oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,644 Commits 2 Branches 2 Tags
a9886924341446064fdfc68ed4a2c1b3921c007c
Commit Graph

28644 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Roland C. Dowdeswell
92aad0fa3d Fix kinit.1's synopsis w.r.t. -f and -F. 2014-12-01 12:40:54 -05:00
Love Hörnquist Åstrand
5aca37ae55 revert 31be932fe8 2014-09-09 18:50:22 +02:00
Love Hörnquist Åstrand
a220ed39eb try using as-is name_canon_rules 2014-09-09 18:36:57 +02:00
Love Hörnquist Åstrand
24c8bac3b8 In all_etypes prefer des3-cbc-sha1 over arcfour-hmac-md5 2014-09-09 18:15:08 +02:00
Love Hörnquist Åstrand
44ba0bcd24 no need to make chmod quiet, it supposed to be already because of \ 2014-08-23 19:29:04 -07:00
Love Hörnquist Åstrand
c68ab04304 update (c) 2014-08-23 19:14:10 -07:00
Love Hörnquist Åstrand
a7a6771538 merge in changes from #79 
fixes #79
 2014-08-23 19:08:00 -07:00
Love Hörnquist Åstrand
394a8567fb Merge pull request #87 from jelmer/travis 
Add travis config.
 2014-08-23 19:04:05 -07:00
Love Hörnquist Åstrand
4b0121f545 release pool when done 2014-08-23 18:54:05 -07:00
Love Hörnquist Åstrand
d1cee9a14b now that use used up more then 16 flags and we have been using the right bit order for many years, lets stop dealing with broken bit fields from ticket flags 2014-08-23 18:48:34 -07:00
Love Hörnquist Åstrand
f05236b202 hush autoconf 2014-08-22 21:52:27 -07:00
Love Hörnquist Åstrand
e6ed2bc9df use LT_INIT only, fixes #95 2014-08-22 21:52:10 -07:00
Love Hörnquist Åstrand
c10e99bead Merge pull request #109 from cg2v/dist-kadmin-version-script 
version-script-client.map needs to be in dist
 2014-08-22 21:38:55 -07:00
Love Hörnquist Åstrand
4569c07522 Merge pull request #110 from cg2v/anonymous-pkinit 
Anonymous pkinit improvements
 2014-08-22 21:35:22 -07:00
Love Hörnquist Åstrand
42d4c2b44b Merge pull request #105 from jelmer/compatibility-symlinks 
Install compatibility symlinks for kadmin and ktutil.
 2014-08-22 21:33:14 -07:00
Love Hörnquist Åstrand
904324de8f Merge pull request #100 from ktdreyer/kadmin-systemd-setpgid 
kadmin: handle systemd setpgid failure
 2014-08-22 21:31:32 -07:00
Love Hörnquist Åstrand
8504dce265 make quiet 2014-08-22 21:26:15 -07:00
Love Hörnquist Åstrand
30768c75bb make quiet 2014-08-22 21:25:01 -07:00
Love Hörnquist Åstrand
95f86ad1b8 remove stray a 2014-08-22 21:23:30 -07:00
Love Hörnquist Åstrand
0104a1c6f3 check for JSON perl module and if not found ask developer to install it 
partial fix for #74
 2014-08-22 21:17:16 -07:00
Love Hörnquist Åstrand
37afa01be3 rename roken base64, fixes #107 2014-08-22 20:57:24 -07:00
Love Hörnquist Åstrand
ad9cd6a138 Merge pull request #112 from jhutz/rxkad-kdf 
libkafs: derivation from non-DES key (rxkad-kdf)
 2014-08-22 20:21:37 -07:00
Love Hörnquist Åstrand
a84b572747 resurrect password change support again 2014-08-22 20:19:36 -07:00
Jeffrey Hutzelman
9d511ea37d libkafs: derivation from non-DES key (rxkad-kdf) 
Add support for the "rxkad-kdf" protocol for deriving rxkad session keys
from non-DES Kerberos session keys.  This allows rxkad to be used in
realms where the KDC is unwilling or unable to issue tickets with
single-DES session keys.
 2014-08-21 13:05:59 -04:00
Viktor Dukhovni
6501ba7e95 Avoid appearance of if if else ambiguity 2014-07-22 18:03:04 -04:00
Viktor Dukhovni
d75e74b2d7 Avoid kinit NPE when default cred not in keytab 2014-07-22 17:57:17 -04:00
Samuel Cabrero
f79326e960 Check _kdc_db_fetch return value before dereference entry pointer 
This fixes a segfault if the _kdc_db_fetch function does not find
the entry in the database (the entry pointer will be NULL if entry
is not found).

Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2014-07-18 17:46:25 +02:00
Love Hörnquist Åstrand
c93db5aa52 check for sys/errno.h 2014-07-18 17:46:25 +02:00
Jelmer Vernooij
445160aa2c Add travis config. 2014-07-15 23:19:58 +02:00
Chaskiel Grundman
41da16b48a version-script-client.map needs to be in dist 
version-script-client.map needs to be in lib/kadm5's EXTRA_DIST,
otherwise make distcheck fails
 2014-07-07 12:39:49 -04:00
Chaskiel Grundman
f07ee07288 Use anon realm for anonymous PKINIT 
When an AS request names the anonymous principal, use the anonymous
realm in the response and ticket.
 2014-07-07 12:35:43 -04:00
Love Hörnquist Åstrand
217ae4315a Merge pull request #108 from ktdreyer/kadm5-make-race 
kadm5: fix race in Makefile with kadm5_err.h
 2014-07-06 23:03:55 +02:00
Chaskiel Grundman
f3789f8cc5 Document logic in _krb5_is_anon_request 
describe why we look at the different bits and fields
 2014-07-06 14:37:49 -04:00
Chaskiel Grundman
c2e2de7384 When using PKINIT with DH, compute session key 
RFC6112 provides a method of computing a session key when the PKINIT DH
is used, and mandates it for anonymous pkinit. The session key is computed
using KRB-FX-CF2 from the reply key and a random key chosen by the kdc.
The random key is provided to the client, which is supposed to verify
that the session key was computed this way.
 2014-07-03 12:24:08 -04:00
Chaskiel Grundman
bf7f31ee09 Include empty PKINIT-KX padata 
rfc6112 requires kdcs implementing anonymous PKINIT to include an
empty PKINIT-KX padata in PREAUTH_REQUIRED messages.
Including this improves compatibility with MIT kerberos.
 2014-07-03 12:24:08 -04:00
Chaskiel Grundman
5f2a93f5ca Recognize anonymous AS requests using bit 14 
Check KDC Option bit 14 in addition to 16 when identifying anonymous
AS-REQs. This provides compatibility with older heimdal releases.
 2014-07-03 12:24:08 -04:00
Chaskiel Grundman
86554f5a7f Use correct value for anonymous flags 
The KDC Option and Ticket Flag for the anonymous extension were changed
from 14 to 16 due to a conflict with S4U2Proxy in version 11 of the anonymous
draft (now RFC6112). Fix the definitions
 2014-07-02 20:24:49 -04:00
Jakub Čajka
6affa4ccec kadm5: fix race in Makefile with kadm5_err.h 
When running make with -j4, occasionally kadm5 fails due to a missing
header file kadm5_err.h. Fix the race condition.

Reported at https://bugzilla.redhat.com/1115164

Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
 2014-07-01 13:18:09 -06:00
Jeffrey Altman
a5da5bcb96 asn1: check overflow against SIZE_MAX not +1 
A comparison of (len > len + 1) is permitted to be optimized out
as dead code because it can't be true.  Overflowing is an exceptional
condition that results in undefined behavior.  The correct conditional
is (len == SIZE_MAX) when len is size_t.

Change-Id: Ia5586556a973d9fa5228430c4304ea9792c996bb
 2014-06-20 20:15:13 -04:00
Jelmer Vernooij
31be932fe8 Install compatibility symlinks for kadmin and ktutil. 2014-06-11 03:44:28 +02:00
Love Hörnquist Åstrand
5fd158db47 Merge pull request #104 from jelmer/kadmin-ktutil-to-usr-bin 
Move kadmin and ktutil to /usr/bin.
 2014-06-10 14:29:37 -07:00
Jelmer Vernooij
63e2f30fd5 Move kadmin and ktutil to /usr/bin. 2014-06-09 23:36:23 +02:00
Jeffrey Altman
9ef790576d Merge pull request #102 from jelmer/manpages-no-krb4 
Remove references to Kerberos 4 from manpages.
 2014-06-01 19:59:35 -04:00
Jelmer Vernooij
ea062e4bb2 Remove references to KRBTKFILE from login.1 and kinit.1. 2014-06-02 00:32:37 +02:00
Jelmer Vernooij
5a75d6fe43 afslog.1: Remove documentation for removed no-v4 argument. 2014-06-02 00:32:37 +02:00
Jeffrey Altman
0b56c1ebab Merge pull request #101 from jelmer/kimpersonate-no-kerb4 
Remove kerberos 4 references from kimpersonate.8.
 2014-06-01 17:35:48 -04:00
Jelmer Vernooij
7e81485562 Remove kerberos 4 references from kimpersonate.8. 2014-06-01 23:21:52 +02:00
Ken Dreyer
11c9e28192 kadmin: handle systemd setpgid failure 
When running as a service under systemd, kadmin cannot successfully use
setpgid().  The call fails with EPERM. Do not treat this as a fatal
error; instead, allow kadmind to continue starting up.
 2014-05-31 02:03:38 -06:00
Love Hörnquist Åstrand
684ff198b7 Merge pull request #99 from ktdreyer/klist-spelling-comments 
klist: fix spelling in comments
 2014-05-28 23:40:24 +02:00
Ken Dreyer
9dd7e27bf7 klist: fix spelling in comments 2014-05-28 14:34:06 -06:00