oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,070 Commits 2 Branches 2 Tags
git2svn-syncpoint-master
Commit Graph

161 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
1a1bd736c0 merge support for FAST in as-req codepath 2011-10-28 19:25:48 -07:00
Nicolas Williams
a5e77c578e Deferred hostname canon using name canon rules 2011-10-22 14:54:13 -05:00
Love Hornquist Astrand
13eeb30a1d Create a request structure 2011-07-24 20:24:37 -07:00
Love Hörnquist Åstrand
f102ee7831 compiler warning 2011-07-24 19:56:09 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Jeffrey Altman
6850d6a65f avoid uninit variable and unreachable code warnings 
most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.

Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
 2011-05-17 12:02:16 -04:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Love Hornquist Astrand
7639f83561 Use right length. Pointed out by Tom Yu 2010-06-28 20:22:22 -07:00
Love Hornquist Astrand
6e05462c1e DH_compute_key might not include zero pre-filling, add it back. Reported by Tom Yu of MIT Kerberos 2010-06-28 21:50:43 +02:00
Love Hornquist Astrand
dde9ae659b drop RCSID 2010-03-16 12:50:09 -07:00
Love Hornquist Astrand
55db6909fe _kdc_pk_initialize needs to be exported for kdc-replay 
prompted by patch from Gabor Gombas <gombasg@sztaki.hu>
 2009-11-25 05:08:44 -08:00
Love Hornquist Astrand
dd67212157 add disable btmm support 2009-11-22 00:29:36 -08:00
Love Hornquist Astrand
97dd51a2da use krb5_get_error_message() 2009-11-03 23:50:45 -08:00
Love Hornquist Astrand
2ec7e6b4fa Use hx509_context that build from krb5_context 2009-09-29 13:13:21 -07:00
Love Hornquist Astrand
e27f40b032 update usage for _krb5_pk_load_id 2009-09-29 11:28:51 -07:00
Love Hornquist Astrand
7fbe96b164 Paranoid in checking that we parsed the complete buffer 2009-09-29 08:26:17 -07:00
Andrew Bartlett
f8c121b282 Add support for user principal names in certificates [HEIMDAL-602] 
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ.  (This was a TODO in
the Heimdal KDC)

The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
 2009-08-04 09:34:58 +02:00
Love Hornquist Astrand
1ca716bbc7 Free buf on random generator error [CID-177] 2009-07-30 07:42:12 +02:00
Love Hornquist Astrand
9b710bed81 store is never read again 2009-07-29 22:37:58 +02:00
Love Hörnquist Åstrand
0cac9adc37 one more HAVE_OPENSSL for EC 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25274 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-06 06:43:10 +00:00
Love Hörnquist Åstrand
00c0fcb461 Use OID variable instead of function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25249 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-28 01:20:27 +00:00
Love Hörnquist Åstrand
1530060a84 Assume old client if it doesn't send supportedCMSTypes. 
Add error message.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25167 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-04 06:16:40 +00:00
Love Hörnquist Åstrand
792da8685d don't leak memory 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25084 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-04 17:08:56 +00:00
Love Hörnquist Åstrand
27e41bf7d6 If the client sent more then 10 EDI, don't bother looking more then 10 
of performance reasons.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25002 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 19:49:09 +00:00
Love Hörnquist Åstrand
eb81f54da8 Flatten the reply 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25001 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 19:48:55 +00:00
Love Hörnquist Åstrand
dd3405112f rename client_params and set proxy cert bit on the right context 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24994 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:04:00 +00:00
Love Hörnquist Åstrand
5ee06ffbff Make one verify context per client, this way we can add our own trust 
anchors for each client, so that self registed/special certificate are
allowed as trust anchors.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24987 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:02:44 +00:00
Love Hörnquist Åstrand
f4f623e7d8 comment on what to add 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24942 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-25 15:36:58 +00:00
Love Hörnquist Åstrand
eb32e1f0ff add generation of session key here 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24939 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-25 15:36:26 +00:00
Love Hörnquist Åstrand
143101e825 better printing of keyex mech 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24704 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:14:07 +00:00
Love Hörnquist Åstrand
985e9f898d mrore DH bits 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:12:55 +00:00
Love Hörnquist Åstrand
b86374c262 Implement ECDH in the KDC. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24695 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:12:36 +00:00
Love Hörnquist Åstrand
11876749d4 more bits for ECDH 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24688 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 04:17:05 +00:00
Love Hörnquist Åstrand
b370260466 Abstract out use of DH 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24687 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 04:16:54 +00:00
Love Hörnquist Åstrand
4aebfb78c0 Remove extra anonymous check. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24600 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:07:52 +00:00
Love Hörnquist Åstrand
c1e6b65501 use is_anonymous(), extra new argument to _krb5_pk_load_id() 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24593 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:06:42 +00:00
Love Hörnquist Åstrand
7f61137222 Use HX509_CMS_VS_ALLOW_ZERO_SIGNER for anonymous requests. 
Move the check client/anonoymous logic here

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24577 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:03:58 +00:00
Love Hörnquist Åstrand
cc20011567 deny non valid use of anonymous requests. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24574 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:03:27 +00:00
Love Hörnquist Åstrand
6d2fc59777 - Add switch to select friendly_name of the certificate. 
- Use HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH some CMS implementestions get the oid
wrong when they do evelopeddata.
- Use HX509_CMS_EV_NO_KU_CHECK since some clients send certs that are
not enveloped certs.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24196 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-15 04:31:32 +00:00
Love Hörnquist Åstrand
49ff682fff better error messages 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24179 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-15 04:28:43 +00:00
Love Hörnquist Åstrand
937e8ffe0a plug memory leak of DH public key 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24154 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:08:57 +00:00
Love Hörnquist Åstrand
e295c94913 allow freeing of client_params=NULL cid#54 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24131 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:05:00 +00:00
Love Hörnquist Åstrand
9c92a36dd8 return up kdc_cert from signing operation so that OSCP can do the right thing. cid#55 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24130 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:04:50 +00:00
Love Hörnquist Åstrand
a1ebdfc19c remove dead code: cid# 11 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24104 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:00:18 +00:00
Love Hörnquist Åstrand
a3107b9af4 free hx509_query on non matching cert. cid#120 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24101 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:59:48 +00:00
Love Hörnquist Åstrand
c0b677504f indent 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24000 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-11-02 07:04:46 +00:00
Love Hörnquist Åstrand
dd22b9cdde switch to krb5_clear_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23914 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-14 02:56:17 +00:00
Love Hörnquist Åstrand
fd676a5005 Patch from Shi Hosoda to add back windows XP SP2 compat that we have 
manged to break. This patch make it possible to use Samba4 with
Windows XP SP2, way cool!

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23861 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-22 06:32:28 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00