a8b2986b48
lib/krb5: make/copy principal init output to NULL
...
Initialize output principal pointer to NULL in case of failure.
Change-Id: Iaf7b204d33ddf28cdbadcceac2cb8a96ac0bdd94
2022-03-03 09:55:46 -05:00
25fae63097
tests: update test KDC plugin for new PAC plugin signatures
...
Fixes regression introduced in 11d8a053
2022-03-03 10:16:12 +11:00
d4ac17d6d0
krb5: add new values and definitions from MS-KILE/MS-SFU
...
Signed-off-by: Stefan Metzmacher <metze@samba.org >
2022-03-03 10:13:42 +11:00
50fb794ef1
lib/krb5: re-allow data->length == 0 in krb5_pac_add_buffer()
...
PAC_TYPE_CLIENT_CLAIMS_INFO and PAC_TYPE_DEVICE_CLAIMS_INFO are
of zero length unless any claims are actually defined.
Signed-off-by: Stefan Metzmacher <metze@samba.org >
Closes : #969
2022-03-03 10:12:40 +11:00
89cf441e8d
Revert "lib/krb5: re-allow data->length == 0 in krb5_pac_add_buffer()"
...
This reverts commit f3301fc94c
2022-03-03 10:11:32 +11:00
f3301fc94c
lib/krb5: re-allow data->length == 0 in krb5_pac_add_buffer()
...
PAC_TYPE_CLIENT_CLAIMS_INFO and PAC_TYPE_DEVICE_CLAIMS_INFO are
of zero length unless any claims are actually defined.
Signed-off-by: Stefan Metzmacher <metze@samba.org >
2022-03-03 10:10:57 +11:00
df655cecd1
kdc: allow audit plugins to influence return code
...
Honor the return code of _kdc_audit_request(), propagating if non-zero. Note
that this is principally intended to allow the audit plugin to return
HDB_ERR_NOT_FOUND_HERE, which influences whether the KDC sends an error reply
or not. If the audit plugin also wishes to rewrite r->error_code, it must do so
separately.
Closes : #964
2022-03-03 10:10:37 +11:00
8495f63bc3
kdc: provide kdc_request_get_explicit_armor_{clientdb,client,pac}()
...
_kdc_fast_check_armor_pac() already checks the PAC of the armor,
but it should also remember it if it's an TGS-REQ with explicit armor.
This will allow the kdc pac hooks to generate a compound identity PAC
with PAC_TYPE_DEVICE_INFO.
Signed-off-by: Stefan Metzmacher <metze@samba.org >
Closes : #967
2022-03-03 10:10:29 +11:00
11d8a053f5
kdc-plugin: also pass astgs_request_t to the pac related functions
...
This is more consistent and allows the pac hooks to be more flexible.
Signed-off-by: Stefan Metzmacher <metze@samba.org >
2022-03-03 09:58:48 +11:00
419610aa14
kdc: HDB max_life/max_renew == 0 -> unlimited
2022-02-15 20:16:29 -06:00
5682be7704
roken: Test time add/sub overflow prot.
2022-02-15 20:16:29 -06:00
fe8d4f2883
roken: Overflow prot. timeval add/sub
2022-02-15 20:12:25 -06:00
1193bd5e74
roken: Add time_add()/time_sub() with overflow prot.
2022-02-15 20:11:37 -06:00
9ae9902249
cf: Check if time_t is signed
2022-02-15 17:01:00 -06:00
92d5b74c05
cf: Import AX_CHECK_SIGNED() autoconf macro
2022-02-15 17:00:19 -06:00
e7e2c7a145
kdc: Honor "unlimited" max_life/max_renew
2022-02-15 16:56:27 -06:00
2c8a078bcf
bx509d: Do not leak temp ccaches
2022-02-14 21:07:47 -06:00
61607fa6ea
asn1: Add a GitHub Markdown manual (more)
2022-02-14 21:07:47 -06:00
dda9aa2535
asn1: Add a GitHub Markdown manual (moar)
2022-02-14 00:05:28 -06:00
0929561de3
Update badges at bottom of README.md
2022-02-12 15:00:59 -06:00
a894fc4527
asn1: Add a GitHub Markdown manual
2022-02-12 15:00:59 -06:00
47432b907b
krb5: Fix leak in krb5_set_config()
...
We were leaking context->configured_default_cc_name.
2022-02-11 16:02:27 -06:00
6923b822b8
krb5: Fix leaks in test_cc.c
2022-02-11 16:02:27 -06:00
deb0c7f940
uu_server: Fix a few leaks
2022-02-11 15:19:58 -06:00
c3ea1ac37e
kafs: Fix OS X build (warning/error)
2022-02-11 15:17:32 -06:00
6b39972113
krb5: Fix acc_move() crash (CCAPI)
2022-02-11 15:13:13 -06:00
b92cf79543
Revert "osx: Never load OS X CCAPI while testing"
...
This reverts commit 79d87af910
2022-02-11 15:13:13 -06:00
88d0102c82
GitHub: Fix OS X make install step
2022-02-11 15:13:13 -06:00
23462018e3
GitHub: Document how to get a shell on OS X runner
2022-02-11 15:13:13 -06:00
e9c0adf11e
GitHub: Run OS X build on pushes to osx-build
2022-02-11 15:13:13 -06:00
454dc82a99
GitHub: Build with debug on OS X
2022-02-11 15:13:13 -06:00
7b3a993236
roken: do not override system network address functions
...
Roken functions rk_copyhostent(), rk_freeaddrinfo(), rk_freehostent()
rk_getaddrinfo(), rk_getipnodebyaddr(), rk_getipnodebyname(), and
rk_getnameinfo() should never be built without the "rk_" prefix. Doing
so overrides the system provided functions of the same name when they
exist.
2022-02-10 12:37:01 -06:00
add605ee58
tests: cat messages.log in gss/check-basic trap
2022-02-10 00:57:31 -06:00
848c21b9b9
tests: Kill kdc harder when failing
2022-02-10 00:57:31 -06:00
79d87af910
osx: Never load OS X CCAPI while testing
2022-02-10 00:56:44 -06:00
66e1a8baf2
osx: Disable GCD deprecation warning
2022-02-09 23:49:40 -06:00
1da235c9c3
osx: Avoid blocking the KDC in KEYCHAIN in tests
...
If a client tries to use PKINIT we can block in the OS X keychain if no
anchors are configured.
2022-02-09 23:49:40 -06:00
584a2d3a2b
krb5: Fix error clobbering in test_cc
2022-02-01 15:54:31 -06:00
f06657ff64
krb5: Make more cc configs non-critical
...
MSLSA can't handle cc configs.
2022-02-01 15:54:31 -06:00
13cb84d465
GitHub: Skip check-tester in valgrind build
2022-02-01 13:38:48 -06:00
69973757ce
gss: remove gss_get_instance()
2022-01-30 14:20:05 -05:00
301b7ce711
Revert "asn1: Fix Windows build"
...
This reverts commit ff4033eb59
2022-01-29 00:15:59 -05:00
543b94637f
more dealloc functions require HEIM_CALLCONV
...
Change-Id: I68168a387c088b45e2572d5c982d33dfe0aa38a8
2022-01-29 00:15:59 -05:00
6340602ddc
base: ensure HEIM_CALLCONV used for all dealloc functions
...
Fixes regression introduced in 917e1604
2022-01-29 14:29:37 +11:00
87e96b97bd
kdc: fix warning in kdc_array_iterate()
...
Do not call return in a function returning void.
2022-01-29 10:26:54 +11:00
144caf67fa
kdc: add wrappers for heimbase object accessors
...
Add libkdc wrappers for heimbase object accessors so plugins can use audit and
request attribute APIs without consuming libheimbase. Exposed API surface is
minimal and is limited to reading array collections, and reading/creating base
and custom types.
2022-01-28 17:24:57 -06:00
917e16049a
base: make heim_alloc deallocator use HEIM_CALLCONV
2022-01-28 17:24:57 -06:00
4748f3a19d
asn1: Revert heim_object_t support
2022-01-28 17:24:57 -06:00
327ec7e75c
krb5: use void * instead of heim_object for PAC decoration
2022-01-28 17:24:57 -06:00
5a579901fd
kdc: fix warning in GSS pre-authentication support
...
Do not read an int32_t directly into a CKSUMTYPE enum.
2022-01-29 10:23:09 +11:00
Jeffrey Altman