oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,963 Commits 3 Branches 2 Tags
199d6b7f8faa480d88fe07ec5f253b74c84faf1b
Commit Graph

30963 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Williams
199d6b7f8f tests: Check asprintf() result 2026-01-18 16:09:31 -06:00
Nicolas Williams
318183f90b tests: Avoid DNS 2026-01-18 16:09:31 -06:00
Nicolas Williams
d5583d2e54 tests: Make HDB writes async to speed tests 2026-01-18 16:09:31 -06:00
Nicolas Williams
4fd6a9acf0 tests: Work around race in check-iprop 
We need to wait_for the changes to show up, not for log messages or log
entries.  The latter can come before the HDB writes are committed.
 2026-01-18 16:09:31 -06:00
Nicolas Williams
567704f20e httpkadmind: Add -A option for async HDB writes 2026-01-18 16:09:31 -06:00
Nicolas Williams
a33d6fb82a kadmind: Fix leak 2026-01-18 16:09:31 -06:00
Nicolas Williams
5a7ace809e kadmind: Add -A option for async HDB writes 2026-01-18 16:09:31 -06:00
Nicolas Williams
16b4b386f2 kadmin: Add -A option for async HDB writes 2026-01-18 16:09:31 -06:00
Nicolas Williams
d64ba321b8 kadmin: Update kadmin(1) man page 2026-01-18 16:09:31 -06:00
Nicolas Williams
c498fed5a5 kadmin: Fix ext_keytab leak 2026-01-18 16:09:31 -06:00
Nicolas Williams
a7e9797919 kadmin: Implement -e for cpw/randkey 2026-01-18 16:09:31 -06:00
Nicolas Williams
697d493ca8 kadmin: Use same supported_enctypes default as default_keys in lib/hdb 2026-01-18 16:09:30 -06:00
Nicolas Williams
b704f45dce iprop: Fix Windows bug 2026-01-18 16:09:30 -06:00
Nicolas Williams
845a9bb0e6 iprop: Fix leaks in ipropd-slave 2026-01-18 16:09:30 -06:00
Nicolas Williams
b8aed2b43e kadm5: Check ftruncate() result 2026-01-18 16:09:30 -06:00
Nicolas Williams
8fbd67005d kadm5: Add KADM5_CONFIG_ASYNC_HDB_WRITES param 2026-01-18 16:09:30 -06:00
Nicolas Williams
1bc19c6c04 kdc: Fix NULL deref 2026-01-18 16:09:30 -06:00
Nicolas Williams
2a69918515 kdc: Quiet some MSVC false positive warnings 2026-01-18 16:08:40 -06:00
Nicolas Williams
52e805f3f9 kdc: Session key enctype selection needs to check the service supported enctypes 2026-01-18 16:08:40 -06:00
Nicolas Williams
49ff8baae4 hdb: Change default_keytypes[] to drop weak enctypes 2026-01-18 16:08:40 -06:00
Nicolas Williams
8a52ba7e0f krb5: Free context at exit time in test_set_kvno0.c 2026-01-18 16:08:40 -06:00
Nicolas Williams
687c7d5fb7 krb5: Fix leak in krb5_sendauth() 2026-01-18 16:08:40 -06:00
Nicolas Williams
69d214b519 krb5: _krb5_pk_octetstring2key() fails to clear keydata 2026-01-18 16:08:40 -06:00
Nicolas Williams
7587003ec6 krb5: Promote AES SHA2 enctypes to preferred 2026-01-18 16:08:40 -06:00
Nicolas Williams
10271fe8d5 klist: Show ticket session key enctype too 2026-01-18 16:08:40 -06:00
Nicolas Williams
acd62212d5 spnego: Fix negoex leak 2026-01-18 16:08:40 -06:00
Nicolas Williams
10be6a75c4 spnego: Restrict when SANON gets negotiated 
There were cases where we weren't negotiating SANON where we should
have.  But we really don't want to overdo it.  In particular we really
never ever want a user with expired or absent Kerberos credentials (say)
to accidentally negotiate SANON as that will then lead to authorization
errors down the line, and those would be hard to diagnose as they would
be masking the real issue (expired or absent credentials).

So basically either the user passes GSS_C_ANON_FLAG or (and/or) they
call gss_set_neg_mechs() to explicitly request SANON.

Partly authored by me, partly authored by Claude with heavy human
guidance, and reviewed by me.
 2026-01-18 16:08:40 -06:00
Nicolas Williams
21bcabb47f ldap: Switch from bdb to mdb 2026-01-18 16:08:40 -06:00
Nicolas Williams
7d16663dfa gsskrb5: Fix part of the enctype negotiation problems 2026-01-18 16:08:40 -06:00
Nicolas Williams
6dc1508e8c gss: Add threaded testing of GSS-API! 2026-01-18 16:08:40 -06:00
Nicolas Williams
1274238948 gss: Fix mech attr matching (test_mech_attrs()) 2026-01-18 16:08:40 -06:00
Nicolas Williams
b0c925797a gss: Use the 'gss_mo' in each mech to find mech_attrs (needed by SPNEGO) 2026-01-18 16:08:40 -06:00
Nicolas Williams
b6c3116400 base: Treat KRB5_TRACE=<path> as KRB5_TRACE=0-5/FILE:<path> 2026-01-18 16:08:40 -06:00
Nicolas Williams
3451950db7 base: NULL-terminate getarg_strings 2026-01-18 16:08:40 -06:00
Nicolas Williams
a7bba71ab8 base: Implement appended-error concat 2026-01-18 16:08:40 -06:00
Nicolas Williams
e74f785367 hxtool: Fix leak in acert sub-command 2026-01-18 16:08:40 -06:00
Nicolas Williams
50244ef92d hxtool: Enable extended MANDOC generation 2026-01-18 16:08:39 -06:00
Nicolas Williams
ff67770aa1 hx509: Quiet warnings 2026-01-18 16:08:39 -06:00
Nicolas Williams
74a613c67d sl: Add extended MANDOC generation 2026-01-18 16:08:39 -06:00
Nicolas Williams
90d116d641 asn1: Quiet warnings 2026-01-18 16:08:39 -06:00
Nicolas Williams
4db2636862 asn1: Print negative enum values correctly 2026-01-18 16:08:39 -06:00
Nicolas Williams
bd9a03d498 asn1: Add ASN1_MALLOC_ENCODE_SAVE() macro 2026-01-18 16:08:39 -06:00
Nicolas Williams
ec942cd5a1 asn1: Add util der_show_heim_oid_sym() for use in gdb 2026-01-18 16:08:39 -06:00
Nicolas Williams
3c9d0f3033 gssmask: Daemonize the Heimdal way to avoid need for sleeping in the test 
This commit authored by Claude with human guidance and review.
 2026-01-18 16:08:39 -06:00
Nicolas Williams
f74b82d6f0 windows: Add missing exports in lib/asn1 2026-01-18 16:08:39 -06:00
Nicolas Williams
4a4567fa17 windows: No SSIZE_MAX on Windows... 2026-01-18 16:08:39 -06:00
Nicolas Williams
049b1b176b windows: #define _Atomic 2026-01-18 16:08:39 -06:00
Nicolas Williams
27a64459dc threads: Add HEIMDAL_THREAD_join() 2026-01-18 16:08:39 -06:00
Nicolas Williams
1042807a1c base: Fix JSON encoder crash 2026-01-18 16:08:39 -06:00
Nicolas Williams
28b05924c5 roken: Add URL-safe base64 2026-01-18 16:08:39 -06:00