oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
31,023 Commits 3 Branches 2 Tags
adeae8336cd8944434b3e4700c5d8d20d3ee17ab
Commit Graph

31023 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taylor R Campbell
adeae8336c kdc: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
29a791f8f4 kdc: rk_UNCONST for literal shell.version. 
I assume this is used read-only by ASN1_MALLOC_ENCODE.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
56a6e7261b kadm5: Sprinkle const and rk_UNCONST for private string not modified. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5373ab492f ipc: rk_UNCONST for private string not modified. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
a9f37d2597 libroken: Make roken_detach_prep take const char *special_arg. 
Requires an internal rk_UNCONST because of annoying execvp type, but
that's better than rk_UNCONST in all the call sites.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5fec8989b5 gssapi: Sprinkle const and rk_UNCONST to pacify -Wwrite-strings. 
All for read-only krb5_data or gss_buffer_desc.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
9c1b2e963b krb5: Sprinkle const and rk_UNCONST to pacify -Wwrite-strings. 
Mostly for read-only iov or krb5_data.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
f08f1a6456 appl/kf: Label unconst for read-only krb5_data. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
294ab3ae5d kdc: Sprinkle rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
3c2b7b865b kdc: Note strict aliasing violations. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
29da785a64 kadm5: Note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
0eb423022f hdb: Label unconst abuse for read-only krb5_data. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
82225829a0 gss_preauth: Label unconst abuse with rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
cdd1fb8fc4 gssapi/sanon: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
bbf6150cfd gssapi: Make gss_duplicate_oid{,_set} take gss_const_OID_t. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
04dcda3628 gssapi/spnego: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
137939e0d2 gssapi: Make gss_add_buffer_set_member take gss_const_buffer_t. 
`const gss_buffer_t' was probably meant to be gss_const_buffer_t.

XXX This changes the type of a public symbol -- does thiat require a
version bump?
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
34dc2dda57 gssapi/mech: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
80545251a0 gssapi/krb5: Sprinkle some const, but mostly label unconst abuse. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
d17fed0c7f krb5/log: Note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
c199e31fcd krb5/init_creds_pw.c: Label unconst abuse. 
API is just not type-safe here, bummer.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
18dcaf1ca7 krb5/get_cred: Sprinkle const and label & comment unconst abuse. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
4cb23c61c7 krb5/fcache: Sprinkle const; note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
7726409b5c krb5/store: Label unconst abuse for read-only krb5_data. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
9907e29baa krb5/pac: Label unconst abuse for iov. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
709d317cc9 heim_openlog: Sprinkle const. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
270e0d819c krb5/deprecated: Nix const abuse. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
7ec6b6220d krb5/crypto: Label unconst abuse for iov. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
6da033336e krb5/context: Sprinkle const and note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5c694deee9 _krb5_load_plugins: Sprinkle const. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
3cc4861888 heim_load_plugins: Sprinkle const. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
9765e2522b asn1: Mitigate const abuse and omit needless casts. 
There's still an abusive rk_UNCONST in _asn1_encode_open_type, but
that will take more effort to untangle.
 2026-01-18 19:06:16 -06:00
Taylor R Campbell
f494333624 base/json: Sprinkle const. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
a578088705 heim_data_ref_create: Use rk_UNCONST. 
This API is used for both const and non-const strings, depending on
whether there is a deallocator passed or not, so the C type system
can't distinguish this for us.

XXX Perhaps this should be two separate APIs, one which takes
const-qualified pointers and one which takes non-const-qualified
pointers.
 2026-01-18 19:06:16 -06:00
Taylor R Campbell
f6d1dfd60f *.l: Fix old-style function definitions of yywrap. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
a1d92fefbc Use rk_UNCONST with putenv("...") to pacify -Wwrite-strings. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
7223924aeb roken/hostent_find_fqdn.c: Fix unnecessary const abuse. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
ce43ff7b42 roken/getuserinfo.c: Fix various const abuse. 2026-01-18 19:06:16 -06:00
Nicolas Williams
f36629d150 osx: Fix check-iprop 2026-01-18 19:06:16 -06:00
Nicolas Williams
1a82701a91 osx: Fix warnings/errors 2026-01-18 19:06:16 -06:00
Nicolas Williams
e8f63dd1ac GHA: Get it building 2026-01-18 19:06:16 -06:00
Nicolas Williams
76fbb83e86 hx509: Add a JWT fuzzer 2026-01-18 19:06:16 -06:00
Nicolas Williams
2ff2cc04b8 base: Add a fuzzer for JSON 2026-01-18 19:06:16 -06:00
Nicolas Williams
ae7d6746d1 gsstool: Add GSS-based kinit-like acquire_cred cmd 
This has most of the features needed to act as a kinit that uses GSS
APIs, specifically gss_acquire_cred_from() and gss_store_cred_into2().

It's missing some functionality, such as being able to drive prompts
from AS responses (if we add minor status codes for representing KDC
pre-auth proposals, then we do drive prompts, but we would have to
encode a lot of mechanism-specific knowledge into gsstool).

The point of this commit is to explore:

 - GSS functionality for kinit-like actions

 - credential store key/value pairs supported by the mechanisms

 - document the credential store key/value pairs (in gsstool.1)

that might lead to further enhancements.  But gsstool acquire-cred
is quite functional at this point!
 2026-01-18 19:06:16 -06:00
Nicolas Williams
b804b22446 gsskrb5: Add cred store PKINIT and FAST options 2026-01-18 19:06:16 -06:00
Nicolas Williams
509ee48669 kadmind: Fix NULL ptr derefs found by fuzzing 2026-01-18 19:06:16 -06:00
Nicolas Williams
9f5db19378 kadmind: Add fuzz mode and fuzz corpus 2026-01-18 19:06:16 -06:00
Nicolas Williams
8964be1eee tests: Prep for older Heimdal interop testing 2026-01-18 19:06:16 -06:00
Nicolas Williams
d1f56c6966 tests: Work around OpenSSL legacy provider being disabled 2026-01-18 19:06:16 -06:00
Nicolas Williams
b9773f7839 tests: Add another MIT Kerberos interop test 
We do a small amount of MIT interop testing in tests/kdc/check-fast.in,
which tests some MIT clients against Heimdal KDCs.  This commit adds
more testing via tests/kdc/check-mit-kdc.in, wherein we set up and run
an MIT Kerberos realm and KDCs and test Heimdal clients against it.
 2026-01-18 19:06:16 -06:00