oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
24,236 Commits 4 Branches 2 Tags
896391a56b0f911b06ffaef90baecd802fe54e0d
Commit Graph

24236 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Love Hornquist Astrand 896391a56b Double free of sp on empty list of creds [CID-183] 2009-07-30 07:46:37 +02:00
Love Hornquist Astrand 1ca716bbc7 Free buf on random generator error [CID-177] 2009-07-30 07:42:12 +02:00
Love Hornquist Astrand a1964f4747 use after free [CID-184] [CID-185] 2009-07-30 07:38:24 +02:00
Love Hornquist Astrand 9581e59bde FORWARD_NULL fixes [CID-163] and friends 2009-07-30 07:36:03 +02:00
Love Hornquist Astrand d544768d1c don't clean heim_threads.h since it lives here 2009-07-30 07:31:05 +02:00
Love Hornquist Astrand b9644d7060 Test on wrong variable 2009-07-30 07:30:27 +02:00
Love Hornquist Astrand b1dc4dc97e (_hx509_Name_to_string): free memory on failure (that should not happen) [CID 176] 2009-07-30 07:25:36 +02:00
Love Hornquist Astrand 4e516cec33 Pruned to aggressivly 2009-07-29 23:14:44 +02:00
Love Hornquist Astrand 2e1ebf8598 add export/import cred 2009-07-29 23:12:16 +02:00
Love Hornquist Astrand 9b710bed81 store is never read again 2009-07-29 22:37:58 +02:00
Love Hornquist Astrand fa502c6648 Add support for gss_{import,export}_cred() as requested by metze 
Works for krb5 and SPNEGO mechanisms. Kerberos credentials are passed as
credential cache names, or if there are memory based credentials, inband in the protocol. This means that the credentials buffers must be keep secret.

As documented by IBM (they have the wrong prototype though)
and GGF (GSS-API Extensions) back in 2001
 2009-07-29 13:36:02 +02:00
Love Hornquist Astrand 2d54966d6e x 2009-07-28 17:55:41 +02:00
Love Hornquist Astrand e5c42ba42f rename krb5_storage_from_emem in documentation 2009-07-28 17:51:53 +02:00
Love Hornquist Astrand 565236c603 Add store-cred to the dispatch table 2009-07-28 09:50:05 +02:00
Love Hornquist Astrand c140f0255c Implement core of _gsskrb5_store_cred() 2009-07-27 09:42:46 +02:00
Love Hornquist Astrand de0ae78c4e Remove dlfcn implementation for AIX since nowadays AIX have dlopen() 
Also drop license and copyright statement
 2009-07-24 04:25:39 +02:00
Love Hornquist Astrand 1dd94e44ba Switch to macros for c++ extern "C" to please editors that want to autoindent 2009-07-23 19:27:34 +02:00
Love Hornquist Astrand f4c8242667 Add KCM for PADL. 2009-07-21 10:33:19 -07:00
Love Hornquist Astrand d7f438363d Add license for Jens-Uwe Mager, Helios Software GmbH (aix dlfcn layer) 2009-07-21 10:31:46 -07:00
Love Hornquist Astrand 6d9354edf7 x 2009-07-21 10:29:53 -07:00
Love Hornquist Astrand ebb3dd62c0 See README.dlfcn for license 2009-07-21 10:29:44 -07:00
Love Hornquist Astrand 5bb9a31a9a make work again and remove debug info 2009-07-19 21:34:26 -07:00
Love Hornquist Astrand 7e4854250e Actually register new plugins and plug a related memory leak 2009-07-19 21:23:56 -07:00
Love Hornquist Astrand 330fd7645d Always ask for principal (KADM5_PRINCIPAL) 
The protocol for "get principal" does not support not sending
principal, so when the caller doesn't add KADM5_PRINCIPAL to the mask,
lets add it for them.

Reported by Henry.B.Hotz@jpl.nasa.gov in [HEIMDAL-588]
 2009-07-19 21:01:20 -07:00
Love Hornquist Astrand 17de01f523 Check that get -o pkinit-acl works. 2009-07-19 20:57:47 -07:00
Love Hornquist Astrand 311ce98d85 (hdb_sqlite_rename): make rename work when there is a prefix 2009-07-19 18:42:02 -07:00
Love Hornquist Astrand bd073cfd72 Limit maxinum retries of BUSY/BLOCK/LOCKED operations to MAX_RETRIES (default 10) 2009-07-19 18:01:51 -07:00
Love Hornquist Astrand 4895349431 allow testing sqlite hdb backend 2009-07-19 17:59:23 -07:00
Love Hornquist Astrand 82150be255 allow loading sqlite 2009-07-19 17:58:53 -07:00
Love Hornquist Astrand 51fbbf93e3 (log_file): use strvisx rightly 2009-07-19 17:52:53 -07:00
Love Hornquist Astrand c7c58feb3f add NTLM name for hdb layer to make searching diffrently the regular "names" 2009-07-18 10:17:37 -07:00
Love Hornquist Astrand 317d837d0f krb5_get_cred_from_kdc and krb5_get_cred_from_kdc_opt deprecated 2009-07-17 20:39:35 -07:00
Love Hornquist Astrand 9211c47a30 Deprecate krb5_get_cred_from_kdc{,_opt} since they are replacement functions 2009-07-17 20:38:32 -07:00
Love Hornquist Astrand 80021f5e05 Make get_cred_kdc_any a private function. 2009-07-17 20:36:42 -07:00
Love Hornquist Astrand 517be51cc5 Test init_sec_context using keytab based credentials 
Based on problem description from Rick Macklem in [HEIMDAL-197],
problem still not fixed.
 2009-07-17 15:57:45 -07:00
Love Hornquist Astrand 8b71d0b93f Prefer the realm of the user when doing referrals style ISC krb5-get-creds 
The the realm of the user's principal and prefer that when doing a lookup.
This code still need to be smarter can cache the "initial value" -> positive result
to avoid roundtrips to the KDC.
 2009-07-17 15:43:19 -07:00
Love Hornquist Astrand d4ca938866 Only load plugins once and never unload them 
Its expensive to load and unload plugins all the time, so lets stop doing that.
Run over the plugin directory and load all plugins and remember them all.
In the future, something should watch the directory and if it changes,
load the new plugins that was put there.
 2009-07-17 15:18:00 -07:00
Love Hornquist Astrand de5110c05a (krb5_get_kdc_cred): make sure that out_creds points to NULL on failure 2009-07-16 23:54:54 -07:00
Love Hornquist Astrand 5d152d70eb Indent 2009-07-16 22:56:59 -07:00
Love Hornquist Astrand d0aadb9a0d Fix depenencies for test_punycode 
This only matters in development enviroments and where you run make check.
 2009-07-16 22:26:43 -07:00
Love Hornquist Astrand 3c053a2e09 fix up the paranoid code to make it work with ipv6. 2009-07-16 22:21:59 -07:00
Love Hornquist Astrand 3634423f36 Allow specifying runing user and chroot() enviroment 
Allow the admin to switch the user the kdc is running under and
specify the chroot() directory to run in.

Please note you need a very special setup to get this working.
 2009-07-16 22:15:26 -07:00
Love Hörnquist Åstrand 2076c1c93e Add PAC to the first entry in the array since Windows and samba3 expects it there. 
The problem was found by Matthieu Patou, whom also created the first
patch which I changed to look what the current code looks like.

History is tracked in [HEIMDAL-582].

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25338 ec53bebd-3082-4978-b11e-865c3cabbd6b
switch-from-svn-to-git 		2009-07-16 18:28:56 +00:00
Love Hörnquist Åstrand f8d7804396 More tests for HC_DEPRECATED 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25337 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:28:44 +00:00
Love Hörnquist Åstrand e9cea2daee More tests for HC_DEPRECATED 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25336 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:28:24 +00:00
Love Hörnquist Åstrand 6c56033e6f improve msft compiler case 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25335 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:28:12 +00:00
Love Hörnquist Åstrand 6a85bbcc65 More tests for KRB5_DEPRECATED 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25334 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:27:52 +00:00
Love Hörnquist Åstrand 57e31f7593 More tests for GSSAPI_DEPRECATED 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25333 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:27:37 +00:00
Love Hörnquist Åstrand 2b54af87e9 Add paranoid printing using strvisx. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25332 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 23:31:55 +00:00
Love Hörnquist Åstrand d07832d6d7 rename ruserpass to ruserpassword to not collide with uclibc, prompted by [HEIMDAL-534] 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25331 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 23:07:07 +00:00