[Heimdal-source-changes] [heimdal/heimdal] 1bc2eb: krb5: fix spelling error in debug log
Luke Howard
noreply at github.com
Tis May 14 21:16:21 CEST 2019
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 1bc2eb33f9992142815152581c9fe2a8894d7964
https://github.com/heimdal/heimdal/commit/1bc2eb33f9992142815152581c9fe2a8894d7964
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M lib/krb5/send_to_kdc.c
Log Message:
-----------
krb5: fix spelling error in debug log
Commit: 2f013b0d48552b263f5e90279692f55e152ba060
https://github.com/heimdal/heimdal/commit/2f013b0d48552b263f5e90279692f55e152ba060
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
kdc: fix compliance with RFC 8062 Section 4.1
RFC 8062 states that if the client in the AS request is anonymous, the
anonymous KDC option must be set in the request; otherwise, KDC_ERR_BADOPTION
must be returned. We were previously returning KDC_ERR_C_PRINCIPAL_UNKNOWN.
Commit: 7a7eb9de2fc93e54362b4c8b9ecc15294bc1c762
https://github.com/heimdal/heimdal/commit/7a7eb9de2fc93e54362b4c8b9ecc15294bc1c762
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
kdc: do not include PAC for anonymous AS requests
The PAC will typically contain information that may reveal the identity of a
principal. Do not include it for anonymous requests, at least until such time
as the PAC plugin API supports indicating that the request was anonymous.
Commit: 5c8f48495eab08736fc4f12a8fff0786303af1a7
https://github.com/heimdal/heimdal/commit/5c8f48495eab08736fc4f12a8fff0786303af1a7
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
kdc: conform _kdc_make_anonymous_principalname() to RFC8062
The utility function _kdc_make_anonymous_principalname() previously returned a
principal of "anonymous" rather than "WELLKNOWN/ANONYMOUS", as specified by
RFC8062. This is not used by the AS-REQ code.
Commit: 63557427e0a1cd3d23c0942ab58bcae7c2e35534
https://github.com/heimdal/heimdal/commit/63557427e0a1cd3d23c0942ab58bcae7c2e35534
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
M kdc/pkinit.c
Log Message:
-----------
kdc: allow anonymous AS requests with long-term keys
RFC8062 section 4.1 allows clients with long-term KDC keys to set the anonymous
flag; in this case their identity is authenticated but the returned ticket
contains the anonymous principal name as the client name.
kdc: allow authenticated anonymous PKINIT
The KDC PKINIT code conflated the checks for authenticated and unauthenticated
anonymous by only looking at the anonymous KDC request option.
Commit: 3051db0d5dbf52c9dbdb6ed357373ba78750304f
https://github.com/heimdal/heimdal/commit/3051db0d5dbf52c9dbdb6ed357373ba78750304f
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kuser/kinit.1
M kuser/kinit.c
M tests/kdc/check-kdc.in
Log Message:
-----------
kuser: support authenticated anonymous AS-REQs in kinit
Allow kinit to request anonymous tickets with authenticated clients, not just
anonymous PKINIT.
Commit: af63541515643782a86d0fddf2b97b265b8ec44d
https://github.com/heimdal/heimdal/commit/af63541515643782a86d0fddf2b97b265b8ec44d
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
M kdc/krb5tgs.c
Log Message:
-----------
kdc: support for anonymous TGS-REQs
Allow non-anonymous tickets to be used to obtain an anonymous service ticket,
by setting the anonymous KDC option. Do not include Win2K PAC in anonymous
service tickets. Validate anonymous flags per RFC 8062.
Commit: 55ee6c12825aec0f4c557946c2e7e029484054db
https://github.com/heimdal/heimdal/commit/55ee6c12825aec0f4c557946c2e7e029484054db
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M lib/krb5/get_cred.c
M lib/krb5/krb5.h
M lib/krb5/ticket.c
Log Message:
-----------
krb5: support for anonymous TGS requests
Add support to krb5_get_creds() for requesting anonymous service tickets using
a TGT, using the flag KRB5_GC_ANONYMOUS.
Commit: 455961839179c55a07502b55203c153711e4d3f0
https://github.com/heimdal/heimdal/commit/455961839179c55a07502b55203c153711e4d3f0
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kuser/kgetcred.1
M kuser/kgetcred.c
Log Message:
-----------
kuser: kgetcred support for anonymous service tickets
Commit: bcc90f1b87dd9e79577c0790a4d76efdaf6c6c51
https://github.com/heimdal/heimdal/commit/bcc90f1b87dd9e79577c0790a4d76efdaf6c6c51
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
M kuser/kinit.c
M kuser/kuser_locl.h
M lib/krb5/krb5_locl.h
M lib/krb5/libkrb5-exports.def.in
M lib/krb5/principal.c
M lib/krb5/ticket.c
M lib/krb5/version-script.map
Log Message:
-----------
krb5: _krb5_principal_is_anonymous() helper API
Add _krb5_principal_is_anonymous() private API for checking if a principal is
anonymous or not. The third argument determines whether to match authenticated
anonymous, unauthenticated anonymous, or both types of principal.
Commit: 5ca229e0d9c19699eb39345a2a8513a956518cb7
https://github.com/heimdal/heimdal/commit/5ca229e0d9c19699eb39345a2a8513a956518cb7
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kuser/kinit.c
M lib/krb5/krb5.h
M lib/krb5/pkinit.c
Log Message:
-----------
krb5: krb5_get_init_creds_opt_set_pkinit flag names
Add macros to give symbolic names to the flags which can be passed to
krb5_get_init_creds_opt_set_pkinit(). Reserve flags for BTMM and not validating
KDC anchors.
Compare: https://github.com/heimdal/heimdal/compare/e60955e83531...5ca229e0d9c1
More information about the Heimdal-source-changes
mailing list