oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
31,039 Commits 3 Branches 2 Tags
d3e6c52baffef46e5d6fb63f33b3e1213d9f50c5
Commit Graph

18370 Commits

Author SHA1 Message Date
Nicolas Williams
fa43b2d3c4 asn1: Fix UB in two tests 2026-01-18 19:06:17 -06:00
Nicolas Williams
a1dfcc8453 krb5: Constify krb5_kuserok() 2026-01-18 19:06:17 -06:00
Nicolas Williams
10732be94c gss: Constify gss_str_to_oid() 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5589cf96c7 Sprinkle const and rk_UNCONST throughout the tests. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
56a6e7261b kadm5: Sprinkle const and rk_UNCONST for private string not modified. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5373ab492f ipc: rk_UNCONST for private string not modified. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
a9f37d2597 libroken: Make roken_detach_prep take const char *special_arg. 
Requires an internal rk_UNCONST because of annoying execvp type, but
that's better than rk_UNCONST in all the call sites.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5fec8989b5 gssapi: Sprinkle const and rk_UNCONST to pacify -Wwrite-strings. 
All for read-only krb5_data or gss_buffer_desc.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
9c1b2e963b krb5: Sprinkle const and rk_UNCONST to pacify -Wwrite-strings. 
Mostly for read-only iov or krb5_data.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
29da785a64 kadm5: Note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
0eb423022f hdb: Label unconst abuse for read-only krb5_data. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
82225829a0 gss_preauth: Label unconst abuse with rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
cdd1fb8fc4 gssapi/sanon: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
bbf6150cfd gssapi: Make gss_duplicate_oid{,_set} take gss_const_OID_t. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
04dcda3628 gssapi/spnego: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
137939e0d2 gssapi: Make gss_add_buffer_set_member take gss_const_buffer_t. 
`const gss_buffer_t' was probably meant to be gss_const_buffer_t.

XXX This changes the type of a public symbol -- does thiat require a
version bump?
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
34dc2dda57 gssapi/mech: Sprinkle const and rk_UNCONST. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
80545251a0 gssapi/krb5: Sprinkle some const, but mostly label unconst abuse. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
d17fed0c7f krb5/log: Note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
c199e31fcd krb5/init_creds_pw.c: Label unconst abuse. 
API is just not type-safe here, bummer.
 2026-01-18 19:06:17 -06:00
Taylor R Campbell
18dcaf1ca7 krb5/get_cred: Sprinkle const and label & comment unconst abuse. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
4cb23c61c7 krb5/fcache: Sprinkle const; note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
7726409b5c krb5/store: Label unconst abuse for read-only krb5_data. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
9907e29baa krb5/pac: Label unconst abuse for iov. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
709d317cc9 heim_openlog: Sprinkle const. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
270e0d819c krb5/deprecated: Nix const abuse. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
7ec6b6220d krb5/crypto: Label unconst abuse for iov. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
6da033336e krb5/context: Sprinkle const and note strict aliasing violation. 2026-01-18 19:06:17 -06:00
Taylor R Campbell
5c694deee9 _krb5_load_plugins: Sprinkle const. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
3cc4861888 heim_load_plugins: Sprinkle const. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
9765e2522b asn1: Mitigate const abuse and omit needless casts. 
There's still an abusive rk_UNCONST in _asn1_encode_open_type, but
that will take more effort to untangle.
 2026-01-18 19:06:16 -06:00
Taylor R Campbell
f494333624 base/json: Sprinkle const. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
a578088705 heim_data_ref_create: Use rk_UNCONST. 
This API is used for both const and non-const strings, depending on
whether there is a deallocator passed or not, so the C type system
can't distinguish this for us.

XXX Perhaps this should be two separate APIs, one which takes
const-qualified pointers and one which takes non-const-qualified
pointers.
 2026-01-18 19:06:16 -06:00
Taylor R Campbell
f6d1dfd60f *.l: Fix old-style function definitions of yywrap. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
a1d92fefbc Use rk_UNCONST with putenv("...") to pacify -Wwrite-strings. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
7223924aeb roken/hostent_find_fqdn.c: Fix unnecessary const abuse. 2026-01-18 19:06:16 -06:00
Taylor R Campbell
ce43ff7b42 roken/getuserinfo.c: Fix various const abuse. 2026-01-18 19:06:16 -06:00
Nicolas Williams
1a82701a91 osx: Fix warnings/errors 2026-01-18 19:06:16 -06:00
Nicolas Williams
76fbb83e86 hx509: Add a JWT fuzzer 2026-01-18 19:06:16 -06:00
Nicolas Williams
2ff2cc04b8 base: Add a fuzzer for JSON 2026-01-18 19:06:16 -06:00
Nicolas Williams
ae7d6746d1 gsstool: Add GSS-based kinit-like acquire_cred cmd 
This has most of the features needed to act as a kinit that uses GSS
APIs, specifically gss_acquire_cred_from() and gss_store_cred_into2().

It's missing some functionality, such as being able to drive prompts
from AS responses (if we add minor status codes for representing KDC
pre-auth proposals, then we do drive prompts, but we would have to
encode a lot of mechanism-specific knowledge into gsstool).

The point of this commit is to explore:

 - GSS functionality for kinit-like actions

 - credential store key/value pairs supported by the mechanisms

 - document the credential store key/value pairs (in gsstool.1)

that might lead to further enhancements.  But gsstool acquire-cred
is quite functional at this point!
 2026-01-18 19:06:16 -06:00
Nicolas Williams
b804b22446 gsskrb5: Add cred store PKINIT and FAST options 2026-01-18 19:06:16 -06:00
Nicolas Williams
220a47b000 hx509: Add JOSE functionality 2026-01-18 19:06:16 -06:00
Nicolas Williams
dafe6323fb krb5: Restore 1DES and 3DES 2026-01-18 19:06:16 -06:00
Nicolas Williams
cbe156d927 Use OpenSSL 3.x _only_ and implement RFC 8636 
- No more OpenSSL 1.x support
 - Remove 1DES and 3DES
 - Remove NETLOGON, NTLM (client and 'digest' service)
 2026-01-18 19:06:16 -06:00
Nicolas Williams
02ce745c6e sl: Fix OS X build (bison) 2026-01-18 16:09:31 -06:00
Nicolas Williams
7439820618 hcrypto, otp: Remove hcrypto and otp! 
We must switch to OpenSSL 3.x, and getting lib/hcrypto to provide
OpenSSL 3.x APIs is too large an undertaking.  Plus the hcrypto backend
is not safe, not secure (probably has timing leaks galore), and no one
has the resources to make it a world-class crypto library, so it just
has to go.
 2026-01-18 16:09:31 -06:00
Nicolas Williams
b704f45dce iprop: Fix Windows bug 2026-01-18 16:09:30 -06:00
Nicolas Williams
845a9bb0e6 iprop: Fix leaks in ipropd-slave 2026-01-18 16:09:30 -06:00
Nicolas Williams
b8aed2b43e kadm5: Check ftruncate() result 2026-01-18 16:09:30 -06:00