rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
1,202 Commits 9 Branches 52 Tags 8.1 MiB
2bc63920d3
Commit Graph

980 Commits

Author SHA1 Message Date
Robbie Harwood
91bbbda93f Add the backward-compatible parts of openssl3 support 2021-06-21 13:16:44 -04:00
Robbie Harwood
4df0096f20 Fix three canonicalization cases for fallback 2021-06-09 10:55:13 -04:00
Robbie Harwood
65a1e5607c Fix doc build for Sphinx 4.0 2021-06-02 12:09:09 -04:00
Robbie Harwood
72e80d67ef Add all the sssd-kcm workarounds 2021-05-20 17:26:12 -04:00
Robbie Harwood
c4150c67d1 Fix context for previous backport 2021-05-20 13:59:39 -04:00
Robbie Harwood
904d264a41 Add KCM_OP_GET_CRED_LIST and KCM_OP_RETRIEVE support 2021-05-20 13:48:19 -04:00
Robbie Harwood
e9fb111a11 Suppress static analyzer warning in FIPS override 2021-05-04 15:02:53 -04:00
Robbie Harwood
c183c8de7d Fix the mess the mass rebuild made of Release 2021-03-30 14:36:09 -04:00
Zbigniew Jędrzejewski-Szmek
cf3e70c97c Rebuilt for updated systemd-rpm-macros 
See https://pagure.io/fesco/issue/2583.
 2021-03-02 16:13:34 +01:00
Robbie Harwood
1c03da79de Further test dependency fixes; no code changes 2021-03-01 16:49:32 -05:00
Robbie Harwood
d20ec5d3bc Make test dependencies contingent on skipcheck; no code changes 2021-03-01 21:27:49 +00:00
Robbie Harwood
3faaf11da7 New upstream version (1.19.1) 2021-02-18 16:51:47 -05:00
Robbie Harwood
00a0ac8abc Restore krb5_set_default_tgs_ktypes() 2021-02-17 16:12:41 -05:00
Robbie Harwood
d3ac4cf9b0 Hoist the KDC_RUN_DIR check 2021-02-15 15:54:54 -05:00
Robbie Harwood
35a4aa7b99 No code change; just coping with reverted autoconf 2021-02-05 20:39:13 +00:00
Robbie Harwood
90bc2e25b3 Cope with autoconf rollback 2021-02-05 15:33:20 -05:00
Robbie Harwood
d5839d0511 New upstream version (1.19) 2021-02-02 15:32:32 +00:00
Robbie Harwood
105082cb42 Hoist and add an option for disabling %check 2021-02-01 16:21:47 -05:00
Robbie Harwood
0dd40e4ff0 Support host-based GSS initiator names 2021-01-28 13:18:14 -05:00
Robbie Harwood
042ca4af99 Require krb5-pkinit from krb5-{server,workstation} 2021-01-28 16:37:37 +00:00
Robbie Harwood
54bf131a4a Fix up weird mass rebuild versioning 2021-01-28 16:16:22 +00:00
Robbie Harwood
ef09340be0 Add APIs for marshalling credentials 2021-01-28 10:56:02 -05:00
Robbie Harwood
327ebd0b26 Cope with new autotools behavior wrt runstatedir 2021-01-27 14:45:26 -05:00
Fedora Release Engineering
b23f8f6215 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-01-26 16:06:22 +00:00
Robbie Harwood
9fb5239517 New upstream version (1.19-beta2) 2021-01-12 12:45:35 -05:00
Robbie Harwood
0da55d6175 New upstream version (1.19-beta1) 2020-12-16 16:30:40 -05:00
Robbie Harwood
58924baeb4 Fix runstatedir configuration 
Why couldn't systemd just leave it alone?

Partially reverts ec1ab43ca2 .
 2020-12-16 11:20:57 -05:00
Robbie Harwood
ed80b08062 Add make to BuildRequires 
Drop cmake since we don't use it for anything
 2020-12-01 14:37:26 -05:00
Robbie Harwood
b783a5421c Document -k option in kvno(1) synopsis 2020-11-24 12:55:33 -05:00
Robbie Harwood
ab7a2a35c2 Upstream executable shared libraries patch 2020-11-20 11:43:18 -05:00
Robbie Harwood
dc8775d11d Fix build failure in -1 2020-11-18 13:33:37 -05:00
Robbie Harwood
5facc9df4d New upstream version (1.18.3) 2020-11-18 18:16:20 +00:00
Robbie Harwood
015255764a Sigh, date fix 2020-11-17 12:50:36 -05:00
Robbie Harwood
ec1ab43ca2 Migrate /var/run to /run, an exercise in pointlessness 
Resolves: #1898410
 2020-11-17 12:27:42 -05:00
Robbie Harwood
d2da394f67 Add recursion limit for ASN.1 indefinite lengths (CVE-2020-28196) 2020-11-05 12:09:39 -05:00
Robbie Harwood
bfdc7c0b7b Fix minor static analysis defects 2020-10-23 10:25:37 -04:00
Robbie Harwood
fced14e78a Fix build of previous 2020-10-21 11:49:22 -04:00
Robbie Harwood
7c8b50fca5 Cross-realm s4u fixes for samba (#1836630) 2020-10-21 11:24:24 -04:00
Tomas Mraz
da77b5dcf8 Drop unnecessary conflict with openssl-libs >= 3.0.0 
The requirement unnecessarily prevents temporary coexistence of
krb5-libs with new openssl library where the old openssl library
is coming from openssl1.1 compat package.
 2020-10-19 11:25:53 +02:00
Robbie Harwood
96c0dcc1c7 Unify kvno option documentation 2020-10-15 16:18:06 -04:00
Robbie Harwood
501e298072 Add md5 override to krad 2020-10-02 16:36:12 -04:00
Robbie Harwood
c06ba2920a Use systemctl reload to HUP the KDC during logrotate 
Resolves: #1877692
 2020-09-10 14:22:32 +00:00
Robbie Harwood
d7334ebf68 Fix input length checking in SPNEGO DER decoding 2020-09-09 17:47:18 -04:00
Robbie Harwood
1003328588 Mark crypto-polices snippet as missingok 
Resolves: #1868379
 2020-08-28 12:23:29 -04:00
Robbie Harwood
cd0b1d6ba6 Temporarily dns_canonicalize_hostname=fallback changes 
Hopefully unbreak IPA while we debug further
 2020-08-13 09:50:45 -04:00
Robbie Harwood
c59e4a1c67 Expand dns_canonicalize_hostname=fallback support 2020-08-07 19:03:02 -04:00
Robbie Harwood
2091f29399 Fix leak in KERB_AP_OPTIONS_CBT server support 2020-08-04 14:24:08 -04:00
Robbie Harwood
4530bb6de9 Revert qualify_shortname removal 2020-08-03 15:39:37 -04:00
Robbie Harwood
8be5252136 Disable tests on s390x 
Resolves: #1863952
 2020-08-03 15:36:24 -04:00
Fedora Release Engineering
d0cfa344c7 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-08-01 03:47:16 +00:00
Robbie Harwood
710f626f12 Revert qualify_shortname changes 2020-07-31 13:31:53 -04:00
Fedora Release Engineering
d314641a26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-07-28 03:39:56 +00:00
Robbie Harwood
86ecb1b3d2 Ignore bad enctypes in krb5_string_to_keysalts() 
Allow gss_unwrap_iov() of unpadded RC4 tokens
 2020-07-22 17:28:11 -04:00
Robbie Harwood
b1b925635d Ignore bad enctypes in krb5_string_to_keysalts() 2020-07-22 15:20:11 -04:00
Tom Stellard
da1e8dbb3f Use make macros 
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
 2020-07-21 22:06:50 +00:00
Robbie Harwood
f15271f04d Set qualify_shortname empty in default configuration 
Resolves: #1852041
 2020-07-08 16:10:07 -04:00
Robbie Harwood
80e06352b8 Use two queues for concurrent t_otp.py daemons 2020-06-15 17:27:59 -04:00
Robbie Harwood
e326a52474 Match Heimdal behavior for channel bindings 2020-06-15 16:57:30 -04:00
Robbie Harwood
feaafc07b2 Fix test suite by removing wrapper workarounds 2020-06-08 22:00:22 +00:00
Robbie Harwood
3c4e18f2f3 Omit PA_FOR_USER if we can't compute its checksum 2020-06-08 16:01:55 -04:00
Robbie Harwood
49849de329 Replace gssrpc tests with a Python script 2020-05-30 12:38:04 -04:00
Robbie Harwood
883355750a Default dns_canonicalize_hostname to "fallback" 2020-05-30 12:01:58 -04:00
Robbie Harwood
331a9df349 dns_canonicalize_hostname = fallback 2020-05-26 21:47:51 +00:00
Robbie Harwood
dec02b8411 Pass channel bindings through SPNEGO 2020-05-26 14:34:53 -04:00
Robbie Harwood
102adf5edf New upstream release (1.18.2) 2020-05-22 14:26:04 -04:00
Robbie Harwood
d370e2a431 Fix SPNEGO acceptor mech filtering 2020-05-22 13:28:09 -04:00
Robbie Harwood
0963a62bc3 Fix typo ("in in") in the ksu man page 2020-05-18 14:02:44 -04:00
Robbie Harwood
a9ccd6fd57 Omit KDC indicator check for S4U2Self requests 2020-05-08 14:14:22 -04:00
Robbie Harwood
19d5d2e504 Pass gss_localname() through SPNEGO 2020-04-28 13:12:21 -04:00
Robbie Harwood
7fca7fd076 New upstream version (1.18.1) 2020-04-14 15:45:43 -04:00
Robbie Harwood
66ec722479 Make ksu honor KRB5CCNAME again 2020-04-07 15:51:54 -04:00
Robbie Harwood
9f3201c4bc Do expiration warnings for all init_creds APIs 2020-04-02 14:03:07 -04:00
Robbie Harwood
c262ec69f6 Correctly import "service@" GSS host-based name 2020-04-01 14:24:49 -04:00
Robbie Harwood
4e7e5fe69b Eliminate redundant PKINIT responder invocation 2020-03-26 16:01:18 -04:00
Robbie Harwood
dd7e9481aa Add finalization safety check to com_err 2020-03-26 10:20:02 -04:00
Robbie Harwood
5c9732a545 Add maximum openssl version in preparation for openssl 3 2020-03-20 16:16:55 +00:00
Robbie Harwood
bea8330f52 Document client keytab usage 2020-03-17 15:26:56 -04:00
Robbie Harwood
f6c62d5e63 Refresh manually acquired creds from client keytab 2020-03-03 12:34:50 -05:00
Robbie Harwood
812c07a94f Allow deletion of require_auth with LDAP KDB 2020-02-28 13:35:47 -05:00
Robbie Harwood
0ecf7a0e65 Allow certauth modules to set hw-authent flag 2020-02-27 16:13:51 -05:00
Robbie Harwood
3b6955d99e Fix AS-REQ checking of KDB-modified indicators 2020-02-21 13:16:49 -05:00
Robbie Harwood
48a220a102 Fix missing dist 2020-02-12 17:47:03 -05:00
Robbie Harwood
f287f939a9 New upstream version (1.18) 2020-02-12 22:29:13 +00:00
Robbie Harwood
dd3e136188 Don't assume OpenSSL failures are memory errors 2020-02-07 10:59:57 -05:00
Robbie Harwood
edfb00e001 Put KDB authdata first 2020-02-06 10:17:38 -05:00
Robbie Harwood
8fb4697062 New upstream beta release - 1.18-beta2 
Adjust naming convention for downstream patches
 2020-01-31 20:31:53 +00:00
Fedora Release Engineering
b3d5b8f719 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-01-29 07:50:49 +00:00
Robbie Harwood
7f642b1512 New upstream beta release - 1.18-beta1 2020-01-13 18:19:19 -05:00
Robbie Harwood
84aac1fa6d Fix LDAP policy enforcement of pw_expiration 
Fix handling of invalid CAMMAC service verifier
 2020-01-08 14:07:00 -05:00
Robbie Harwood
2496b50d00 Fix xdr_bytes() strict-aliasing violations 2020-01-06 16:36:41 -05:00
Robbie Harwood
fd463aed6a Don't warn in kadmin when no policy is specified 
Do not always canonicalize enterprise principals
 2020-01-03 11:36:21 -05:00
Robbie Harwood
d6ef09022c Enable the LMDB backend for the KDB 2019-12-13 19:11:07 +00:00
Robbie Harwood
9d642021d7 New upstream version - 1.17.1 
Stop building and packaging PDFs
 2019-12-12 18:42:51 +00:00
Robbie Harwood
4aee4bdd71 Qualify short hostnames when not using DNS 2019-12-06 13:44:42 -05:00
Robbie Harwood
02c0c74c74 Various gssalloc fixes 2019-11-27 12:36:19 -05:00
Robbie Harwood
76d9979dc3 Turns out openssl has an epoch 2019-11-21 22:06:25 +00:00
Robbie Harwood
4c128ec39a Fix runtime openssl version to actually propogate 2019-11-20 23:03:40 +00:00
Robbie Harwood
b9ea889e2a Add runtime openssl version requirement too 2019-11-20 21:13:58 +00:00
Robbie Harwood
4b8056ef08 Fix kadmin addprinc -randkey -kvno 2019-11-20 14:16:04 -05:00
Robbie Harwood
1404656ded Use OpenSSL's backported KDFs 
Restore MD4 in FIPS mode (for samba)
 2019-11-19 14:45:23 -05:00