oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,266 Commits 2 Branches 2 Tags
f0f07ff408031a76cf892515f5f72a0d5e30fabf
Commit Graph

210 Commits

Author SHA1 Message Date
Roland C. Dowdeswell
f0f07ff408 Use krb5_enomem() more consistently in lib/krb5. 2013-02-13 16:15:00 +08:00
Viktor Dukhovni
eee3333b76 Handle multiple SANs correctly in KDC pkinit certs 
Signed-off-by: Roland C. Dowdeswell <elric@imrryr.org>
 2012-04-05 20:20:00 +01:00
Roland C. Dowdeswell
cc47c8fa7b Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues. 
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).

Notably, we fixed

	1.  a lot of missing structure initialisers,

	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),

	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and

	4.  a few stragglers here and there.

We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.

Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.

We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
 2012-02-20 19:45:41 +00:00
Nicolas Williams
ad7e54d698 Generalize token expansion to allow for context-specific tokens 2011-12-08 13:33:37 -06:00
Nicolas Williams
6aec02f979 Make krb5_kuserok() pluggable and add features (including MIT config compat) 2011-12-08 13:33:36 -06:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Jeffrey Altman
6850d6a65f avoid uninit variable and unreachable code warnings 
most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.

Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
 2011-05-17 12:02:16 -04:00
Jeffrey Altman
844fa0ad5a avoid calling hx509_free_cert() twice 
in krb5_pk_enterprise_cert() pkinit.c, hx509_free_cert()
could be called twice.

Change-Id: I9911d38f1f926721dca2753c6296f26c66c474ad
 2011-05-17 12:02:14 -04:00
Jeffrey Altman
52556b1b74 fix uninitialized vars in pkinit.c find_cert() 
'start' must be initialized to '1'

'ret' to HX509_CERT_NOT_FOUND

Change-Id: I748bd9856f70b7d627082f73a3a22f1395a604ba
 2011-05-17 12:02:14 -04:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Asanka C. Herath
b45dd13c44 Expand path tokens for krb5.moduli 2010-12-03 17:42:42 -05:00
Love Hornquist Astrand
8f2e0a7010 export internal functions so we dont need private headers 2010-11-20 14:05:54 -08:00
Love Hornquist Astrand
7639f83561 Use right length. Pointed out by Tom Yu 2010-06-28 20:22:22 -07:00
Love Hornquist Astrand
6e05462c1e DH_compute_key might not include zero pre-filling, add it back. Reported by Tom Yu of MIT Kerberos 2010-06-28 21:50:43 +02:00
Matthias Dieter Wallnöfer
69ea9b38e9 heimdal - fix overlapped identifiers in the "krb5" library 
heimdal - fix overlapped identifiers in the "krb5" library

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-16 10:05:35 -07:00
Guido Günther
33f3be4d52 Don't free the hx509ctx 
otherwise we crash if we fail to init certs (e.g. due to missing
smartcard).

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-12-22 18:49:39 +01:00
Love Hornquist Astrand
687db64c56 Patch from Secure Endpoints/Asanka Herath for windows support 2009-12-21 08:45:28 +01:00
Love Hornquist Astrand
70104293ba handle BTMM, more logging 2009-11-22 11:57:17 -08:00
Love Hornquist Astrand
100c440153 Handle windows windows LH with interesting content info packets (broken) 2009-10-01 10:38:30 -07:00
Love Hornquist Astrand
18f2c32463 make _krb5_pk_set_user_id update ->cert too 2009-09-29 14:27:47 -07:00
Love Hornquist Astrand
91e067e925 Use hx509_context that build from krb5_context 2009-09-29 13:14:20 -07:00
Love Hornquist Astrand
a610d28727 Add _krb5_get_init_creds_opt_set_pkinit_user_certs 2009-09-29 11:11:04 -07:00
Love Hornquist Astrand
e94857ef33 Remove #if 0 code 2009-09-19 14:44:56 -07:00
Love Hornquist Astrand
61a21c6955 catch error from vasprintf 2009-09-19 14:36:06 -07:00
Love Hornquist Astrand
23aebd619b Only release keys if they are allocated 2009-08-25 23:54:58 -07:00
Love Hornquist Astrand
ff89a727d4 Fix bounced condition 2009-07-30 19:19:35 +02:00
Love Hornquist Astrand
ca6e428093 check that we don't pass negative numbers of memset [CID-169] 2009-07-30 07:53:58 +02:00
Love Hörnquist Åstrand
d477cd2e23 use oid variable 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25234 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-28 01:17:42 +00:00
Love Hörnquist Åstrand
2fd5f8aa46 drop RCSID 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25170 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-04 06:17:19 +00:00
Love Hörnquist Åstrand
76499897fd Try handle MS san better. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25130 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-25 16:25:50 +00:00
Love Hörnquist Åstrand
e5df9eb2d6 don't send more then 10 EDIs 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25003 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 19:49:21 +00:00
Love Hörnquist Åstrand
816a49b08a unexport stuff that are no longer needed by kdc 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24985 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:02:22 +00:00
Love Hörnquist Åstrand
0f70a33c5b Catch error from functions. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24833 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-27 03:26:52 +00:00
Love Hörnquist Åstrand
b49a469952 Catch error from functions. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24832 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-27 03:26:42 +00:00
Love Hörnquist Åstrand
fb2a767ab3 pass flag to hx509_cms_create_signed_1 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24831 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-27 03:26:32 +00:00
Love Hörnquist Åstrand
386a8ab968 check return value. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24828 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-27 03:26:02 +00:00
Love Hörnquist Åstrand
8c21864ae3 Allow weak only for windows 2000 KDCs. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24823 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-27 03:25:12 +00:00
Love Hörnquist Åstrand
6dd306be22 keyex 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24707 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:14:35 +00:00
Love Hörnquist Åstrand
ac802945fa Pick cert upfront, so that we know that we are using an ECDSA cert and 
should use ECDH for the key exchange.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24706 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:14:26 +00:00
Love Hörnquist Åstrand
e2413291b1 Move DH code out of the common path. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24700 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:13:28 +00:00
Love Hörnquist Åstrand
237cc964d3 Make ECDH work 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24699 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:13:15 +00:00
Love Hörnquist Åstrand
0222c98eaa Make ECDH work. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24698 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:13:05 +00:00
Love Hörnquist Åstrand
adba9c066a Create key and assign group before starting to parse. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24694 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:12:23 +00:00
Love Hörnquist Åstrand
5585a2b58b use variable instead of oid function 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24693 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 04:17:57 +00:00
Love Hörnquist Åstrand
651fe508c0 ECDH bits, still need negotiation 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24686 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 04:16:44 +00:00
Love Hörnquist Åstrand
12a7a9e488 Prepare for ECDH. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24638 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-07 04:06:43 +00:00
Love Hörnquist Åstrand
62a968de1b Add _krb5_pk_enterprise_cert that figures out the enterprise name to 
use for PK-INIT from the certs.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24616 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:10:31 +00:00
Love Hörnquist Åstrand
a1ef548600 Anonymous pkinit support. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24594 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:06:52 +00:00
Love Hörnquist Åstrand
6dbf91d7e3 send supportedCMSTypes 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24217 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-18 05:01:15 +00:00
Love Hörnquist Åstrand
6811c7dce6 add BTMM style pkinit reply 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24210 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-18 05:00:07 +00:00