:00
Love Hörnquist Åstrand
2076c1c93e Add PAC to the first entry in the array since Windows and samba3 expects it there. 
The problem was found by Matthieu Patou, whom also created the first
patch which I changed to look what the current code looks like.

History is tracked in [HEIMDAL-582].

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25338 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:28:56 +00:00
Love Hörnquist Åstrand
8e2e176812 make compile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25305 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:27:09 +00:00
Love Hörnquist Åstrand
5136167f15 if client delegates to itself, that ok 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25304 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:26:57 +00:00
Love Hörnquist Åstrand
90de65f2be If backend implements ->hdb_check_constrained_delegation, use it for processing. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25303 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:26:39 +00:00
Love Hörnquist Åstrand
326381bfc6 fix error message in constrained delegation, from andrew bartlett 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25295 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 03:23:25 +00:00
Love Hörnquist Åstrand
506b98d110 Patch from Andrew bartlett via heimdal-bugs@h5l.org 
kdc Allow a password change when the password is expired

    This requires a rework on Heimdal's windc plugin layer, as we want
    full control over what tickets Heimdal will issue.  (In particular, in
    case our requirements become more complex in future).

    The original problem was that Heimdal's check would permit the ticket,
    but Samba would then deny it, not knowing it was for kadmin/changepw

    Andrew Bartlett

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25294 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 03:16:46 +00:00
Love Hörnquist Åstrand
0cd989c99e Turn else info else if to avoid falling of into FALSE. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25205 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-09 14:21:54 +00:00
Love Hörnquist Åstrand
5baf2e3d1a Simplify datagram_reply 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25132 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-25 16:26:10 +00:00
Love Hörnquist Åstrand
27316b9a1f use krb5_principal_get_realm 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25111 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-16 08:01:40 +00:00
Love Hörnquist Åstrand
98e7ac2226 spelling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25099 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-06 02:50:54 +00:00
Love Hörnquist Åstrand
7c97293c1e rename S4U2SELF to FOR_USER 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25044 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-03 04:04:33 +00:00
Love Hörnquist Åstrand
905c0d6bc6 compile errors 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24444 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 00:45:08 +00:00
Love Hörnquist Åstrand
489710f0ce s/KRB5SignedPathPrincipals/Principals/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24439 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 00:44:17 +00:00
Love Hörnquist Åstrand
b63c408070 plug memory leak 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24167 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:11:13 +00:00
Love Hörnquist Åstrand
af50e8483c free subkey earlier, part of #cid 122 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24103 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:00:08 +00:00
Love Hörnquist Åstrand
ab630e414e Allow the PAC to be passed along during cross-realm authentication. 
From abartlet

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24021 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-11-03 19:16:12 +00:00
Love Hörnquist Åstrand
dd22b9cdde switch to krb5_clear_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23914 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-14 02:56:17 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
858ef6867a Use ALLOC to allocate memory, from harald barth. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23709 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-28 12:57:47 +00:00
Love Hörnquist Åstrand
810f4208da pass down HDB_F_CANON to hdb_fetch for tgs req too, use the server name in the request. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23680 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-25 11:11:34 +00:00
Love Hörnquist Åstrand
b5910292fc make excpetion for known weak types 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23598 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-17 14:11:19 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
0205e1ebe3 Use unsigned where appropriate. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22870 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-07 18:50:28 +00:00
Ken'ichi Kamada
921fee6f9c use the correct server name for logging. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22795 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-28 08:21:23 +00:00
Love Hörnquist Åstrand
424eede709 Rename tgs_build_referral to build_server_referral since it can be 
used for AS-REQ too.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22739 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:07:31 +00:00
Love Hörnquist Åstrand
203a4ad7f1 Send SERVER-REFERRAL data in rep.padata instead of auth_data in ticket. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22735 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:07:13 +00:00
Love Hörnquist Åstrand
294999cc14 kill trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22733 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:07:05 +00:00
Love Hörnquist Åstrand
f57e7c4d5f Better referrals support, use canonicalize flag. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22729 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:06:50 +00:00
Love Hörnquist Åstrand
50901132f0 Also check KDCOptions->canonicalize when looking for referrals requests. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22713 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:05:45 +00:00
Love Hörnquist Åstrand
b9f88cce4c first version of the tgs referrals pathcheck 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22703 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-24 12:05:02 +00:00
Love Hörnquist Åstrand
5fed824f37 its vs it\'s etc. From Bjorn Sandell 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22071 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-11-14 20:04:50 +00:00
Love Hörnquist Åstrand
be8c8799d8 Should pass different key usage constants depending on whether or not 
optional sub-session key was passed by the client for the check of
authorization data. The constant is used to derive "specific key" and
its values are specified in 7.5.1 of RFC4120.

Patch from Andy Polyakov.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22068 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-11-14 19:56:15 +00:00
Love Hörnquist Åstrand
86e58a1b60 Don't send auth data in referrals, microsoft clients have started to 
not like that. Thanks to Andy Polyakov for excellent research.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22066 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-11-14 19:49:24 +00:00
Love Hörnquist Åstrand
4808b585af More prettier printing of enctype, from KAMADA Ken'ichi. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21949 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-10-04 18:49:27 +00:00
Love Hörnquist Åstrand
4ad305a90c Drop unused variable. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21262 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-21 15:18:37 +00:00
Love Hörnquist Åstrand
6c4ad61bd4 disable anonyous tgs requests 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21260 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-21 14:48:42 +00:00
Love Hörnquist Åstrand
85acea1b76 Don't check PAC on cross realm for now. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21258 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-21 14:11:01 +00:00
Love Hörnquist Åstrand
247866e443 Constify. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21041 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-10 06:21:12 +00:00
Love Hörnquist Åstrand
45ebb9c7f2 Only check service key for cross realm PACs. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20265 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-18 08:34:36 +00:00