oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Commit Graph

  • 95d553e009 krb5: improve krb5 to GSS name conversion Luke Howard 2021-08-15 14:47:11 +10:00
  • 939cdbe4ad krb5: always canonicalize GSS federated name Luke Howard 2021-08-15 13:50:21 +10:00
  • e840681451 krb5: try GSS_KRB5_NT_PRINCIPAL_NAME first for PA Luke Howard 2021-08-15 09:36:35 +10:00
  • f73f08eef1 kdc: ensure GSS-API pre-auth acceptor name is TGS Luke Howard 2021-08-15 09:12:13 +10:00
  • b8112ac562 hx509: Build libhx509template and hxtool with it Nicolas Williams 2021-07-12 17:01:06 -05:00
  • df4b09f8af asn1: Also pretty-print cert policies Nicolas Williams 2021-08-09 11:15:41 -05:00
  • 7db298668b kdc: fix pa_gss_authorize_cb calling convention Luke Howard 2021-08-12 18:13:45 +10:00
  • 95339c1068 gss: fix Windows preauth build issues Luke Howard 2021-08-12 18:09:40 +10:00
  • 3302b38e53 gss: fix Windows preauth build issues Luke Howard 2021-08-12 17:57:17 +10:00
  • 49f3f5bd99 kdc: support for GSS-API pre-authentication Luke Howard 2021-07-29 12:56:10 +10:00
  • 15c82996a4 windows: add /td sha256 argument to signtool Luke Howard 2021-08-12 15:50:22 +10:00
  • 6e3bc8341c doc: make intermediate Windows help directory Luke Howard 2021-08-12 15:49:04 +10:00
  • 89ff0eb462 asn1: ensure template generator includes ASN1CALL Luke Howard 2021-08-12 15:48:03 +10:00
  • 3a9e7346cc gss: cast HEIM_ERR_EOF to OM_uint32 before check (2) Luke Howard 2021-08-12 09:20:22 +10:00
  • 3f4d894dd3 gss: cast HEIM_ERR_EOF to OM_uint32 before check Luke Howard 2021-08-12 09:18:22 +10:00
  • 2f4619fbbd cf: check for undefined variables Luke Howard 2021-08-11 23:31:38 +10:00
  • 1175fa0435 gss: don't include mech_locl.h in spnego Luke Howard 2021-08-11 19:11:38 +10:00
  • 0c74bec235 krb5: pass realm to _krb5_make_fast_ap_fxarmor() Luke Howard 2021-08-11 19:05:19 +10:00
  • ab3d52e1a2 base: use correct calling convention for log_file() Luke Howard 2021-08-11 18:53:06 +10:00
  • b216697924 kdc: use anonymous, not empty, cname when hiding Luke Howard 2021-08-11 12:20:52 +10:00
  • b510b90239 krb5: export krb5_time_abs for test_time Luke Howard 2021-08-10 20:47:44 +10:00
  • a27a3af0c2 gss: store_spnego_context(): remove redundant overflow check Luke Howard 2021-08-10 20:11:35 +10:00
  • d34700b4d9 krb5: add extra sanity check in pk_verify_sign() Luke Howard 2021-08-10 16:24:49 +10:00
  • ef1d63a997 kinit: add --pk-anon-fast-armor option Luke Howard 2021-08-05 22:07:47 +10:00
  • 43858eaf9b gss: add oid/buffer storage helpers to mechglue Luke Howard 2021-08-10 10:15:08 +10:00
  • 490173b417 gss: free exported context buffer after use in store_negoex_auth_mech() Luke Howard 2021-08-10 09:02:20 +10:00
  • c953bc5e79 krb5: reintroduce deprecated krb5_addlog_func() Luke Howard 2021-08-09 23:27:22 +10:00
  • d5b6869dc7 Allow KDC to always return the salt in the PA-ETYPE-INFO[2] Andrew Bartlett 2021-06-23 14:02:38 +12:00
  • f538f0e5c2 krb5: use new krb5_time_abs() function Luke Howard 2021-08-09 14:48:04 +10:00
  • 57a1a66348 krb5: default to client realm in _krb5_get_krbtgt Luke Howard 2021-08-09 14:45:12 +10:00
  • 8a4ce9950f krb5: add krb5_time_abs() function Luke Howard 2021-08-09 14:44:16 +10:00
  • 3587b8c08c Allow _gss_string_to_oid() without HAVE_DLOPEN Andrew Bartlett 2021-08-09 11:45:53 +12:00
  • ab8d4f508e roken: fix dependency typo - s/vin_h/vis_h/ Luke Howard 2021-08-08 19:54:25 +10:00
  • f86fccb344 gss: add split token test to check-negoex Luke Howard 2021-08-08 18:15:31 +10:00
  • 06232dfcce gss: fix import/export of accumulating contexts Luke Howard 2021-08-08 14:45:13 +10:00
  • 3b1f9f0a3f gss: error out in test_context if unknown OID Luke Howard 2021-08-08 13:45:03 +10:00
  • 18c18d84b1 gss: merge gss_name_to_oid and gss_mg_name_to_oid Luke Howard 2021-08-08 11:28:32 +10:00
  • 5966c00701 gss: add gss_mg_name_to_oid internal API Luke Howard 2021-08-08 10:34:28 +10:00
  • 65651c8106 krb5: mask should be uint64_t, not size_t Luke Howard 2021-08-07 19:25:02 +10:00
  • 9d16808515 krb5: mask integers to avoid unnecessary expansion Luke Howard 2021-08-07 19:17:55 +10:00
  • 6554dc69b0 gss: allow partial accept context export in SPNEGO Luke Howard 2021-08-05 07:57:40 +10:00
  • fe426f7a28 fix type s/MUTAL/MUTUAL/ in gssapi/krb5 Roland C. Dowdeswell 2021-08-04 22:09:18 +01:00
  • 3a6229f64a gss_accept_sec_context: support reassembling split tokens. Roland C. Dowdeswell 2021-08-02 22:55:47 +01:00
  • 80f3194a76 gssapi/krb5/{export,import}_sec_context: make smaller tokens. Roland C. Dowdeswell 2021-08-02 22:55:40 +01:00
  • a2cfd2a25c gssapi/krb5/{export,import}_sec_context: fix for init_sec_ctx Roland C. Dowdeswell 2021-08-02 22:55:33 +01:00
  • 81a8b5069e krb5_storage: add a packed integer type as an endian. Roland C. Dowdeswell 2021-08-02 22:55:25 +01:00
  • 6ccb21827b gss-token: initialise input buffer to empty Roland C. Dowdeswell 2021-08-03 21:10:42 +01:00
  • 0cb54fa69e kdc: fix typo in moduli file loading error message Robbie Harwood 2021-08-06 13:03:25 -04:00
  • 7188969371 krb5: add krb5_store_bytes() Luke Howard 2021-08-06 19:32:10 +10:00
  • 4e359bd5ce krb5: add krb5_store_datalen() Luke Howard 2021-08-06 19:21:12 +10:00
  • 8330e45444 gss: set GSS_C_CHANNEL_BOUND_FLAG for SAnon Luke Howard 2021-08-06 13:21:07 +10:00
  • d83321fdf3 Add channel-bindings tests Isaac Boukris 2020-05-17 23:47:46 +02:00
  • f84a98bd5f Add client_aware_channel_bindings option Isaac Boukris 2020-05-17 18:27:41 +02:00
  • a4527a28a3 Implement KERB_AP_OPTIONS_CBT (server side) Isaac Boukris 2020-04-21 20:12:21 +02:00
  • 51ce4c8d15 gssapi: add channel-bound return flag Isaac Boukris 2020-04-21 19:14:26 +02:00
  • 33fccb8bbe heimdal: Match windows and return KRB5KDC_ERR_CLIENT_REVOKED when the account is locked out Andrew Bartlett 2021-06-30 21:57:28 +12:00
  • f03983b64d HEIMDAL: Require armor_server to be a krbtgt name, not just a server name Andrew Bartlett 2021-06-08 14:59:09 +12:00
  • 61f1be93e3 kdc: Provide flag to hint to KDC that this is a FAST key lookup Andrew Bartlett 2018-09-20 16:36:18 -07:00
  • 5ba7f270eb kdc: return revoked error if principal locked out Luke Howard 2021-08-06 12:33:13 +10:00
  • 75829cad18 Avoid -Werror=strict-overflow on in rk_dns_srv_order() Andrew Bartlett 2021-07-06 13:10:16 +12:00
  • 034bc1649d gss: avoid overflow in gss_inquire_cred() Luke Howard 2021-08-06 12:22:09 +10:00
  • 5a56198161 hdb: fix leaks in alias handling Luke Howard 2021-08-05 16:05:45 +10:00
  • 510ee92c11 gss: treat empty cred store as GSS_C_NO_CRED_STORE Luke Howard 2021-08-05 15:46:12 +10:00
  • 3604497fda kdc: zero KDCFastState padata before free Luke Howard 2021-08-04 17:41:01 +10:00
  • 04e3ea4307 kdc: don't leak FAST req_body checksum buffer Luke Howard 2021-08-03 17:20:21 +10:00
  • d672e49231 gss: don't leak NTLM cred on failure Luke Howard 2021-08-02 17:09:09 +10:00
  • 73224fef5a gss: zero spnego mechanism token error buffer Luke Howard 2021-08-02 15:54:38 +10:00
  • 33cc416e36 hx509: don't leak context default_trust_anchors Luke Howard 2021-08-02 15:12:52 +10:00
  • 221c295d5d gss: honor GM_USE_MG_NAME in gss_accept_sec_context() Luke Howard 2021-08-01 21:41:03 +10:00
  • b8728cae14 asn1: GSER is RFC3641, not RFC2641 Luke Howard 2021-07-09 20:04:56 +10:00
  • f72627c3f0 gss: make IS_DCE_STYLE an inline function Luke Howard 2021-07-08 00:00:44 +10:00
  • 0dd1900308 gss: fix regression in rc4-hmac krb5 DCE unwrap Luke Howard 2021-07-07 23:51:06 +10:00
  • c6df77a2cb Initialise err in hdb_create() Andrew Bartlett 2021-06-30 16:12:07 +12:00
  • 2ee8834696 Add const to _kdc_set_e_text() Andrew Bartlett 2021-06-30 14:40:14 +12:00
  • 8caadcd9fc Fix user2user principal (again) Andrew Bartlett 2021-06-30 14:02:27 +12:00
  • 8875cb656b kdc: Fix warnings for synthetic principals Nicolas Williams 2021-06-29 17:00:28 -05:00
  • 73debbc166 kdc: Audit more TGS failure reasons Nicolas Williams 2021-06-28 23:42:01 -05:00
  • 855b27ccfb httpkadmind: Allow host SPNs to fetch selves Nicolas Williams 2021-06-29 00:31:13 -05:00
  • 00358252d3 kdc: Add synthetic PKINIT principals option Nicolas Williams 2021-06-28 23:29:18 -05:00
  • 4a5fc6bcde Move out: label to inside #endif of HAVE_DLOPEN Andrew Bartlett 2021-06-25 10:09:33 +12:00
  • 040a093654 Provide the correct principal name to verify_flags() for user2user tickets Andrew Bartlett 2021-06-22 17:37:56 +12:00
  • 8ac3452fd7 kadmin: Add missing attributes; sort units Nicolas Williams 2021-06-22 14:46:40 -05:00
  • ae8908bf81 kadmin: Add disallow-client attribute Nicolas Williams 2021-06-22 12:59:01 -05:00
  • f6ac4ee864 roken: Fix parse flags bug Nicolas Williams 2021-06-22 12:54:32 -05:00
  • 1870584d22 kdc: Fix _kdc_audit_addaddrs() buglet Nicolas Williams 2021-06-21 22:19:31 -05:00
  • 0452d8c601 krb5: check return value in krb5_get[_cache]_next() Luke Howard 2021-06-16 12:09:19 +10:00
  • be3a640b69 kinit: Fix --anonymous renewal bug Nicolas Williams 2021-05-21 10:38:18 -05:00
  • 718e3f8b68 hx509: correct ASN.1 OID typo for SHA-384 Luke Howard 2021-05-19 14:41:03 +10:00
  • 497a561b4d gss: avoid string concatenation warning in error message init Luke Howard 2021-05-17 10:09:01 +10:00
  • f67dd0f903 roken: move Heimdal vis.h extensions to separate header Luke Howard 2021-05-17 09:57:00 +10:00
  • cc5bd3a6c0 kdc: Improve warn_ticket_addresses feature (fix bug) Nicolas Williams 2021-05-14 17:01:58 -05:00
  • 9ce3cbbf2a kdc: Improve warn_ticket_addresses feature Nicolas Williams 2021-05-12 17:54:36 -05:00
  • 8807a0aad9 bx509d: Use /get-tgt lifetime q-param Nicolas Williams 2021-05-06 23:13:24 -05:00
  • 5aaf12351a iprop: More default HDB type fixes Nicolas Williams 2021-05-04 14:53:30 -05:00
  • 0c1cd18e03 iprop: Fix default dbname choice on initial prop Nicolas Williams 2021-05-03 15:00:36 -05:00
  • e609e61f21 bx509d: Set Content-Type and Cache-Control Nicolas Williams 2021-04-30 15:43:52 -05:00
  • b1b993b231 httpkadmind: Use no-store rather than no-cache Nicolas Williams 2021-04-30 15:43:22 -05:00
  • 034413892e roken: Fix Makefile race Nicolas Williams 2021-04-26 14:39:53 -05:00
  • 1e65ebd5eb asn1: Fix Windows build Nicolas Williams 2021-04-25 10:45:35 -05:00
  • ec171ef0b6 asn1: Add missing file gen_print.c Nicolas Williams 2021-04-25 10:45:13 -05:00