heimdal/kdc at b8c58191dc02956847308628378e59e005705d67 - heimdal - PVV Git

oysteikt/heimdal

Files

History

Joseph Sutton b8c58191dc kdc: Optionally require that PAC be be present

This is from Samba's patches for CVE-2020-25719.

This allows Heimdal to match AD behaviour, when configured,
for the behaviour after Microsoft's CVE-2021-42287 when
PacRequestorEnforcement is set to 2.

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686
REF: https://support.microsoft.com/en-au/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

[abarlet@samba.org based on Samba commit
 756934f14cc87dc1adfd9315672ae5d49cb24d95
 and f7a2fef8f49a86f63c3dc2f6a2d7d979fb53238a]

2021-12-16 14:41:10 +11:00

..

altsecid_gss_preauth_authorizer.c

kdc: correct logic error in altsecid_gss_preauth_authorizer

2021-08-31 11:06:32 +00:00

announce.c

cast to avoid size_t vs int issue

2011-07-24 13:07:07 -07:00

bx509d.8

bx509: Add addresses q-param for /get-tgt

2021-04-14 19:28:08 -05:00

bx509d.c

Always perform == or != operation on cmp function result

2021-11-24 22:30:44 -05:00

ca.c

bx509d: Allow requesting longer cert lifetimes

2021-03-07 22:20:06 -06:00

cjwt_token_validator.c

Move some infra bits of lib/krb5/ to lib/base/ (2)

2020-03-02 10:56:13 -06:00

config.c

roken_detach_prep() should return fd

2019-10-03 13:09:18 -05:00

connect.c

kdc: enable keepalive mode on incoming sockets

2020-07-24 01:32:34 -04:00

csr_authorizer_plugin.h

kdc: Get KDC config out of CSR authorizer API

2020-09-08 00:25:24 -05:00

csr_authorizer.c

kdc: Get KDC config out of CSR authorizer API

2020-09-08 00:25:24 -05:00

default_config.c

kdc: Optionally require that PAC be be present

2021-12-16 14:41:10 +11:00

digest-service.c

Use UTF-8 in KTH copyright notice

2021-11-29 12:50:26 +11:00

digest.c

kdc: map KRB5_PROG_SUMTYPE_NOSUPP to KRB5KDC_ERR_SUMTYPE_NOSUPP

2021-09-21 18:17:00 +10:00

fast.c

kdc: Check PAC of armor tickets

2021-12-16 12:59:01 +11:00

gss_preauth_authorizer_plugin.h

kdc: support for GSS-API pre-authentication

2021-08-12 17:37:01 +10:00

gss_preauth.c

kdc: map KRB5_PROG_SUMTYPE_NOSUPP to KRB5KDC_ERR_SUMTYPE_NOSUPP

2021-09-21 18:17:00 +10:00

headers.h

kdc: support for GSS-API pre-authentication

2021-08-12 17:37:01 +10:00

hprop-version.rc

Windows: Version information for binaries

2010-08-20 13:06:54 -04:00

hprop.8

Fixes #550 - Note that encrypt is the default option

2019-05-30 20:10:25 -04:00

hprop.c

add HDBGET: that only supports get, iteration doesnt really make sense for the HDB keytab except when dumping

2013-10-15 12:40:39 +02:00

hprop.h

add HDBGET: that only supports get, iteration doesnt really make sense for the HDB keytab except when dumping

2013-10-15 12:40:39 +02:00

hpropd-version.rc

Windows: Version information for binaries

2010-08-20 13:06:54 -04:00

hpropd.8

remove trailing whitespace

2011-05-21 11:57:31 -07:00

hpropd.c

hpropd: enable keepalive mode on incoming sockets

2020-07-24 01:32:34 -04:00

httpkadmind.8

httpkadmind: Allow host SPNs to fetch selves

2021-06-29 14:52:07 -05:00

httpkadmind.c

kadm5: Use KADM5_PASS_Q_GENERIC

2021-12-16 10:40:01 +11:00

ipc_csr_authorizer.c

kdc: Get KDC config out of CSR authorizer API

2020-09-08 00:25:24 -05:00

kdc_locl.h

kdc: update PAC hooks for Samba

2021-12-14 13:51:53 +11:00

kdc-replay.c

Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues.

2012-02-20 19:45:41 +00:00

kdc-tester.c

kdc: sync KDC FAST with Heimdal-597.121.1

2021-12-14 09:03:42 +11:00

kdc-version.rc

Windows: Version information for binaries

2010-08-20 13:06:54 -04:00

kdc.8

Optional backwards-compatible anon-pkinit behaviour

2019-09-04 18:00:15 -04:00

kdc.h

kdc: Optionally require that PAC be be present

2021-12-16 14:41:10 +11:00

kerberos5.c

kdc: Don't advertise padata types that will not be accepted

2021-12-16 10:49:15 +11:00

krb5tgs.c

kdc: Optionally require that PAC be be present

2021-12-16 14:41:10 +11:00

kstash-version.rc

Windows: Version information for binaries

2010-08-20 13:06:54 -04:00

kstash.8

remove trailing whitespace

2011-05-21 11:57:31 -07:00

kstash.c

libhcrypto: UI_UTIL_FLAG_VERIFY_SILENT

2018-12-30 15:39:49 -06:00

kx509.c

bx509d: Allow requesting longer cert lifetimes

2021-03-07 22:20:06 -06:00

libkdc-exports.def

kdc: Modernize kx509 logging too

2019-12-11 19:34:36 -06:00

libkdc-version.rc

Windows: Version information for binaries

2010-08-20 13:06:54 -04:00

log.c

Declare kdc log functions to be printf-like

2019-07-09 13:17:06 -05:00

main.c

kdc: Fix leaks

2019-12-09 21:39:30 -06:00

Makefile.am

kdc: add sample GSS preauth authorization plugin

2021-08-31 11:00:13 +00:00

misc.c

kdc: move _kdc_verify_checksum() to misc.c

2021-09-23 17:41:43 +10:00

mit_dump.c

Always perform == or != operation on cmp function result

2021-11-24 22:30:44 -05:00

negotiate_token_validator.c

kdc: support for GSS-API pre-authentication

2021-08-12 17:37:01 +10:00

NTMakefile

gss: move GSS pre-auth helpers to convenience lib

2021-08-27 15:20:07 +10:00

pkinit-ec.c

fixup pkinit-ec.c (kdc and lib/krb5) includes

2016-04-17 17:10:08 -05:00

pkinit.c

kdc: remove temporary krb5_context variable

2021-12-14 09:03:42 +11:00

process.c

Always perform == or != operation on cmp function result

2021-11-24 22:30:44 -05:00

rx.h

remove trailing whitespace

2008-09-13 09:21:03 +00:00

set_dbinfo.c

Define log levels in docs and change default to 0-3.

2019-10-21 13:43:01 +01:00

simple_csr_authorizer.c

bx509: Let simple authorizer use the app name

2020-09-08 00:25:24 -05:00

string2key-version.rc

Windows: Version information for binaries

2010-08-20 13:06:54 -04:00

string2key.8

remove trailing whitespace

2011-05-21 11:57:31 -07:00

string2key.c

catch error value from krb5_ functions and exit

2013-06-28 08:40:49 +02:00

test_csr_authorizer.c

hx509/kdc: Move KDC CA utility function into hx509

2020-09-08 00:25:24 -05:00

test_kdc_ca.c

bx509d: Allow requesting longer cert lifetimes

2021-03-07 22:20:06 -06:00

test_token_validator.c

hx509/kdc: Move KDC CA utility function into hx509

2020-09-08 00:25:24 -05:00

token_validator_plugin.h

Add bx509d

2019-12-04 21:34:44 -06:00

token_validator.c

Move some infra bits of lib/krb5/ to lib/base/ (2)

2020-03-02 10:56:13 -06:00

version-script.map

kdc: Modernize kx509 logging too

2019-12-11 19:34:36 -06:00

windc_plugin.h

kdc: update PAC hooks for Samba

2021-12-14 13:51:53 +11:00

windc.c

kdc: update PAC hooks for Samba

2021-12-14 13:51:53 +11:00