[Heimdal-source-changes] [heimdal/heimdal] 673d74: kx509: Create certs for principals with slashes
GitHub
noreply at github.com
Fre Jan 31 08:56:02 CET 2014
Branch: refs/heads/heimdal-1-6-branch
Home: https://github.com/heimdal/heimdal
Commit: 673d74f68b4097f7745f88bbd6e73bbd0b616f53
https://github.com/heimdal/heimdal/commit/673d74f68b4097f7745f88bbd6e73bbd0b616f53
Author: James Lee <jlee at thestaticvoid.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M kdc/kx509.c
Log Message:
-----------
kx509: Create certs for principals with slashes
kx509 fails to create certs for principals with slashes in them. For
example:
client% kinit foo/admin
foo/admin at EXAMPLE.COM's Password:
client% kx509
Timed out waiting on KCA
The KCA reports: "Principal is not a user." However, there is a use
case set out in this post:
https://thestaticvoid.com/post/2012/10/25/protecting-puppet-with-kerberos/
that would create a kx509 cert for a host principal for authenticating
against a secure HTTP service. This commit modifies the certificate
creation code to allow principals with slashes in them.
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 6c32ce118759ff341a60eefa869d5ec1a58a7843
https://github.com/heimdal/heimdal/commit/6c32ce118759ff341a60eefa869d5ec1a58a7843
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M kdc/kx509.c
Log Message:
-----------
kx509: Prevent double free
Patchset 750a09bca2183415be3ca3b8784e3417f484794b introduced the
potential for a double free of 'name'.
Change-Id: I23bd4ddb7d9b41cbb3948ab06245f4052b309971
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: fc8a7b0c9d525110c9530ada135c0a1acf5f19ce
https://github.com/heimdal/heimdal/commit/fc8a7b0c9d525110c9530ada135c0a1acf5f19ce
Author: Love Hörnquist Åstrand <lha at h5l.org>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M kadmin/kadmin.8
Log Message:
-----------
add --policy documentation
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 320976641929df5f01df0356cc56b6b5b24c3e38
https://github.com/heimdal/heimdal/commit/320976641929df5f01df0356cc56b6b5b24c3e38
Author: Nicolas Williams <nico at cryptonector.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M kdc/kx509.c
Log Message:
-----------
Fix kx509 to include realm
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: ca9fb79ab8249592d7a070039effee3c7629c0ee
https://github.com/heimdal/heimdal/commit/ca9fb79ab8249592d7a070039effee3c7629c0ee
Author: Nicolas Williams <nico at cryptonector.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M kdc/kx509.c
Log Message:
-----------
Add option to require initial kca_service tickets
Default to TRUE, and allow setting it on a per-realm basis.
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 59d4e890d7fa585bd489993b2858f3cbc2a2eca0
https://github.com/heimdal/heimdal/commit/59d4e890d7fa585bd489993b2858f3cbc2a2eca0
Author: Nicolas Williams <nico at cryptonector.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M lib/krb5/krb5.conf.5
Log Message:
-----------
Document kx509 parameters
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: cc5c4fe2d3bda9b5c9f29a7d61f96fa98025db20
https://github.com/heimdal/heimdal/commit/cc5c4fe2d3bda9b5c9f29a7d61f96fa98025db20
Author: Jelmer Vernooij <jelmer at samba.org>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M tools/Makefile.am
A tools/heimdal-kadm-client.pc.in
A tools/heimdal-kadm-server.pc.in
M tools/kadm-client.pc.in
M tools/kadm-server.pc.in
M tools/kafs.pc.in
Log Message:
-----------
Add heimdal-kadm-{client,server} with kadm-{client,server} depending on
them.
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 7be45b3ce48deab8d2d7c8ea42778602e0825087
https://github.com/heimdal/heimdal/commit/7be45b3ce48deab8d2d7c8ea42778602e0825087
Author: Nicolas Williams <nico at cryptonector.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M lib/krb5/verify_krb5_conf.c
Log Message:
-----------
Add kx509 parameters to verify_krb5_conf.c
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: bdc74512a7923fb678380d5a36bd07635b8461a2
https://github.com/heimdal/heimdal/commit/bdc74512a7923fb678380d5a36bd07635b8461a2
Author: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M lib/krb5/plugin.c
Log Message:
-----------
Issue #491: bus error in resolve_origin()
resolve_origin attempts to insert '\0' into a field from a DL_info
struct, causes BUS error.
Signed-off-by: Nicolas Williams <nico at cryptonector.com>
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 44ce8640baec94023441f7cbf9441df433353969
https://github.com/heimdal/heimdal/commit/44ce8640baec94023441f7cbf9441df433353969
Author: Nicolas Williams <nico at cryptonector.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M lib/krb5/plugin.c
Log Message:
-----------
Minor WIN32/POSIX bug in resolve_origin()
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 60797fb20fcdb6f3234f52c0cbd3c5b37563c437
https://github.com/heimdal/heimdal/commit/60797fb20fcdb6f3234f52c0cbd3c5b37563c437
Author: Russ Allbery <eagle at eyrie.org>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M lib/kadm5/Makefile.am
A lib/kadm5/version-script-client.map
Log Message:
-----------
Add symbol versioning for libkadm5clnt
In order to support plugins for kadmin that use libkadm5srv, the
libkadm5clnt library has to be versioned to avoid hijacking all
of the function calls that should go to the server library. Omit
the _kadm5_ clients from the public interface, and version
everything else.
Signed-off-by: Love Hörnquist Åstrand <lha at h5l.org>
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 7153d87941bcc08710f33b828e9ecd45069db521
https://github.com/heimdal/heimdal/commit/7153d87941bcc08710f33b828e9ecd45069db521
Author: Luke Howard <lukeh at padl.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M lib/gssapi/mech/gss_mech_switch.c
Log Message:
-----------
gm_mech_oid must be set
mechanism credentials created by dynamically loaded mechanisms do not work
because the gm_mech_oid field is unset for such mechanisms (instead, only
gm_mech.gm_mech_oid is).
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: adf359122dd50e441d73c370bc69c6ed18b1211e
https://github.com/heimdal/heimdal/commit/adf359122dd50e441d73c370bc69c6ed18b1211e
Author: Luke Howard <lukeh at padl.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M lib/gssapi/mech/gss_mech_switch.c
Log Message:
-----------
set m->gm_mech.gm_name
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: ff6397ef30bdfb119d5b6b3774da4657f4152ac2
https://github.com/heimdal/heimdal/commit/ff6397ef30bdfb119d5b6b3774da4657f4152ac2
Author: Viktor Dukhovni <viktor at twosigma.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M lib/krb5/kuserok.c
Log Message:
-----------
Fix k5login_authoritative
In the previous implementation when .k5login or .k5login.d existed
and k5login_authoritative was false, no further plugins were tried.
Also when k5login_authoritative was true and .k5login did not match,
the directory was never tried.
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 44340c8272b7603df4ce7c958c4c8b2d8b788604
https://github.com/heimdal/heimdal/commit/44340c8272b7603df4ce7c958c4c8b2d8b788604
Author: Jelmer Vernooij <jelmer at samba.org>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M kcm/main.c
Log Message:
-----------
Fix handling of SIGINT/SIGTERM in kcm.
Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654349
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: d1ec576f4b7ac99a7610e517611526f89bacb1ac
https://github.com/heimdal/heimdal/commit/d1ec576f4b7ac99a7610e517611526f89bacb1ac
Author: Jelmer Vernooij <jelmer at samba.org>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M .gitignore
Log Message:
-----------
Update .gitignore with generated files.
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 0514f40cb983438f7d1a113ffebb08b22da0fbb2
https://github.com/heimdal/heimdal/commit/0514f40cb983438f7d1a113ffebb08b22da0fbb2
Author: Gustavo Zacarias <gustavo at zacarias.com.ar>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M cf/roken-h-process.pl
Log Message:
-----------
roken-h-process: use Getopt::Std, getopts.pl is deprecated
Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
Signed-off-by: Love Hörnquist Åstrand <lha at h5l.org>
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 7d0bfcb1325b0bd90ee43799c3e34edfdd346472
https://github.com/heimdal/heimdal/commit/7d0bfcb1325b0bd90ee43799c3e34edfdd346472
Author: Ingo Schwarze <schwarze at openbsd.org>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M kuser/kswitch.1
Log Message:
-----------
fix the kswitch(1) manual prologue
Signed-off-by: Love Hörnquist Åstrand <lha at h5l.org>
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 06d963c1a4aa2d074d4c24a1379dc32f51821b53
https://github.com/heimdal/heimdal/commit/06d963c1a4aa2d074d4c24a1379dc32f51821b53
Author: Love Hörnquist Åstrand <lha at h5l.org>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M lib/hdb/hdb.c
Log Message:
-----------
make sure h is set at when we find a match, from [GITHUB #54]
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: e03d7af8d7e9ca7fc9dddc71f110ad1fa85f62f6
https://github.com/heimdal/heimdal/commit/e03d7af8d7e9ca7fc9dddc71f110ad1fa85f62f6
Author: Jeffrey Clark <dude at zaplabs.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M lib/hdb/hdb-ldap.c
Log Message:
-----------
Fix compiling hdb ldap as a module
Signed-off-by: Love Hörnquist Åstrand <lha at h5l.org>
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Commit: 107d23b2c170421494271a7e1d44976359f500a2
https://github.com/heimdal/heimdal/commit/107d23b2c170421494271a7e1d44976359f500a2
Author: Jeffrey Clark <dude at zaplabs.com>
Date: 2014-01-30 (Thu, 30 Jan 2014)
Changed paths:
M lib/hdb/Makefile.am
M lib/hdb/NTMakefile
A lib/hdb/test_hdbplugin.c
Log Message:
-----------
Simple hdb plugin test
Signed-off-by: Love Hörnquist Åstrand <lha at h5l.org>
Signed-off-by: Love Hörnquist Åstrand <lha at apple.com>
Compare: https://github.com/heimdal/heimdal/compare/46a50886775e...107d23b2c170
More information about the Heimdal-source-changes
mailing list