git.ipfire.org Git - thirdparty/krb5.git/commit

author	Isaac Boukris <iboukris@gmail.com>
	Wed, 16 Jan 2019 22:23:25 +0000 (00:23 +0200)
committer	Greg Hudson <ghudson@mit.edu>
	Wed, 13 Mar 2019 20:40:59 +0000 (16:40 -0400)
commit	0fbfffbef2c266fedac557e00108b944e31e8d50
tree	81911406955f7c360f66d129db1a36b61c89b8b7	tree
parent	26c3818737cf16d476043a4acec8afb0fa67e47f	commit \| diff

Add KDC support for X.509 S4U2Self requests

Add a KDB function krb5_db_get_s4u_x509_principal() and an associated
method in the DAL, bumping the minor version and cleaning up a
leftover comment in the table from major version 6.

When processing an AS-REQ, look up the client principal by certificate
if the request contains a non-empty PA-S4U-X509-USER value. When
processing an S4U2Self TGS-REQ, allow requests with certificates, and
look up the client principal by certificate if one is presented.

[ghudson@mit.edu: factored out lookup_client() in AS code; rewrote
commit message and some comments; adjusted flow control changes in
kdc_process_s4u_x509_user()]

ticket: 8781 (new)

src/include/kdb.h		diff \| blob \| blame \| history
src/kdc/do_as_req.c		diff \| blob \| blame \| history
src/kdc/kdc_util.c		diff \| blob \| blame \| history
src/lib/kdb/kdb5.c		diff \| blob \| blame \| history
src/lib/kdb/libkdb5.exports		diff \| blob \| blame \| history