Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Add secure cookie support

Remove the existing support for creating trivial cookies. Add new
functions to fast_util.c for reading and generating secure cookies.
Add new kdcpreauth callbacks "get_cookie" and "set_cookie" to allow
preauth mechs to retrieve and set cookie values.

Based on a patch by Nathaniel McCallum.

https://github.com/krb5/krb5/commit/4e15c03b54464b661c6578f78de3bd348163fc07
Author: Greg Hudson <ghudson@mit.edu>
Commit: 4e15c03b54464b661c6578f78de3bd348163fc07
Branch: master
doc/appdev/refs/macros/index.rst | 1 +
src/include/krb5/kdcpreauth_plugin.h | 21 ++
src/include/krb5/krb5.hin | 2 +
src/kdc/do_as_req.c | 40 +++-
src/kdc/fast_util.c | 363 +++++++++++++++++++++++++++-------
src/kdc/kdc_preauth.c | 24 ++-
src/kdc/kdc_util.h | 20 ++-
src/kdc/reqstate.h | 3 +-
8 files changed, 382 insertions(+), 92 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Add cookie tests

Add cookie and KDC_ERR_MORE_PREAUTH_DATA_REQUIRED functionality to the
test preauth plugins modules. Create a new test script t_preauth.py
and move a test there from t_etype_info.py which is only marginally
related to etype-info. Add a new test which exercises a multi-hop
preauth scenario and generates different cookies for each KDC error.

https://github.com/krb5/krb5/commit/379239d98a05b271bbd6127f98bdb64646958b4c
Author: Greg Hudson <ghudson@mit.edu>
Commit: 379239d98a05b271bbd6127f98bdb64646958b4c
Branch: master
src/plugins/preauth/test/cltest.c | 40 +++++++++++++++++++--
src/plugins/preauth/test/kdctest.c | 71 ++++++++++++++++++++++++++++--------
src/tests/Makefile.in | 1 +
src/tests/t_etype_info.py | 20 ----------
src/tests/t_preauth.py | 25 +++++++++++++
5 files changed, 119 insertions(+), 38 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Document secure cookie format and callbacks

In kdcpreauth.rst, describe the set_cookie and get_cookie callbacks
and explain how to generate a KDC_ERR_MORE_PREAUTH_DATA_REQUIRED error
for multi-round-trip mechanisms. Add a new file formats/cookie.rst
documenting the secure cookie format.

https://github.com/krb5/krb5/commit/752574e288c8322001d1b4e62f5fd99c579a3403
Author: Greg Hudson <ghudson@mit.edu>
Commit: 752574e288c8322001d1b4e62f5fd99c579a3403
Branch: master
doc/formats/cookie.rst | 60 ++++++++++++++++++++++++++++++++++++++++++
doc/formats/index.rst | 1 +
doc/plugindev/kdcpreauth.rst | 14 ++++++++++
3 files changed, 75 insertions(+), 0 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Fix missing success() in t_preauth.py

Add a success() call at the end to avoid displaying the debugging help
message on completion.

https://github.com/krb5/krb5/commit/3b7e7bcb108add23c3c4a159287c88adcfbd6fd2
Author: Greg Hudson <ghudson@mit.edu>
Commit: 3b7e7bcb108add23c3c4a159287c88adcfbd6fd2
Branch: master
src/tests/t_preauth.py | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)