[16810] in Kerberos-V5-bugs
[krbdev.mit.edu #9043] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Jan 12 14:38:59 2022
From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-144100-1642016319-243.9043-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9043":;
Date: Wed, 12 Jan 2022 14:38:39 -0500
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Wed Jan 12 14:38:39 2022: Request 9043 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson@mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9043 >
Add PAC ticket signature APIs
Microsoft added a third PAC signature over the ticket to prevent
servers from setting the forwardable flag on evidence tickets. Add
new APIs to generate and verify ticket signatures, as well as defines
for this and other new PAC buffer types. Deprecate the old signing
functions as they cannot generate ticket signatures. Modify several
error returns to better match the protocol errors generated by Active
Directory.
[ghudson@mit.edu: adjusted contracts for KDC requirements; simplified
and commented code changes; wrote commit message. rharwood@redhat.com
also did some work on this commit.]
https://github.com/krb5/krb5/commit/ee4e3c5c9eee061048d5b7393b8f3820d1a563a8
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: ee4e3c5c9eee061048d5b7393b8f3820d1a563a8
Branch: master
doc/appdev/refs/api/index.rst | 2 +
doc/appdev/refs/macros/index.rst | 6 ++
src/include/krb5/krb5.hin | 98 ++++++++++++++-------
src/lib/krb5/krb/deps | 5 +-
src/lib/krb5/krb/int-proto.h | 3 +
src/lib/krb5/krb/pac.c | 148 ++++++++++++++++++++++++++++++-
src/lib/krb5/krb/pac_sign.c | 121 +++++++++++++++++++++++++
src/lib/krb5/krb/t_pac.c | 182 ++++++++++++++++++++++++++++++++++++++
src/lib/krb5/libkrb5.exports | 2 +
src/lib/krb5_32.def | 2 +
src/plugins/kdb/test/kdb_test.c | 6 +-
11 files changed, 534 insertions(+), 41 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
