diff options
author | Sam Hartman <hartmans@mit.edu> | 2009-12-28 17:15:30 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2009-12-28 17:15:30 +0000 |
commit | ec49e6e673ab229462ef18aa2986167eaa643643 (patch) | |
tree | 625dba55e939a0073cf69f7b79c8c0010df991eb /src/kdc/kdc_authdata.c | |
parent | c5479d0c5b29430a49cf3683513c1223a173ac4e (diff) | |
download | krb5-ec49e6e673ab229462ef18aa2986167eaa643643.zip krb5-ec49e6e673ab229462ef18aa2986167eaa643643.tar.gz krb5-ec49e6e673ab229462ef18aa2986167eaa643643.tar.bz2 |
Anonymous support for Kerberos
This ticket implements Project/Anonymous pkinit from k5wiki. Provides
support for completely anonymous principals and untested client
support for realm-exposed anonymous authentication.
* Introduce kinit -n
* Introduce kadmin -n
* krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache
* No longer generate ad-initial-verified-cas in pkinit
* Fix pkinit interactions with non-TGT authentication
Merge remote branch 'anonymous' into trunk
Conflicts:
src/lib/krb5/krb/gic_opt.c
ticket: 6607
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_authdata.c')
-rw-r--r-- | src/kdc/kdc_authdata.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c index 03bfe29..8821674 100644 --- a/src/kdc/kdc_authdata.c +++ b/src/kdc/kdc_authdata.c @@ -128,6 +128,7 @@ typedef struct _krb5_authdata_systems { int type; #define AUTHDATA_FLAG_CRITICAL 0x1 #define AUTHDATA_FLAG_PRE_PLUGIN 0x2 +#define AUTHDATA_FLAG_ANONYMOUS 0x4 /*Use this plugin even for anonymous tickets*/ int flags; void *plugin_context; init_proc init; @@ -143,7 +144,7 @@ static krb5_authdata_systems static_authdata_systems[] = { /* Propagate client-submitted authdata */ "tgs_req", AUTHDATA_SYSTEM_V2, - AUTHDATA_FLAG_CRITICAL | AUTHDATA_FLAG_PRE_PLUGIN, + AUTHDATA_FLAG_CRITICAL | AUTHDATA_FLAG_PRE_PLUGIN|AUTHDATA_FLAG_ANONYMOUS, NULL, NULL, NULL, @@ -153,7 +154,7 @@ static krb5_authdata_systems static_authdata_systems[] = { /* Propagate TGT authdata */ "tgt", AUTHDATA_SYSTEM_V2, - AUTHDATA_FLAG_CRITICAL, + AUTHDATA_FLAG_CRITICAL|AUTHDATA_FLAG_ANONYMOUS, NULL, NULL, NULL, @@ -765,6 +766,9 @@ handle_authdata (krb5_context context, for (i = 0; i < n_authdata_systems; i++) { const krb5_authdata_systems *asys = &authdata_systems[i]; + if (isflagset(enc_tkt_reply->flags, TKT_FLG_ANONYMOUS) && + !isflagset(asys->flags, AUTHDATA_FLAG_ANONYMOUS)) + continue; switch (asys->type) { case AUTHDATA_SYSTEM_V0: |