oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,504 Commits 4 Branches 2 Tags
497a561b4d12efabb062d1ffd6dd12877af7954f
Commit Graph

29504 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luke Howard 497a561b4d gss: avoid string concatenation warning in error message init 
Some compilers with -Wstring-concatenation enabled warned about a suspicious
concatenation of string literals in the initialization of the GSS-API error
message array.

At the expense of a long line, avoid this warning but explicitly concatenating
the offending string literal.

Fixes: #775
 2021-05-17 10:09:01 +10:00
Luke Howard f67dd0f903 roken: move Heimdal vis.h extensions to separate header 
vis.h is not built on platforms (such as macOS) that already have
that header, which resulted in prototypes for Heimdal-specific
vis.h extensions being absent.

Move those prototypes to a separate header, vis-extras.h, which
must be explicitly included in order to use the Heimdal extensions.
 2021-05-17 10:05:58 +10:00
Nicolas Williams cc5bd3a6c0 kdc: Improve warn_ticket_addresses feature (fix bug) 2021-05-14 17:02:08 -05:00
Nicolas Williams 9ce3cbbf2a kdc: Improve warn_ticket_addresses feature 
- Don't log "Request from wrong address (ignoring)".
 - Add "wrongaddr=yes" kv to final log message.
 - Add request and ticket addresses (up to 3) to final log message.
 2021-05-12 17:56:26 -05:00
Nicolas Williams 8807a0aad9 bx509d: Use /get-tgt lifetime q-param 2021-05-06 23:13:31 -05:00
Nicolas Williams 5aaf12351a iprop: More default HDB type fixes 2021-05-04 14:53:40 -05:00
Nicolas Williams 0c1cd18e03 iprop: Fix default dbname choice on initial prop 
If a DB does not already exist, ipropd-slave will use the compiled
default, which is not necessarily what is desired or configured in
`[kdc]`.

This change makes `hdb_default_db()` return the first dbanme in the
`[kdc]` configuration, falling back on `HDB_DEFAULT_DB`.

Also, this adds a `--database` option to `ipropd-slave`.
 2021-05-03 15:02:43 -05:00
Nicolas Williams e609e61f21 bx509d: Set Content-Type and Cache-Control 2021-04-30 16:02:18 -05:00
Nicolas Williams b1b993b231 httpkadmind: Use no-store rather than no-cache 2021-04-30 15:46:20 -05:00
Nicolas Williams 034413892e roken: Fix Makefile race 2021-04-26 14:40:00 -05:00
Nicolas Williams 1e65ebd5eb asn1: Fix Windows build 2021-04-25 10:45:43 -05:00
Nicolas Williams ec171ef0b6 asn1: Add missing file gen_print.c 2021-04-25 10:45:43 -05:00
Nicolas Williams e80ac3ae22 kdc: Install bx509d and httpkadmind man pages 2021-04-23 22:15:51 -05:00
Nicolas Williams 5c93af553b asn1: Build both backends 
The codegen backend is faster than the template backend, even for
modules that don't use IOS.  On x64 we see the template backend being
4% slower for TGS requests using the kdc-tester program.

So let's build both, libasn1 (codegen) and libasn1template when
configured with --disable-asn1-templating, but make sure that the
asn1_print utility is linked with libasn1template.

Eventually we'll want to either optimize the template backend better,
or add IOS and JSON printing support to the codegen backend.
 2021-04-23 22:15:51 -05:00
Nicolas Williams 32b314b174 asn1: Generate print stubs (codegen) 2021-04-23 22:15:51 -05:00
Nicolas Williams e3359f6bf5 roken: Install useful rk utils 2021-04-23 22:15:51 -05:00
Nicolas Williams 83fe958211 hx509/bx509: Long-lived certs weren't being issued 2021-04-23 14:49:03 -05:00
Nicolas Williams a4adb8354f bx509: Complete /get-tgt?cname= support 2021-04-22 17:02:18 -05:00
Nicolas Williams 76d6ee4abc bx509: Don't clobber error in get_tgt() 2021-04-22 17:02:16 -05:00
Nicolas Williams 407f12cc0b asn1: Fix --disable-asn1-templating build 2021-04-21 22:40:41 -05:00
Nicolas Williams 6d7c44989b github: Use GitHub Actions 2021-04-20 12:01:54 -05:00
Nicolas Williams f60300984e bx509d: /get-tgt add EKU to authorization check 2021-04-16 14:13:05 -05:00
Nicolas Williams eb2d1029c2 kdc: Test warn_ticket_addresses and /get-tgt w/ addresses 2021-04-14 19:28:09 -05:00
Nicolas Williams 6ff3dbf297 bx509: Add addresses q-param for /get-tgt 2021-04-14 19:28:08 -05:00
Nicolas Williams 16d6bda3aa krb5: Add _krb5_parse_address_no_lookup() 2021-04-14 19:27:21 -05:00
Nicolas Williams 2d1fee6d11 kdc: Set r->addr 
Fixes a NULL-dereference.
 2021-04-14 19:27:21 -05:00
Nicolas Williams 966f18f57e kdc: Add warn_ticket_addresses config option (fix missing) 2021-04-14 19:27:21 -05:00
Nicolas Williams a5e289f4f7 kdc: Add warn_ticket_addresses config option 2021-04-13 23:22:45 -05:00
Nicolas Williams 6633f6e525 bx509d: Implement /get-tgt end-point 2021-04-06 17:19:48 -05:00
Nicolas Williams d72c4af635 bx509: Rename end-points; doc Negotiate more 
Leaving old end-point names around.
 2021-04-06 17:19:48 -05:00
Nicolas Williams 9dcab76724 asn1: Fix build concurrency bug 2021-04-01 01:08:00 -05:00
Nicolas Williams 9ff74bcd21 asn1: Fix check/print type confusion 2021-04-01 01:08:00 -05:00
Nicolas Williams e7a8457fd2 asn1: Fix extra.c printer functions 2021-04-01 01:08:00 -05:00
Nicolas Williams e2e0dc331e kcm: Actually implement --socket-path option 2021-03-31 22:59:38 -05:00
Nicolas Williams 9d9fd7f2fa kcm: Check service registration errors 2021-03-31 22:59:38 -05:00
Nicolas Williams 6216117da0 iprop: Optional async slave HDB writes 
New command-line option for ipropd-slave to disable sync HDB writes
also when replaying the log.
 2021-03-31 22:59:38 -05:00
Nicolas Williams c2bf9b9e71 kx509: Improve start_realm logic 2021-03-31 22:59:38 -05:00
Nicolas Williams 6b8487f44b kinit: Fix kinit -R crash 2021-03-31 22:59:38 -05:00
Nicolas Williams afa1624682 kinit: Make --default-for behavior optional 
Scripts that run kinit -k will break otherwise.
 2021-03-31 22:59:38 -05:00
Nicolas Williams b0e5c471f6 kinit: Do not switch cache when --default-for given 
Unless --change-default is also given.
 2021-03-31 22:59:38 -05:00
Nicolas Williams 5443189b96 krb: Fix ccache resolve bug affecting ssh/kinit 2021-03-31 22:59:38 -05:00
Nicolas Williams 614b3a5914 asn1: Fix OS X build 
We can't use VIS_DQ on when the OS has a vis implementation but lacks
VIS_DQ.
 2021-03-27 23:29:34 -05:00
Nicolas Williams eb2bd63207 roken: Fix OS X build? 2021-03-27 11:35:21 -05:00
Nicolas Williams 5dfe9b706e travis: Do not brew update [harder] 2021-03-27 01:08:56 -05:00
Nicolas Williams c414fbbfd2 travis: Do not brew update 
Running brew update times out the OS X build.
 2021-03-27 00:55:55 -05:00
Nicolas Williams 0205237a6e kdc: Add missing dep for tests/kdc/check-pkinit.in 2021-03-26 23:37:52 -05:00
Benjamin Kaduk 7f3445f1b7 Replace dead link in kerberos.8 
While Ken Hornstein's FAQ was useful in its day, much of its content
is no longer relevant (e.g., Kerberos 4) or even actively harmful
(e.g., the latest version of MIT krb5 is not 1.2.1).  It was also
somewhat MIT-krb5-focused, especially relating to configuration file
snippets, which is not necessarily a great fit for the Heimdal
documentation.

Replace it with a tutorial hosted on kerberos.org and the classic
"dialogue" from Bill Bryant.

Fixes: #766
 2021-03-26 18:47:49 -05:00
Nicolas Williams 7985f402cb asn1: Attempt to fix makefile concurrency bug 2021-03-26 17:27:47 -05:00
Nicolas Williams c74c57a143 asn1: Fix lib/asn1/Makefile.am buglet 2021-03-26 17:27:47 -05:00
Nicolas Williams 28cdea6de4 kdc: Reduce log level of some messages 2021-03-26 16:40:52 -05:00