Commit Graph

866 Commits

Author SHA1 Message Date
Robbie Harwood
102adf5edf New upstream release (1.18.2) 2020-05-22 14:26:04 -04:00
Robbie Harwood
d370e2a431 Fix SPNEGO acceptor mech filtering 2020-05-22 13:28:09 -04:00
Robbie Harwood
0963a62bc3 Fix typo ("in in") in the ksu man page 2020-05-18 14:02:44 -04:00
Robbie Harwood
a9ccd6fd57 Omit KDC indicator check for S4U2Self requests 2020-05-08 14:14:22 -04:00
Robbie Harwood
19d5d2e504 Pass gss_localname() through SPNEGO 2020-04-28 13:12:21 -04:00
Robbie Harwood
7fca7fd076 New upstream version (1.18.1) 2020-04-14 15:45:43 -04:00
Robbie Harwood
66ec722479 Make ksu honor KRB5CCNAME again 2020-04-07 15:51:54 -04:00
Robbie Harwood
9f3201c4bc Do expiration warnings for all init_creds APIs 2020-04-02 14:03:07 -04:00
Robbie Harwood
c262ec69f6 Correctly import "service@" GSS host-based name 2020-04-01 14:24:49 -04:00
Robbie Harwood
4e7e5fe69b Eliminate redundant PKINIT responder invocation 2020-03-26 16:01:18 -04:00
Robbie Harwood
dd7e9481aa Add finalization safety check to com_err 2020-03-26 10:20:02 -04:00
Robbie Harwood
5c9732a545 Add maximum openssl version in preparation for openssl 3 2020-03-20 16:16:55 +00:00
Robbie Harwood
bea8330f52 Document client keytab usage 2020-03-17 15:26:56 -04:00
Robbie Harwood
f6c62d5e63 Refresh manually acquired creds from client keytab 2020-03-03 12:34:50 -05:00
Robbie Harwood
812c07a94f Allow deletion of require_auth with LDAP KDB 2020-02-28 13:35:47 -05:00
Robbie Harwood
0ecf7a0e65 Allow certauth modules to set hw-authent flag 2020-02-27 16:13:51 -05:00
Robbie Harwood
3b6955d99e Fix AS-REQ checking of KDB-modified indicators 2020-02-21 13:16:49 -05:00
Robbie Harwood
48a220a102 Fix missing dist 2020-02-12 17:47:03 -05:00
Robbie Harwood
f287f939a9 New upstream version (1.18) 2020-02-12 22:29:13 +00:00
Robbie Harwood
dd3e136188 Don't assume OpenSSL failures are memory errors 2020-02-07 10:59:57 -05:00
Robbie Harwood
edfb00e001 Put KDB authdata first 2020-02-06 10:17:38 -05:00
Robbie Harwood
8fb4697062 New upstream beta release - 1.18-beta2
Adjust naming convention for downstream patches
2020-01-31 20:31:53 +00:00
Fedora Release Engineering
b3d5b8f719 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 07:50:49 +00:00
Robbie Harwood
7f642b1512 New upstream beta release - 1.18-beta1 2020-01-13 18:19:19 -05:00
Robbie Harwood
84aac1fa6d Fix LDAP policy enforcement of pw_expiration
Fix handling of invalid CAMMAC service verifier
2020-01-08 14:07:00 -05:00
Robbie Harwood
2496b50d00 Fix xdr_bytes() strict-aliasing violations 2020-01-06 16:36:41 -05:00
Robbie Harwood
fd463aed6a Don't warn in kadmin when no policy is specified
Do not always canonicalize enterprise principals
2020-01-03 11:36:21 -05:00
Robbie Harwood
d6ef09022c Enable the LMDB backend for the KDB 2019-12-13 19:11:07 +00:00
Robbie Harwood
9d642021d7 New upstream version - 1.17.1
Stop building and packaging PDFs
2019-12-12 18:42:51 +00:00
Robbie Harwood
4aee4bdd71 Qualify short hostnames when not using DNS 2019-12-06 13:44:42 -05:00
Robbie Harwood
02c0c74c74 Various gssalloc fixes 2019-11-27 12:36:19 -05:00
Robbie Harwood
76d9979dc3 Turns out openssl has an epoch 2019-11-21 22:06:25 +00:00
Robbie Harwood
4c128ec39a Fix runtime openssl version to actually propogate 2019-11-20 23:03:40 +00:00
Robbie Harwood
b9ea889e2a Add runtime openssl version requirement too 2019-11-20 21:13:58 +00:00
Robbie Harwood
4b8056ef08 Fix kadmin addprinc -randkey -kvno 2019-11-20 14:16:04 -05:00
Robbie Harwood
1404656ded Use OpenSSL's backported KDFs
Restore MD4 in FIPS mode (for samba)
2019-11-19 14:45:23 -05:00
Robbie Harwood
cbf35c8b1f Add default_principal_flags to example kdc.conf 2019-11-08 20:45:40 +00:00
Robbie Harwood
9ce53b906d Log unknown enctypes as unsupported in KDC 2019-10-02 11:19:07 -04:00
Robbie Harwood
1a6673d2ee Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844) 2019-09-25 13:15:11 -04:00
Robbie Harwood
bff738a25d Static analyzer appeasement 2019-09-12 10:15:52 -04:00
Robbie Harwood
6ea5e5fa9a Simplify krb5_dbe_def_search_enctype() 2019-08-27 11:24:25 -04:00
Robbie Harwood
2dabf02464 Update FIPS patches to remove SPAKE 2019-08-22 15:54:34 -04:00
Robbie Harwood
4906d9dae9 Support building in COPR now that %{copr_username} is gone 2019-08-16 12:24:27 -04:00
Robbie Harwood
cdaea01dc8 Fix KCM client time offset propagation 2019-08-15 16:32:06 -04:00
Robbie Harwood
6fb26c9d3d Initialize life/rlife in kdcpolicy interface 2019-08-09 16:05:18 -04:00
Robbie Harwood
e73c24bb36 Fix memory leaks in soft-pkcs11 code 2019-08-06 09:46:36 -04:00
Robbie Harwood
f4c04f8cde Add soft-pkcs11 and use it for testing 2019-07-30 08:56:06 -04:00
Fedora Release Engineering
52c0e4ab88 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 12:06:52 +00:00
Robbie Harwood
7c5b49f828 Filter enctypes in gss_set_allowable_enctypes() 2019-07-18 12:49:23 -04:00
Robbie Harwood
4c8ed38666 Don't error on invalid enctypes in keytab
Resolves: #1724380
2019-07-15 13:07:54 -04:00