oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
31,073 Commits 3 Branches 2 Tags
1faea3ffcff283b033fe5ef50675177883fb74d7
Commit Graph

18388 Commits

Author SHA1 Message Date
Nicolas Williams
fdf107353e hdb: Get LDAP backend building again 2026-01-22 00:02:05 -06:00
Taylor R Campbell
82f7b8072c Nix bashisms. 
This isn't fully POSIX shell, because POSIX shell still doesn't have
`local' variable declarations, but at least it is reasonably portable
now.

fix https://github.com/heimdal/heimdal/issues/1299
 2026-01-21 12:40:26 -06:00
Nicolas Williams
f11debe689 krb5: Make socksdrawer setprogname() 2026-01-21 11:45:45 -06:00
Nicolas Williams
4584b22511 hx509: Make fuzz_jose use getarg() 2026-01-21 11:45:28 -06:00
Nicolas Williams
ea3024a706 base: Make fuzz_json use getarg() (fix #1298) 2026-01-21 11:45:06 -06:00
Nicolas Williams
4d80b16a30 Revert "kdc: Fix kinit of principal aliases" 
This reverts commit d2047065bd.
 2026-01-21 11:37:25 -06:00
Taylor R Campbell
253a001ebc Fix use of accept() in test socks4a proxy. 
The read() in readall() to read the SOCKS4a request was sometimes
failing with EAGAIN, which it wasn't prepared for, causing the
request to be rejected and the test to fail.

I wrote this code specifically under the assumption the fd would be
in blocking mode, and in the original draft I wrote with stdin/stdout
under socat that was true.  But when I adapted this to do its own
bind/listen/accept logic, I broke it, because POSIX leaves it
unspecified whether accept() inherits the O_NONBLOCK setting or not:

https://pubs.opengroup.org/onlinepubs/9799919799/functions/accept4.html

And the traditional BSD semantics is to inherit O_NONBLOCK.

So, just explicitly clear O_NONBLOCK on the fd returned by accept().
 2026-01-21 10:35:22 -06:00
Nicolas Williams
d2047065bd kdc: Fix kinit of principal aliases 2026-01-20 13:48:25 -06:00
Nicolas Williams
b02d4d4569 krb5: Add SOCKS4a test 2026-01-20 12:57:01 -06:00
Nicolas Williams
31651f8e61 krb5: Add socksdrawer for testing SOCKS4 2026-01-20 12:57:01 -06:00
Taylor R Campbell
c768567929 krb5_set_password: Use target principal for SOCKS4a userid. 
This enables Tor stream isolation.
 2026-01-20 12:57:01 -06:00
Taylor R Campbell
5c5cb66c05 krb5: Set principal as proxy userid when getting creds. 
This enables Tor stream isolation.
 2026-01-20 12:57:01 -06:00
Taylor R Campbell
7321fd71c6 krb5: Default TCP transport to KDC when SOCKS4a proxy is configured. 
Default of UDP transport doesn't work over SOCKS4a anyway, so this
makes configuration with socks4a_proxy easier.
 2026-01-20 12:27:05 -06:00
Taylor R Campbell
3b0d00c743 New option [libdefaults] socks4a_proxy. 
All network traffic to KDC goes through the SOCKS4a proxy if it is
configured.

This is deliberately kept simple -- and is not generalized to SOCKS4
or SOCKS5 or other types of proxies -- so it is easy to audit for
network and DNS leaks.  (SOCKS4 works in IP addresses, and so invites
DNS leaks.  SOCKS5 can be OK, if used judiciously, but takes more
work to implement.)

This only affects krb5_sendto -- the other initiator of network
traffic in libkrb5, krb5_change_password, will be fixed to respect
socks4a_proxy in a subsequent commit.

XXX Need to figure out where the socks4a.c code should go.

fix https://github.com/heimdal/heimdal/issues/1151
 2026-01-20 12:27:05 -06:00
Michael Richardson
a0dcf9bffd if a CSR has multiple extRequests, keep only last 
The code already keeps the last entry, but it leaks the previous copies.  @nicowilliams noticed this.
 2026-01-19 00:18:47 -06:00
Nicolas Williams
76db37d833 sanon: Do not acquire creds for GSS_C_NO_NAME 2026-01-18 23:47:40 -06:00
fossdd
d233bf84d7 Use <poll.h> insted of <sys/poll.h> 
Acording to POSIX <poll.h> should be used instead of <sys/poll.h>.

Libcs like musl libc added a redict due maintain compat with older
glibcs and added the following warning:

	/usr/include/sys/poll.h:1:2: warning: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Wcpp]
	    1 | #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
	      |  ^~~~~~~

Ref: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/poll.h.html
 2026-01-18 23:27:57 -06:00
Nicolas Williams
bbfc116686 gsskrb5: display_name(NO_NAME) should not crash (fix #1288) 2026-01-18 20:48:42 -06:00
Nicolas Williams
fa43b2d3c4 asn1: Fix UB in two tests 2026-01-18 19:06:17 -06:00
Nicolas Williams
a1dfcc8453 krb5: Constify krb5_kuserok() 2026-01-18 19:06:17 -06:00
Nicolas Williams
10732be94c gss: Constify gss_str_to_oid() 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5589cf96c7 Sprinkle const and rk_UNCONST throughout the tests. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
56a6e7261b kadm5: Sprinkle const and rk_UNCONST for private string not modified. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5373ab492f ipc: rk_UNCONST for private string not modified. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
a9f37d2597 libroken: Make roken_detach_prep take const char *special_arg. 
Requires an internal rk_UNCONST because of annoying execvp type, but
that's better than rk_UNCONST in all the call sites.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5fec8989b5 gssapi: Sprinkle const and rk_UNCONST to pacify -Wwrite-strings. 
All for read-only krb5_data or gss_buffer_desc.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
9c1b2e963b krb5: Sprinkle const and rk_UNCONST to pacify -Wwrite-strings. 
Mostly for read-only iov or krb5_data.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
29da785a64 kadm5: Note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
0eb423022f hdb: Label unconst abuse for read-only krb5_data. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
82225829a0 gss_preauth: Label unconst abuse with rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
cdd1fb8fc4 gssapi/sanon: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
bbf6150cfd gssapi: Make gss_duplicate_oid{,_set} take gss_const_OID_t. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
04dcda3628 gssapi/spnego: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
137939e0d2 gssapi: Make gss_add_buffer_set_member take gss_const_buffer_t. 
`const gss_buffer_t' was probably meant to be gss_const_buffer_t.

XXX This changes the type of a public symbol -- does thiat require a
version bump?
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
34dc2dda57 gssapi/mech: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
80545251a0 gssapi/krb5: Sprinkle some const, but mostly label unconst abuse. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
d17fed0c7f krb5/log: Note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
c199e31fcd krb5/init_creds_pw.c: Label unconst abuse. 
API is just not type-safe here, bummer.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
18dcaf1ca7 krb5/get_cred: Sprinkle const and label & comment unconst abuse. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
4cb23c61c7 krb5/fcache: Sprinkle const; note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
7726409b5c krb5/store: Label unconst abuse for read-only krb5_data. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
9907e29baa krb5/pac: Label unconst abuse for iov. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
709d317cc9 heim_openlog: Sprinkle const. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
270e0d819c krb5/deprecated: Nix const abuse. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
7ec6b6220d krb5/crypto: Label unconst abuse for iov. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
6da033336e krb5/context: Sprinkle const and note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5c694deee9 _krb5_load_plugins: Sprinkle const. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
3cc4861888 heim_load_plugins: Sprinkle const. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
9765e2522b asn1: Mitigate const abuse and omit needless casts. 
There's still an abusive rk_UNCONST in _asn1_encode_open_type, but
that will take more effort to untangle.
 2026-01-18 19:06:16 -06:00
Taylor R Campbell
f494333624 base/json: Sprinkle const. 2026-01-18 19:06:16 -06:00