oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,443 Commits 2 Branches 2 Tags
22352b90e78e2d162b98b5ef6c84672c397be40a
Commit Graph

29443 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Williams
3f7868b969 httpkadmind: Fix error clobbering 2020-09-29 16:25:12 -05:00
Nicolas Williams
7ae2dfd853 krb5: Fix error msg when removing keytab entries 
If a keytab was 0400 and one tried to delete with ktutil del then the
error message one would get prior to this commit is "entry not found".
 2020-09-25 14:56:44 -05:00
Nicolas Williams
060ff3e09f httpkadmind: Check that host keys not vended 2020-09-25 11:10:09 -05:00
Nicolas Williams
753e636274 hdb: Fix new key delay special casing of kvno 1 2020-09-22 18:27:05 -05:00
Nicolas Williams
7845bda1e0 kadm5: Do not apply new service key delay in get 
Using HDB_F_DELAY_NEW_KEYS in kadm5_s_get_principal() breaks OSKT's
expectations.
 2020-09-19 21:48:49 -05:00
Nicolas Williams
95de81c9a7 kadm5: Avoid close(-1) 2020-09-18 14:31:43 -05:00
Nicolas Williams
461f360b58 iprop: Slight test race condition fix 
tests/kdc/check-iprop.in tends to wait for a log message then it reads a
status file.  Well, we shouldn't write the log message before writing
the status file then!
 2020-09-18 14:31:43 -05:00
Nicolas Williams
916cafe4e5 iprop: Warn about failures to write to iprop log 2020-09-18 14:31:43 -05:00
Nicolas Williams
7c947df247 ipropd: Improve multi-realm support 
Running ipropd-slave on a system whose hostname's realm is not the
requested realm breaks.  Since the iprop client principal should really
be in the same realm as the master, we now force it after calling
krb5_sname_to_principal().
 2020-09-18 14:31:43 -05:00
Nicolas Williams
0e09fa7fde iprop: Support hierarchical iprop 2020-09-18 14:31:43 -05:00
Nicolas Williams
c12ca129b6 httpkadmind: Fix FD leak 
Using `mkstemp()` is nice, but if you don't need the FD, then don't
forget to close it!
 2020-09-15 15:24:29 -05:00
Nicolas Williams
4a4ceaf287 httpkadmind: Fix NULL deref on ENOMEM 2020-09-15 11:31:29 -05:00
Nicolas Williams
3c7d12e116 krb5: Fix FD leak in ENOMEM in stdio_from_fd 2020-09-15 11:26:52 -05:00
Nicolas Williams
b2b6599f87 krb5: Fix NULL deref on ENOMEM in fkt_add_entry(2) 2020-09-15 11:26:06 -05:00
Nicolas Williams
f2f2cd18b6 kadm5: Fix auth_context leak on reconnect 2020-09-14 17:11:08 -05:00
Nicolas Williams
096888fe31 krb5: Fix NULL deref on ENOMEM in fkt_add_entry() 2020-09-14 16:38:20 -05:00
Nicolas Williams
821dcaec70 hdb: Test hdb_validate_key_rotations() 2020-09-09 22:45:17 -05:00
Nicolas Williams
ff13573ce5 hdb: Do not apply new service key delay to clients 
The new [hdb] new_service_key_delay parameter should not apply to
principal entries when used as clients.  Otherwise new passwords would
not take effect immediately, and that would be very confusing.
 2020-09-09 21:48:29 -05:00
Nicolas Williams
18459de867 travis: Install curl too 2020-09-08 14:34:08 -05:00
Nicolas Williams
9574783d04 kdc: Add httpkadmind 
TBD:

 - improve error handling, logging, tracing!
 - move all REST services out of kdc/
 2020-09-08 14:34:08 -05:00
Nicolas Williams
ea83f068e9 kadm5/kadmin: Add read-only mode 
Now we can have read-only kadmind instances.
 2020-09-08 00:25:40 -05:00
Nicolas Williams
5447b81fb1 hdb: Move virtual principals into HDB layer 
This is a large commit that adds several features:

 - Revamps and moves virtual host-based service principal functionality
   from kdc/ to lib/hdb/ so that it may be automatically visible to
   lib/kadm5/, as well as kadmin(1)/kadmind(8) and ktutil(1).

   The changes are backwards-incompatible.

 - Completes support for documenting a service principal's supported
   enctypes in its HDB entry independently of its long-term keys.  This
   will reduce HDB bloat by not requiring that service principals have
   more long-term keys than they need just to document the service's
   supported enctypes.

 - Adds support for storing krb5.conf content in principals' HDB
   entries.  This may eventually be used for causing Heimdal KDC
   services to reconfigure primary/secondary roles automatically by
   discovering the configured primary in an HDB entry for the realm.

   For now this will be used to help reduce the amount of configuration
   needed by clients of an upcoming HTTP binding of the kadmin service.
 2020-09-08 00:25:36 -05:00
Nicolas Williams
ef06b94132 bx509: Fix minor test issues 2020-09-08 00:25:24 -05:00
Nicolas Williams
cb6c57dc36 bx509: Let simple authorizer use the app name 2020-09-08 00:25:24 -05:00
Nicolas Williams
4f0249cd94 hx509/kdc: Move KDC CA utility function into hx509 
This is part of the program to move REST services like bx509d out of
kdc/.
 2020-09-08 00:25:24 -05:00
Nicolas Williams
e311d05fee bx509d: Further disentanglement from kdc 2020-09-08 00:25:24 -05:00
Nicolas Williams
73c424ea66 bx509d: Get KDC config out of bx509d 2020-09-08 00:25:24 -05:00
Nicolas Williams
c3e99be519 kdc: Get KDC config out of CSR authorizer API 
Part of refactoring to split out bx509/bnegotiate, add a kadmin REST service,
and move all of that out of kdc/.
 2020-09-08 00:25:24 -05:00
Nicolas Williams
a12fe376ae Revert "kadm5: Allow princ creation with keys" 
This reverts commit 5b70a0cac6.
 2020-09-07 23:58:46 -05:00
Nicolas Williams
e17f78c738 kadmin: Allow negative time offsets 2020-09-07 22:15:52 -05:00
Nicolas Williams
aa1b938d95 kadm5: Fix leak in principal creation 2020-09-07 22:04:59 -05:00
Nicolas Williams
3b05166332 kadm5: Fix leak in randkey principal 2020-09-07 22:04:59 -05:00
Nicolas Williams
5b70a0cac6 kadm5: Allow princ creation with keys 2020-09-07 22:04:59 -05:00
Nicolas Williams
0a0bf32935 krb5: Fix leak in gethostlist() 2020-09-07 22:04:59 -05:00
Nicolas Williams
fbb3bd3f8b krb5: Constify principal arg to some functions 2020-09-07 22:04:59 -05:00
Nicolas Williams
983ed75295 krb5: Add krb5_set_log_dest() 2020-09-07 22:04:59 -05:00
Nicolas Williams
e479695c61 base: Make heim_audit_trail() safer when ENOMEM 2020-09-07 22:04:59 -05:00
Nicolas Williams
5e078cdf6e base: Fix logging bug 2020-09-07 22:04:59 -05:00
Nicolas Williams
a649acf540 base: Add debug tracing to plugin code 2020-09-07 22:04:59 -05:00
Nicolas Williams
4772674e57 base: Make *_log_msg() use contextual log dest 2020-09-07 22:04:59 -05:00
Nicolas Williams
e2264e8374 base: Make log facility opaque, ref-counted 2020-09-07 22:04:59 -05:00
Nicolas Williams
7208217410 base: Make log reopen option thread-safe 2020-09-07 22:04:59 -05:00
Nicolas Williams
faee4626fb base: Fix leak in heim_string_create_with_format() 2020-09-07 22:04:59 -05:00
Nicolas Williams
a2d827ca1d hcrypto: Disable errors for now that should be fixed 2020-09-07 22:04:59 -05:00
Nicolas Williams
fdc13c4aac Fix switch fallthrough warnings/errors 2020-09-07 22:04:59 -05:00
Nicolas Williams
7d50445d1b Generic: Fix warnings (fallthrough mosty) 2020-09-07 22:04:59 -05:00
Nicolas Williams
c06252745d sqlite: Disable errors 2020-09-07 22:04:59 -05:00
Nicolas Williams
d15b39dd14 hx509: Add log/warn/debug dest set functions 2020-09-07 22:04:59 -05:00
Nicolas Williams
af9bb46a78 hx509: Add hx509_enomem() 2020-09-07 22:04:59 -05:00
Nicolas Williams
473e5be741 asn1: Leave comment about great futures 2020-09-07 22:04:59 -05:00