aboutsummaryrefslogtreecommitdiff
path: root/src/plugins
AgeCommit message (Expand)AuthorFilesLines
2023-07-06Fix PKINIT CMS error checking for older OpenSSLGreg Hudson1-11/+3
2023-07-06Update error checking for OpenSSL CMS_verifyJulien Rische1-3/+6
2022-11-04Fix uncommon PKINIT memory leaksashan1-1/+8
2022-11-04Fix memory leak in OTP kdcpreauth moduleGreg Hudson1-2/+4
2022-11-04Fix memory leak in SPAKE kdcpreauth modulesashan1-0/+1
2022-03-17Use SHA-256 instead of SHA-1 for PKINIT CMS digestJulien Rische1-17/+21
2022-01-28Remove unneeded SPAKE free_modreq methodGreg Hudson1-9/+0
2022-01-27Implement replaced_reply_key input to issue_pac()Greg Hudson1-0/+8
2022-01-27Add replace_reply_key kdcpreauth callbackGreg Hudson3-69/+47
2022-01-12Replace AD-SIGNEDPATH with minimal PACsGreg Hudson4-454/+94
2022-01-12Add PAC ticket signature APIsIsaac Boukris1-3/+3
2021-12-29Use 14 instead of 9 for unkeyed SHA-1 checksumGreg Hudson3-12/+5
2021-11-15Update PKINIT for OpenSSL 3Robbie Harwood2-36/+165
2021-11-15Use OpenSSL 3 versions of remaining KDFsRobbie Harwood4-193/+186
2021-11-05Remove pkinit_kdf_constants.cGreg Hudson2-61/+2
2021-11-05Use EVP key agreement in PKINITGreg Hudson2-302/+388
2021-11-04Use OpenSSL SubjectPublicKeyInfo parsing in PKINITGreg Hudson7-336/+279
2021-11-02Use pre-encoded DH parameter constants in PKINITGreg Hudson4-303/+357
2021-10-28Support KRB5_CERTAUTH_HWAUTH_PASS in certauthKen Hornstein3-12/+72
2021-09-15Fix trivial leak in OTP kdcpreauth modulePavel Březina1-0/+1
2021-07-01Fix many unlikely memory leaksRobbie Harwood7-50/+57
2021-07-01Modernize pkinit_get_certs_pkcs11Robbie Harwood1-117/+113
2021-06-18Fix k5tls module for OpenSSL 3Robbie Harwood1-3/+14
2021-04-07Add additional KRB5_TRACE pointsKen Hornstein4-78/+129
2021-04-07Fix multiple UPN handling in PKINIT client certsKen Hornstein1-3/+2
2021-03-22Fix PKINIT memory leaksGreg Hudson2-2/+5
2021-03-16Use krb5int_open_plugin for PKCS#11 moduleKen Hornstein4-21/+20
2021-03-08Only require one valid pkinit anchor/pool valueKen Hornstein2-5/+25
2021-02-11Infer name type when creating principalsFraser Tweedale1-0/+4
2021-02-11Load certs when checking pkinit_identities valuesKen Hornstein2-21/+19
2020-10-22Use PKG_CHECK_MODULES for system library com_errAnonymous Maarten7-8/+8
2020-10-22Fix minor static analysis defectsRobbie Harwood2-4/+3
2020-08-18Set lockdown attribute when creating LDAP KDBGreg Hudson1-1/+1
2020-08-04Don't create hostbased principals in new KDBsGreg Hudson1-34/+1
2020-05-20Add channel bindings testsIsaac Boukris1-0/+18
2020-04-08Fix typos in commentsGreg Hudson16-23/+24
2020-03-26Make fiat 128-bit typedefs work with older gccGreg Hudson2-3/+5
2020-03-26Eliminate redundant PKINIT responder invocationGreg Hudson2-6/+12
2020-03-26make regenGreg Hudson1-4/+4
2020-02-27Allow deletion of require_auth with LDAP KDBGreg Hudson2-11/+22
2020-02-27Allow certauth modules to set hw-authent flagGreg Hudson3-12/+27
2020-02-21Fix AS-REQ checking of KDB-modified indicatorsGreg Hudson1-2/+40
2020-02-05Test that PAC is the first authdata elementIsaac Boukris1-3/+4
2020-01-24Further simplify test KDB module authdata codeGreg Hudson1-3/+5
2020-01-22Allow cross-realm RBCD with PAC and other authdataIsaac Boukris1-17/+6
2020-01-13Restrict test KDB to local principalsIsaac Boukris1-1/+26
2020-01-07Fix LDAP policy enforcement of pw_expirationRobbie Harwood1-13/+0
2020-01-07Work around macOS SIP in the test suiteGreg Hudson2-1/+3
2019-12-28Remove KRB5_KDB_FLAG_ALIAS_OKIsaac Boukris2-18/+11
2019-12-06Add NegoEx testsGreg Hudson4-0/+388
generated by cgit v1.1 at 2024-07-18 01:55:15 +0000