| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PKINIT client code doesn't use decode_krb5_pa_pk_as_rep_draft9,
which is fortunate because it doesn't work (see issue #7072).
Instead, it passes both kinds of PKINIT replies through
decode_krb5_pa_pk_as_rep, then decodes the un-enveloped CMS data in
alternative 1 (encKeyPack) as either an RFC or draft9 ReplyKeyPack.
So, remove the unused broken pa_pk_as_rep_draft9 decoder.
For pa_pk_as_req_draft9, we only use two of the fields on encode and
only one of those on decode. So, get rid of the unused fields and
the krb5_trusted_ca structure, and reduce the encoder and decoder
sequences to the minimum necessary fields.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25689 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
krb5_pk_authenticator_draft9 had a kdcRealm field which was set by the
client code but never encoded or decoded. Remove it. Eliminating this
field exposed a bug in auth_pack_draft9_optional; fix that.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25624 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Use data-driven encoders for all of the remaining types which still
used macros (primarily PKINIT types), and get rid of the macros. Do
not change any encoding behavior, but add some comments where behavior
differs from the spec.
DEFFNTYPE is now unused except for the kdc_req_body hack.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25617 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use the krb5_pa_data structure type when encoding or decoding
TYPED-DATA. Leave the krb5_typed_data structure definition in krb5.h
with a comment saying not to use it. Remove krb5_free_typed_data
(which was never declared in krb5.h). Remove some vestigial accessor
stuff related to PKINIT encoding and decoding TYPED-DATA, which was
unneeded since r25483. Bump the accessor structure version to 19
accordingly.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25601 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
For consistency with the rest of the code base, make PKINIT use
krb5_data as a pointer/length container. Leave krb5_octet_data and
krb5_free_octet_data behind for API compatibility.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25600 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25301 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25209 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
agreed changes to the IETF specification. Includes removing a parameter from
the KDF function, removing the ticket from the ASN.1 encoder, and updating
the test code.
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25197 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
* extend dh_rep
* add krb5_free_octet_data
* extend pkinit free functions
pkinit: add supportedKDFs and kdfID to structures
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25194 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
tested-by: Sam Hartman <hartmans@debian.org>
fixes-from: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25190 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Move krb5_typed_data to krb5.hin from k5-int-pkinit.h because
krb5int_fast_process_error was assuming that it was safe to cast it to
krb5_pa_data. It's not safe to do the cast on 64-bit MacOSX because
krb5.hin uses #pragma pack on that platform.
ticket: 6689
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23829 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This ticket implements Project/Anonymous pkinit from k5wiki. Provides
support for completely anonymous principals and untested client
support for realm-exposed anonymous authentication.
* Introduce kinit -n
* Introduce kadmin -n
* krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache
* No longer generate ad-initial-verified-cas in pkinit
* Fix pkinit interactions with non-TGT authentication
Merge remote branch 'anonymous' into trunk
Conflicts:
src/lib/krb5/krb/gic_opt.c
ticket: 6607
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
Exclude include/gssrpc due to its Sun origin and k5-platform.h due to
macros too hairy for emacs c-mode to handle.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23180 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Merge fast branch at 22146 onto trunk
Implement the kerberos pre-authentication framework FAST feature per
Projects/FAST on the wiki.
ticket: 6436
Target_Version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
Pull up PKINIT support onto the trunk.
Changes from the version in branch users/coffman/pkinit are:
- Update the preauth plugin interface version to avoid
conflict with any existing plugins.
- Add a pkcs11.h locally to the pkinit code rather than
depending on opensc being installed.
ticket: new
Target_Version: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19745 dc483132-0cff-0310-8789-dd5450dbe970
|
