[Heimdal-source-changes] [heimdal/heimdal] 982ba8: roken: fix leak in roken_detach_prep()

[Nico Williams]

  Branch: refs/heads/master
  Home:   https://github.com/heimdal/heimdal
  Commit: 982ba80b6e2e8e62fcaac7b25c012e2aa1f296c6
      https://github.com/heimdal/heimdal/commit/982ba80b6e2e8e62fcaac7b25c012e2aa1f296c6
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-04 (Wed, 04 Dec 2019)

  Changed paths:
    M lib/roken/detach.c

  Log Message:
  -----------
  roken: fix leak in roken_detach_prep()


  Commit: f9a0e8f076176ff6e41ba134becfe46dbcfa8ea4
      https://github.com/heimdal/heimdal/commit/f9a0e8f076176ff6e41ba134becfe46dbcfa8ea4
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-04 (Wed, 04 Dec 2019)

  Changed paths:
    M lib/roken/Makefile.am
    M lib/roken/base64.c

  Log Message:
  -----------
  roken: add rkbase64 noinst program

This will be useful in tests.


  Commit: 4f8577a98829f23372a1e573dd5146a7f56e0d8b
      https://github.com/heimdal/heimdal/commit/4f8577a98829f23372a1e573dd5146a7f56e0d8b
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-04 (Wed, 04 Dec 2019)

  Changed paths:
    M lib/hx509/hxtool.c

  Log Message:
  -----------
  hxtool: add cert type: https-negotiate-server


  Commit: d519094117961a7df6dd8f2c5e97303d3fc9ae8c
      https://github.com/heimdal/heimdal/commit/d519094117961a7df6dd8f2c5e97303d3fc9ae8c
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-04 (Wed, 04 Dec 2019)

  Changed paths:
    M lib/hx509/hxtool.c

  Log Message:
  -----------
  hxtool: fix leak


  Commit: a7a1d798c3d1f2e5aba9a9d94db52b28d8744f80
      https://github.com/heimdal/heimdal/commit/a7a1d798c3d1f2e5aba9a9d94db52b28d8744f80
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-04 (Wed, 04 Dec 2019)

  Changed paths:
    M lib/hx509/ca.c
    M lib/hx509/hx509.h
    M lib/hx509/hx509_err.et
    M lib/hx509/libhx509-exports.def
    M lib/hx509/req.c
    M lib/hx509/test_req.in
    M lib/hx509/version-script.map

  Log Message:
  -----------
  hx509: keep track of authorized CSR features

This commit adds a few functions for marking KU, EKUs, and SANs as
authorized, and for getting a count of unsupported certificate
extensions requested, and a count of authorized KU/EKUs/SANs.

The intent is to make it easier to build CSR authorization and CA code
that is robust in the face of future support for certificate extensions
and SAN types not currently supported.  An application could parse a
CSR, iterate all KU/EKUs/SANs, check a subject's authorization to them,
mark them authorized where authorized, then check if there are any
remaining unauthorized extensions or unsupported extensions requested.

Ultimately, if a CSR's KU/EKUs/SANs are all authorized, then they can
all be copied to a TBS, and a certificate can be issued.


  Commit: 4d4c7078cd72345d68e940ec5eb072f2fc41f187
      https://github.com/heimdal/heimdal/commit/4d4c7078cd72345d68e940ec5eb072f2fc41f187
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-04 (Wed, 04 Dec 2019)

  Changed paths:
    M lib/asn1/kx509.asn1

  Log Message:
  -----------
  kx509: Add desired_life to Kx509CSRPlus


  Commit: 575c67806be9d60fac820eee1c403f7e66d22b91
      https://github.com/heimdal/heimdal/commit/575c67806be9d60fac820eee1c403f7e66d22b91
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-04 (Wed, 04 Dec 2019)

  Changed paths:
    M .travis.yml
    M README
    M README.md
    M configure.ac
    M doc/heimdal.texi
    M doc/hx509.texi
    M doc/whatis.texi
    M kdc/Makefile.am
    M kdc/NTMakefile
    A kdc/bx509d.c
    A kdc/ca.c
    A kdc/cjwt_token_validator.c
    A kdc/csr_authorizer.c
    A kdc/csr_authorizer_plugin.h
    M kdc/default_config.c
    A kdc/ipc_csr_authorizer.c
    M kdc/kdc.h
    M kdc/kx509.c
    M kdc/libkdc-exports.def
    A kdc/negotiate_token_validator.c
    A kdc/simple_csr_authorizer.c
    A kdc/test_csr_authorizer.c
    A kdc/test_kdc_ca.c
    A kdc/test_token_validator.c
    A kdc/token_validator.c
    A kdc/token_validator_plugin.h
    M kdc/version-script.map
    M kuser/kx509.c
    M lib/asn1/krb5.asn1
    M lib/asn1/kx509.asn1
    M lib/krb5/krb5.conf.5
    M lib/krb5/kx509.c
    M lib/krb5/libkrb5-exports.def.in
    M lib/krb5/version-script.map
    M tests/bin/setup-env.in
    M tests/kdc/Makefile.am
    A tests/kdc/check-bx509.in
    M tests/kdc/check-pkinit.in
    A tests/kdc/krb5-bx509.conf.in
    M tests/kdc/krb5-pkinit.conf.in
    M tests/plugin/windc.c

  Log Message:
  -----------
  Add bx509d


Compare: https://github.com/heimdal/heimdal/compare/8c5d2f7cc426...575c67806be9