oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Commit Graph

  • 7990dc287d asn1: use " instead of ' when quoting on Windows Luke Howard 2021-12-22 14:52:04 +11:00
  • 7cd99b86d3 roken: include MIT license text Luke Howard 2021-12-22 14:45:35 +11:00
  • 5ba4607277 krb5: report_canonical_client_name implies check_pac Luke Howard 2021-12-22 14:33:01 +11:00
  • 9aa67e58ba roken: don't call assert() before variable decl Luke Howard 2021-12-22 13:43:17 +11:00
  • 8590499b53 kdc: include SID in PAC with GSS authorizer Luke Howard 2021-12-20 17:09:50 +11:00
  • a2c225fe0a kdc: add PA PAC finalize callback Luke Howard 2021-12-20 16:40:35 +11:00
  • f7964251ff kdc: support for PAC_ATTRIBUTES_INFO Luke Howard 2021-12-20 15:31:33 +11:00
  • e50033aec2 kdc: add canonical principal name to authz data Luke Howard 2021-12-19 16:02:58 +11:00
  • 0ab3b7b2dd krb5: support for canonical name in PAC Luke Howard 2021-09-23 13:39:36 +10:00
  • b3bb3ac49d roken: add rk_clzll() helper function Luke Howard 2021-12-20 20:50:27 +11:00
  • 29cd8a46d8 krb5: zero memory in krb5_storage_emem() Luke Howard 2021-12-20 19:28:06 +11:00
  • 5528039a07 bx509d: Fix tests/kdc/check-bx509 Nicolas Williams 2021-12-20 16:34:13 -06:00
  • 2bb85f61e9 roken: unbreak Windows build Luke Howard 2021-12-21 08:15:17 +11:00
  • fe095aa1c0 krb5: Decorate Principal type with name attributes Nicolas Williams 2021-12-19 23:18:27 -06:00
  • 8962abdfbc asn1: Fix build (revert bits of 823fb8247) Nicolas Williams 2021-12-20 11:50:55 -06:00
  • 823fb82477 asn1: Add --decorate=... for internal bookkeeping Nicolas Williams 2021-12-19 22:51:10 -06:00
  • 309d1192df asn1: Add module->JSON dump Nicolas Williams 2021-12-08 16:23:11 -06:00
  • f5823216d0 kdc: Return error code from _kdc_check_pac() with an armor ticket Joseph Sutton 2021-12-20 15:14:23 +13:00
  • b16f93240e kdc: Fix NULL pointer dereference on failure to verify armor ticket PAC Joseph Sutton 2021-12-20 15:10:46 +13:00
  • 2670599efa krb5: fix allocation error in krb5_mk_ncred() Luke Howard 2021-12-20 12:41:59 +11:00
  • f555fdda7e hdb: fix allocation error in derive_keyset() Luke Howard 2021-12-20 12:40:28 +11:00
  • 45ea54a44a kdc: audit armor client principal name Luke Howard 2021-12-19 18:24:38 +11:00
  • 2730e12b6a hdb: SQLite HDB can handle enterprise principals Luke Howard 2021-12-19 21:01:14 +11:00
  • 7717cb71c3 tests: check TGS with GSS pre-authentication Luke Howard 2021-12-18 15:07:32 +11:00
  • a3392b099e kdc: allow cross-realm FAST armor TGT Luke Howard 2021-12-17 14:12:35 +11:00
  • e7588952ce kdc: add auth data type for synthetic principals Luke Howard 2021-12-18 14:54:13 +11:00
  • 23d96d822f klist: Check unparse_flags() result differently Nicolas Williams 2021-12-17 14:40:55 -06:00
  • 27d6526e3a kdc: Check unparse_flags() result differently Nicolas Williams 2021-12-17 14:40:35 -06:00
  • 90899b2361 kdc: parse_bytes() returns ssize_t Nicolas Williams 2021-12-17 14:40:10 -06:00
  • 50e08b4bc5 kcm: parse_bytes() returns ssize_t Nicolas Williams 2021-12-17 14:39:35 -06:00
  • f91b171f04 hxtool: parse_bytes() now returns ssize_t Nicolas Williams 2021-12-17 14:38:37 -06:00
  • e84bcc29d3 hx509: Flags are unsigned Nicolas Williams 2021-12-17 13:20:00 -06:00
  • 686d5116de roken: Unparse wider ints Nicolas Williams 2021-12-17 13:17:59 -06:00
  • fc76c83ab1 Revert "tgs-rep: always return canonical realm when force_canonicalize set" Luke Howard 2021-12-18 11:29:26 +11:00
  • 1bf02337f0 krb5: note GSS-API can be used as PA plugin interface Luke Howard 2021-12-17 19:42:35 +11:00
  • 42797a1c18 krb5: fix regression in test_cc build Luke Howard 2021-12-17 18:57:13 +11:00
  • e0929d16b7 kdc: don't leak msg in pa_enc_chal_validate() Luke Howard 2021-12-17 13:41:55 +11:00
  • a423193ce0 krb5: initialize tgs_req buffer in init_tgs_req() Luke Howard 2021-12-17 13:37:05 +11:00
  • 08e0305b26 kdc: Check PAC of armor tickets Joseph Sutton 2021-11-17 20:40:37 +13:00
  • 6f81e4c93b tgs-rep: always return canonical realm when force_canonicalize set Isaac Boukris 2018-10-31 21:46:45 +02:00
  • 5d92219788 kdc: set kvno to zero if reply key replaced Luke Howard 2021-12-17 13:27:31 +11:00
  • 4a2e40a5b6 kdc: Use HDB_AUTHSTATUS_INVALID to mark that the status has not be set yet Andrew Bartlett 2021-12-17 10:44:13 +13:00
  • 93deac696f hdb: Improve naming of constants for hdb_auth_status() Andrew Bartlett 2021-12-17 10:42:59 +13:00
  • bf39060696 hdb: Add clear comments on what the various HDB_AUTH* values mean Andrew Bartlett 2021-12-16 20:37:58 +13:00
  • 49420aa3a1 kdc: Don't return PREAUTH_FAILED if encrypted challenge did not fail to decrypt Joseph Sutton 2021-12-16 11:00:41 +13:00
  • 842b856e4c kdc: Pass extra information to hdb_auth_status() to log success and failures Andrew Bartlett 2017-02-21 14:07:54 +13:00
  • 22515634cf kdc: Optionally allow missing additional ticket PAC for user-to-user Joseph Sutton 2021-12-17 10:09:41 +13:00
  • 4dc369ef8f Revert "kdc: Check PAC of armor tickets" Luke Howard 2021-12-16 16:45:10 +11:00
  • a208b9dcb7 Revert "kdc: fix regression when validating armor client" Luke Howard 2021-12-16 16:44:48 +11:00
  • 91e86460cd kdc: Add krb5_is_enctype_old() to determine whether an enctype is older Joseph Sutton 2021-10-08 15:59:42 +13:00
  • 87348cf27a kdc: Verify PAC in TGT provided for user-to-user authentication Joseph Sutton 2021-11-16 13:14:48 +13:00
  • 3e197ecbee kdc: Check name in request against name in user-to-user TGT Joseph Sutton 2021-11-16 13:09:06 +13:00
  • 4112f6fc79 kdc: Use sname from request rather than user-to-user TGT client name Joseph Sutton 2021-11-16 13:04:44 +13:00
  • b768c78fca kdc: Move fetching krbtgt entry to before enctype selection Joseph Sutton 2021-11-16 12:57:47 +13:00
  • 5cb5b6d748 kdc: Check return code Joseph Sutton 2021-11-16 12:53:06 +13:00
  • ea8e8a4a8a kdc: Avoid races and multiple DB lookups in s4u2self check Joseph Sutton 2021-11-16 12:51:28 +13:00
  • 6b635f66de kdc: fix regression when validating armor client Luke Howard 2021-12-16 16:05:07 +11:00
  • b8c58191dc kdc: Optionally require that PAC be be present Joseph Sutton 2021-10-29 14:35:52 +13:00
  • 83a80cd53b kdc: Check PAC of armor tickets Joseph Sutton 2021-11-17 20:40:37 +13:00
  • caf7e173a4 kdc: Make check_PAC() and verify_flags() accessible to KDC code Joseph Sutton 2021-11-18 13:17:00 +13:00
  • c0fa930590 kdc: Don't advertise padata types that will not be accepted Joseph Sutton 2021-11-18 15:15:52 +13:00
  • 4aa8677081 kadm5: Use KADM5_PASS_Q_GENERIC Nicolas Williams 2021-12-15 15:45:56 -06:00
  • 437d4e95ec kadm5: Add KADM5_PASS_Q_GENERIC, note MIT diffs Nicolas Williams 2021-12-15 15:21:45 -06:00
  • 2a9e998072 krb5: Fix incorrect use of KRB5_ERR_NO_SERVICE Nicolas Williams 2021-12-15 15:20:18 -06:00
  • 9d426d20b5 krb5: Add missing errors from MIT krb5 Nicolas Williams 2021-12-15 15:19:33 -06:00
  • af923957f6 krb5: Make test_cc w/ KEYRING more reliable Nicolas Williams 2021-12-15 15:17:36 -06:00
  • 3da32ef699 Revert "kinit: Try anon PKINIT armored FAST when possible" Nicolas Williams 2021-12-15 10:18:31 -06:00
  • d6f9cec30f hdb: do not return HDB_ERR_WRONG_REALM if force_canon set Luke Howard 2021-12-14 18:00:05 +11:00
  • 54129c319c kdc: Don't keep trying keys for encrypted-challenge if one decrypts but fails to verify Joseph Sutton 2021-11-16 20:22:03 +13:00
  • 0ea840ebfc kdc: Check authdata in ticket rather than in request body Joseph Sutton 2021-11-16 20:01:16 +13:00
  • 313caed18a kinit: Try anon PKINIT armored FAST when possible Nicolas Williams 2021-12-08 21:35:05 -06:00
  • a616cec9d8 kdc: Document enable-pkinit param Nicolas Williams 2021-12-08 21:24:39 -06:00
  • 660f875a34 kdc: Add [kdc] params to control PA-ENC-TIMESTAMP Nicolas Williams 2021-12-08 21:22:09 -06:00
  • 717ad8b043 kdc: Add support for explicit armoring from MS-KILE Joseph Sutton 2021-11-17 20:23:12 +13:00
  • 96ee28c32c kdc: Allow RODC-issued armor tickets Joseph Sutton 2021-11-18 13:18:09 +13:00
  • 2087e07c1e kdc: update PAC hooks for Samba Luke Howard 2021-12-14 12:40:31 +11:00
  • fcd8e33a98 tests: use KRB5_CALLCONV for windc test plugin Luke Howard 2021-12-14 12:55:16 +11:00
  • 814e58fda8 heimdal: Make _krb5_pac_get_kdc_checksum_info() into a global function Joseph Sutton 2021-10-08 15:43:41 +13:00
  • 2f21cf9933 kdc: Fix leak Joseph Sutton 2021-11-18 13:19:56 +13:00
  • f1255da03c krb5: Check asprintf return value Joseph Sutton 2021-12-14 11:28:10 +13:00
  • b8f8906822 asn1: Fix binary search off-by-one read Joseph Sutton 2021-12-13 12:04:58 +13:00
  • d8af2eb730 kdc: don't leak armor crypto in TGS path Luke Howard 2021-12-14 12:12:40 +11:00
  • f95f4bc99e krb5: require strengthen_key when FAST + GSS PA Luke Howard 2021-12-13 12:36:27 +11:00
  • 007cc9fdc3 kdc: remove temporary krb5_context variable Luke Howard 2021-11-30 10:38:10 +11:00
  • 22c7e85c57 kinit: add --kdc-hostname option Luke Howard 2021-08-19 19:17:17 +10:00
  • 2b95853df4 kdc: salt FAST cookie key with client name Luke Howard 2021-08-10 13:56:46 +10:00
  • 9b55215a2a kdc: sync KDC FAST with Heimdal-597.121.1 Luke Howard 2021-08-11 12:24:34 +10:00
  • 47282cae34 krb5: import Heimdal-597.121.1 AS/TGS client Luke Howard 2021-08-09 19:32:21 +10:00
  • b5a58df8eb krb5: Document return of krb5_cc_get_config() Nicolas Williams 2021-12-10 17:14:19 -06:00
  • f44596b14b krb5: Fix null deref in krb5_init_creds_free() Nicolas Williams 2021-12-10 16:53:19 -06:00
  • cfa49a461c krb5: do not pack ccapi on Apple Silicon Luke Howard 2021-12-10 11:09:29 +11:00
  • eb85614c24 Revert "s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows" Luke Howard 2021-12-10 11:02:17 +11:00
  • 24a7a82e82 s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows Joseph Sutton 2021-08-11 13:27:11 +12:00
  • c7a8ee1439 kdc: update windc header guard to reflect filename Luke Howard 2021-12-08 15:28:00 +11:00
  • 9b62d72d51 heimdal:kdc: Match Windows error code for unsupported critical FAST options Joseph Sutton 2021-12-07 15:32:20 +13:00
  • 527906c821 heimdal:kdc: Properly check for unsupported critical FAST options Joseph Sutton 2021-12-06 14:32:49 +13:00
  • d2dc61c720 heimdal: Initialise KDC reply Joseph Sutton 2021-12-01 12:52:08 +13:00
  • 83625d349e gss: Make initiator inq. ctx. return canon. target Nicolas Williams 2021-12-06 16:52:52 -06:00
  • 5ace5f5a6a gss: Fix dst TGT deleg w/o dns_lookup_realm Nicolas Williams 2021-12-06 16:31:18 -06:00
  • bba573f286 krb5: Fix dst TGT deleg w/o dns_lookup_realm Nicolas Williams 2021-12-06 15:02:32 -06:00