oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Commit Graph

  • 27d6526e3a kdc: Check unparse_flags() result differently Nicolas Williams 2021-12-17 14:40:35 -06:00
  • 90899b2361 kdc: parse_bytes() returns ssize_t Nicolas Williams 2021-12-17 14:40:10 -06:00
  • 50e08b4bc5 kcm: parse_bytes() returns ssize_t Nicolas Williams 2021-12-17 14:39:35 -06:00
  • f91b171f04 hxtool: parse_bytes() now returns ssize_t Nicolas Williams 2021-12-17 14:38:37 -06:00
  • e84bcc29d3 hx509: Flags are unsigned Nicolas Williams 2021-12-17 13:20:00 -06:00
  • 686d5116de roken: Unparse wider ints Nicolas Williams 2021-12-17 13:17:59 -06:00
  • fc76c83ab1 Revert "tgs-rep: always return canonical realm when force_canonicalize set" Luke Howard 2021-12-18 11:29:26 +11:00
  • 1bf02337f0 krb5: note GSS-API can be used as PA plugin interface Luke Howard 2021-12-17 19:42:35 +11:00
  • 42797a1c18 krb5: fix regression in test_cc build Luke Howard 2021-12-17 18:57:13 +11:00
  • e0929d16b7 kdc: don't leak msg in pa_enc_chal_validate() Luke Howard 2021-12-17 13:41:55 +11:00
  • a423193ce0 krb5: initialize tgs_req buffer in init_tgs_req() Luke Howard 2021-12-17 13:37:05 +11:00
  • 08e0305b26 kdc: Check PAC of armor tickets Joseph Sutton 2021-11-17 20:40:37 +13:00
  • 6f81e4c93b tgs-rep: always return canonical realm when force_canonicalize set Isaac Boukris 2018-10-31 21:46:45 +02:00
  • 5d92219788 kdc: set kvno to zero if reply key replaced Luke Howard 2021-12-17 13:27:31 +11:00
  • 4a2e40a5b6 kdc: Use HDB_AUTHSTATUS_INVALID to mark that the status has not be set yet Andrew Bartlett 2021-12-17 10:44:13 +13:00
  • 93deac696f hdb: Improve naming of constants for hdb_auth_status() Andrew Bartlett 2021-12-17 10:42:59 +13:00
  • bf39060696 hdb: Add clear comments on what the various HDB_AUTH* values mean Andrew Bartlett 2021-12-16 20:37:58 +13:00
  • 49420aa3a1 kdc: Don't return PREAUTH_FAILED if encrypted challenge did not fail to decrypt Joseph Sutton 2021-12-16 11:00:41 +13:00
  • 842b856e4c kdc: Pass extra information to hdb_auth_status() to log success and failures Andrew Bartlett 2017-02-21 14:07:54 +13:00
  • 22515634cf kdc: Optionally allow missing additional ticket PAC for user-to-user Joseph Sutton 2021-12-17 10:09:41 +13:00
  • 4dc369ef8f Revert "kdc: Check PAC of armor tickets" Luke Howard 2021-12-16 16:45:10 +11:00
  • a208b9dcb7 Revert "kdc: fix regression when validating armor client" Luke Howard 2021-12-16 16:44:48 +11:00
  • 91e86460cd kdc: Add krb5_is_enctype_old() to determine whether an enctype is older Joseph Sutton 2021-10-08 15:59:42 +13:00
  • 87348cf27a kdc: Verify PAC in TGT provided for user-to-user authentication Joseph Sutton 2021-11-16 13:14:48 +13:00
  • 3e197ecbee kdc: Check name in request against name in user-to-user TGT Joseph Sutton 2021-11-16 13:09:06 +13:00
  • 4112f6fc79 kdc: Use sname from request rather than user-to-user TGT client name Joseph Sutton 2021-11-16 13:04:44 +13:00
  • b768c78fca kdc: Move fetching krbtgt entry to before enctype selection Joseph Sutton 2021-11-16 12:57:47 +13:00
  • 5cb5b6d748 kdc: Check return code Joseph Sutton 2021-11-16 12:53:06 +13:00
  • ea8e8a4a8a kdc: Avoid races and multiple DB lookups in s4u2self check Joseph Sutton 2021-11-16 12:51:28 +13:00
  • 6b635f66de kdc: fix regression when validating armor client Luke Howard 2021-12-16 16:05:07 +11:00
  • b8c58191dc kdc: Optionally require that PAC be be present Joseph Sutton 2021-10-29 14:35:52 +13:00
  • 83a80cd53b kdc: Check PAC of armor tickets Joseph Sutton 2021-11-17 20:40:37 +13:00
  • caf7e173a4 kdc: Make check_PAC() and verify_flags() accessible to KDC code Joseph Sutton 2021-11-18 13:17:00 +13:00
  • c0fa930590 kdc: Don't advertise padata types that will not be accepted Joseph Sutton 2021-11-18 15:15:52 +13:00
  • 4aa8677081 kadm5: Use KADM5_PASS_Q_GENERIC Nicolas Williams 2021-12-15 15:45:56 -06:00
  • 437d4e95ec kadm5: Add KADM5_PASS_Q_GENERIC, note MIT diffs Nicolas Williams 2021-12-15 15:21:45 -06:00
  • 2a9e998072 krb5: Fix incorrect use of KRB5_ERR_NO_SERVICE Nicolas Williams 2021-12-15 15:20:18 -06:00
  • 9d426d20b5 krb5: Add missing errors from MIT krb5 Nicolas Williams 2021-12-15 15:19:33 -06:00
  • af923957f6 krb5: Make test_cc w/ KEYRING more reliable Nicolas Williams 2021-12-15 15:17:36 -06:00
  • 3da32ef699 Revert "kinit: Try anon PKINIT armored FAST when possible" Nicolas Williams 2021-12-15 10:18:31 -06:00
  • d6f9cec30f hdb: do not return HDB_ERR_WRONG_REALM if force_canon set Luke Howard 2021-12-14 18:00:05 +11:00
  • 54129c319c kdc: Don't keep trying keys for encrypted-challenge if one decrypts but fails to verify Joseph Sutton 2021-11-16 20:22:03 +13:00
  • 0ea840ebfc kdc: Check authdata in ticket rather than in request body Joseph Sutton 2021-11-16 20:01:16 +13:00
  • 313caed18a kinit: Try anon PKINIT armored FAST when possible Nicolas Williams 2021-12-08 21:35:05 -06:00
  • a616cec9d8 kdc: Document enable-pkinit param Nicolas Williams 2021-12-08 21:24:39 -06:00
  • 660f875a34 kdc: Add [kdc] params to control PA-ENC-TIMESTAMP Nicolas Williams 2021-12-08 21:22:09 -06:00
  • 717ad8b043 kdc: Add support for explicit armoring from MS-KILE Joseph Sutton 2021-11-17 20:23:12 +13:00
  • 96ee28c32c kdc: Allow RODC-issued armor tickets Joseph Sutton 2021-11-18 13:18:09 +13:00
  • 2087e07c1e kdc: update PAC hooks for Samba Luke Howard 2021-12-14 12:40:31 +11:00
  • fcd8e33a98 tests: use KRB5_CALLCONV for windc test plugin Luke Howard 2021-12-14 12:55:16 +11:00
  • 814e58fda8 heimdal: Make _krb5_pac_get_kdc_checksum_info() into a global function Joseph Sutton 2021-10-08 15:43:41 +13:00
  • 2f21cf9933 kdc: Fix leak Joseph Sutton 2021-11-18 13:19:56 +13:00
  • f1255da03c krb5: Check asprintf return value Joseph Sutton 2021-12-14 11:28:10 +13:00
  • b8f8906822 asn1: Fix binary search off-by-one read Joseph Sutton 2021-12-13 12:04:58 +13:00
  • d8af2eb730 kdc: don't leak armor crypto in TGS path Luke Howard 2021-12-14 12:12:40 +11:00
  • f95f4bc99e krb5: require strengthen_key when FAST + GSS PA Luke Howard 2021-12-13 12:36:27 +11:00
  • 007cc9fdc3 kdc: remove temporary krb5_context variable Luke Howard 2021-11-30 10:38:10 +11:00
  • 22c7e85c57 kinit: add --kdc-hostname option Luke Howard 2021-08-19 19:17:17 +10:00
  • 2b95853df4 kdc: salt FAST cookie key with client name Luke Howard 2021-08-10 13:56:46 +10:00
  • 9b55215a2a kdc: sync KDC FAST with Heimdal-597.121.1 Luke Howard 2021-08-11 12:24:34 +10:00
  • 47282cae34 krb5: import Heimdal-597.121.1 AS/TGS client Luke Howard 2021-08-09 19:32:21 +10:00
  • b5a58df8eb krb5: Document return of krb5_cc_get_config() Nicolas Williams 2021-12-10 17:14:19 -06:00
  • f44596b14b krb5: Fix null deref in krb5_init_creds_free() Nicolas Williams 2021-12-10 16:53:19 -06:00
  • cfa49a461c krb5: do not pack ccapi on Apple Silicon Luke Howard 2021-12-10 11:09:29 +11:00
  • eb85614c24 Revert "s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows" Luke Howard 2021-12-10 11:02:17 +11:00
  • 24a7a82e82 s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows Joseph Sutton 2021-08-11 13:27:11 +12:00
  • c7a8ee1439 kdc: update windc header guard to reflect filename Luke Howard 2021-12-08 15:28:00 +11:00
  • 9b62d72d51 heimdal:kdc: Match Windows error code for unsupported critical FAST options Joseph Sutton 2021-12-07 15:32:20 +13:00
  • 527906c821 heimdal:kdc: Properly check for unsupported critical FAST options Joseph Sutton 2021-12-06 14:32:49 +13:00
  • d2dc61c720 heimdal: Initialise KDC reply Joseph Sutton 2021-12-01 12:52:08 +13:00
  • 83625d349e gss: Make initiator inq. ctx. return canon. target Nicolas Williams 2021-12-06 16:52:52 -06:00
  • 5ace5f5a6a gss: Fix dst TGT deleg w/o dns_lookup_realm Nicolas Williams 2021-12-06 16:31:18 -06:00
  • bba573f286 krb5: Fix dst TGT deleg w/o dns_lookup_realm Nicolas Williams 2021-12-06 15:02:32 -06:00
  • eb293680a8 gss: fix regression in non-8003 checksums Luke Howard 2021-12-07 10:41:40 +11:00
  • 6f7c6a7f67 krb5: Fix out-of-tree SQLite3 ccache perms issue Nicolas Williams 2021-11-30 11:30:14 -06:00
  • a025788a37 krb5: Make test_cc run keyctl new_session Nicolas Williams 2021-11-30 00:54:20 -06:00
  • 90db9b96a4 krb5: Make test_cc not step on user ccaches Nicolas Williams 2021-11-30 00:53:45 -06:00
  • 6918322c79 krb5: Fix FILE ccache my_basename() bug Nicolas Williams 2021-11-30 00:52:35 -06:00
  • bacc484b2a krb5: Fix umask issue with SQLite3 Nicolas Williams 2021-11-30 00:58:31 -06:00
  • aeac1186c8 sqlite: Be thread-safe on Windows too Nicolas Williams 2021-11-30 00:55:11 -06:00
  • 250eee7acf sqlite: Use 0600 Nicolas Williams 2021-11-30 00:58:15 -06:00
  • beae9c3c43 roken: Use ptsname_r() if we have it Nicolas Williams 2021-11-29 17:32:37 -06:00
  • ed6f3f1786 autoconf: Remove unused tests Nicolas Williams 2021-11-29 17:31:58 -06:00
  • c84384c544 krb5: Fix doxygen comments Nicolas Williams 2021-11-30 00:56:13 -06:00
  • 63034f36ae base: Fix doxygen comments Nicolas Williams 2021-11-30 00:56:05 -06:00
  • 8a54096266 hx509: revert UTF-8 change to hx509 test data Luke Howard 2021-11-30 12:12:47 +11:00
  • 2f0c985b47 Revert "KCM wrong size memcmp" Romain Fihue 2021-11-29 15:53:17 +01:00
  • 7686028718 Use UTF-8 in KTH copyright notice Andrew Bartlett 2021-11-29 14:25:02 +13:00
  • 5f63215d0d Always perform == or != operation on cmp function result Nicolas Williams 2021-11-14 23:52:50 -06:00
  • 02200d55ea Address GCC Bug 95189 memcmp wrongly stripped like strcmp Jeffrey Altman 2021-11-24 09:21:36 -05:00
  • 8123ffc3f2 _gssapi_unwrap_iov_arcfour remove duplicate code block Jeffrey Altman 2021-11-24 09:36:29 -05:00
  • 8ed36cee5c kdc: Fix ‘header_key’ may be used uninitialized in this function Andrew Bartlett 2021-11-24 17:23:09 +13:00
  • 232c936ea3 asn1: Work around missing ENOTSUP (WIN32) Nicolas Williams 2021-11-23 18:11:48 -06:00
  • 92e5a4b7e5 Revert "asn1: use roken for generated source files" Nicolas Williams 2021-11-23 17:59:17 -06:00
  • 6cfbde4d86 plugin interface functions must specify calling convention Jeffrey Altman 2021-11-18 09:16:45 -05:00
  • 357a38fc7f lib/wind: find_normalize read past end of array Jeffrey Altman 2021-11-17 20:00:29 -05:00
  • 8ed48bc54d gss-token: Fix exit code Nicolas Williams 2021-11-17 16:44:13 -06:00
  • 6415a2032e Fix #696 - Find python as part of the configure process instead of hard coding it. Quanah Gibson-Mount 2020-04-28 20:16:40 +00:00
  • d269c30b2b lib/asn1: all exported functions must use ASN1CALL convention Jeffrey Altman 2021-11-16 17:21:57 -05:00
  • e27e056b45 asn1: use roken for generated source files Jeffrey Altman 2021-11-16 10:23:42 -05:00