oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
25,798 Commits 2 Branches 2 Tags
667ec8eb81e6397bcfcdc4750692df1aeb4e90d1
Commit Graph

14902 Commits

Author SHA1 Message Date
Ted Percival
1cbb0e766d Fix crash in rk_freeifaddrs due to freeing an invalid pointer 
Crash occurs on Linux systems that support AF_NETLINK but do not have
getifaddrs() in libc (eg. SuSE 8.1).

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-05 12:29:26 +02:00
Love Hornquist Astrand
0ede7ac561 Pass down the use-dce-style flag instead of the while gssapi krb5 context 2009-08-05 12:00:07 +02:00
Love Hornquist Astrand
1fc7af5bcf Add missing files 2009-08-05 11:13:01 +02:00
Stefan Metzmacher
ab9e5d13ec gsskrb5: try to be compatible with windows for gss_wrap* and cfx 
The good thing is that windows and heimdal both use EC=0
in the non DCE_STYLE case, so we need the windows compat hack
only in DCE_STYLE mode.

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-04 20:22:05 +02:00
Stefan Metzmacher
0297d047a4 gsskrb5: add support for DCE_STYLE and des and des3 keys 
Only the des keys are tested as windows doesn't support des3

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-04 20:21:20 +02:00
Stefan Metzmacher
772dfac438 lib/asn1: remove unused reference to vers.h 
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-04 20:19:44 +02:00
Stefan Metzmacher
5b8a319a7e lib/krb5: fix the build without KRB4 
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-04 20:19:44 +02:00
Love Hornquist Astrand
abd2f29c44 Pull in roken and use ROKEN_CPP_BEGIN/ROKEN_CPP_END instead of cdecl 2009-08-04 20:19:44 +02:00
Stefan Metzmacher
513f59dcd4 heimdal:camellia: include roken.h 
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-04 20:19:44 +02:00
Andrew Bartlett
a4287ff403 Include roken.h to fix build of example_evp_cipher test on Linux 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-04 20:19:44 +02:00
Andrew Bartlett
f8c121b282 Add support for user principal names in certificates [HEIMDAL-602] 
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ.  (This was a TODO in
the Heimdal KDC)

The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
 2009-08-04 09:34:58 +02:00
Love Hornquist Astrand
147184381e Check for NUL in the middle of the string 2009-08-04 00:57:35 +02:00
Love Hornquist Astrand
3cebc3767f add more test to test_acquire_cred that removes the need of test_init_creds.c 2009-08-03 13:05:36 +02:00
Love Hornquist Astrand
e6c2a70678 Indent some more 2009-08-03 12:10:07 +02:00
Love Hornquist Astrand
b2129c0751 Indent the patch from Andrew and make it compile again 2009-08-03 10:54:44 +02:00
Love Hornquist Astrand
ada7c73176 Indent the patch from Andrew and make it compile again 2009-08-03 10:50:50 +02:00
Love Hornquist Astrand
788480d28a heimdal Extend the 'hdb as a keytab' code [HEIMDAL-600] 
This extends the hdb_keytab code to allow enumeration of all the keys.

The plan is to allow ktutil's copy command to copy from Samba4's
hdb_samba4 into a file-based keytab used in wireshark.

From Andrew Bartlett
 2009-08-03 10:43:22 +02:00
Love Hornquist Astrand
ff89a727d4 Fix bounced condition 2009-07-30 19:19:35 +02:00
Love Hornquist Astrand
4d200dd2d5 Clean the list in a simpler way 2009-07-30 18:56:23 +02:00
Love Hornquist Astrand
ae58266705 More doxygen. 2009-07-30 15:36:25 +02:00
Love Hornquist Astrand
11024751a5 make compile 2009-07-30 14:25:12 +02:00
Love Hornquist Astrand
3608b815b4 Don't bother checking usage of minor_status [CID-23] 2009-07-30 14:01:57 +02:00
Love Hornquist Astrand
901bac07e8 Don't need to look check *input_name twice [CID-27]. 2009-07-30 14:00:48 +02:00
Love Hornquist Astrand
08256017e4 Don't dereference input_name [CID-27]. 2009-07-30 13:59:42 +02:00
Love Hornquist Astrand
0f5f5947aa make sure client is set before trying to use it [CID-50] 2009-07-30 13:20:00 +02:00
Love Hornquist Astrand
7d8d09f3c0 make compile 2009-07-30 12:56:54 +02:00
Love Hornquist Astrand
e184e053dd Catch memory allocation failures [CID-61] 2009-07-30 12:56:21 +02:00
Love Hornquist Astrand
a5b015ab7e Make sure av is freed if its allocated [CID-73] 2009-07-30 12:40:13 +02:00
Love Hornquist Astrand
25b0f731ab Better handling of memory allocation failure [CID-77] 2009-07-30 12:27:19 +02:00
Love Hornquist Astrand
dc95a7983d Release ticket on failure [CID-96] 2009-07-30 11:59:15 +02:00
Love Hornquist Astrand
c961189f95 Remove dead code [CID-10] 2009-07-30 10:55:06 +02:00
Love Hornquist Astrand
0d49d0f1c4 Free ticket earlier [CID-108] 2009-07-30 10:39:52 +02:00
Love Hornquist Astrand
c8b05eef61 (base64_encode): bound input length to /4 of max int and positive 2009-07-30 10:36:39 +02:00
Love Hornquist Astrand
5373d3a869 Allow parsing of cert fail unless HX509_CERTS_UNPROTECT_ALL is set. 2009-07-30 10:20:04 +02:00
Love Hornquist Astrand
1bdf51f26f (strpoolcollect): allow p == NULL, return the empty string (allocated) 2009-07-30 10:08:48 +02:00
Love Hornquist Astrand
0da57a49d7 Make cgetstr() not return allocated memory on failure [CID-170] 2009-07-30 10:04:44 +02:00
Love Hornquist Astrand
90ed2b6790 Check result of calloc [CID-181] 2009-07-30 09:44:44 +02:00
Love Hornquist Astrand
3f802d359f Use right variable [CID-181] 2009-07-30 09:41:42 +02:00
Love Hornquist Astrand
e1ecb6f7a6 Catch uninited variable [CID-182] 2009-07-30 09:40:05 +02:00
Love Hornquist Astrand
ca6e428093 check that we don't pass negative numbers of memset [CID-169] 2009-07-30 07:53:58 +02:00
Love Hornquist Astrand
896391a56b Double free of sp on empty list of creds [CID-183] 2009-07-30 07:46:37 +02:00
Love Hornquist Astrand
a1964f4747 use after free [CID-184] [CID-185] 2009-07-30 07:38:24 +02:00
Love Hornquist Astrand
9581e59bde FORWARD_NULL fixes [CID-163] and friends 2009-07-30 07:36:03 +02:00
Love Hornquist Astrand
b9644d7060 Test on wrong variable 2009-07-30 07:30:27 +02:00
Love Hornquist Astrand
b1dc4dc97e (_hx509_Name_to_string): free memory on failure (that should not happen) [CID 176] 2009-07-30 07:25:36 +02:00
Love Hornquist Astrand
4e516cec33 Pruned to aggressivly 2009-07-29 23:14:44 +02:00
Love Hornquist Astrand
2e1ebf8598 add export/import cred 2009-07-29 23:12:16 +02:00
Love Hornquist Astrand
9b710bed81 store is never read again 2009-07-29 22:37:58 +02:00
Love Hornquist Astrand
fa502c6648 Add support for gss_{import,export}_cred() as requested by metze 
Works for krb5 and SPNEGO mechanisms. Kerberos credentials are passed as
credential cache names, or if there are memory based credentials, inband in the protocol. This means that the credentials buffers must be keep secret.

As documented by IBM (they have the wrong prototype though)
and GGF (GSS-API Extensions) back in 2001
 2009-07-29 13:36:02 +02:00
Love Hornquist Astrand
e5c42ba42f rename krb5_storage_from_emem in documentation 2009-07-28 17:51:53 +02:00