oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,948 Commits 3 Branches 2 Tags
8fbd67005ddecb05eea9d832a1795c1d74e6d358
Commit Graph

30948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Williams
8fbd67005d kadm5: Add KADM5_CONFIG_ASYNC_HDB_WRITES param 2026-01-18 16:09:30 -06:00
Nicolas Williams
1bc19c6c04 kdc: Fix NULL deref 2026-01-18 16:09:30 -06:00
Nicolas Williams
2a69918515 kdc: Quiet some MSVC false positive warnings 2026-01-18 16:08:40 -06:00
Nicolas Williams
52e805f3f9 kdc: Session key enctype selection needs to check the service supported enctypes 2026-01-18 16:08:40 -06:00
Nicolas Williams
49ff8baae4 hdb: Change default_keytypes[] to drop weak enctypes 2026-01-18 16:08:40 -06:00
Nicolas Williams
8a52ba7e0f krb5: Free context at exit time in test_set_kvno0.c 2026-01-18 16:08:40 -06:00
Nicolas Williams
687c7d5fb7 krb5: Fix leak in krb5_sendauth() 2026-01-18 16:08:40 -06:00
Nicolas Williams
69d214b519 krb5: _krb5_pk_octetstring2key() fails to clear keydata 2026-01-18 16:08:40 -06:00
Nicolas Williams
7587003ec6 krb5: Promote AES SHA2 enctypes to preferred 2026-01-18 16:08:40 -06:00
Nicolas Williams
10271fe8d5 klist: Show ticket session key enctype too 2026-01-18 16:08:40 -06:00
Nicolas Williams
acd62212d5 spnego: Fix negoex leak 2026-01-18 16:08:40 -06:00
Nicolas Williams
10be6a75c4 spnego: Restrict when SANON gets negotiated 
There were cases where we weren't negotiating SANON where we should
have.  But we really don't want to overdo it.  In particular we really
never ever want a user with expired or absent Kerberos credentials (say)
to accidentally negotiate SANON as that will then lead to authorization
errors down the line, and those would be hard to diagnose as they would
be masking the real issue (expired or absent credentials).

So basically either the user passes GSS_C_ANON_FLAG or (and/or) they
call gss_set_neg_mechs() to explicitly request SANON.

Partly authored by me, partly authored by Claude with heavy human
guidance, and reviewed by me.
 2026-01-18 16:08:40 -06:00
Nicolas Williams
21bcabb47f ldap: Switch from bdb to mdb 2026-01-18 16:08:40 -06:00
Nicolas Williams
7d16663dfa gsskrb5: Fix part of the enctype negotiation problems 2026-01-18 16:08:40 -06:00
Nicolas Williams
6dc1508e8c gss: Add threaded testing of GSS-API! 2026-01-18 16:08:40 -06:00
Nicolas Williams
1274238948 gss: Fix mech attr matching (test_mech_attrs()) 2026-01-18 16:08:40 -06:00
Nicolas Williams
b0c925797a gss: Use the 'gss_mo' in each mech to find mech_attrs (needed by SPNEGO) 2026-01-18 16:08:40 -06:00
Nicolas Williams
b6c3116400 base: Treat KRB5_TRACE=<path> as KRB5_TRACE=0-5/FILE:<path> 2026-01-18 16:08:40 -06:00
Nicolas Williams
3451950db7 base: NULL-terminate getarg_strings 2026-01-18 16:08:40 -06:00
Nicolas Williams
a7bba71ab8 base: Implement appended-error concat 2026-01-18 16:08:40 -06:00
Nicolas Williams
e74f785367 hxtool: Fix leak in acert sub-command 2026-01-18 16:08:40 -06:00
Nicolas Williams
50244ef92d hxtool: Enable extended MANDOC generation 2026-01-18 16:08:39 -06:00
Nicolas Williams
ff67770aa1 hx509: Quiet warnings 2026-01-18 16:08:39 -06:00
Nicolas Williams
74a613c67d sl: Add extended MANDOC generation 2026-01-18 16:08:39 -06:00
Nicolas Williams
90d116d641 asn1: Quiet warnings 2026-01-18 16:08:39 -06:00
Nicolas Williams
4db2636862 asn1: Print negative enum values correctly 2026-01-18 16:08:39 -06:00
Nicolas Williams
bd9a03d498 asn1: Add ASN1_MALLOC_ENCODE_SAVE() macro 2026-01-18 16:08:39 -06:00
Nicolas Williams
ec942cd5a1 asn1: Add util der_show_heim_oid_sym() for use in gdb 2026-01-18 16:08:39 -06:00
Nicolas Williams
3c9d0f3033 gssmask: Daemonize the Heimdal way to avoid need for sleeping in the test 
This commit authored by Claude with human guidance and review.
 2026-01-18 16:08:39 -06:00
Nicolas Williams
f74b82d6f0 windows: Add missing exports in lib/asn1 2026-01-18 16:08:39 -06:00
Nicolas Williams
4a4567fa17 windows: No SSIZE_MAX on Windows... 2026-01-18 16:08:39 -06:00
Nicolas Williams
049b1b176b windows: #define _Atomic 2026-01-18 16:08:39 -06:00
Nicolas Williams
27a64459dc threads: Add HEIMDAL_THREAD_join() 2026-01-18 16:08:39 -06:00
Nicolas Williams
1042807a1c base: Fix JSON encoder crash 2026-01-18 16:08:39 -06:00
Nicolas Williams
28b05924c5 roken: Add URL-safe base64 2026-01-18 16:08:39 -06:00
Nicolas Williams
788e2ee3c3 roken: Fix getarg run-on help bug 2026-01-18 16:08:39 -06:00
Nicolas Williams
5fa7d6edd8 roken: Add getdelim()/getline() 
Ported from lib/libedit's.
 2026-01-18 16:08:39 -06:00
Nicolas Williams
e60f02aed1 roken: Use secure_getenv() in socket_wrapper 2026-01-07 17:49:17 -06:00
Nicolas Williams
771fb1c367 roken: Split up mini_inetd_addrinfo() 
To speed up tests/gss/check-gssmask we need to remove the `sleep 10`
found there, and to do that we need to make the gssmask daemons use
roken_detach_prep()/roken_detach_finish(), and to do that we need to
split up mini_inetd_addrinfo().

This commit authored by Claude with human guidance and review.
 2026-01-07 17:49:17 -06:00
Nicolas Williams
0d2ee355ee tests: Fix intr --version 2026-01-07 17:49:17 -06:00
Nicolas Williams
7cc3f3bbc8 cf: Add support for using Helgrind 2026-01-07 17:49:17 -06:00
Nicolas Williams
f052cdc8e5 cf: Use valgrind w/ --show-leak-kinds=definite to reduce noise 2026-01-07 17:49:17 -06:00
Nicolas Williams
c3a88a61b7 include: Fix leak in bits.c 2026-01-07 17:49:17 -06:00
Nicolas Williams
7c8ef887d4 doc: Obsolete the Layman's Guide to ASN.1 2026-01-07 17:49:17 -06:00
Nicolas Williams
907d6195f5 GHA: Set core pattern on Linux 2026-01-07 16:20:46 -06:00
Nicolas Williams
55a8949f2a GHA: Always grab the test logs, core dumps 2026-01-07 16:20:46 -06:00
Nicolas Williams
1c9f184561 GHA: Get GHA working again 2025-12-08 20:32:13 -06:00
Jan Palus
7510cc5ba2 cf/largefile.m4: improve compatibility with autoconf 2.72 
as of autoconf 2.72 neither ac_cv_sys_large_files nor
ac_cv_sys_file_offset_bits are populated. 1b57b62 introduced a
workaround just for ac_cv_sys_file_offset_bits by checking if it's not
empty.

expand fix to cover ac_cv_sys_large_files as well and check
ac_cv_sys_largefile_opts which is populated in autoconf 2.72 [1]

1. https://git.savannah.gnu.org/cgit/autoconf.git/commit/?id=cf09f48841b66fe76f606dd6018bb3a93242a7c9
 2025-10-09 12:46:44 -04:00
Jeffrey Altman
de6776e66b appl/test: AUTOMAKE_OPTIONS = subdir-objects 
Avoid the following warning

   warning: source file '../../kuser/kinit.c' is in a subdirectory,
   but option 'subdir-objects' is disabled
 2025-10-09 12:41:39 -04:00
Ivan Korytov
5cf652bf35 kdc: Fix memory leak of encrypted preauthentication data 
Deallocate r->ek.encrypted_pa_data after response was sent to client.

Signed-off-by: Ivan Korytov <korytovip@basealt.ru>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2025-10-09 12:33:43 -04:00