oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,432 Commits 2 Branches 2 Tags
be2525ef294a0e29b0d0f97360d266a289f9347c
Commit Graph

29432 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Williams
4a4ceaf287 httpkadmind: Fix NULL deref on ENOMEM 2020-09-15 11:31:29 -05:00
Nicolas Williams
3c7d12e116 krb5: Fix FD leak in ENOMEM in stdio_from_fd 2020-09-15 11:26:52 -05:00
Nicolas Williams
b2b6599f87 krb5: Fix NULL deref on ENOMEM in fkt_add_entry(2) 2020-09-15 11:26:06 -05:00
Nicolas Williams
f2f2cd18b6 kadm5: Fix auth_context leak on reconnect 2020-09-14 17:11:08 -05:00
Nicolas Williams
096888fe31 krb5: Fix NULL deref on ENOMEM in fkt_add_entry() 2020-09-14 16:38:20 -05:00
Nicolas Williams
821dcaec70 hdb: Test hdb_validate_key_rotations() 2020-09-09 22:45:17 -05:00
Nicolas Williams
ff13573ce5 hdb: Do not apply new service key delay to clients 
The new [hdb] new_service_key_delay parameter should not apply to
principal entries when used as clients.  Otherwise new passwords would
not take effect immediately, and that would be very confusing.
 2020-09-09 21:48:29 -05:00
Nicolas Williams
18459de867 travis: Install curl too 2020-09-08 14:34:08 -05:00
Nicolas Williams
9574783d04 kdc: Add httpkadmind 
TBD:

 - improve error handling, logging, tracing!
 - move all REST services out of kdc/
 2020-09-08 14:34:08 -05:00
Nicolas Williams
ea83f068e9 kadm5/kadmin: Add read-only mode 
Now we can have read-only kadmind instances.
 2020-09-08 00:25:40 -05:00
Nicolas Williams
5447b81fb1 hdb: Move virtual principals into HDB layer 
This is a large commit that adds several features:

 - Revamps and moves virtual host-based service principal functionality
   from kdc/ to lib/hdb/ so that it may be automatically visible to
   lib/kadm5/, as well as kadmin(1)/kadmind(8) and ktutil(1).

   The changes are backwards-incompatible.

 - Completes support for documenting a service principal's supported
   enctypes in its HDB entry independently of its long-term keys.  This
   will reduce HDB bloat by not requiring that service principals have
   more long-term keys than they need just to document the service's
   supported enctypes.

 - Adds support for storing krb5.conf content in principals' HDB
   entries.  This may eventually be used for causing Heimdal KDC
   services to reconfigure primary/secondary roles automatically by
   discovering the configured primary in an HDB entry for the realm.

   For now this will be used to help reduce the amount of configuration
   needed by clients of an upcoming HTTP binding of the kadmin service.
 2020-09-08 00:25:36 -05:00
Nicolas Williams
ef06b94132 bx509: Fix minor test issues 2020-09-08 00:25:24 -05:00
Nicolas Williams
cb6c57dc36 bx509: Let simple authorizer use the app name 2020-09-08 00:25:24 -05:00
Nicolas Williams
4f0249cd94 hx509/kdc: Move KDC CA utility function into hx509 
This is part of the program to move REST services like bx509d out of
kdc/.
 2020-09-08 00:25:24 -05:00
Nicolas Williams
e311d05fee bx509d: Further disentanglement from kdc 2020-09-08 00:25:24 -05:00
Nicolas Williams
73c424ea66 bx509d: Get KDC config out of bx509d 2020-09-08 00:25:24 -05:00
Nicolas Williams
c3e99be519 kdc: Get KDC config out of CSR authorizer API 
Part of refactoring to split out bx509/bnegotiate, add a kadmin REST service,
and move all of that out of kdc/.
 2020-09-08 00:25:24 -05:00
Nicolas Williams
a12fe376ae Revert "kadm5: Allow princ creation with keys" 
This reverts commit 5b70a0cac6.
 2020-09-07 23:58:46 -05:00
Nicolas Williams
e17f78c738 kadmin: Allow negative time offsets 2020-09-07 22:15:52 -05:00
Nicolas Williams
aa1b938d95 kadm5: Fix leak in principal creation 2020-09-07 22:04:59 -05:00
Nicolas Williams
3b05166332 kadm5: Fix leak in randkey principal 2020-09-07 22:04:59 -05:00
Nicolas Williams
5b70a0cac6 kadm5: Allow princ creation with keys 2020-09-07 22:04:59 -05:00
Nicolas Williams
0a0bf32935 krb5: Fix leak in gethostlist() 2020-09-07 22:04:59 -05:00
Nicolas Williams
fbb3bd3f8b krb5: Constify principal arg to some functions 2020-09-07 22:04:59 -05:00
Nicolas Williams
983ed75295 krb5: Add krb5_set_log_dest() 2020-09-07 22:04:59 -05:00
Nicolas Williams
e479695c61 base: Make heim_audit_trail() safer when ENOMEM 2020-09-07 22:04:59 -05:00
Nicolas Williams
5e078cdf6e base: Fix logging bug 2020-09-07 22:04:59 -05:00
Nicolas Williams
a649acf540 base: Add debug tracing to plugin code 2020-09-07 22:04:59 -05:00
Nicolas Williams
4772674e57 base: Make *_log_msg() use contextual log dest 2020-09-07 22:04:59 -05:00
Nicolas Williams
e2264e8374 base: Make log facility opaque, ref-counted 2020-09-07 22:04:59 -05:00
Nicolas Williams
7208217410 base: Make log reopen option thread-safe 2020-09-07 22:04:59 -05:00
Nicolas Williams
faee4626fb base: Fix leak in heim_string_create_with_format() 2020-09-07 22:04:59 -05:00
Nicolas Williams
a2d827ca1d hcrypto: Disable errors for now that should be fixed 2020-09-07 22:04:59 -05:00
Nicolas Williams
fdc13c4aac Fix switch fallthrough warnings/errors 2020-09-07 22:04:59 -05:00
Nicolas Williams
7d50445d1b Generic: Fix warnings (fallthrough mosty) 2020-09-07 22:04:59 -05:00
Nicolas Williams
c06252745d sqlite: Disable errors 2020-09-07 22:04:59 -05:00
Nicolas Williams
d15b39dd14 hx509: Add log/warn/debug dest set functions 2020-09-07 22:04:59 -05:00
Nicolas Williams
af9bb46a78 hx509: Add hx509_enomem() 2020-09-07 22:04:59 -05:00
Nicolas Williams
473e5be741 asn1: Leave comment about great futures 2020-09-07 22:04:59 -05:00
Nicolas Williams
f5f63daa69 tests/kdc: Make make clean clean cleaner 2020-09-07 22:04:59 -05:00
Luke Howard
0c0ac807c1 roken: socket test style fixes 
Make error reporting in socket test programs consistent with other usages by
removing redundant newline, using strerror() and reporting error in
parentheses.
 2020-08-31 16:02:09 +10:00
Luke Howard
351145309d krb5: consolidate cc_ops enumeration 
Consolidate the enumeration of the cc_ops table by using cc_get_prefix_ops() (a
variant of krb5_cc_get_prefix_ops that also returns the residual).
 2020-08-30 13:44:19 +10:00
Luke Howard
cbcc50cd00 krb5: consolidate default ccache type logic into get_default_cc_type() 
Consolidate the default credentials cache type logic into
get_default_cc_type(), so that the API: and MSLSA: types are respected on macOS
and Windows.
 2020-08-29 16:13:00 +10:00
Nicolas Williams
f47e64bb5a kinit: Work again w/o -c or KRB5CCNAME 2020-08-27 23:54:03 -05:00
Jeffrey Altman
a14a0545c1 hpropd: enable keepalive mode on incoming sockets 
Change-Id: I01c9c796357189c5f339bcf211e913989157e783
 2020-07-24 01:32:34 -04:00
Jeffrey Altman
3214c835da kdc: enable keepalive mode on incoming sockets 
Change-Id: I72a43486fe772ad3c8e71d8c5cc512bdb89de2d2
 2020-07-24 01:32:34 -04:00
Jeffrey Altman
28b9283709 kadmin: enable keepalive mode on incoming sockets 
Change-Id: I07d0e0c866f1081002b3e20ca9198055f98fe7d1
 2020-07-24 01:32:34 -04:00
Jeffrey Altman
51912c0215 roken: introduce rk_socket_set_keepalive 
Change-Id: I3086a10cd3d23bef00336f5db7db3a35ca02d568
 2020-07-24 01:32:34 -04:00
Luke Howard
ee7e345af1 sqlite: silence OSAtomicCompareAndSwapPtrBarrier warning 
The deprecated OSAtomicCompareAndSwapPtrBarrier() function is used by a code
path only taken on macOS systems with a single CPU. As very few Macs have a
single CPU today, remove this optimization. (Replacing it with <stdatomic.h> as
suggested would break compatability with macOS prior to 10.12.)
 2020-07-20 13:41:53 +10:00
Luke Howard
bb7b4f7a94 base: use atomic load/store in reference counting 
Use the new atomic load and store macros for testing and setting reference
count overflow.
 2020-07-14 09:35:14 +10:00