oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

httpkadmind: Make more like bx509d internally

Browse Source 
- Correct handling of POST (before POSTs with non-zero-length bodies
   would cause the server to close the connection).

 - Add CSRF features from bx509d.
This commit is contained in:
Nicolas Williams
2022-08-22 22:38:03 -05:00
parent ae527bf97c
commit 56c6120522
3 changed files with 503 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tests/kdc/check-httpkadmind.in
View File

@@ -697,7 +697,7 @@ ${hxtool} issue-certificate \
--lifetime=7d \
--certificate="FILE:pkinit-synthetic.crt" ||
{ echo "Failed to make PKINIT client cert"; exit 1; }
KRB5CCNAME=$admincache ${kadmin} get -s $p >/dev/null &&
KRB5CCNAME=$admincache ${kadmin} get -s $p >/dev/null 2>&1 &&
{ echo "Internal error -- $p exists too soon"; exit 1; }
${kinit2} -C "FILE:${objdir}/pkinit-synthetic.crt,${keyfile2}" ${p}@${R} || \
{ echo "Failed to kinit with PKINIT client cert"; exit 1; }
@@ -727,7 +727,7 @@ ${hxtool} issue-certificate \
--lifetime=7d \
--certificate="FILE:pkinit-synthetic.crt" ||
{ echo "Failed to make PKINIT client cert"; exit 1; }
KRB5CCNAME=$admincache ${kadmin} get -s $p >/dev/null &&
KRB5CCNAME=$admincache ${kadmin} get -s $p >/dev/null 2>&1 &&
{ echo "Internal error -- $p exists too soon"; exit 1; }
${kinit2} -C "FILE:${objdir}/pkinit-synthetic.crt,${keyfile2}" ${p}@${R} || \
{ echo "Failed to kinit with PKINIT client cert"; exit 1; }
@@ -757,7 +757,7 @@ ${hxtool} issue-certificate \
--lifetime=7d \
--certificate="FILE:pkinit-synthetic.crt" ||
{ echo "Failed to make PKINIT client cert"; exit 1; }
KRB5CCNAME=$admincache ${kadmin} get -s $p >/dev/null &&
KRB5CCNAME=$admincache ${kadmin} get -s $p >/dev/null 2>&1 &&
{ echo "Internal error -- $p exists too soon"; exit 1; }
${kinit2} -C "FILE:${objdir}/pkinit-synthetic.crt,${keyfile2}" ${p}@${R} || \
{ echo "Failed to kinit with PKINIT client cert"; exit 1; }
@@ -787,7 +787,7 @@ ${hxtool} issue-certificate \
--lifetime=7d \
--certificate="FILE:pkinit-synthetic.crt" ||
{ echo "Failed to make PKINIT client cert"; exit 1; }
KRB5CCNAME=$admincache ${kadmin} get -s $p >/dev/null &&
KRB5CCNAME=$admincache ${kadmin} get -s $p >/dev/null 2>&1 &&
{ echo "Internal error -- $p exists too soon"; exit 1; }
${kinit2} -C "FILE:${objdir}/pkinit-synthetic.crt,${keyfile2}" ${p}@${R} || \
{ echo "Failed to kinit with PKINIT client cert"; exit 1; }