oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
31,057 Commits 4 Branches 2 Tags
7321fd71c673e1c2b5e9084fc685df4a97992c5c
Commit Graph

31057 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taylor R Campbell
7321fd71c6 krb5: Default TCP transport to KDC when SOCKS4a proxy is configured. 
Default of UDP transport doesn't work over SOCKS4a anyway, so this
makes configuration with socks4a_proxy easier.
 2026-01-20 12:27:05 -06:00
Taylor R Campbell
3b0d00c743 New option [libdefaults] socks4a_proxy. 
All network traffic to KDC goes through the SOCKS4a proxy if it is
configured.

This is deliberately kept simple -- and is not generalized to SOCKS4
or SOCKS5 or other types of proxies -- so it is easy to audit for
network and DNS leaks.  (SOCKS4 works in IP addresses, and so invites
DNS leaks.  SOCKS5 can be OK, if used judiciously, but takes more
work to implement.)

This only affects krb5_sendto -- the other initiator of network
traffic in libkrb5, krb5_change_password, will be fixed to respect
socks4a_proxy in a subsequent commit.

XXX Need to figure out where the socks4a.c code should go.

fix https://github.com/heimdal/heimdal/issues/1151
 2026-01-20 12:27:05 -06:00
Nicolas Williams
3d2c2e0f16 GHA: Fix Windows build (fix Appveyor removal) 2026-01-20 12:26:55 -06:00
Nicolas Williams
4bca716446 GHA: Add Coveralls build 2026-01-19 12:46:19 -06:00
Nicolas Williams
2b2c71a7c1 README.md: Drop Coveralls badge (not updating) 
For now.  We'll see if we can build a GHA workflow that replaces it or works
with it.
 2026-01-19 12:33:43 -06:00
Nicolas Williams
54b71041b6 CI: Drop references to Appveyor and Travis 2026-01-19 12:33:43 -06:00
Michael Richardson
a0dcf9bffd if a CSR has multiple extRequests, keep only last 
The code already keeps the last entry, but it leaks the previous copies.  @nicowilliams noticed this.
 2026-01-19 00:18:47 -06:00
Nicolas Williams
76db37d833 sanon: Do not acquire creds for GSS_C_NO_NAME 2026-01-18 23:47:40 -06:00
fossdd
d233bf84d7 Use <poll.h> insted of <sys/poll.h> 
Acording to POSIX <poll.h> should be used instead of <sys/poll.h>.

Libcs like musl libc added a redict due maintain compat with older
glibcs and added the following warning:

	/usr/include/sys/poll.h:1:2: warning: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Wcpp]
	    1 | #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
	      |  ^~~~~~~

Ref: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/poll.h.html
 2026-01-18 23:27:57 -06:00
Nicolas Williams
bbfc116686 gsskrb5: display_name(NO_NAME) should not crash (fix #1288) 2026-01-18 20:48:42 -06:00
Alexander Boström
5580b3fe91 Add SPDX-License-Identifier for Secure Endpoints Inc 2026-01-18 20:06:06 -06:00
Alexander Boström
0fcc1d4225 Add SPDX-License-Identifier for Apple, Inc 2026-01-18 20:06:06 -06:00
Alexander Boström
0e9e2a13e0 Add SPDX-License-Identifier for The NetBSD Foundation, Inc. 2026-01-18 20:06:06 -06:00
Alexander Boström
9536b1d116 Add SPDX-License-Identifier for PADL Software Pty Ltd 2026-01-18 20:06:06 -06:00
Alexander Boström
eab82e40ad Add SPDX-License-Identifier for Doug Rabson 2026-01-18 20:06:06 -06:00
Alexander Boström
8a03cda949 Add SPDX-License-Identifier for The Regents of the University of California. 2026-01-18 20:06:06 -06:00
Alexander Boström
37d5df6078 Add SPDX-License-Identifier for The Regents of the University of California 2026-01-18 20:06:06 -06:00
Alexander Boström
1151d88402 Add SPDX-License-Identifier for Massachusetts Institute of Technology 2026-01-18 20:06:06 -06:00
Alexander Boström
d3e6c52baf Add SPDX-License-Identifier for Kungliga Tekniska Högskolan 2026-01-18 20:06:06 -06:00
Nicolas Williams
3be4426f9d Update NEWS release notes for upcoming 8.0 release 2026-01-18 19:06:17 -06:00
Nicolas Williams
fa43b2d3c4 asn1: Fix UB in two tests 2026-01-18 19:06:17 -06:00
Nicolas Williams
a1dfcc8453 krb5: Constify krb5_kuserok() 2026-01-18 19:06:17 -06:00
Nicolas Williams
10732be94c gss: Constify gss_str_to_oid() 2026-01-18 19:06:17 -06:00
Nicolas Williams
d67e0b6d39 cf: clang -Wimplicit-fallthrough for flex code 2026-01-18 19:06:17 -06:00
Nicolas Williams
75affc8f55 cf: clang pretends to be GCC 4 2026-01-18 19:06:17 -06:00
Nicolas Williams
09b77c4051 cf: Work around differents in Wflags b. gcc and clang 2026-01-18 19:06:17 -06:00
Taylor R Campbell
bc11abde3b cf/roken-frag.m4: Add a bunch more warnings. 
Note: the rk_WFLAGS in configure.ac appears to be dead code,
overridden by the rk_WFLAGS in cf/roken-frag.m4.  This confusing
state of affairs should be improved.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5589cf96c7 Sprinkle const and rk_UNCONST throughout the tests. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
814f03ad7f kdc_test_plugin: rk_UNCONST for krb5_pac_add_buffer. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
e293353c4d appl/test: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
ac3f9212da appl/kf: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
9460245c1f gssmask: Sprinkle rk_UNCONST for read-only krb5_data. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
40317659b0 kinit: rk_UNCONST for read-only krb5_data. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
97f8bb1a28 kcm: Sprinkle const. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
adeae8336c kdc: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
29a791f8f4 kdc: rk_UNCONST for literal shell.version. 
I assume this is used read-only by ASN1_MALLOC_ENCODE.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
56a6e7261b kadm5: Sprinkle const and rk_UNCONST for private string not modified. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5373ab492f ipc: rk_UNCONST for private string not modified. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
a9f37d2597 libroken: Make roken_detach_prep take const char *special_arg. 
Requires an internal rk_UNCONST because of annoying execvp type, but
that's better than rk_UNCONST in all the call sites.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5fec8989b5 gssapi: Sprinkle const and rk_UNCONST to pacify -Wwrite-strings. 
All for read-only krb5_data or gss_buffer_desc.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
9c1b2e963b krb5: Sprinkle const and rk_UNCONST to pacify -Wwrite-strings. 
Mostly for read-only iov or krb5_data.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
f08f1a6456 appl/kf: Label unconst for read-only krb5_data. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
294ab3ae5d kdc: Sprinkle rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
3c2b7b865b kdc: Note strict aliasing violations. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
29da785a64 kadm5: Note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
0eb423022f hdb: Label unconst abuse for read-only krb5_data. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
82225829a0 gss_preauth: Label unconst abuse with rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
cdd1fb8fc4 gssapi/sanon: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
bbf6150cfd gssapi: Make gss_duplicate_oid{,_set} take gss_const_OID_t. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
04dcda3628 gssapi/spnego: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00