git.ipfire.org Git - thirdparty/krb5.git/commit

author	Isaac Boukris <iboukris@gmail.com>
	Fri, 7 Jan 2022 18:46:24 +0000 (13:46 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Wed, 12 Jan 2022 18:28:07 +0000 (13:28 -0500)
commit	ee4e3c5c9eee061048d5b7393b8f3820d1a563a8
tree	492c3933a2dccc08378f380a82a7536b214cf05d	tree
parent	5c394dc54c9196c300bd99a66a3257692f520920	commit \| diff

Add PAC ticket signature APIs

Microsoft added a third PAC signature over the ticket to prevent
servers from setting the forwardable flag on evidence tickets.  Add
new APIs to generate and verify ticket signatures, as well as defines
for this and other new PAC buffer types.  Deprecate the old signing
functions as they cannot generate ticket signatures.  Modify several
error returns to better match the protocol errors generated by Active
Directory.

[ghudson@mit.edu: adjusted contracts for KDC requirements; simplified
and commented code changes; wrote commit message.  rharwood@redhat.com
also did some work on this commit.]

ticket: 9043 (new)

doc/appdev/refs/api/index.rst		diff \| blob \| blame \| history
doc/appdev/refs/macros/index.rst		diff \| blob \| blame \| history
src/include/krb5/krb5.hin		diff \| blob \| blame \| history
src/lib/krb5/krb/deps		diff \| blob \| blame \| history
src/lib/krb5/krb/int-proto.h		diff \| blob \| blame \| history
src/lib/krb5/krb/pac.c		diff \| blob \| blame \| history
src/lib/krb5/krb/pac_sign.c		diff \| blob \| blame \| history
src/lib/krb5/krb/t_pac.c		diff \| blob \| blame \| history
src/lib/krb5/libkrb5.exports		diff \| blob \| blame \| history
src/lib/krb5_32.def		diff \| blob \| blame \| history
src/plugins/kdb/test/kdb_test.c		diff \| blob \| blame \| history