]>
git.ipfire.org Git - thirdparty/krb5.git/log
Luke Howard [Fri, 11 Sep 2009 22:17:07 +0000 (22:17 +0000)]
don't check for NULL-ity before freeing
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22734
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 18:12:29 +0000 (18:12 +0000)]
clarify comments
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22733
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 17:30:30 +0000 (17:30 +0000)]
add some comments about the last commit
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22731
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 17:28:16 +0000 (17:28 +0000)]
More flexible check for S4U2Self client/server name comparison
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22730
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 16:56:13 +0000 (16:56 +0000)]
remove unused variables
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22729
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 16:54:59 +0000 (16:54 +0000)]
Match Windows behaviour when rewriting server name in S4U2Self request: don't attempt to include source realm name
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22728
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 12:45:33 +0000 (12:45 +0000)]
update manual page for S4U
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22727
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 12:45:18 +0000 (12:45 +0000)]
make -P option (S4U2Proxy) dependent on -U (S4U2Self)
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22726
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 12:16:08 +0000 (12:16 +0000)]
update testing notes
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22725
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 06:14:03 +0000 (06:14 +0000)]
merge trunk to 22719
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22724
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 06:09:01 +0000 (06:09 +0000)]
rename gcvt_fct to pacb_fct
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22723
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 06:06:46 +0000 (06:06 +0000)]
* add_pa_data_element appears to leave out_padata in an invalid state
when the if (copy) block fails to allocate memory. While you are there,
please rename "out_padata" since it is an in/out parameter, not an
output parameter.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22722
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 06:06:19 +0000 (06:06 +0000)]
* s4u_gss.glue.c:kg_get_evidence_ticket is unused; it should be
removed unless there's a reason for it that I couldn't see.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22721
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 11 Sep 2009 06:05:39 +0000 (06:05 +0000)]
* kvno should check for -P without -k after parsing all of the
options, so that option order is not important.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22720
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 8 Sep 2009 11:10:00 +0000 (11:10 +0000)]
for S4U2Proxy, set client prinipal to returned S4U2Self princ
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22714
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 7 Sep 2009 22:29:54 +0000 (22:29 +0000)]
Don't store S4U referral tickets because they contain user authz data; general cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22713
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 7 Sep 2009 18:13:24 +0000 (18:13 +0000)]
cleanup and make spnego use configurable
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22712
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 5 Sep 2009 19:53:09 +0000 (19:53 +0000)]
Remove gss_{add,acquire}_imperso gss_{add,acquire}_cred_impersonate_cred APIs
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22711
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 2 Sep 2009 16:50:34 +0000 (16:50 +0000)]
add PA_S4U_X509_USER to trval_reference.out
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22705
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 2 Sep 2009 16:46:16 +0000 (16:46 +0000)]
Add pa_s4u_x509_user ASN.1 tests
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22704
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 1 Sep 2009 15:49:33 +0000 (15:49 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22699
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 31 Aug 2009 18:06:07 +0000 (18:06 +0000)]
we know token_mech_type is non-NULL
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22685
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 31 Aug 2009 16:52:15 +0000 (16:52 +0000)]
test should work with SPNEGO creds now
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22684
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 31 Aug 2009 16:50:41 +0000 (16:50 +0000)]
implement delegated handling fix as suggested by Nico in krbdev mail
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22683
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 31 Aug 2009 16:27:30 +0000 (16:27 +0000)]
avoid infinite recursion in spnego_gss_inquire_cred
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22682
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 31 Aug 2009 16:07:41 +0000 (16:07 +0000)]
ensure we have inquire_cred/inquire_cred_by_oid handlers for SPNEGO
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22681
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 31 Aug 2009 15:42:44 +0000 (15:42 +0000)]
use GSS_KRB5_NT_PRINCIPAL_NAME for proxy target
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22680
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 29 Aug 2009 15:38:22 +0000 (15:38 +0000)]
plug some leaks
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22659
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 29 Aug 2009 15:24:04 +0000 (15:24 +0000)]
plug some more leaks
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22658
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 29 Aug 2009 15:22:24 +0000 (15:22 +0000)]
fix some leaks
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22657
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 28 Aug 2009 15:08:33 +0000 (15:08 +0000)]
more cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22642
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 28 Aug 2009 15:05:14 +0000 (15:05 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22641
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 27 Aug 2009 20:38:30 +0000 (20:38 +0000)]
add some troubleshooting tips
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22640
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 27 Aug 2009 20:16:52 +0000 (20:16 +0000)]
don't return delegated S4U creds unless evidence ticket was forwardable
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22639
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 27 Aug 2009 16:50:48 +0000 (16:50 +0000)]
remove previous check; we should never issue non-forwardable proxy creds
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22638
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 27 Aug 2009 12:55:47 +0000 (12:55 +0000)]
reformat
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22635
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 27 Aug 2009 12:53:48 +0000 (12:53 +0000)]
check evidence ticket is forwardable before sending to KDC
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22634
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 26 Aug 2009 21:37:39 +0000 (21:37 +0000)]
backout previous commit; should be KDC_ERR_POLICY
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22632
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 26 Aug 2009 21:35:10 +0000 (21:35 +0000)]
Return KDC_ERR_PATH_NOT_ACCEPTED if constrained delegation attempted between realms; Windows does this
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22631
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 25 Aug 2009 11:25:45 +0000 (11:25 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22591
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 25 Aug 2009 11:24:08 +0000 (11:24 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22590
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 24 Aug 2009 21:17:31 +0000 (21:17 +0000)]
s/kdc_process_s4u2self_rep/kdc_make_s4u2self_rep/
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22585
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 23 Aug 2009 09:06:29 +0000 (09:06 +0000)]
Add a fail-safe check to ensure a proxy credentials handle is not
passed in as an impersonation credentials handle
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22580
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 23 Aug 2009 09:04:50 +0000 (09:04 +0000)]
In gss_acquire_cred_impersonate_cred(), use krb5_get_credentials() to retrieve
the evidence ticket, allowing it to be acquired from the KDC if absent from
the credentials cache. This is of somewhat dubious utility.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22579
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 22 Aug 2009 14:08:41 +0000 (14:08 +0000)]
Remove a redundant argument to kg_compose_deleg_cred()
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22577
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 22 Aug 2009 09:02:48 +0000 (09:02 +0000)]
Cleanup, and don't return a "proxy" credential for use with constrained
delegation, if the client's credentials are not forwardable, because
constrained delegation requires forwadable tickets. Instead, just return
an ordinary credential.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22576
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 22 Aug 2009 00:09:03 +0000 (00:09 +0000)]
consolidate and remove duplicate code
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22575
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 23:00:29 +0000 (23:00 +0000)]
remote gss_krb5_add_sec_context_delegatee
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22574
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 22:52:37 +0000 (22:52 +0000)]
Refactor to reduce duplicate code
krb5_gss_acquire_cred_impersonate_name() now returns proxy credentials,
so it is not necessary to call gss_acquire_cred_impersonate_cred()
before using them with gss_init_sec_context().
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22573
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 17:52:51 +0000 (17:52 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22567
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 17:48:56 +0000 (17:48 +0000)]
Don't return constrained deleg creds if verifier cred handle doesn't have initiator creds (ie. is usage GSS_C_BOTH)
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22566
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 17:45:21 +0000 (17:45 +0000)]
When returning constrained delegation creds, don't require they
be explicitly passed to gss_acquire_cred_impersonate_cred();
they can now be passed directly to gss_init_sec_context().
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22565
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 16:58:35 +0000 (16:58 +0000)]
set GSS_C_DELEG_FLAG when returning constrained deleg creds
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22564
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 16:48:32 +0000 (16:48 +0000)]
Rename files to reflect API change
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22563
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 16:46:29 +0000 (16:46 +0000)]
s/{add,acquire}_cred_with_{name,cred}/{$1}_cred_impersonate_{$2}/
More detail on API renaming at:
http://k5wiki.kerberos.org/wiki/Projects/Services4User#Proposed_APIs
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22562
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 16:10:39 +0000 (16:10 +0000)]
Update header file for swapped arugments
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22561
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 16:02:31 +0000 (16:02 +0000)]
Invert order of input_cred_handle and impersonator_cred_handle
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22560
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 12:07:38 +0000 (12:07 +0000)]
Fix test breakage when constrained delegation omitted
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22559
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 12:04:50 +0000 (12:04 +0000)]
The Novell S4U patch included some code to disable the forwardable
flag based on the user's authorization data. My understanding from
reading [MS-SFU] is that there is no requirement to do this, which
leads me to believe that the state of the forwardable flag should
be determined by examining the cross-realm TGT (in the case of a
user from a foreign realm) and from the user's KDB entry (when
issuing a ticket within their own realm).
I am awaiting clarification of this both from MS and Novell.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22558
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 11:59:33 +0000 (11:59 +0000)]
test with SPNEGO for added complexity
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22557
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 11:51:19 +0000 (11:51 +0000)]
Add some more debugging to test
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22556
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 21 Aug 2009 11:33:44 +0000 (11:33 +0000)]
Implement gss_{acquire,add}_cred_with_{name,cred} as suggested by Nico Williams
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22555
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 20 Aug 2009 16:44:23 +0000 (16:44 +0000)]
Add KRB5_GC_FORWARDABLE and KRB5_GC_NO_TRANSIT_CHECK for compatibility with Heimdal
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22554
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 20 Aug 2009 16:01:58 +0000 (16:01 +0000)]
Move more logic for handling constrained delegation into krb5_get_credentials()
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22553
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 20 Aug 2009 14:49:12 +0000 (14:49 +0000)]
Add KRB5_GC_NO_STORE option, and change GSS S4U callers to use it
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22552
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 19 Aug 2009 19:39:10 +0000 (19:39 +0000)]
GSS_KRB5_NT_ENTERPRISE_NAME is gone now
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22551
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 19 Aug 2009 19:37:47 +0000 (19:37 +0000)]
remove GSS_KRB5_NT_ENTERPRISE_NAME
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22550
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 19 Aug 2009 19:28:36 +0000 (19:28 +0000)]
merge trunk to 22548 (22458:22548)
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22549
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 19 Aug 2009 06:34:40 +0000 (06:34 +0000)]
update comments describing clearing of forwardable flag, again
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22548
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 22:39:38 +0000 (22:39 +0000)]
Use fetch_asn1_field() to avoid re-encoding S4U2Self request
during checksum verification
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22547
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 21:41:09 +0000 (21:41 +0000)]
remove tabs
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22546
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 21:15:51 +0000 (21:15 +0000)]
More comment cleanups
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22545
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 21:11:12 +0000 (21:11 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22544
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 21:10:46 +0000 (21:10 +0000)]
Revise comments on S4U2Self and forwardable tickets. I've removed
the comment about clearing the forwardable flag in handle_authdata,
because I think that code needs to be fixed (rather than the
comment).
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22543
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 21:08:18 +0000 (21:08 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22542
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 21:05:40 +0000 (21:05 +0000)]
Format cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22541
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 21:04:36 +0000 (21:04 +0000)]
Refactor S4U2Self validation path to use validate_as_request(), to avoid duplication of code
Don't allow KDC_OPT_CNAME_IN_ADDL_TKT in an AS-REQ.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22540
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 19:40:04 +0000 (19:40 +0000)]
Refactor code for setting TKT_FLG_FORWARDABLE for S4U2Self. The logic was difficult to understand before
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22539
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 13:06:32 +0000 (13:06 +0000)]
Fix errors in flag descriptors
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22538
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 13:05:56 +0000 (13:05 +0000)]
Fix service principal name qualification so that cross-realm S4U2Self works with both canonical and UPN aliases
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22537
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 13:05:02 +0000 (13:05 +0000)]
Allow unkeyed checksums for all non-newer enctypes
Return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN if S4U2Self client/server principals do not match
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22536
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 18 Aug 2009 13:03:39 +0000 (13:03 +0000)]
Move S4U protocol options into k5-int.h
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22535
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 17 Aug 2009 23:45:58 +0000 (23:45 +0000)]
fix typo
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22533
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 17 Aug 2009 23:15:06 +0000 (23:15 +0000)]
KRB5_S4U_OPTS_CHECK_LOGON_HOURS doesn't appear to be set in the reply, in any case it doesn't make much sense to us
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22532
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 17 Aug 2009 20:57:17 +0000 (20:57 +0000)]
fix typo
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22531
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 17 Aug 2009 20:52:07 +0000 (20:52 +0000)]
Don't explicitly ask for KDC_OPT_FORWARDABLE when doing S4U2Self;
it won't work with MIT KDCs (they return KDC_ERR_BADOPTION).
Instead, rely on the propagation of TGT flags to KDC options.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22530
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 17 Aug 2009 20:49:19 +0000 (20:49 +0000)]
Fix a logic error in r22525
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22529
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 17 Aug 2009 16:26:23 +0000 (16:26 +0000)]
remove some accidentally committed code from previous commit
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22526
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 17 Aug 2009 16:25:18 +0000 (16:25 +0000)]
avoid a redundant call to is_local_principal()
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22525
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 17 Aug 2009 16:23:16 +0000 (16:23 +0000)]
align handling of forwardable flag in protocol transition with [MS-SFU]
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22524
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 9 Aug 2009 09:52:56 +0000 (09:52 +0000)]
Fix a couple of time of use issues with KDC S4U2Self implementation
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22511
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 9 Aug 2009 09:51:01 +0000 (09:51 +0000)]
Remove dead code
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22510
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 9 Aug 2009 09:50:03 +0000 (09:50 +0000)]
Ensure enc_padata is actually encoded
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22509
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 9 Aug 2009 09:23:25 +0000 (09:23 +0000)]
Fix regression
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22508
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 7 Aug 2009 23:24:50 +0000 (23:24 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22507
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 7 Aug 2009 22:54:40 +0000 (22:54 +0000)]
remove some debug code
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22506
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 7 Aug 2009 22:50:57 +0000 (22:50 +0000)]
only return S4U enc_padata if KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE is set in the request
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22505
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 7 Aug 2009 21:27:48 +0000 (21:27 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22504
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 7 Aug 2009 21:13:03 +0000 (21:13 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22503
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 7 Aug 2009 21:02:23 +0000 (21:02 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22502
dc483132 -0cff-0310-8789-
dd5450dbe970
projects / thirdparty / krb5.git / log
