oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,302 Commits 2 Branches 2 Tags
81263bc94cd4e0dc4893620abccdecdd9d3ac451
Commit Graph

27302 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Love Hornquist Astrand
81263bc94c update leaks check 2013-04-24 17:59:25 -07:00
Love Hornquist Astrand
6f03e4ba76 plug memory leaks 2013-04-24 17:55:55 -07:00
Love Hornquist Astrand
6850c9ac5d type casting to avoid printf warning 2013-04-24 16:45:24 -07:00
Love Hornquist Astrand
f17c4a6c5c only check for keytab content where its needed 2013-04-24 16:42:30 -07:00
Love Hornquist Astrand
6e5bfce2de use socket_set_nonblocking 2013-04-24 16:31:32 -07:00
Viktor Dukhovni
72f0690694 Temporary fix for high-priority iprop issues 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:29:34 -07:00
Viktor Dukhovni
435c02fa26 Compare pac timestamp to unix timestamp right when neither are set 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:28:26 -07:00
Viktor Dukhovni
eface6d31f Fix free before use in ipropd_master slaves-stats open function 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:27:34 -07:00
Viktor Dukhovni
511cd18458 kpasswdd should not enforce principal realm =~ default realm(s) 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:27:16 -07:00
Viktor Dukhovni
9ca0a2b62f More consistent error checks in build_principal() 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:26:23 -07:00
Viktor Dukhovni
a825143e73 The k5login_directory parameter and SYSTEM-K5LOGIN[:directory] are supposed to be directories, not path templates with %{luser} substitution 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:25:59 -07:00
Viktor Dukhovni
5903031630 Don't SEGV on as-is rules without realm= 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:23:36 -07:00
Landon Fuller
6fb9bc86b7 Add a configuration option to enable LDAP Start TLS. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:21:15 -07:00
Landon Fuller
64341e9ec6 Document the new hdb-ldap* configuration options. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:21:15 -07:00
Landon Fuller
96e9025675 Add support for specifying bind DN and password. 
This uses a seperate hdb-ldap-secret-file configuration value, which
specifies an external file that may be used to supply the LDAP bind dn
and password. This allows that specific file to be configured with more
restrictive permissions than the global krb5.conf.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:21:15 -07:00
Landon Fuller
8cb8a8932e Remove unnecessary strdup() (and resulting leak) 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:21:15 -07:00
Landon Fuller
e58308e2a6 Add support for specifying an LDAP URL. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:21:14 -07:00
Love Hörnquist Åstrand
9bde530ceb match function returns boolean true 2013-04-13 12:31:33 -07:00
Love Hornquist Astrand
1846c7a35d make @iftex case work in texinfo-5.1 2013-04-08 10:15:36 -07:00
Eray Aslan
0e0351776a @end should only appear at a line beginning 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-08 10:15:36 -07:00
Nicolas Williams
96a5b298f9 Fix nmake test in roken (Windows) 2013-03-21 19:45:29 -05:00
Nicolas Williams
f490acc526 Winsock connect returns WSAEWOULDBLOCK... 
...instead of EINPROGRESS.  And we get to call WSAGetLasteError() too boot :(
 2013-03-18 23:15:29 -05:00
Nicolas Williams
b1e4766753 Fix Windows build (missing export) 2013-03-18 21:48:57 -05:00
Love Hornquist Astrand
9b6cae5408 remove unused code that I meant to drop 2013-03-05 20:06:15 -08:00
Nicolas Williams
d9764a5399 Make lib/hdb/hdb.c build (but hdb plugins broken) 2013-03-05 21:47:21 -06:00
Nicolas Williams
2c4c6101f4 Fix master (lib/krb5 warnings) 2013-03-05 21:47:20 -06:00
Nicolas Williams
466d8c116f Quiet a warning in test_plugin.c 2013-03-05 21:47:20 -06:00
Nicolas Williams
d4f23fe2ae Revert c1423a8 and fix things up 
Also, we were stopping as soon as one registered plugin returned
something other than KRB5_PLUGIN_NO_HANDLE, but we weren't doing the
same for discovered plugins.  Add KRB5_PLUGIN_INVOKE_ALL flag to deal
with this; by default we'll stop at the first plugin that returns
anything other than KRB5_PLUGIN_NO_HANDLE.

Other buglets fixed as in c1423a8.
 2013-03-05 21:44:43 -06:00
Love Hornquist Astrand
54078654e7 add _krb5_plugin_run_f 2013-03-04 10:28:18 -08:00
Love Hornquist Astrand
3cba540a5f fix prototypes 2013-03-04 10:24:35 -08:00
Love Hornquist Astrand
1eb4e2516e unify hdb_so_method and hdb_method 2013-03-04 10:18:16 -08:00
Tollef Fog Heen
4787ea76a9 Update hdb's use of the plugin interface 
The various _krb5_plugin_* functions are gone, replace this with the new world order.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-03-04 10:00:41 -08:00
Arvid Requate
3cf3708950 honour krb5PasswordEnd also if sambaPwdLastSet 
Commit 9f696b11c2 changed the
behaviour of key expiry for principals that have an sambaPwdLastSet
attribute in LDAP. The change was twofold:

* if "password_lifetime" is not set in kdc.conf a default lifetime
  of 1 year is enforced

* krb5PasswordEnd is not honoured.

This patch causes pw_end to be modified only if sambaPwdLastSet
*and* "password_lifetime" is defined in kdc.conf.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-03-04 09:47:46 -08:00
Roland C. Dowdeswell
66f4c441e9 Further improvements to lib/krb5/n-fold.c: 
o  implement add1() using 32 bit ints, this makes _krb5_n_fold()
	   about 5% faster on an amd64 platform.  64 bit ints yield a
	   further improvement but we would need to test the platform
	   to see if they are natively supported.  This should yield
	   better performance improvements on big endian machines as
	   we have to byte swap on little endian boxen.

	o  fix two cases where a malloc(3)d pointer may be dereferenced
	   before we test that it is not NULL.
 2013-02-14 16:46:40 +08:00
Roland C. Dowdeswell
183b15c11b lib/roken must export rk_socket_set_nonblocking. 2013-02-13 16:50:09 +08:00
Roland C. Dowdeswell
2fd031fbad lib/base must export heim_array_filter_f, heim_string_create_with_format. 2013-02-13 16:16:32 +08:00
Roland C. Dowdeswell
f0f07ff408 Use krb5_enomem() more consistently in lib/krb5. 2013-02-13 16:15:00 +08:00
Love Hornquist Astrand
edae63418e client logging too 2013-02-10 23:20:56 -08:00
Love Hornquist Astrand
6020e6c5b4 make http parser not exit out early 2013-02-10 23:20:37 -08:00
Love Hornquist Astrand
c1423a8eea redo plugin interface 2013-02-10 22:50:49 -08:00
Love Hornquist Astrand
9a5de87ca1 store response in right place 2013-02-10 22:50:10 -08:00
Love Hornquist Astrand
da42d01d54 x 2013-02-10 21:12:34 -08:00
Love Hornquist Astrand
1adb5de80d fix logging to be sync 2013-02-10 21:11:53 -08:00
Love Hornquist Astrand
c7cd31ef9d make sure we propagate an error code in case of wrong number of ms-san 
Patch from Matthieu Hautreux
 2013-02-10 19:07:44 -08:00
Love Hornquist Astrand
58ff480763 rewrite send to kdc to be more agressive, try kdcs in paralell and easier to configure behavior 2013-02-10 19:02:52 -08:00
Roland C. Dowdeswell
a952dc2c52 Add -F to kinit for compatibility with MIT Kerberos. 2013-02-02 05:42:05 +08:00
Love Hornquist Astrand
0c2e3d94bf default to open/write/close logging 2012-12-27 13:07:13 +01:00
Love Hornquist Astrand
8ceff72d80 enabled the performance hack 2012-12-27 13:06:25 +01:00
Love Hornquist Astrand
4e40f3e30f Make a memory copy of the keytab to avoid unbuffered krb5_storage 
300req/s faster (20% performance increase)
 2012-12-27 12:40:40 +01:00
Love Hornquist Astrand
dff11de56b use new plugin system for locate kdc plugins (30 as-req/s faster for kdc-tester on MacBookAir5,2) 2012-12-27 12:23:29 +01:00