oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,573 Commits 2 Branches 2 Tags
b21669792457beda28ec15014e01ee226b51dcf8
Commit Graph

5570 Commits

Author SHA1 Message Date
Stefan Metzmacher
2e6318f09a heimdal:lib/krb5: allow enterprise principals in verify_logonname() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-06-17 17:41:26 -05:00
Volker Lendecke
02616866e5 heimdal: Fix the developer O3 build 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
 2015-06-17 17:41:26 -05:00
Günther Deschner
0f19fdec83 s4-heimdal: fix krb5_get_init_creds_opt_set_process_last_req(). 
Most probably just a copy/paste error.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2015-06-17 17:41:26 -05:00
Santosh Kumar Pradhan
e5144acab0 heimdal: Use krb5_free_default_realm() for free() 
The resource allocated by krb5_default_default_realm() should be
free()'d by krb5_free_default_realm() instead of plain free()
for better readability.

Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2015-06-17 17:41:26 -05:00
Sergio Gelato
50e2a5ce95 (patch) man page syntax errors 
A few fixes for syntax errors in man pages, as reported by lintian:

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2015-05-26 16:03:00 +02:00
Nicolas Williams
56b67ac2eb start-realm: don't write NUL 2015-05-20 10:07:51 -05:00
Love Hörnquist Åstrand
3d469d7386 Merge pull request #124 from Sp1l/master 
Fix build when OpenSSL has no EGD support
 2015-04-28 08:36:43 -07:00
Jeffrey Altman
832ee39994 YFS Coverity 11034 
Change-Id: I5037b7e6d804e6a61e02258927f06d24cc0b2051
 2015-04-21 22:18:09 -04:00
Bernard Spil
858480145b Refactor EGD conditional support 
As per Jeremy's request in #124
Windows does not define HAVE_RAND_EGD resulting in the same conditional
support for EGD.
 2015-04-21 10:04:08 +02:00
Nicolas Williams
8cdd54c997 coverity 1164162 2015-04-19 15:04:16 -05:00
Nicolas Williams
e8563aeae5 coverity 1164093 2015-04-19 14:39:10 -05:00
Nicolas Williams
e7b5efb103 coverity 1164091 2015-04-18 23:19:26 -05:00
Nicolas Williams
e010254cc2 coverity 745495 2015-04-18 23:19:25 -05:00
Jeffrey Altman
e8e9cd9710 krb5: Introduce KRB5_TKT_LIFETIME_DEFAULT 
Instead of hard coding 10 hours as the default ticket lifetime within
lib/krb5/init_cred_pw.c init_cred(), add a preprocessor macro,
KRB5_TKT_LIFETIME_DEFAULT, that can be overridden at build time.

The value of KRB5_TKT_LIFETIME_DEFAULT is 10 hours if not previously
defined.

Change-Id: I63e729fedee8e8c6f542e4a4665de5f40db34c03
 2015-04-16 20:40:21 -04:00
Nicolas Williams
fb177480bd Fix memory leak in init_creds_pw.c 2015-04-15 12:37:52 -05:00
Viktor Dukhovni
93af13ca12 Undo ntohs htons nesting to avoid variable shadowing 2015-04-14 23:02:58 +00:00
Nicolas Williams
f2549127e8 Add missing #include in aname_to_localname.c 2015-04-14 17:10:26 -05:00
Nicolas Williams
7b1ad2f1a3 Fix typo in Add start_realm cc config (629eeb8) 
Maybe 'initialized' was not a good field name for this purpose.
 2015-04-14 17:06:55 -05:00
Nicolas Williams
7da08a658b Try capaths first, then referrals 
When looking for a ticket, use the capath codepath first when we know
the service's realm: because we might have local policy as to how to get
there.

Then, if that doesn't work, try referrals.  (For now unconditionally.)
 2015-04-14 11:27:24 -05:00
Viktor Dukhovni
bfc78d11dc Only use KDC offset when we have it 2015-04-14 11:27:24 -05:00
Nicolas Williams
bd71a22e20 Fix trailing whitespace in cache.c 2015-04-14 11:27:23 -05:00
Viktor Dukhovni
d09430d68b Fetch forwardable TGT without GC_CACHED 
Just in case it is not the start TGT, in which case it is generally,
but not always, already cached.  Just in case get it again, if lost.
 2015-04-14 11:27:23 -05:00
Nicolas Williams
617a82a0a5 Fix ENOENT msg clobbering in fcache.c 
By not returning the same error code as we were setting on the context,
the error message was subsequently lost.
 2015-04-14 11:27:23 -05:00
Nicolas Williams
a3b5dc2e34 Update _krb5_homedir_access() docs 2015-04-14 11:27:22 -05:00
Nicolas Williams
5f91ef7242 Use krb5_timeofday in krb5_cc_get_lifetime() 2015-04-14 11:27:22 -05:00
Viktor Dukhovni
f973a9f397 Use start_realm in cc lifetime 2015-04-14 11:27:22 -05:00
Nicolas Williams
629eeb811a Add start_realm cc config 2015-04-14 11:27:21 -05:00
Nicolas Williams
f5a86add5c krb5_cc_get_lifetime() misses the TGT 2015-04-13 16:59:21 -05:00
Nicolas Williams
0306d70a91 Add --debug option to kgetcred 2015-04-13 16:59:20 -05:00
Nicolas Williams
febe23a399 Improve and export krb5_principal_set_comp_string 2015-04-13 16:59:20 -05:00
Nicolas Williams
c5e91cf462 Add debug messages to krb5_get_creds 2015-04-13 16:59:19 -05:00
Bernard
828f4f4fb1 Fix build when OpenSSL has no EGD support 2015-04-10 22:47:03 +02:00
Nicolas Williams
465483de49 Fix use after free in test_kuserok.c 2015-03-24 11:50:04 -05:00
Nicolas Williams
945fe5fb2f Fix leak in fcc_remove_cred() 2015-03-24 11:50:04 -05:00
Nicolas Williams
86017e8798 Fix leaks in test_kuserok.c 2015-03-24 11:50:03 -05:00
Nicolas Williams
2bbf56b2e4 Fix error-case memleak in aname2lname 2015-03-24 11:50:02 -05:00
Nicolas Williams
d07d93ce35 Bounds check in aname2lname 2015-03-24 11:50:02 -05:00
Nicolas Williams
b48bed5f42 Daemons detach atomically to avoid having to wait 
Tests that start daemons have to "wait" for them to start.

This commit makes Heimdal daemons prep to detach (when requested) by
forking early, then having the child signal readiness to the parent when
the child really is ready.  The parent exits only which the child is
ready.  This means that tests will no longer need to wait for daemons.

However, tests will still need a pidfile or such so they can stop the
daemons.

Note that the --detach options should not be used on OS X from launchd,
only from tests.
 2015-03-24 11:49:59 -05:00
Nicolas Williams
0778b19c3f Revive name rule docs 2015-03-24 11:49:59 -05:00
Nicolas Williams
a7587b08e2 Support hostname:port svc princs 2015-03-24 11:49:59 -05:00
Nicolas Williams
5fffc4061f Don't use canon rules in principal name comparison 2015-03-24 11:49:59 -05:00
Nicolas Williams
487b6820f6 Revamp name canonicalization code 2015-03-24 11:49:58 -05:00
Nicolas Williams
a1c87df260 Add guard in krb5_free_creds() 
Don't call krb5_free_contents() if the creds pointer is NULL.

MIT krb5 also has this guard.
 2015-03-24 11:49:58 -05:00
Jeffrey Altman
902aa4ee02 tests on Windows 
Modify the NTMakefile rules for tests so that a failed test does
not prevent subsequent tests from being executed.

Change-Id: I9595ad4a1527feae7c402241bf06ab21a0b76d4a
 2015-03-21 15:44:48 -04:00
Nicolas Williams
9fbbc4cf85 Refactor capath_worker() a bit more 2015-03-16 10:40:10 -05:00
Viktor Dukhovni
cfdf6d5cbe gsskrb5: Make krb5 mech use referrals 
Modify the gss krb5 mech to always use referrals unless the
KRB5_NCRO_NO_REFERRALS flag is set.

Change-Id: I7efd873ac922a43adafa2c492703b576847a885f
 2015-03-14 16:08:32 -04:00
Nicolas Williams
8a5d50a328 krb5: do not store TGTs if GC_NO_STORE 
krb5_get_credentials_with_flags() and krb5_get_creds() do not store
obtained TGTs if the KRB5_GC_NO_STORE flag is set.

Change-Id: Ie999ec4e985463ff60e9d499c3e870880033dfa7
 2015-03-14 16:08:31 -04:00
Nicolas Williams
b84bdf213d krb5: improve comments in get_cred_kdc_capath_worker 
Change-Id: I0d47ada32fdc9f7938d69d93022f1daac80d4e88
 2015-03-14 16:08:29 -04:00
Nicolas Williams
4f074487b4 krb5: reject referrals in capath code paths 
In get_cred_kdc_capath_worker() if the credentials obtained by
get_cred_kdc_address() does not exactly match the requested service
principal discard them and return KRB5KC_ERR_S_PRINCIPAL_UNKNOWN.

Change-Id: Iaeacd07f87374f64e3a7bb860adfeb2dc9550fd1
 2015-03-14 16:08:28 -04:00
Jeffrey Altman
e13c0946f6 krb5: refactor get_cred_kdc_capath_worker 
This change adds a common out: path for all cleanup.

It also adjusts whitespace for consistency.

Change-Id: Ic90d6568a44aebc0c0adb64fad641e5420ea8e27
 2015-03-14 16:08:26 -04:00