Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Implement KERB_AP_OPTIONS_CBT (server side)

Add server support for Microsoft's KERB_AP_OPTIONS_CBT as described in
MS-KILE. If the client includes the AP option in the authenticator
authdata and the server passed channel bindings, require the bindings
to match.

[ghudson@mit.edu: refactored to put more logic in the helper function;
added a comment; clarified commit message]

https://github.com/krb5/krb5/commit/4f7c77b64a048ca5e3199b26b31493698c777a9c
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 4f7c77b64a048ca5e3199b26b31493698c777a9c
Branch: master
src/include/krb5/krb5.hin | 1 +
src/lib/gssapi/krb5/accept_sec_context.c | 45 +++++++++++++++++++++++++++++-
2 files changed, 45 insertions(+), 1 deletions(-)
Subject: git commit
From: ghudson@mit.edu

Add client_aware_channel_bindings option

Add client support for KERB_AP_OPTIONS_CBT in the form of a profile
option "client_aware_gss_bindings". Adjust the make_etype_list()
helper so that enctype negotiation and AP_OPTIONS can be included in
the same IF-RELEVANT wrapper.

[ghudson@mit.edu: refactored; edited documentation; wrote commit
message]

https://github.com/krb5/krb5/commit/225e6ef7f021cd1a8ef2a054af0ca58b7288fd81
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 225e6ef7f021cd1a8ef2a054af0ca58b7288fd81
Branch: master
doc/admin/conf_files/krb5_conf.rst | 6 ++
src/include/k5-int.h | 1 +
src/lib/krb5/krb/mk_req_ext.c | 165 ++++++++++++++++++-----------------
3 files changed, 92 insertions(+), 80 deletions(-)
Subject: git commit
From: ghudson@mit.edu

Add channel bindings tests

[ghudson@mit.edu: adjusted test program to output channel-bound state
instead of optionally enforcing it; adjusted tests to check program
output; split out tests into separate Python script; made cosmetic
changes]

https://github.com/krb5/krb5/commit/b0b21b6d25b06f3e2b365dfe9dd4c99b3d43bf57
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: b0b21b6d25b06f3e2b365dfe9dd4c99b3d43bf57
Branch: master
.gitignore | 1 +
src/plugins/gssapi/negoextest/main.c | 18 ++++++
src/tests/gssapi/Makefile.in | 49 ++++++++-------
src/tests/gssapi/common.c | 25 ++++++--
src/tests/gssapi/common.h | 9 +++
src/tests/gssapi/deps | 4 +
src/tests/gssapi/t_bindings.c | 111 ++++++++++++++++++++++++++++++++++
src/tests/gssapi/t_bindings.py | 43 +++++++++++++
src/tests/gssapi/t_negoex.py | 7 ++
9 files changed, 238 insertions(+), 29 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Fix leak in KERB_AP_OPTIONS_CBT server support

In check_cbt(), use a local variable to hold the retrieved authdata
list, and free it before returning.

https://github.com/krb5/krb5/commit/bf2ddff13c178e0c291f8fb382b040080d159e4f
Author: Greg Hudson <ghudson@mit.edu>
Commit: bf2ddff13c178e0c291f8fb382b040080d159e4f
Branch: master
src/lib/gssapi/krb5/accept_sec_context.c | 23 +++++++++++++----------
1 files changed, 13 insertions(+), 10 deletions(-)