oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,871 Commits 2 Branches 2 Tags
a2db5caebfb2bf05cd6ec526b5ad94e3a33c4dd6
Commit Graph

62 Commits

Author SHA1 Message Date
Luke Howard
af0d8ef677 gssapi: support for client keytab in gss_acquire_cred (#383) 
For compatibility with MIT Kerberos, support automatic acquisition of initiator
credentials if a client keytab is available. The default path on non-Windows is
/var/heimdal/user/%{euid}/client.keytab, but can be overriden with the
KRB5_CLIENT_KTNAME environment variable or the default_client_keytab_name
configuration option. If a client keytab does not exist, or exists but does not
contain the principal for which initiator credentials are being acquired, the
system keytab is tried.
 2018-12-31 18:20:37 +11:00
Luke Howard
58b77bb485 krb5: fix a couple of missing options in verify_krb5_conf 2018-12-31 18:18:08 +11:00
Luke Howard
c89d3f3b8c kadmin: allow enforcing password quality on admin password change 
This patch adds the "enforce_on_admin_set" configuration knob in the
[password_quality] section. When this is enabled, administrative password
changes via the kadmin or kpasswd protocols will be subject to password quality
checks. (An administrative password change is one where the authenticating
principal is different to the principal whose password is being changed.)

Note that kadmin running in local mode (-l) is unaffected by this patch.
 2018-12-26 15:38:48 +11:00
Luke Howard
6d7b0bfd17 krb5: support default_ccache_name for MIT compat 
Allow default_ccache_name as an alias for default_cc_name in krb5.conf, for MIT
compatibility (#355)
 2018-12-22 16:37:47 +11:00
Nicolas Williams
3ba12317a0 Misc fixes (coverity) 2016-11-28 15:09:55 -06:00
Jeffrey Altman
69fbbfdfcb krb5: fix verify_conf syslog facility check 
search for facility not severity

Change-Id: I79e9104d1fd27e8d11f7f9c6006676d947086ac5
 2016-11-18 21:24:26 -05:00
Viktor Dukhovni
09c4e516bf Further polish and docs for hierarchical capaths 2016-08-10 21:09:15 -04:00
Viktor Dukhovni
1501740952 Fix transit path validation 
Also implement KDC hierarchical transit policy checks.  The "hier_capaths"
parameter defaults to "yes" in [libdefaults] or can be set explicitly in
[realms] per-realm.
 2016-08-08 16:29:18 -05:00
Jeffrey Altman
20aaa7c37a verify_krb5_conf: add missing entries 
Change-Id: I45761e046801fcdb101b82b081a7b1fe65d882ee
 2014-02-14 23:41:09 -05:00
Jeffrey Altman
8676b27b26 verify_krb5_conf: sort entries, remove duplicates 
Change-Id: I23dc60b4c48bcf08ed9ad687ee792366b25db3d7
 2014-02-14 23:41:08 -05:00
Nicolas Williams
38a92f759d Add kx509 parameters to verify_krb5_conf.c 2013-12-10 00:47:11 -06:00
Fredrik Pettai
418fdb7f79 Also validate kdigest hacks 
Add validation of the kdigest configuration parameters
 2013-11-28 14:14:11 +01:00
Jeffrey Altman
31a00d6647 ISPATHSEP and ISTILDE macros; Windows portability 
Windows treats '\\' and '/' equivalently but we cannot control
the form that will be used by end users.  Introduce ISPATHSEP()
macro which tests only for '/' on UNIX and both on Windows.
Introduce ISTILDE() macro to test for '~'.   When testing for
'/' with strchr() or strrchr() add conditional checks for '\\' on
Windows.

Change-Id: Ia85e698fc88f15a6a71db649db5417f02ef7e5fe
 2013-09-10 22:31:38 -04:00
Love Hornquist Astrand
f396f66523 add [libdefaults]fcache_strict_checking to gate the strict checking, defaults to on 2013-07-11 21:17:49 +02:00
Roland C. Dowdeswell
cc47c8fa7b Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues. 
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).

Notably, we fixed

	1.  a lot of missing structure initialisers,

	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),

	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and

	4.  a few stragglers here and there.

We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.

Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.

We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
 2012-02-20 19:45:41 +00:00
Love Hornquist Astrand
8192b9ed35 remove refernces to kerberos 4 and kaserver 2011-10-12 12:40:59 +02:00
Love Hornquist Astrand
077357c848 catch error from as.*printf 2010-05-30 13:37:07 -07:00
Love Hornquist Astrand
c9a0c39786 add check for [libdefaults_entries]allow_weak_crypto 2010-02-04 16:13:06 -08:00
Love Hörnquist Åstrand
942a821fab remove RCSID 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25171 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-04 06:17:40 +00:00
Love Hörnquist Åstrand
d3343b5027 catch underflow/overflow errors 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24836 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-27 03:27:21 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
817fb0a221 Catch deprecated entries. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22531 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-01-27 11:55:30 +00:00
Love Hörnquist Åstrand
c8cab1fbdc Check check_pac. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22233 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-12-08 21:43:37 +00:00
Love Hörnquist Åstrand
64c7c462af add more pkinit options. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19194 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-29 19:19:45 +00:00
Love Hörnquist Åstrand
8a8fec8f96 add [libdefaults]dns_canonize_hostname 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18506 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-17 09:19:17 +00:00
Love Hörnquist Åstrand
68caf40b2c (libdefaults_entries): add default_cc_name 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16313 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-11-29 18:59:19 +00:00
Love Hörnquist Åstrand
75ba24459a (password_quality_entries): add min_length and min_classes 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15513 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-06-23 18:33:28 +00:00
Love Hörnquist Åstrand
8c1cb200c7 rename optind to optidx 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15476 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-06-17 04:54:40 +00:00
Love Hörnquist Åstrand
9766d760ab (main): catch KRB5_CONFIG_BADFORMAT from krb5_init_context 
From: Mathias Feiler <feiler@uni-hohenheim.de>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15368 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-06-14 00:06:17 +00:00
Love Hörnquist Åstrand
825a65e9b9 Add more missig entires, from Mathias Feiler <feiler@uni-hohenheim.de> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15366 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-06-13 22:56:39 +00:00
Love Hörnquist Åstrand
66908bd0e7 Check for [kdc]v4-realm 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15330 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-06-01 07:26:20 +00:00
Love Hörnquist Åstrand
cc1891f16f add missing options, prompted by James F. Hranicky mail to heimdal-discuss 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15192 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-19 20:50:53 +00:00
Love Hörnquist Åstrand
577e88be43 add pkinit and password quailty check options 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15187 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-19 18:15:20 +00:00
Love Hörnquist Åstrand
6ac6552a8a const poison 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14707 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-03-31 00:47:55 +00:00
Love Hörnquist Åstrand
039d507d89 cast argument to isdigit to unsigned char 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14497 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-01-08 22:58:38 +00:00
Love Hörnquist Åstrand
86e1909424 pacify pre c99 compilers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13842 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-05-12 15:30:02 +00:00
Johan Danielsson
4ac10a4c46 try to resolve hostnames 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13797 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-26 06:13:45 +00:00
Love Hörnquist Åstrand
1e0d125761 understand [password_quality] 
spelling


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13507 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-12 09:00:12 +00:00
Love Hörnquist Åstrand
c8e6b409c1 (check_host): don't check for EAI_NODATA, because its depricated in RFC3493 
Pointed out by Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13168 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-12-02 11:25:01 +00:00
Johan Danielsson
da0880581b [capaths] section 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13040 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-10-21 11:59:16 +00:00
Love Hörnquist Åstrand
002f25a217 print the error value krb5_init_context failed with 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13001 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-10-13 13:33:40 +00:00
Love Hörnquist Åstrand
911c773668 add flag --warn-mit-syntax that warns for mit syntax is used and just 
ignore the mit syntax when its used


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12969 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-10-06 19:27:35 +00:00
Love Hörnquist Åstrand
bae73d1a95 parse [kdc]use_2b and [gssapi] 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12968 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-10-06 19:15:04 +00:00
Love Hörnquist Åstrand
809afeb35f add missing " within #if 0, from stefan sokoll <stefansokoll@yahoo.de> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12399 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-06-25 15:02:17 +00:00
Love Hörnquist Åstrand
7a4bd8e353 (appdefaults_entries): add afslog and afs-use-524 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11938 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-03-29 09:52:50 +00:00
Love Hörnquist Åstrand
50c24d50f2 (check_section): when key isn't found, don't print out all known keys 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11612 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-01-23 19:53:19 +00:00
Love Hörnquist Åstrand
e0a89410d7 (syslogvals): mark up where severity and facility start resp 
(check_log): find_value() returns -1 when key isn't found


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11611 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-01-23 19:49:32 +00:00
Jacques A. Vidrine
d07685c5a6 Add dns_lookup_kdc, dns_lookup_realm, dns_lookup_realm_labels 
checks.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11253 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-08-28 15:27:19 +00:00
Jacques A. Vidrine
3b58aa8030 krb4_get_tickets goes in appdefaults (for kinit), not libdefaults 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11251 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-08-28 15:17:34 +00:00