oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,679 Commits 2 Branches 2 Tags
f7e6ac6e6c1d8718bc7ab06e16a67d3694bf1597
Commit Graph

30679 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ChristianBoehm
f7e6ac6e6c Update krb5.conf 
proposal adding include or include.d in krb5.conf as comment
 2023-01-12 10:19:35 -06:00
Nicolas Williams
1fbe5236b1 test: Add minimal interop test with MIT Kerberos 2023-01-11 12:59:12 -06:00
Nicolas Williams
efdd6c589d base: Fix fallback atomics 2023-01-11 12:59:12 -06:00
Nicolas Williams
08c48c10c8 base: Add atomic CAS macros/functions 2023-01-10 23:28:33 -06:00
Nicolas Williams
33f90a6604 krb5: Document pkinit_revoke (fix #991) 2023-01-09 23:00:08 -06:00
Nicolas Williams
cb5262014a Revert "kdc: Quiet warning in FAST unwrap" 
This reverts commit a9c0b8f264.

From Joseph Sutton:

> I found that this commit would result in `KRB5KRB_AP_ERR_BAD_INTEGRITY`
> errors in Samba whenever explicit FAST armor was present. Reverting the
> commit made FAST work again.

> It should be safe to use `tgs_ac` here, since it will always be non-NULL if
> `r->explicit_armor_present` is true. Maybe a local variable
> `explicit_armor_present` (which would be assigned to
> `r->explicit_armor_present` before the function returns successfully) would
> help a static analyser to deduce that its value doesn't change within the
> function, and that `tgs_ac != NULL` still holds.

a9c0b8f264 (commitcomment-95581208)
 2023-01-09 22:30:10 -06:00
Nicolas Williams
829f07eed3 krb5: Always fseek before fwrite in storage_stdio 2023-01-09 13:22:13 -06:00
Luke Howard
04b3c124ca roken: ROKEN_xxx_ATTRIBUTE macros 
Add ROKEN_xxx_ATTRIBUTE macros, derived from krb5-types.h, to aid compiling
with compilers that don't have __attribute__ defined.
 2023-01-09 14:09:13 -05:00
Robert Manner
914976aca6 krb5/store_stdio.c: workaround for solaris10/hpux/aix fread/fwrite duplication bug 2023-01-09 10:09:26 -06:00
Robert Manner
64a55c30fa roken/mkdtemp.c: fix incorrect indexing 
Both the len and the index was decremented, which made the exit
condition (template[len - i] == 'X') trigger before it should.
Fixes solaris10 where mkdtemp is not available.
 2023-01-09 10:04:35 -06:00
Nicolas Williams
d3b08638f9 krb5: Fix wrong cast in _krb5_store_data_at_offset() 2023-01-07 11:08:00 -06:00
Luke Howard
8c25c0d46a base: support for 64-bit atomic increment/decrement 2023-01-07 21:45:01 +11:00
Luke Howard
8fcf05ac2e base: wrap __machine_rw_barrier() in function for Solaris 
__machine_rw_barrier() assembly expansion cannot be treated as a function call
(as it is later in the heim_base_atomic_store() macro definition)
 2023-01-07 21:33:43 +11:00
Luke Howard
d33e3b0523 roken: declare rk_freeifaddrs() prototype if using system ifaddrs.h 2023-01-07 21:33:39 +11:00
Luke Howard
69b417e915 roken: use correct calling conventions for rk_getifaddrs() 2023-01-07 21:33:33 +11:00
Luke Howard
4e449baa29 base: add back libheimbase HEIMDAL_xxx_ATTRIBUTEs 
Fix regression introduced in 62f83ad0 by adding HEIMDAL_NORETURN_ATTRIBUTE and
HEIMDAL_PRINTF_ATTRIBUTE to function definitions, so they will be included in
heimbase-protos.h.
 2023-01-07 20:11:13 +11:00
Luke Howard
44e52a32b3 ipc: fix Solaris build 
Link libheim_ipcc against -lsocket on Solaris
 2023-01-07 12:08:39 +11:00
Luke Howard
ed93098365 krb5: include config.h before string.h 
Solaris requires __EXTENSIONS__ to be defined before including string.h so that
the strnlen() prototype is visible
 2023-01-07 12:08:35 +11:00
Luke Howard
666ee41759 roken: fix Solaris build 
libroken needs to be linked against libsocket for socket()
 2023-01-07 12:08:30 +11:00
Luke Howard
62f83ad024 base: don't duplicate prototypes in heimbase.h 2023-01-07 12:08:25 +11:00
Luke Howard
b3f6f4c125 base: include config.h 
Solaris requires __EXTENSIONS__ to be defined before including string.h so that
the strnlen() prototype is visible
 2023-01-07 11:40:48 +11:00
Luke Howard
37f7c5476d roken: fix Solaris build 
libroken needs to be linked against libnsl for inet_ntoa()
 2023-01-07 11:40:44 +11:00
Nicolas Williams
ece456b028 krb5: Do not fail to rd_req if no AD-KDC-ISSUED 
We reject tickets that have no AD-KDC-ISSUED(!).

This was reported by Samba.  The workaround they found was to set
check_pac = true in krb5.conf, as that clobbers the ret from
krb5_ticket_get_authorization_data_type() not having found an
AD-KDC-ISSUED element.

This was introduced in 1cede09a0b.
 2023-01-05 17:57:36 -06:00
Nicolas Williams
b87b813fee sanon: Fix export/import_cred mismatch 
SANON cred export/import never worked correctly as the export function was
producing the wrong form of token, which was leading gss_import_cred() to
allocate more than 64MB of memory to parse the SANON exported credential.  The
recent change to reduce the default `max_alloc` of krb5_storage exposed this.
 2023-01-05 16:58:57 -06:00
Nicolas Williams
561c60ca29 kdc: Explicitly ignore return in audit code 2023-01-04 16:25:22 -06:00
Nicolas Williams
a13c3fc32c httpkadmind: If early ENOMEM, close the connection 2023-01-04 16:24:55 -06:00
Nicolas Williams
e27ddc6596 bx509d: If early ENOMEM, close the connection 2023-01-04 16:24:32 -06:00
Nicolas Williams
23c13886c4 bx509: Fix error path NULL dereference 2023-01-04 16:23:56 -06:00
Nicolas Williams
cc631eb63f gssmask: Fix wrong sizeof() expression 2023-01-04 16:23:07 -06:00
Nicolas Williams
d2bc2a4ce5 kadmin: Fix return value non-checking in format_field() 2023-01-04 16:22:41 -06:00
Nicolas Williams
ad86671923 kadm5: Fix return value non-checking 2023-01-04 16:22:12 -06:00
Nicolas Williams
5725353a36 negoex: Fix incorrect ENOMEM check in storage_from_memory() 2023-01-04 16:21:34 -06:00
Nicolas Williams
3bdb1167c2 gsskrb5: Explicitly ignore return from _gsskrb5_lifetime_left() 2023-01-04 16:21:11 -06:00
Nicolas Williams
f99145ad78 gsskrb5: Add missing unlock in _gsskrb5_duplicate_cred() failure case 2023-01-04 16:20:32 -06:00
Nicolas Williams
485b5d575a hxtool: Check hx509_request_init() return 2023-01-04 16:17:57 -06:00
Nicolas Williams
fefc380568 krb5: Quiet warning in socket_free() 2023-01-04 16:17:30 -06:00
Nicolas Williams
45cd575d83 krb5: Reduce storage max_alloc 2023-01-04 16:17:09 -06:00
Nicolas Williams
ae4ccb87da asn1: Don't check for NULL when it's not (template_members()) 2023-01-04 16:07:13 -06:00
Nicolas Williams
933f805079 wind: Quiet warnings in idn-lookup utility 2023-01-04 16:06:06 -06:00
Nicolas Williams
ede0c59d4b ipc: Quiet warning about ignoring fcntl() and chmod() return values 2023-01-04 16:05:38 -06:00
Nicolas Williams
c157054c51 roken: Move dead code in rk_time_add/sub() into #ifdefs 2023-01-04 16:05:04 -06:00
Nicolas Williams
5395918877 roken: Quiet warning about ignoring fcntl() return value 2023-01-04 16:04:40 -06:00
Nicolas Williams
1d5435043a roken: Move dead code in rk_getauxval() into #ifdefs 2023-01-04 16:03:35 -06:00
Nicolas Williams
2d5880734b httpkadmind: Quiet warning 2023-01-04 02:23:01 -06:00
Nicolas Williams
cb09267ed9 kdc: Fix deref-before-NULL-check in _kdc_db_fetch() 2023-01-04 02:07:25 -06:00
Nicolas Williams
6b2e65592d krb5: Limit AP-REQs to 1MB in krb5_recvauth*() 2023-01-04 02:03:12 -06:00
Nicolas Williams
1d06e8fcb9 hcrypto: Quell div-by-zero in mp_root_u32() 2023-01-04 02:02:44 -06:00
Nicolas Williams
ffd4013be7 kadmin: Fix uninit variable in add_kvno_diff() 2023-01-04 01:48:34 -06:00
Luke Howard
2a594a3bd1 base: Fix CID 1518898 Resource leak 
Don't leak new_node if invalid node type in heim_path_vcreate()
 2023-01-04 01:36:03 -06:00
Nicolas Williams
f2b25c1493 otp: Fix write-but-not-read variable warning 2023-01-04 01:36:03 -06:00