oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,517 Commits 2 Branches 2 Tags
8875cb656b218f73bdf233d7dc95208aa043b11c
Commit Graph

29517 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Williams
73c424ea66 bx509d: Get KDC config out of bx509d 2020-09-08 00:25:24 -05:00
Nicolas Williams
c3e99be519 kdc: Get KDC config out of CSR authorizer API 
Part of refactoring to split out bx509/bnegotiate, add a kadmin REST service,
and move all of that out of kdc/.
 2020-09-08 00:25:24 -05:00
Nicolas Williams
a12fe376ae Revert "kadm5: Allow princ creation with keys" 
This reverts commit 5b70a0cac6.
 2020-09-07 23:58:46 -05:00
Nicolas Williams
e17f78c738 kadmin: Allow negative time offsets 2020-09-07 22:15:52 -05:00
Nicolas Williams
aa1b938d95 kadm5: Fix leak in principal creation 2020-09-07 22:04:59 -05:00
Nicolas Williams
3b05166332 kadm5: Fix leak in randkey principal 2020-09-07 22:04:59 -05:00
Nicolas Williams
5b70a0cac6 kadm5: Allow princ creation with keys 2020-09-07 22:04:59 -05:00
Nicolas Williams
0a0bf32935 krb5: Fix leak in gethostlist() 2020-09-07 22:04:59 -05:00
Nicolas Williams
fbb3bd3f8b krb5: Constify principal arg to some functions 2020-09-07 22:04:59 -05:00
Nicolas Williams
983ed75295 krb5: Add krb5_set_log_dest() 2020-09-07 22:04:59 -05:00
Nicolas Williams
e479695c61 base: Make heim_audit_trail() safer when ENOMEM 2020-09-07 22:04:59 -05:00
Nicolas Williams
5e078cdf6e base: Fix logging bug 2020-09-07 22:04:59 -05:00
Nicolas Williams
a649acf540 base: Add debug tracing to plugin code 2020-09-07 22:04:59 -05:00
Nicolas Williams
4772674e57 base: Make *_log_msg() use contextual log dest 2020-09-07 22:04:59 -05:00
Nicolas Williams
e2264e8374 base: Make log facility opaque, ref-counted 2020-09-07 22:04:59 -05:00
Nicolas Williams
7208217410 base: Make log reopen option thread-safe 2020-09-07 22:04:59 -05:00
Nicolas Williams
faee4626fb base: Fix leak in heim_string_create_with_format() 2020-09-07 22:04:59 -05:00
Nicolas Williams
a2d827ca1d hcrypto: Disable errors for now that should be fixed 2020-09-07 22:04:59 -05:00
Nicolas Williams
fdc13c4aac Fix switch fallthrough warnings/errors 2020-09-07 22:04:59 -05:00
Nicolas Williams
7d50445d1b Generic: Fix warnings (fallthrough mosty) 2020-09-07 22:04:59 -05:00
Nicolas Williams
c06252745d sqlite: Disable errors 2020-09-07 22:04:59 -05:00
Nicolas Williams
d15b39dd14 hx509: Add log/warn/debug dest set functions 2020-09-07 22:04:59 -05:00
Nicolas Williams
af9bb46a78 hx509: Add hx509_enomem() 2020-09-07 22:04:59 -05:00
Nicolas Williams
473e5be741 asn1: Leave comment about great futures 2020-09-07 22:04:59 -05:00
Nicolas Williams
f5f63daa69 tests/kdc: Make make clean clean cleaner 2020-09-07 22:04:59 -05:00
Luke Howard
0c0ac807c1 roken: socket test style fixes 
Make error reporting in socket test programs consistent with other usages by
removing redundant newline, using strerror() and reporting error in
parentheses.
 2020-08-31 16:02:09 +10:00
Luke Howard
351145309d krb5: consolidate cc_ops enumeration 
Consolidate the enumeration of the cc_ops table by using cc_get_prefix_ops() (a
variant of krb5_cc_get_prefix_ops that also returns the residual).
 2020-08-30 13:44:19 +10:00
Luke Howard
cbcc50cd00 krb5: consolidate default ccache type logic into get_default_cc_type() 
Consolidate the default credentials cache type logic into
get_default_cc_type(), so that the API: and MSLSA: types are respected on macOS
and Windows.
 2020-08-29 16:13:00 +10:00
Nicolas Williams
f47e64bb5a kinit: Work again w/o -c or KRB5CCNAME 2020-08-27 23:54:03 -05:00
Jeffrey Altman
a14a0545c1 hpropd: enable keepalive mode on incoming sockets 
Change-Id: I01c9c796357189c5f339bcf211e913989157e783
 2020-07-24 01:32:34 -04:00
Jeffrey Altman
3214c835da kdc: enable keepalive mode on incoming sockets 
Change-Id: I72a43486fe772ad3c8e71d8c5cc512bdb89de2d2
 2020-07-24 01:32:34 -04:00
Jeffrey Altman
28b9283709 kadmin: enable keepalive mode on incoming sockets 
Change-Id: I07d0e0c866f1081002b3e20ca9198055f98fe7d1
 2020-07-24 01:32:34 -04:00
Jeffrey Altman
51912c0215 roken: introduce rk_socket_set_keepalive 
Change-Id: I3086a10cd3d23bef00336f5db7db3a35ca02d568
 2020-07-24 01:32:34 -04:00
Luke Howard
ee7e345af1 sqlite: silence OSAtomicCompareAndSwapPtrBarrier warning 
The deprecated OSAtomicCompareAndSwapPtrBarrier() function is used by a code
path only taken on macOS systems with a single CPU. As very few Macs have a
single CPU today, remove this optimization. (Replacing it with <stdatomic.h> as
suggested would break compatability with macOS prior to 10.12.)
 2020-07-20 13:41:53 +10:00
Luke Howard
bb7b4f7a94 base: use atomic load/store in reference counting 
Use the new atomic load and store macros for testing and setting reference
count overflow.
 2020-07-14 09:35:14 +10:00
Luke Howard
4986ebcb67 base: rename heim_base_atomic_{max,type} to ...integer_{max,type} 
Rename heim_base_atomic_max to heim_base_atomic_integer_max (ditto with _type)
in order to better reflect their usage, now we have a separate
heim_base_atomic() macro for making an atomic version of any type.
 2020-07-14 09:35:14 +10:00
Luke Howard
504d059580 base: use heim_base_atomic_load in heimqueue.h 
Use heim_base_atomic_load() rather than heim_base_exchange_pointer() when
iterating an atomic SLIST
 2020-07-14 09:35:14 +10:00
Luke Howard
7e86a27c0c krb5: update keyring ccache for new atomic load/store API 2020-07-14 09:35:14 +10:00
Luke Howard
9ba00949dd base: add atomic init, load and store macros 
Add new macros for atomic initialization, load and store, with ordering
semantics equivalent to <stdatomic.h>
 2020-07-14 09:35:14 +10:00
Luke Howard
cbb2ceb018 base: use <stdatomic.h> for atomics, where present 
C11 introduces a new set of atomic APIs in <stdatomic.h>. If available, use
those in preference to compiler- or platform-specific intrinsics.
 2020-07-14 09:35:14 +10:00
Luke Howard
932605c01e base: heim_base_exchange_{32,64} for platforms without atomics 
heim_base_exchange_32() and heim_base_exchange_64() inline functions for
platforms without atomics were missing (these are very inefficient but,
clearly rarely used given the lack of build error reports)
 2020-07-14 09:35:14 +10:00
Luke Howard
fcfca367cf base: move atomic macros into separate header 
Move the atomic macros into a distinct header, heimbase-atomics.h, in
preparation for the introduction of additional macros
 2020-07-14 09:35:14 +10:00
Jeffrey Altman
bc3270cd88 asn1: function ptrs passed as ASN1CALL ptrs must be ASN1CALL 
On Windows i386 the asn1 tests would crash due to stack corruption
as a result of functions being executed with the wrong calling
conventions.

Change-Id: Ic4f8b3a05dad36e3db6397fbd9270b98f0a5dfc5
 2020-07-13 15:48:06 -04:00
Jeffrey Altman
136abf55b7 asn1: code generators that left bit shift .gt. 31 must use 1ULL 
The code generators were shifting "1LU" by (<< 32) and (<< 63) which
are undefined operations for a 32-bit integer.  To ensure the integer
is 64-bit use "1ULL".

Change-Id: I062cae5638139a9fe51563f64b1964f87e2f49e3
 2020-07-13 15:48:06 -04:00
Luke Howard
ad2a352600 gssapi/krb5: treat empty padding buffers as absent 
For compatibility with SSPI, treat an empty padding buffer as equivalent to an
absent padding buffer (unelss the caller is requesting allocation).
 2020-07-12 15:55:02 +10:00
Luke Howard
c105b15605 gssapi/krb5: ensure singleton buffer in _gk_find_buffer() 
_gk_find_buffer() is used to locate singleton header, padding or trailer
buffers. Return NULL if multiple such buffers are found.
 2020-07-12 15:54:52 +10:00
Jeffrey Altman
33ff163141 gss/krb5: acquire_cred_with_password set opt default flags 
acquire_cred_with_password() must call
krb5_get_init_creds_opt_set_default_flags() to initialize the
krb5_get_init_creds option flags to the values obtained from
the krb5_context.

Change-Id: Icd8c500dd0787a781c2382284f19cef277b1d30b
 2020-07-12 15:28:19 +10:00
Luke Howard
62d913a551 gssapi/krb5: use GSS_IOV_BUFFER_FLAG_ALLOCATE constants 
GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE is deprecated as indicated in gssapi.h, use
GSS_IOV_BUFFER_FLAG_ALLOCATE instead
 2020-07-12 14:26:14 +10:00
Luke Howard
4b543b727a gssapi/krb5: fix rc4-hmac gss_unwrap_iov() without DCE_STYLE 
gss_unwrap_iov() with rc4-hmac (RFC4757) encryption types would fail unless
GSS_C_DCE_STYLE was specified, as an incorrect length was passed to
_gssapi_verify_mech_header(). (The correct length is the header length for
GSS_C_DCE_STYLE, and the wrap token length otherwise.)
 2020-07-12 14:26:14 +10:00
Luke Howard
b73baa42ef gssapi/krb5: make PADDING buffer optional in GSS IOV API 
RFC 4121/4757 don't require padding as they operate as stream ciphers. Make the
PADDING buffer optional when using these encryption types with gss_wrap_iov()
and gss_unwrap_iov().
 2020-07-12 14:26:14 +10:00