oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,849 Commits 2 Branches 2 Tags
dbc95a3e5329651e6a259e787fe314c9b6fe5b72
Commit Graph

27849 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Viktor Dukhovni
dbc95a3e53 Avoid unused assignment 2015-04-14 23:03:07 +00:00
Viktor Dukhovni
0280a9e930 Escape literal backslash 2015-04-14 23:03:03 +00:00
Viktor Dukhovni
93af13ca12 Undo ntohs htons nesting to avoid variable shadowing 2015-04-14 23:02:58 +00:00
Nicolas Williams
f2549127e8 Add missing #include in aname_to_localname.c 2015-04-14 17:10:26 -05:00
Nicolas Williams
7b1ad2f1a3 Fix typo in Add start_realm cc config (629eeb8) 
Maybe 'initialized' was not a good field name for this purpose.
 2015-04-14 17:06:55 -05:00
Nicolas Williams
20c1e6c9ef Rename context handle lifetime to endtime 2015-04-14 11:27:25 -05:00
Viktor Dukhovni
dee03d9bee Rename cred handle lifetime to endtime 
And change type from OM_uint32 to time_t.
 2015-04-14 11:27:25 -05:00
Viktor Dukhovni
3bb33fa6e8 Fix cred handle lifetime/expiration confusion 
In at least two instances the krb5 cred handle expiration time was misused
as a remaining lifetime.  This is not surprising since the field name is
wrong ("lifetime" not "expiration").  This commit fixes the code, the next
commit will rename the field and change its type from OM_uint32 to time_t.
 2015-04-14 11:27:24 -05:00
Nicolas Williams
9a515026b9 gss_add_cred() doesn't always output lifetime 2015-04-14 11:27:24 -05:00
Nicolas Williams
67af588bce Don't require NUL term. in gss_add_cred_with_pw 2015-04-14 11:27:24 -05:00
Nicolas Williams
7da08a658b Try capaths first, then referrals 
When looking for a ticket, use the capath codepath first when we know
the service's realm: because we might have local policy as to how to get
there.

Then, if that doesn't work, try referrals.  (For now unconditionally.)
 2015-04-14 11:27:24 -05:00
Viktor Dukhovni
bfc78d11dc Only use KDC offset when we have it 2015-04-14 11:27:24 -05:00
Nicolas Williams
bd71a22e20 Fix trailing whitespace in cache.c 2015-04-14 11:27:23 -05:00
Viktor Dukhovni
d09430d68b Fetch forwardable TGT without GC_CACHED 
Just in case it is not the start TGT, in which case it is generally,
but not always, already cached.  Just in case get it again, if lost.
 2015-04-14 11:27:23 -05:00
Nicolas Williams
52b046c636 Fix off-by-one in daemon detach 2015-04-14 11:27:23 -05:00
Nicolas Williams
617a82a0a5 Fix ENOENT msg clobbering in fcache.c 
By not returning the same error code as we were setting on the context,
the error message was subsequently lost.
 2015-04-14 11:27:23 -05:00
Nicolas Williams
a3b5dc2e34 Update _krb5_homedir_access() docs 2015-04-14 11:27:22 -05:00
Nicolas Williams
5f91ef7242 Use krb5_timeofday in krb5_cc_get_lifetime() 2015-04-14 11:27:22 -05:00
Viktor Dukhovni
f973a9f397 Use start_realm in cc lifetime 2015-04-14 11:27:22 -05:00
Viktor Dukhovni
f93947672d Use start_realm cc config in export cred 2015-04-14 11:27:22 -05:00
Nicolas Williams
629eeb811a Add start_realm cc config 2015-04-14 11:27:21 -05:00
Nicolas Williams
f5a86add5c krb5_cc_get_lifetime() misses the TGT 2015-04-13 16:59:21 -05:00
Nicolas Williams
7e51f78178 Simplify __gsskrb5_ccache_lifetime 2015-04-13 16:59:21 -05:00
Nicolas Williams
6001e2adbc kgetcred.1 better describe referrals 2015-04-13 16:59:21 -05:00
Nicolas Williams
e695766d65 Add kgetcred --no-store and --cached-only options 
These are useful for diagnostics and for exercising more krb5 get
credentials API options.
 2015-04-13 16:59:21 -05:00
Nicolas Williams
50615d2a37 Add --hostbased and --canonical kgetcred options 2015-04-13 16:59:20 -05:00
Nicolas Williams
0306d70a91 Add --debug option to kgetcred 2015-04-13 16:59:20 -05:00
Nicolas Williams
c2961ced3c Fix leak in kimpersonate 2015-04-13 16:59:20 -05:00
Nicolas Williams
4ae3e7d40a Fix leak in kgetcred 2015-04-13 16:59:20 -05:00
Nicolas Williams
febe23a399 Improve and export krb5_principal_set_comp_string 2015-04-13 16:59:20 -05:00
Nicolas Williams
c5e91cf462 Add debug messages to krb5_get_creds 2015-04-13 16:59:19 -05:00
Nicolas Williams
d5044abac8 Improve gss_store_cred() for cred sets 2015-04-13 16:59:19 -05:00
Simon Wilkinson
e0dd26d963 roken: rand.c needs to include config.h 
If we don't include config.h, we don't get the results of any
autoconf tests.
 2015-04-13 08:38:14 +01:00
Jeffrey Altman
4cf66ae8e4 roken: use Win32 rand_s() for rk_random() when available 
On Windows if the compiler and C RTL is >= 1400 then the rand_s()
function is available.  rand_s() unlike rand() makes use of the
RtlGenRandom() API to produce a random number between 0 and UINT_MAX.
If rand_s() is not available or fails, fallback to rand().

One of the benefits of rand_s() is that no initialization is required
so it will provide random output even if rk_random_init() is not called.

Change-Id: I2768155de744bd49604fc8237728bb205d637f2a
 2015-04-11 01:35:32 -04:00
Nicolas Williams
0de18bdb5f Add missing lib/gssapi/test_add_store_cred.c 2015-04-01 20:28:31 -05:00
Nicolas Williams
465483de49 Fix use after free in test_kuserok.c 2015-03-24 11:50:04 -05:00
Nicolas Williams
945fe5fb2f Fix leak in fcc_remove_cred() 2015-03-24 11:50:04 -05:00
Nicolas Williams
333c6fe95d Fix leak in kinit 2015-03-24 11:50:03 -05:00
Nicolas Williams
3d54f93bed Fix leak in kadmin ank 2015-03-24 11:50:03 -05:00
Nicolas Williams
b81f16abf6 Fix memleak in kswitch rare error 2015-03-24 11:50:03 -05:00
Nicolas Williams
86017e8798 Fix leaks in test_kuserok.c 2015-03-24 11:50:03 -05:00
Nicolas Williams
2fbd7331a6 Fix error-case leaks in lib/base/db.c 2015-03-24 11:50:02 -05:00
Nicolas Williams
2bbf56b2e4 Fix error-case memleak in aname2lname 2015-03-24 11:50:02 -05:00
Nicolas Williams
13759fb73f Free kadm5 princ policy 2015-03-24 11:50:02 -05:00
Nicolas Williams
d07d93ce35 Bounds check in aname2lname 2015-03-24 11:50:02 -05:00
Nicolas Williams
89aed008a9 Fix memleak in kswitch 2015-03-24 11:50:01 -05:00
Nicolas Williams
a318ac86f5 Run tests/gss/check-basic 2015-03-24 11:50:01 -05:00
Nicolas Williams
f73c4edf69 Fix gss_store_cred() 2015-03-24 11:50:01 -05:00
Nicolas Williams
df41d53c67 Fix gss_add_cred() (krb5) 
gss_add_cred() with GSS_C_NO_CREDENTIAL as the input_cred_handle should
act like gss_acquire_cred() with desired_mechs containing just the
desired_mech.
 2015-03-24 11:50:01 -05:00
Nicolas Williams
533578e726 Make gss_store_cred() work 2015-03-24 11:50:00 -05:00