aboutsummaryrefslogtreecommitdiff
path: root/src/kdc/kdc_authdata.c
AgeCommit message (Collapse)AuthorFilesLines
2010-07-12Add sign_authdata to the DAL table with a corresponding libkdb5 API,Greg Hudson1-14/+7
replacing the SIGN_AUTH_DATA method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03Use KRB5_PLUGIN_OP_NOTSUPP uniformly as the error code for operationsGreg Hudson1-1/+1
not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
2010-03-05Ignore improperly encoded signedpath AD elementsGreg Hudson1-1/+5
We have some reason to believe Microsoft and Heimdal are both using the authdata value 142 for different purposes, leading to failures in verify_ad_signedpath(). For better interoperability, treat such tickets as unsigned, rather than invalid. ticket: 6676 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23766 dc483132-0cff-0310-8789-dd5450dbe970
2010-02-05Fix cross-realm handling of AD-SIGNEDPATHGreg Hudson1-7/+7
Avoid setting AD-SIGNEDPATH when returning a cross-realm TGT. Previously we were avoiding it when answering a cross-realm client, which was wrong. Don't fail out on an invalid AD-SIGNEDPATH checksum; just don't trust the ticket for S4U2Proxy (as if AD-SIGNEDPATH weren't present). ticket: 6655 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23697 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-28Whitespace fixes for new anonymous supportGreg Hudson1-3/+4
ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-28Anonymous support for KerberosSam Hartman1-2/+6
This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-21For the moment, test for nullity of pointers returned by k5allocGreg Hudson1-1/+1
instead of result codes, to make Coverity happy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23298 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-16Clean up some open-parenthesis problems, and reindentTom Yu1-51/+50
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23246 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-14Constrained delegation without PAC supportGreg Hudson1-59/+625
Merge Luke's users/lhoward/s4u2proxy branch to trunk. Implements a Heimdal-compatible mechanism for allowing constrained delegation without back-end support for PACs. Back-end support exists in LDAP only (via a new krbAllowedToDelegateTo attribute), not DB2. ticket: 6580 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23160 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-12Post-great-reindent check. Part IZhanna Tsitkov1-51/+59
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23151 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-31make mark-cstyleTom Yu1-314/+314
make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-27Heimdal DB bridge plugin for KDC back endGreg Hudson1-1/+8
Merge Luke's users/lhoward/heimmig branch to trunk. Implements a KDC back-end plugin which interfaces to a Heimdal HDB plugin. ticket: 6578 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23073 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-21remove some unneeded extensions from the Novell backend authdata SPILuke Howard1-29/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22961 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-21Increment authdata SPI to V2 (V1 was experimental) to account for additionalLuke Howard1-3/+3
krbtgt key parameter. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22959 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-21Increment authdata SPI to V2 (V1 was experimental) to accountLuke Howard1-24/+24
for additional krbtgt key parameter. This was at Sam's suggestion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22958 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-09Implement GSS naming extensions and authdata verificationGreg Hudson1-21/+26
Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
2009-09-13Implement s4u extensionsGreg Hudson1-0/+9
Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
2009-05-22Remove spurious assertion in handle_authdataGreg Hudson1-1/+0
In handle_authdata in the KDC, remove a spurious assertion (added in r21566 on the mskrb-integ branch) that authdata starts out empty. authdata can be legitimately added by check_padata, which precedes handle_authdata, and this happens with pkinit. ticket: 6492 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22360 dc483132-0cff-0310-8789-dd5450dbe970
2009-05-20Add a comment to the r22168 change since it's not obvious why we'reGreg Hudson1-0/+11
decrypting authdata that way. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22358 dc483132-0cff-0310-8789-dd5450dbe970
2009-04-03Handle authdata encrypted in subkeySam Hartman1-0/+7
RFC 4120 requires that if a subkey is present in the TGS request that authorization data be encrypted in the subkey. Our KDC did not handle this correctly. ticket: 6438 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22168 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-03Merge mskrb-integ onto trunkSam Hartman1-112/+427
The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
2008-11-03Apply a patch from Apple to correct a few memory leaksGreg Hudson1-5/+2
ticket: 6201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20958 dc483132-0cff-0310-8789-dd5450dbe970
2008-10-24Use strlcpy instead of strcpy in many placesGreg Hudson1-1/+1
ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970
2008-08-28Fix resource leakKen Raeburn1-0/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20701 dc483132-0cff-0310-8789-dd5450dbe970
2008-08-25Incorporate Apple's patchKen Raeburn1-0/+298
Add a test authorization data scheme, in both built-in and plugin forms; built-in version is #ifdef'ed out. Update configury to create the build directory for the plugin, but don't build or install it by default. Create the new (and normally empty) authorization data plugin directory at install time. Add some (normally disabled) code to log authz data from rd_req. Fix up some comments that still refer to preauth plugins. Add some details in comments on the API, and why it's private for now. Make the plugin init context support work, by not passing null pointers. ticket: 5565 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20691 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-08-01 19:55:04 +0000