diff --git a/crypto/Makefile.openssl b/crypto/Makefile.openssl new file mode 100644 index 000000000..ecca58fa5 --- /dev/null +++ b/crypto/Makefile.openssl @@ -0,0 +1,18 @@ +# $NetBSD: Makefile.openssl,v 1.10 2009/09/23 04:02:28 tls Exp $ + +.ifndef _MAKEFILE_OPENSSL_INCLUDED +_MAKEFILE_OPENSSL_INCLUDED=1 + +.include + +OPENSSLSRC= ${CRYPTODIST}/external/bsd/openssl/dist +CPPFLAGS+= -DOPENSSLDIR=\"/etc/openssl\" +CPPFLAGS+= -DENGINESDIR=\"/usr/lib/openssl\" +CPPFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H + +.if defined(__MINIX) +CPPFLAGS+= -DOPENSSL_NO_SCTP +CPPFLAGS+= -DOPENSSL_DISABLE_OLD_DES_SUPPORT +.endif # defined(__MINIX) + +.endif diff --git a/crypto/TODO b/crypto/TODO new file mode 100644 index 000000000..e7efc5505 --- /dev/null +++ b/crypto/TODO @@ -0,0 +1,11 @@ +$NetBSD: TODO,v 1.8 2006/03/23 19:58:03 wiz Exp $ + +- Make the Heimdal Kerberos V API much more like the MIT API. The + current situation means that basically no krb5-aware programs can + work with Heimdal without significant modification. This includes + making compatibility links for e.g. libk5crypto -> libcrypto, etc. + + Currently known-broken Kerberos-aware packages: + - ssh and ssh6 + +- Make rcp, rlogin, ftpd, and ftp work with Kerberos again. diff --git a/crypto/external/Makefile b/crypto/external/Makefile new file mode 100644 index 000000000..e09426ced --- /dev/null +++ b/crypto/external/Makefile @@ -0,0 +1,10 @@ +# $NetBSD: Makefile,v 1.3 2013/02/12 20:55:37 christos Exp $ + +.include + +.if (${MKCRYPTO} != "no") +#MINIX: Not yet imported: cpl +SUBDIR+= bsd +.endif + +.include diff --git a/crypto/external/README b/crypto/external/README new file mode 100644 index 000000000..805a69af6 --- /dev/null +++ b/crypto/external/README @@ -0,0 +1,78 @@ +$NetBSD: README,v 1.3 2012/01/28 01:30:42 christos Exp $ + +Organization of Sources: + +This directory hierarchy is using an organization that separates +crypto source for programs that we have obtained from external third +parties (where NetBSD is not the primary maintainer) from the system +source. + +This README file is derived from the README file in src/external. + +The hierarchy is grouped by license, and then package per license, +and is organized as follows: + + crypto/external/ + + Makefile + Descend into the license sub-directories. + + / + Per-license sub-directories. + + Makefile + Descend into the package sub-directories. + + / + Per-package sub-directories. + + Makefile + Build the package. + + dist/ + The third-party source for a given package. + + bin/ + lib/ + sbin/ + BSD makefiles "reach over" from these into + "../dist/". + +This arrangement allows for packages to be easily disabled or +excised as necessary, either on a per-license or per-package basis. + +The licenses currently used are: + + bsd BSD (or equivalent) licensed software, possibly with + the "advertising clause". + cpl Common Public License + http://www.opensource.org/licenses/cpl1.0 + +If a package has components covered by different licenses +(for example, GPL2 and the LGPL), use the subdirectory +for the more restrictive license. + +If a package allows the choice of a license to use, we'll +generally use the less restrictive license. + +If in doubt about where a package should be located, please +contact for advice. + + +Migration Strategy: + + +Eventually src/dist (and associated framework in other base source +directories) and src/gnu will be migrated to this hierarchy. + + +Maintenance Strategy: + +The sources under src/crypto/external///dist/ are +generally a combination of a published distribution plus changes +that we submit to the maintainers and that are not yet published +by them. + +Make sure all changes made to the external sources are submitted +to the appropriate maintainer, but only after coordinating with +the NetBSD maintainers. diff --git a/crypto/external/bsd/Makefile b/crypto/external/bsd/Makefile new file mode 100644 index 000000000..c60dd9cd9 --- /dev/null +++ b/crypto/external/bsd/Makefile @@ -0,0 +1,11 @@ +# $NetBSD: Makefile,v 1.12 2013/02/12 20:31:14 christos Exp $ + +.include + +.if defined(__MINIX) +SUBDIR+= openssl .WAIT heimdal netpgp .WAIT libsaslc +.else +SUBDIR+= openssl .WAIT heimdal netpgp .WAIT openssh libsaslc +.endif # defined(__MINIX) + +.include diff --git a/crypto/external/bsd/heimdal/Makefile b/crypto/external/bsd/heimdal/Makefile new file mode 100644 index 000000000..4652402bc --- /dev/null +++ b/crypto/external/bsd/heimdal/Makefile @@ -0,0 +1,5 @@ +# $NetBSD: Makefile,v 1.1 2011/04/13 19:16:44 elric Exp $ + +SUBDIR= lib .WAIT bin libexec sbin + +.include diff --git a/crypto/external/bsd/heimdal/Makefile.inc b/crypto/external/bsd/heimdal/Makefile.inc new file mode 100644 index 000000000..eaa354460 --- /dev/null +++ b/crypto/external/bsd/heimdal/Makefile.inc @@ -0,0 +1,47 @@ +# $NetBSD: Makefile.inc,v 1.2 2011/04/16 18:41:58 he Exp $ + +HEIMBASE?= ${NETBSDSRCDIR}/crypto/external/bsd/heimdal +HEIMDIST= ${HEIMBASE}/dist + +SSLBASE?= ${NETBSDSRCDIR}/crypto/external/bsd/openssl + +LIBVERSDIR!= cd ${HEIMBASE}/lib/libvers && ${PRINTOBJDIR} +LIBVERS= ${LIBVERSDIR}/libvers.a + +LIBIPCDIR!= cd ${HEIMBASE}/lib/libipc && ${PRINTOBJDIR} +LIBIPC= ${LIBIPCDIR}/libipc.a +.if ${MKPICLIB} != "yes" +LIBIPC_PIC= ${LIBIPCDIR}/libipc.a +.else +LIBIPC_PIC= ${LIBIPCDIR}/libipc_pic.a +.endif + +.if ${USETOOLS} != "yes" +COMPILEETOBJ!= cd ${HEIMBASE}/lib/libcom_err/compile_et && ${PRINTOBJDIR} +TOOL_COMPILE_ET= ${COMPILEETOBJ}/compile_et + +ASN1COMPILEOBJ!= cd ${HEIMBASE}/lib/libasn1/asn1_compile && ${PRINTOBJDIR} +TOOL_ASN1_COMPILE= ${ASN1COMPILEOBJ}/asn1_compile + +SLCOBJ!= cd ${HEIMBASE}/lib/libsl/slc && ${PRINTOBJDIR} +TOOL_SLC= ${SLCOBJ}/slc +.endif + +# +# We now define what are standard CPP flags across Heimdal: + +.if (${USE_INET6} != "no") +CPPFLAGS+=-DHAVE_IPV6 +HOST_CPPFLAGS+=-DHAVE_IPV6 +.endif + +.if ${MKPIC} == "no" +CPPFLAGS+= -DNO_DLOPEN +.endif + +CPPFLAGS+= -DHAVE_CONFIG_H +HOST_CPPFLAGS+= -DHAVE_CONFIG_H + +CPPFLAGS+= ${.PATH:S/^/-I/} +CPPFLAGS+= -I${HEIMBASE}/include +CPPFLAGS+= -I${HEIMDIST}/include diff --git a/crypto/external/bsd/heimdal/Makefile.rules.inc b/crypto/external/bsd/heimdal/Makefile.rules.inc new file mode 100644 index 000000000..1f8d65a38 --- /dev/null +++ b/crypto/external/bsd/heimdal/Makefile.rules.inc @@ -0,0 +1,107 @@ +# $NetBSD: Makefile.rules.inc,v 1.7 2012/09/05 19:31:04 christos Exp $ + +SRCS+= ${HEIMSRCS:N*.et:N*.in:N*.asn1} + +.for et_src in ${HEIMSRCS:M*.et} +CLEANFILES+= ${et_src:.et=.c} ${et_src:.et=.h} +DPSRCS+= ${et_src:.et=.c} ${et_src:.et=.h} +COMPILE_ET_INCS+= ${et_src:.et=.h} +OBJS+= ${et_src:.et=.o} + +${et_src:.et=.c} ${et_src:.et=.h}: ${et_src} ${TOOL_COMPILE_ET} + ${TOOL_COMPILE_ET} ${.ALLSRC:[1]} + +.endfor + +.for src in ${HEIMSRCS:M*.asn1} +ASN1_FILES.${src} ?= asn1_${src:.asn1=_asn1.x} + +.if ${ASN1_FILES.${src}:[\#]} == 1 +ASN1_OPTS.${src} ?= --one-code-file +.endif + +CLEANFILES+= \ + ${src:.asn1=_asn1_files} \ + ${src:.asn1=_asn1-template.c} \ + ${ASN1_FILES.${src}} \ + ${ASN1_FILES.${src}:.x=.c} \ + ${src:.asn1=_asn1.h} \ + ${src:.asn1=_asn1.hx} \ + ${src:.asn1=_asn1-priv.h} \ + ${src:.asn1=_asn1-priv.hx} \ + ${src:.asn1=.ts} + +ASN1_INCS += ${src:.asn1=_asn1.h} + +DPSRCS += ${src:.asn1=_asn1.h} ${src:.asn1=_asn1-priv.h} +OBJS += ${ASN1_FILES.${src}:.x=.o} + +${ASN1_FILES.${src}} ${src:.asn1=_asn1.h} ${src:.asn1=_asn1-priv.h}: \ + ${src:.asn1=.ts} + +.if exists(${src:.asn1=.opt}) +${src:.asn1=.ts}: ${src} ${src:.asn1=.opt} ${TOOL_ASN1_COMPILE} + @touch $@ + ${TOOL_ASN1_COMPILE} \ + ${ASN1_OPTS.${src}} \ + --option-file=${.ALLSRC:[2]} \ + ${.ALLSRC:[1]} ${src:.asn1=_asn1} + @${TOOL_SED} -E \ + -e 's,#include <(.*)_asn1\.h>,#include ,' \ + 2> /dev/null < ${src:.asn1=_asn1.hx} > ${src:.asn1=_asn1.h} + @cmp -s ${src:.asn1=_asn1-priv.hx} ${src:.asn1=_asn1-priv.h} \ + 2> /dev/null || \ + cp ${src:.asn1=_asn1-priv.hx} ${src:.asn1=_asn1-priv.h} +.else +${src:.asn1=.ts}: ${src} ${TOOL_ASN1_COMPILE} + @touch $@ + ${TOOL_ASN1_COMPILE} \ + ${ASN1_OPTS.${src}} \ + ${.ALLSRC:[1]} ${src:.asn1=_asn1} + @${TOOL_SED} -E \ + -e 's,#include <(.*)_asn1\.h>,#include ,' \ + 2> /dev/null < ${src:.asn1=_asn1.hx} > ${src:.asn1=_asn1.h} + @cmp -s ${src:.asn1=_asn1-priv.hx} ${src:.asn1=_asn1-priv.h} \ + 2> /dev/null || \ + cp ${src:.asn1=_asn1-priv.hx} ${src:.asn1=_asn1-priv.h} +.endif + +.if ${MKREPRO:Uno} == "yes" +NORMALIZE_SRC=-e "s@${NETBSDSRCDIR}@/usr/src@g" +.endif + +.for x2c in ${ASN1_FILES.${src}} +${x2c:.x=.c}: ${x2c} + @${TOOL_SED} ${NORMALIZE_SRC} < ${x2c} > ${x2c}.r + @cmp -s ${x2c}.r ${x2c:.x=.c} 2> /dev/null || cp ${x2c}.r ${x2c:.x=.c} + @rm -f ${x2c}.r +.endfor + +.endfor + +# +# and for slc: + +.for slc_src in ${HEIMSRCS:M*.in} +CLEANFILES+= ${slc_src:.in=.c} ${slc_src:.in=.h} +DPSRCS+= ${slc_src:.in=.c} ${slc_src:.in=.h} +OBJS+= ${slc_src:.in=.o} +SLC_INCS+= ${slc_src:.in=.h} + +${slc_src:.in=.c} ${slc_src:.in=.h}: ${slc_src} + ${TOOL_SLC} ${.ALLSRC} + +.endfor + +# +# And a tiny bit of logic for bsd.prog.mk: + +.if defined(PROG) && defined(OBJS) +OBJS.${PROG} += ${OBJS} +.endif + +.if defined(LIB) && exists(version-script.map) && !defined(NO_VERSION_SCRIPT) +version-script.map: + +LDFLAGS.lib${LIB} += -Wl,--version-script=${version-script.map:P} +.endif diff --git a/crypto/external/bsd/heimdal/bin/Makefile b/crypto/external/bsd/heimdal/bin/Makefile new file mode 100644 index 000000000..c85b69994 --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/Makefile @@ -0,0 +1,22 @@ +# $NetBSD: Makefile,v 1.1 2011/04/13 19:16:44 elric Exp $ + +.include + +HEIMBASE=${.CURDIR}/.. + +.if (${MKKERBEROS} != "no") +SUBDIR = \ + gsstool \ + hxtool \ + kcc \ + kdestroy \ + kgetcred \ + kinit \ + kpasswd \ + krb5-config \ + string2key \ + verify_krb5_conf + +.endif # MKKERBEROS != no + +.include diff --git a/crypto/external/bsd/heimdal/bin/Makefile.inc b/crypto/external/bsd/heimdal/bin/Makefile.inc new file mode 100644 index 000000000..39678749f --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/Makefile.inc @@ -0,0 +1,11 @@ +# $NetBSD: Makefile.inc,v 1.2 2011/05/25 19:21:16 he Exp $ + +BINDIR=/usr/bin + +LDADD+= -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lwind +LDADD+= -lheimbase ${LIBVERS} +LDADD+= -lcrypto -lcrypt + +DPADD+= ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBWIND} +DPADD+= ${LIBHEIMBASE} ${LIBVERS} +DPADD+= ${LIBCRYPTO} ${LIBCRYPT} diff --git a/crypto/external/bsd/heimdal/bin/gsstool/Makefile b/crypto/external/bsd/heimdal/bin/gsstool/Makefile new file mode 100644 index 000000000..b8242b18b --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/gsstool/Makefile @@ -0,0 +1,24 @@ +# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:16 he Exp $ + +.include +.include <${.CURDIR}/../../Makefile.inc> + +USE_FORT?= yes # cryptographic software + +.PATH: ${HEIMDIST}/lib/gssapi + +PROG= gsstool + +HEIMSRCS= gsstool.c gss-commands.in + +MAN= + +LDADD+= -lgssapi -lheimntlm +LDADD+= -lsl ${LIBVERS} +LDADD+= -ledit -lterminfo +DPADD+= ${LIBGSSAPI} ${LIBHEIMNTLM} +DPADD+= ${LIBSL} +DPADD+= ${LIBEDIT} ${LIBTERMINFO} + +.include <${HEIMBASE}/Makefile.rules.inc> +.include diff --git a/crypto/external/bsd/heimdal/bin/hxtool/Makefile b/crypto/external/bsd/heimdal/bin/hxtool/Makefile new file mode 100644 index 000000000..daa0ed147 --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/hxtool/Makefile @@ -0,0 +1,24 @@ +# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:16 he Exp $ + +.include +.include <${.CURDIR}/../../Makefile.inc> + +USE_FORT?= yes # cryptographic software + +.PATH: ${HEIMDIST}/lib/hx509 + +PROG= hxtool + +HEIMSRCS= hxtool.c hxtool-commands.in + +MAN= + +LDADD+= -lgssapi +LDADD+= -lsl +LDADD+= -ledit -lterminfo +DPADD+= ${LIBGSSAPI} +DPADD+= ${LIBSL} +DPADD+= ${LIBEDIT} ${LIBTERMINFO} + +.include <${HEIMBASE}/Makefile.rules.inc> +.include diff --git a/crypto/external/bsd/heimdal/bin/kcc/Makefile b/crypto/external/bsd/heimdal/bin/kcc/Makefile new file mode 100644 index 000000000..40d97abf8 --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/kcc/Makefile @@ -0,0 +1,30 @@ +# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:16 he Exp $ + +.include +.include <${.CURDIR}/../../Makefile.inc> + +USE_FORT?= yes # cryptographic software + +.PATH: ${HEIMDIST}/kuser + +PROG= kcc +LINKS+= ${BINDIR}/kcc ${BINDIR}/klist + +MAN= klist.1 + +HEIMSRCS= kcc-commands.in + +SRCS= copy_cred_cache.c \ + kcc.c \ + klist.c \ + kswitch.c + +CPPFLAGS+= -I${DESTDIR}/usr/include/krb5 + +LDADD+= -lkafs -lsl +LDADD+= -ledit -lterminfo +DPADD+= ${LIBKAFS} ${LIBSL} +DPADD+= ${LIBEDIT} ${LIBTERMINFO} + +.include <${HEIMBASE}/Makefile.rules.inc> +.include diff --git a/crypto/external/bsd/heimdal/bin/kdestroy/Makefile b/crypto/external/bsd/heimdal/bin/kdestroy/Makefile new file mode 100644 index 000000000..5e936dc19 --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/kdestroy/Makefile @@ -0,0 +1,17 @@ +# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:16 he Exp $ + +.include +.include <${.CURDIR}/../../Makefile.inc> + +USE_FORT?= yes # cryptographic software + +.PATH: ${HEIMDIST}/kuser + +PROG= kdestroy +SRCS= kdestroy.c + +LDADD+= -lkafs -lsl -lheimntlm +DPADD+= ${LIBKAFS} ${LIBSL} ${LIBHEIMNTLM} + +.include <${HEIMBASE}/Makefile.rules.inc> +.include diff --git a/crypto/external/bsd/heimdal/bin/kgetcred/Makefile b/crypto/external/bsd/heimdal/bin/kgetcred/Makefile new file mode 100644 index 000000000..74cb2557e --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/kgetcred/Makefile @@ -0,0 +1,17 @@ +# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:16 he Exp $ + +.include +.include <${.CURDIR}/../../Makefile.inc> + +USE_FORT?= yes # cryptographic software + +.PATH: ${HEIMDIST}/kuser + +PROG= kgetcred +SRCS= kgetcred.c + +LDADD+= -lkafs -lsl -lheimntlm +DPADD+= ${LIBKAFS} ${LIBSL} ${LIBHEIMNTLM} + +.include <${HEIMBASE}/Makefile.rules.inc> +.include diff --git a/crypto/external/bsd/heimdal/bin/kinit/Makefile b/crypto/external/bsd/heimdal/bin/kinit/Makefile new file mode 100644 index 000000000..37a27de22 --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/kinit/Makefile @@ -0,0 +1,19 @@ +# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:17 he Exp $ + +.include +.include <${.CURDIR}/../../Makefile.inc> + +USE_FORT?= yes # cryptographic software + +.PATH: ${HEIMDIST}/kuser + +PROG= kinit +SRCS= kinit.c + +CPPFLAGS+= -I${HEIMDIST}/lib/ntlm + +LDADD+= -lkafs -lsl -lheimntlm +DPADD+= ${LIBKAFS} ${LIBSL} ${LIBHEIMNTLM} + +.include <${HEIMBASE}/Makefile.rules.inc> +.include diff --git a/crypto/external/bsd/heimdal/bin/kpasswd/Makefile b/crypto/external/bsd/heimdal/bin/kpasswd/Makefile new file mode 100644 index 000000000..bf207d432 --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/kpasswd/Makefile @@ -0,0 +1,17 @@ +# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:17 he Exp $ + +.include +.include <${.CURDIR}/../../Makefile.inc> + +USE_FORT?= yes # cryptographic software + +.PATH: ${HEIMDIST}/kpasswd + +PROG= kpasswd +SRCS= kpasswd.c + +LDADD+= -lkafs -lsl -lheimntlm +DPADD+= ${LIBKAFS} ${LIBSL} ${LIBHEIMNTLM} + +.include <${HEIMBASE}/Makefile.rules.inc> +.include diff --git a/crypto/external/bsd/heimdal/bin/krb5-config/Makefile b/crypto/external/bsd/heimdal/bin/krb5-config/Makefile new file mode 100644 index 000000000..dd26aa6b6 --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/krb5-config/Makefile @@ -0,0 +1,32 @@ +# $NetBSD: Makefile,v 1.2 2013/04/12 18:08:10 joerg Exp $ + +.include +.include <${.CURDIR}/../../Makefile.inc> + +.PATH: ${HEIMDIST}/tools + +SCRIPTS= krb5-config +MAN= krb5-config.1 + +CLEANFILES+= krb5-config + +krb5-config: krb5-config.in + ${TOOL_SED} -e "s!@PACKAGE\@!heimdal!g" \ + -e "s!@VERSION\@!1.5pre1!g" \ + -e "s!@prefix\@!/!g" \ + -e "s!@exec_prefix\@!/!g" \ + -e "s!@libdir\@!/usr/lib!g" \ + -e "s!@includedir\@!/usr/include!g" \ + -e "s!@LIB_crypt\@!-lcrypt!g" \ + -e "s!@LIB_dbopen\@!!g" \ + -e "s!@INCLUDE_hcrypto\@!!g" \ + -e "s!@LIB_hcrypto_appl\@!-lcrypto!g" \ + -e "s!@LIB_dlopen\@!!g" \ + -e "s!@LIB_door_create\@!!g" \ + -e "s!@LIB_pkinit\@!-lhx509!g" \ + -e "s!@PTHREAD_LIBADD\@!!g" \ + -e "s!@LIBS\@!!g" \ + ${HEIMDIST}/tools/krb5-config.in > $@ + chmod +x $@ + +.include diff --git a/crypto/external/bsd/heimdal/bin/string2key/Makefile b/crypto/external/bsd/heimdal/bin/string2key/Makefile new file mode 100644 index 000000000..331ffbe61 --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/string2key/Makefile @@ -0,0 +1,24 @@ +# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:17 he Exp $ + +.include +.include <${.CURDIR}/../../Makefile.inc> + +USE_FORT?= yes # cryptographic software + +.PATH: ${HEIMDIST}/kdc + +PROG= string2key +SRCS= string2key.c +MAN= string2key.8 + +CPPFLAGS+= \ + -I${HEIMDIST}/base \ + -I${HEIMDIST}/lib/krb5 \ + -I${HEIMDIST}/lib/wind \ + -I${HEIMDIST}/kdc \ + -I${HEIMBASE}/include/krb5 \ + -I${HEIMBASE}/lib/libheimntlm \ + -I${HEIMBASE}/lib/libwind \ + +.include <${HEIMBASE}/Makefile.rules.inc> +.include diff --git a/crypto/external/bsd/heimdal/bin/verify_krb5_conf/Makefile b/crypto/external/bsd/heimdal/bin/verify_krb5_conf/Makefile new file mode 100644 index 000000000..d3bf54498 --- /dev/null +++ b/crypto/external/bsd/heimdal/bin/verify_krb5_conf/Makefile @@ -0,0 +1,24 @@ +# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:17 he Exp $ + +WARNS?= 2 # XXX -Wextra + +NOLINT= # defined + +.include +.include <${.CURDIR}/../../Makefile.inc> + +.PATH: ${HEIMDIST}/lib/krb5 + +PROG= verify_krb5_conf +MAN= verify_krb5_conf.8 + +SRCS= verify_krb5_conf.c + +#CPPFLAGS+= -I. \ +# -I${DIST}/heimdal/lib/asn1 \ +# -I${NETBSDSRCDIR}/include/heimdal \ +# -I${DESTDIR}/usr/include/krb5 \ +# -DHAVE_CONFIG_H + +.include <${HEIMBASE}/Makefile.rules.inc> +.include diff --git a/crypto/external/bsd/heimdal/dist/ChangeLog b/crypto/external/bsd/heimdal/dist/ChangeLog new file mode 100644 index 000000000..125740da3 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/ChangeLog @@ -0,0 +1,485 @@ + +We stop writing change logs, see the source code version control systems history log instead + +2008-07-28 Love Hornquist Astrand + + * lib/krb5/v4_glue.c: The "kaserver" part of Heimdal occasionally + issues invalid AFS tokens + (here "occasionally" means for certain users in certain realms). + + In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket + is padded to a multiple of 8 bytes. If it is already a multiple of + 8 bytes, 8 additional 0-bytes are added. + + This catches the AFS krb4 ticket decoder by surprise: unless the + ticket is exactly 56 bytes, it only supports the minimum necessary + padding. It detects the superfluous padding by comparing the + ticket length decoded to the advertised ticket length. + + Hence a 7-letter userid in "cern.ch" which resulted in a ticket of + 40 bytes, got "padded" to 48 bytes which the rxkad decoder + rejected. + + From Rainer Toebbicke. + +2008-07-25 Love Hörnquist Åstrand + + * kuser/kinit.c: add --ok-as-delegate and --windows flags + + * kpasswd/kpasswd-generator.c: Switch to krb5_set_password. + + * kuser/kinit.c: Use krb5_cc_set_config. + + * lib/krb5/cache.c: Add krb5_cc_[gs]et_config. + +2008-07-22 Love Hörnquist Åstrand + + * lib/krb5/crypto.c: Allow numbers to be enctypes to as long as + they are valid. + +2008-07-17 Love Hörnquist Åstrand + + * lib/hdb/version-script.map: some random bits needed for libkadm + +2008-07-15 Love Hörnquist Åstrand + + * lib/krb5/send_to_kdc_plugin.h: add name for send_to_kdc plugin. + + * lib/krb5/krbhst.c: handle KRB5_PLUGIN_NO_HANDLE for lookup + plugin. + + * lib/krb5/send_to_kdc.c: Add support for the send_to_kdc plugin + interface. + + * lib/krb5/Makefile.am: add send_to_kdc_plugin.h + + * lib/krb5/krb5_err.et: add plugin error codes + +2008-07-14 Love Hornquist Astrand + + * lib/hdb/Makefile.am: EXTRA_DIST += version-script.map + +2008-07-14 Love Hornquist Astrand + + * lib/krb5/krb5_{address,ccache}.3: spelling, from openbsd via janne + johansson + +2008-07-13 Love Hörnquist Åstrand + + * lib/krb5/version-script.map: add krb5_free_error_message + +2008-06-21 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c: switch to krb5_set_password(). + +2008-06-18 Love Hörnquist Åstrand + + * lib/krb5/time.c (krb5_set_real_time): handle negative usec + +2008-05-31 Love Hörnquist Åstrand + + * lib/krb5/krb5_locl.h: Add + + * lib/krb5/crypto.c: Use wind_utf8ucs2_length to convert the password to utf16. + +2008-05-30 Love Hörnquist Åstrand + + * lib/krb5/kcm.c: Add back krb5_kcmcache argument to try_door(). + +2008-05-27 Love Hörnquist Åstrand + + * lib/krb5/error_string.c (krb5_free_error_message): constify + + * lib/krb5/error_string.c: Add krb5_get_error_message(). + + * lib/krb5/doxygen.c: krb5_cc_new_unique() is name of the creation + function. + +2008-04-30 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: Use the _ext api for OpenLDAP, from Honza + Machacek (gentoo). + +2008-04-28 Love Hörnquist Åstrand + + * lib/krb5/crypto.c: Use DES_set_key_unchecked(). + + * lib/krb5/krb5.conf.5: Document default_cc_type. + + * lib/krb5/cache.c: Pick up [libdefaults]default_cc_type + +2008-04-27 Love Hörnquist Åstrand + + * kdc/kaserver.c: Use DES_set_key_unchecked(). + +2008-04-21 Love Hörnquist Åstrand + + * doc/hx509.texi: About the pkcs11 module. + + * doc/hx509.texi: Pick up version from vars.texi + + * doc/hx509.texi: No MIT code in hx509. + + * hx509 now includes a pkcs11 implementation. + +2008-04-20 Love Hörnquist Åstrand + + * lib/hdb/Makefile.am: Move OpenLDAP includes to AM_CPPFLAGS to + avoid dropping other defines for the library. + +2008-04-17 Love Hörnquist Åstrand + + * lib/krb5: add __declspec() for windows. + + * configure.in: Update rk_WIN32_EXPORT, add gssapi to + rk_WIN32_EXPORT. + + * configure.in: Lets try dependency tracking for automake 1.10 and + later. + + * configure.in: Use at least libtool-2.2. + + * configure.in: Use LT_INIT the right way. + + * lib/krb5/Makefile.am: Update make-proto usage. + + * configure.in: Run autoupdate, use LT_INIT(). + +2008-04-15 Love Hörnquist Åstrand + + * lib/krb5/test_forward.c: Don't print krb5_error_code since we + are using krb5_err(). + + * lib/krb5/ticket.c: Cast krb5_error_code to int to avoid warning. + + * lib/krb5/scache.c: Cast krb5_error_code to int to avoid warning. + + * lib/krb5/principal.c: Cast enum to int to avoid warning. + + * lib/krb5/pkinit.c: Cast krb5_error_code to int to avoid warning. + + * lib/krb5/pac.c: Cast size_t to unsigned long to avoid warning. + + * lib/krb5/error_string.c: Cast krb5_error_code to int to avoid + warning. + + * lib/krb5/keytab_keyfile.c: Make num_entries an uint32 to avoid + negative numbers and type warnings. + + * lib/krb5: cc_get_version returns an int, update. + +2008-04-10 Love Hörnquist Åstrand + + * configure.in: Check for . + +2008-04-09 Love Hörnquist Åstrand + + * lib/krb5/version-script.map: sort and export _krb5_pk_kdf + + * lib/krb5/crypto.c: Check kdf params. calculate the second half + of the key. + + * lib/krb5/Makefile.am: Add test_pknistkdf + + * lib/krb5/test_pknistkdf.c: Test the new pkinit nist kdf. + + * lib/krb5/crypto.c: Complete _krb5_pk_kdf. + + * lib/krb5/crypto.c: First version of KDF in + draft-ietf-krb-wg-pkinit-alg-agility-03.txt. + +2008-04-08 Love Hörnquist Åstrand + + * doc/setup.texi: Add text about smbk5pwd overlay from Buchan + Milne. + + * lib/krb5/krb5_locl.h: Name the pkinit type enum. + + * kdc/pkinit.c: Rename constants to match global header. + + * lib/krb5/pkinit.c: Drop krb5_pk_identity and rename constants to + match global header. + + * kdc/pkinit.c: Pick up krb5_pk_identity from krb5_locl.h. + + * lib/krb5/scache.c (scc_alloc): %x is unsigned int. + +2008-04-07 Love Hörnquist Åstrand + + * lib/krb5/version-script.map: Sort and add krb5_cc_switch. + + * lib/krb5/acache.c: Use unsigned where appropriate. + + * kcm/glue.c: Adapt to chenge to krb5_cc_ops. + + * kcm/acl.c: Add missing op. + + * kdc/connect.c: Use unsigned where appropriate. + + * lib/krb5/n-fold.c: Use size_t where appropriate. + + * lib/krb5/get_addrs.c: Use unsigned where appropriate. + + * lib/krb5/crypto.c: Use unsigned where appropriate. + + * lib/krb5/crc.c: Use unsigned where appropriate. + + * lib/krb5/changepw.c: simplify + + * lib/krb5/copy_host_realm.c: simplify + + * kuser/kswitch.c: Implement --principal. + +2008-04-05 Love Hörnquist Åstrand + + * lib/krb5/cache.c: allow returning the default cc-type. + + * kuser/kswitch.c: Enable switching between existing caches. + + * lib/krb5/cache.c: Add krb5_cc_switch, to set the default + credential cache. + + * lib/krb5/acache.c: Implement set_default. + + * lib/krb5/krb5.h: Extend krb5_cc_ops and add set_default to set + the default cc name for a credential type. + +2008-04-04 Love Hörnquist Åstrand + + * lib/krb5/test_cc.c: test remove + + * lib/krb5/fcache.c: Make the remove cred slight more atomic, now + it might lose creds, but there will be no empty cache at any time. + + * lib/krb5/scache.c: Do credential iteration by temporary table. + +2008-04-02 Love Hörnquist Åstrand + + * lib/krb5/acache.c: Translate ccErrInvalidCCache. + + * lib/krb5/scache.c: implemetation of a sqlite3 backed credential + cache. + + * lib/krb5/test_cc.c: test acc and scc + + * lib/krb5/acache.c: Only release context if its in use. + +2008-04-01 Love Hörnquist Åstrand + + * doc/setup.texi: No patching of OpenLDAP is needed, from Buchan + Milne. + +2008-03-30 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: Add scache. + + * lib/krb5/scache.c: initial implementation + + * lib/Makefile.am: sqlite + + * configure.in: lib/sqlite/Makefile + +2008-03-26 Love Hörnquist Åstrand + + * lib/krb5/fcache.c: Make the storing credential an atomic + write(2) to avoid signal races, bug traced by Harald Barth and Lars + Malinowsky. + +2008-03-25 Love Hörnquist Åstrand + + * lib/krb5/fcache.c: Make erase_file() do locking too. + + * kcm/protocol.c: Make work when moving to a non-existant + cred-cache. + + * lib/krb5/test_cc.c: more verbose info. + + * lib/krb5/test_cc.c: test krb5_cc_move(). + +2008-03-23 Love Hörnquist Åstrand + + * lib/krb5/get_cred.c: Try both kdc server referral and the old + client chasing mode. + + * lib/krb5/get_cred.c: Don't do canonicalize by default, make + add_cred() sane, make loop detection in credential fetching + better. + + * lib/krb5/krb5_locl.h: Add flag EXTRACT_TICKET_AS_REQ. + + * lib/krb5/init_creds_pw.c: Tell _krb5_extract_ticket that this is + an AS-REQ. + + * lib/krb5/get_in_tkt.c: Make server referral work. + +2008-03-22 Love Hörnquist Åstrand + + * lib/krb5/get_in_tkt.c: check no server referral, don't use + stringent length tests since encryption layer does padding for + us... + + * kdc/kerberos5.c: Match name in ClientCanonicalizedNames with -10 + + * lib/krb5/principal.c (_krb5_principal_compare_PrincipalName): + new function to compare a principal to a PrincipalName. + + * lib/krb5/init_creds_pw.c: Move client referral checking to + _krb5_extract_ticket(). + + * lib/krb5/get_in_tkt.c: More bits for server referral. + + * lib/krb5/get_in_tkt.c: Make working with client referrals. + + * lib/krb5/get_cred.c: Try moving referrals checking into + _krb5_extract_ticket(). + + * lib/krb5/get_in_tkt.c: Try moving referrals checking into + _krb5_extract_ticket(). + +2008-03-21 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: Send SERVER-REFERRAL data in rep.padata instead + of auth_data in ticket. + +2008-03-20 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c: remove lost bits from using + krb5_principal_set_realm + + * kdc/krb5tgs.c: Better referrals support, use canonicalize flag. + + * kdc/hprop.c: use krb5_principal_set_realm + + * lib/krb5/init_creds_pw.c: use krb5_principal_set_realm + + * lib/krb5/verify_user.c: use krb5_principal_set_realm + + * lib/krb5/version-script.map: add krb5_principal_set_realm + + * lib/krb5/principal.c: add krb5_principal_set_realm + + * lib/krb5/get_cred.c: Insecure tgs referrals. + + * lib/krb5/get_cred.c: Dont try key usage KRB5_KU_AP_REQ_AUTH for + TGS-REQ. This drop compatibility with pre 0.3d KDCs. + + * lib/krb5/get_cred.c: catch KRB5_GC_CANONICALIZE. + + * lib/krb5/krb5.h: set KRB5_GC_CANONICALIZE. + + * kuser/kgetcred.c: set KRB5_GC_CANONICALIZE. + + * kuser/kgetcred.c: Add stub --canonicalize implementation. + +2008-03-19 Love Hörnquist Åstrand + + * doc/setup.texi: Fix sasl-regexp, from Howard Chu. + +2008-03-14 Love Hörnquist Åstrand + + * kdc/kx509.c: Adapt to hx509_env changes. + +2008-03-10 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Try searchin the key by to use by first + looking for for PK-INIT EKU, then the Microsoft smart card EKU and + last, no special EKU at all. + +2008-03-09 Love Hörnquist Åstrand + + * lib/krb5/acache.c: Create a new credential cache is ->get_name + is called, make acc_initialize() reset the existing credential + cache if needed. + + * lib/krb5/acache.c (acc_get_name): just return the cache_name + directly instead of trying to resolve it. + +2008-02-23 Love Hörnquist Åstrand + + * include/Makefile.am (CLEANFILES): add wind.h and wind_err.h and + sort. + +2008-02-11 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: Use malloc() instead of static buffer. + + * lib/hdb/hdb-ldap.c: Use ldap_get_values_len, from LaMont Jones + via Brian May and Debian. + + * doc/Makefile.am: add libwind + +2008-02-05 Love Hörnquist Åstrand + + * lib/krb5/test_renew.c: Remove extra ;, From Dennis Davis. + + * lib/krb5/store_emem.c: Make compile on-pre c99 compilers. From + Dennis Davis. + +2008-02-03 Love Hörnquist Åstrand + + * tools/heimdal-gssapi.pc.in: Add wind. + + * tools/krb5-config.in: Add wind. + + * lib/krb5/pac.c: Use libwind. + +2008-02-01 Love Hörnquist Åstrand + + * lib/Makefile.am: SUBDIRS: add wind + +2008-01-29 Love Hörnquist Åstrand + + * doc/programming.texi: See the Kerberos 5 API introduction and + documentation on the Heimdal webpage. + +2008-01-27 Love Hörnquist Åstrand + + * lib/krb5: better error strings for the keytab fetching functions + + * lib/krb5/verify_krb5_conf.c: Catch deprecated entries. + + * lib/krb5/get_cred.c: Remove support + for [libdefaults]capath (not [libdefaults] capaths though). + +2008-01-25 Love Hörnquist Åstrand + + * tools/heimdal-gssapi.pc.in: Fix caps of prefix, from Joakim + Fallsjo. + +2008-01-24 Love Hörnquist Åstrand + + * lib/krb5/fcache.c (fcc_move): more explict why the fcc_move + failes, handle cross device moves. + +2008-01-21 Love Hörnquist Åstrand + + * lib/krb5/get_for_creds.c: Use on variable less. + + * lib/krb5/get_for_creds.c: Try to handle ticket full and + ticketless tickets better. Add doxygen comments while here. + + * lib/krb5/test_forward.c: Used for testing + krb5_get_forwarded_creds(). + + * lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward + + * lib/krb5/Makefile.am: drop CHECK_SYMBOLS + + * lib/hdb/Makefile.am: drop CHECK_SYMBOLS + + * kdc/Makefile.am: drop CHECK_SYMBOLS + +2008-01-18 Love Hörnquist Åstrand + + * lib/krb5/version-script.map: Add krb5_digest_probe. + +2008-01-13 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Replace hx509_name_to_der_name with + hx509_name_binary. + +2008-01-12 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: add missing files + + * Happy new year. diff --git a/crypto/external/bsd/heimdal/dist/ChangeLog.1998 b/crypto/external/bsd/heimdal/dist/ChangeLog.1998 new file mode 100644 index 000000000..f26dba777 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/ChangeLog.1998 @@ -0,0 +1,3201 @@ +Sat Dec 5 19:49:34 1998 Johan Danielsson + + * lib/krb5/context.c: remove ktype_is_etype + + * lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE + + * configure.in: fix for AIX install; better tests for AIX dynamic + AFS libs; `--enable-new-des3-code' + +Tue Dec 1 14:44:44 1998 Johan Danielsson + + * appl/afsutil/Makefile.am: link with extra libs for aix + + * kuser/Makefile.am: link with extra libs for aix + +Sun Nov 29 01:56:21 1998 Assar Westerlund + + * lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add. almost + the same as krb5_get_all_client_addrs except that it includes + loopback addresses + + * kdc/connect.c (init_socket): bind to a particular address + (init_sockets): get all local addresses and bind to them all + + * lib/krb5/addr_families.c (addr2sockaddr, print_addr): new + methods + (find_af, find_atype): new functions. use them. + + * configure.in: add hesiod + +Wed Nov 25 11:37:48 1998 Johan Danielsson + + * lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03 + +Mon Nov 23 12:53:48 1998 Assar Westerlund + + * lib/kadm5/log.c: rename delete -> remove + + * lib/kadm5/delete_s.c: rename delete -> remove + + * lib/hdb/common.c: rename delete -> remove + +Sun Nov 22 12:26:26 1998 Assar Westerlund + + * configure.in: check for environ and `struct spwd' + +Sun Nov 22 11:42:45 1998 Johan Danielsson + + * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if + ktype_is_etype + + * lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate + etypes + (em): sort entries + +Sun Nov 22 06:54:48 1998 Assar Westerlund + + * lib/krb5/init_creds_pw.c: more type correctness + + * lib/krb5/get_cred.c: re-structure code. remove limits on ASN1 + generated bits. + +Sun Nov 22 01:49:50 1998 Johan Danielsson + + * kdc/hprop.c (v4_prop): fix bogus indexing + +Sat Nov 21 21:39:20 1998 Assar Westerlund + + * lib/krb5/verify_init.c (fail_verify_is_ok): new function + (krb5_verify_init_creds): if we cannot get a ticket for + host/`hostname` and fail_verify_is_ok just return. use + krb5_rd_req + +Sat Nov 21 23:12:27 1998 Assar Westerlund + + * lib/krb5/free.c (krb5_xfree): new function + + * lib/krb5/creds.c (krb5_free_creds_contents): new function + + * lib/krb5/context.c: more type correctness + + * lib/krb5/checksum.c: more type correctness + + * lib/krb5/auth_context.c (krb5_auth_con_init): more type + correctness + + * lib/asn1/der_get.c (der_get_length): fix test of len + (der_get_tag): more type correctness + + * kuser/klist.c (usage): void-ize + + * admin/ktutil.c (kt_remove): some more type correctness. + +Sat Nov 21 16:49:20 1998 Johan Danielsson + + * kuser/klist.c: try to list enctypes as keytypes + + * kuser/kinit.c: remove extra `--cache' option, add `--enctypes' + to set list of enctypes to use + + * kadmin/load.c: load strings as hex + + * kadmin/dump.c: dump hex as string is possible + + * admin/ktutil.c: use print_version() + + * configure.in, acconfig.h: test for hesiod + +Sun Nov 15 17:28:19 1998 Johan Danielsson + + * lib/krb5/crypto.c: add some crypto debug code + + * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed + buffer when encoding ticket + + * lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype' + + * kdc/kerberos5.c: allow mis-match of tgt session key, and service + session key + + * admin/ktutil.c: keytype -> enctype + +Fri Nov 13 05:35:48 1998 Assar Westerlund + + * lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added + +Sat Nov 7 19:56:31 1998 Assar Westerlund + + * lib/krb5/get_cred.c (add_cred): add termination NULL pointer + +Mon Nov 2 01:15:06 1998 Assar Westerlund + + * lib/krb5/rd_req.c: adapt to new crypto api + + * lib/krb5/rd_rep.c: adapt to new crypto api + + * lib/krb5/rd_priv.c: adopt to new crypto api + + * lib/krb5/rd_cred.c: adopt to new crypto api + + * lib/krb5/principal.c: ENOMEM -> ERANGE + + * lib/krb5/mk_safe.c: cleanup and adopt to new crypto api + + * lib/krb5/mk_req_ext.c: adopt to new crypto api + + * lib/krb5/mk_req.c: get enctype from auth_context keyblock + + * lib/krb5/mk_rep.c: cleanup and adopt to new crypto api + + * lib/krb5/mk_priv.c: adopt to new crypto api + + * lib/krb5/keytab.c: adopt to new crypto api + + * lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api + + * lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api + + * lib/krb5/get_in_tkt_pw.c: adopt to new crypto api + + * lib/krb5/get_in_tkt.c: adopt to new crypto api + + * lib/krb5/get_cred.c: adopt to new crypto api + + * lib/krb5/generate_subkey.c: use new crypto api + + * lib/krb5/context.c: rename etype functions to enctype ditto + + * lib/krb5/build_auth.c: use new crypto api + + * lib/krb5/auth_context.c: remove enctype and cksumtype from + auth_context + +Mon Nov 2 01:15:06 1998 Assar Westerlund + + * kdc/connect.c (handle_udp, handle_tcp): correct type of `n' + +Tue Sep 15 18:41:38 1998 Johan Danielsson + + * admin/ktutil.c: fix printing of unrecognized keytypes + +Tue Sep 15 17:02:33 1998 Johan Danielsson + + * lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if + using AFS3 salt + +Tue Aug 25 23:30:52 1998 Assar Westerlund + + * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about + `use_admin_kdc' + + * lib/krb5/changepw.c (get_kdc_address): use + krb5_get_krb_admin_hst + + * lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function + + * lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc' + + * lib/krb5/context.c (krb5_get_use_admin_kdc, + krb5_set_use_admin_kdc): new functions + +Tue Aug 18 22:24:12 1998 Johan Danielsson + + * lib/krb5/crypto.c: remove all calls to abort(); check return + value from _key_schedule; + (RSA_MD[45]_DES_verify): zero tmp and res; + (RSA_MD5_DES3_{verify,checksum}): implement + +Mon Aug 17 20:18:46 1998 Assar Westerlund + + * kdc/kerberos4.c (swap32): conditionalize + + * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function + + * lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname + returned from gethostby*() isn't a FQDN, try with the original + hostname + + * lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal + and correct key usage + + * lib/krb5/crypto.c (verify_checksum): make static + + * admin/ktutil.c (kt_list): use krb5_enctype_to_string + +Sun Aug 16 20:57:56 1998 Assar Westerlund + + * kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt + + * kadmin/ank.c (ank): print principal name in prompt + + * lib/krb5/crypto.c (hmac): always allocate space for checksum. + never trust c.checksum.length + (_get_derived_key): try to return the derived key + +Sun Aug 16 19:48:42 1998 Johan Danielsson + + * lib/krb5/crypto.c (hmac): fix some peculiarities and bugs + (get_checksum_key): assume usage is `formatted' + (create_checksum,verify_checksum): moved the guts of the krb5_* + functions here, both take `formatted' key-usages + (encrypt_internal_derived): fix various bogosities + (derive_key): drop key_type parameter (already given by the + encryption_type) + + * kdc/kerberos5.c (check_flags): handle case where client is NULL + + * kdc/connect.c (process_request): return zero after processing + kerberos 4 request + +Sun Aug 16 18:38:15 1998 Johan Danielsson + + * lib/krb5/crypto.c: merge x-*.[ch] into one file + + * lib/krb5/cache.c: remove residual from krb5_ccache_data + +Fri Aug 14 16:28:23 1998 Johan Danielsson + + * lib/krb5/x-crypto.c (derive_key): move DES3 specific code to + separate function (will eventually end up someplace else) + + * lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key + + * configure.in, acconfig.h: test for four valued krb_put_int + +Thu Aug 13 23:46:29 1998 Assar Westerlund + + * Release 0.0t + +Thu Aug 13 22:40:17 1998 Assar Westerlund + + * lib/krb5/config_file.c (parse_binding): remove trailing + whitespace + +Wed Aug 12 20:15:11 1998 Johan Danielsson + + * lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type + to krb5_create_checksum + + * lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a + few typos + +Wed Aug 5 12:39:54 1998 Assar Westerlund + + * Release 0.0s + +Thu Jul 30 23:12:17 1998 Assar Westerlund + + * lib/krb5/mk_error.c (krb5_mk_error): realloc until you die + +Thu Jul 23 19:49:03 1998 Johan Danielsson + + * kdc/kdc_locl.h: proto for `get_des_key' + + * configure.in: test for four valued el_init + + * kuser/klist.c: keytype -> enctype + + * kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*' + + * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys + + * kdc/kaserver.c: use `get_des_key' + + * kdc/524.c: use new crypto api + + * kdc/kerberos4.c: use new crypto api + + * kdc/kerberos5.c: always treat keytypes as enctypes; use new + crypto api + + * kdc/kstash.c: adapt to new crypto api + + * kdc/string2key.c: adapt to new crypto api + + * admin/srvconvert.c: add keys for all possible enctypes + + * admin/ktutil.c: keytype -> enctype + + * lib/gssapi/init_sec_context.c: get enctype from auth_context + keyblock + + * lib/hdb/hdb.c: remove hdb_*_keytype2key + + * lib/kadm5/set_keys.c: adapt to new crypto api + + * lib/kadm5/rename_s.c: adapt to new crypto api + + * lib/kadm5/get_s.c: adapt to new crypto api + + * lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4, + des-cbc-md5, and des3-cbc-sha1 + + * lib/krb5/heim_err.et: error message for unsupported salt + + * lib/krb5/codec.c: short-circuit these functions, since they are + not needed any more + + * lib/krb5/rd_safe.c: cleanup and adapt to new crypto api + +Mon Jul 13 23:00:59 1998 Assar Westerlund + + * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance + hostent->h_addr_list, use a copy instead + +Mon Jul 13 15:00:31 1998 Johan Danielsson + + * lib/krb5/config_file.c (parse_binding, parse_section): make sure + everything is ok before adding to linked list + + * lib/krb5/config_file.c: skip ws before checking for comment + +Wed Jul 8 10:45:45 1998 Johan Danielsson + + * lib/asn1/k5.asn1: hmac-sha1-des3 = 12 + +Tue Jun 30 18:08:05 1998 Assar Westerlund + + * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the + unopened file + + * lib/krb5/mk_priv.c: realloc correctly + + * lib/krb5/get_addrs.c (find_all_addresses): init j + + * lib/krb5/context.c (krb5_init_context): print error if parsing + of config file produced an error. + + * lib/krb5/config_file.c (parse_list, krb5_config_parse_file): + ignore more spaces + + * lib/krb5/codec.c (krb5_encode_EncKrbCredPart, + krb5_encode_ETYPE_INFO): initialize `ret' + + * lib/krb5/build_auth.c (krb5_build_authenticator): realloc + correctly + + * lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret' + + * lib/kadm5/init_c.c (get_cred_cache): try to do the right thing + with default_client + + * kuser/kinit.c (main): initialize `ticket_life' + + * kdc/kerberos5.c (get_pa_etype_info): initialize `ret' + (tgs_rep2): initialize `krbtgt' + + * kdc/connect.c (do_request): check for errors from `sendto' + + * kdc/524.c (do_524): initialize `ret' + + * kadmin/util.c (foreach_principal): don't clobber `ret' + + * kadmin/del.c (del_entry): don't apply on zeroth argument + + * kadmin/cpw.c (do_cpw_entry): initialize `ret' + +Sat Jun 13 04:14:01 1998 Assar Westerlund + + * Release 0.0r + +Sun Jun 7 04:13:14 1998 Assar Westerlund + + * lib/krb5/addr_families.c: fall-back definition of + IN6_ADDR_V6_TO_V4 + + * configure.in: only set CFLAGS if it wasn't set look for + dn_expand and res_search + +Mon Jun 1 21:28:07 1998 Assar Westerlund + + * configure.in: remove duplicate seteuid + +Sat May 30 00:19:51 1998 Johan Danielsson + + * lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid + runtime dependencies on libkrb with some shared library + implementations + +Fri May 29 00:09:02 1998 Johan Danielsson + + * kuser/kinit_options.c: Default options for kinit. + + * kuser/kauth_options.c: Default options for kauth. + + * kuser/kinit.c: Implement lots a new options. + + * kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime + is not NULL; set endtime to min of new starttime + old_life, and + requested endtime + + * lib/krb5/init_creds_pw.c (get_init_creds_common): if the + forwardable or proxiable flags are set in options, set the + kdc-flags to the value specified, and not always to one + +Thu May 28 21:28:06 1998 Johan Danielsson + + * kdc/kerberos5.c: Optionally compare client address to addresses + in ticket. + + * kdc/connect.c: Pass client address to as_rep() and tgs_rep(). + + * kdc/config.c: Add check_ticket_addresses, and + allow_null_ticket_addresses variables. + +Tue May 26 14:03:42 1998 Johan Danielsson + + * lib/kadm5/create_s.c: possibly make DES keys version 4 salted + + * lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt + before zapping version 4 salts + +Sun May 24 05:22:17 1998 Assar Westerlund + + * Release 0.0q + + * lib/krb5/aname_to_localname.c: new file + + * lib/gssapi/init_sec_context.c (repl_mutual): no output token + + * lib/gssapi/display_name.c (gss_display_name): zero terminate + output. + +Sat May 23 19:11:07 1998 Assar Westerlund + + * lib/gssapi/display_status.c: new file + + * Makefile.am: send -I to aclocal + + * configure.in: remove duplicate setenv + +Sat May 23 04:55:19 1998 Johan Danielsson + + * kadmin/util.c (foreach_principal): Check for expression before + wading through the whole database. + + * kadmin/kadmin.c: Pass NULL password to + kadm5_*_init_with_password. + + * lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use + of `password' parameter to init_with_password. + + * lib/kadm5/init_s.c: implement init_with_{skey,creds}* + + * lib/kadm5/server.c: Better arguments for + kadm5_init_with_password. + +Sat May 16 07:10:36 1998 Assar Westerlund + + * kdc/hprop.c: conditionalize ka-server reading support on + KASERVER_DB + + * configure.in: new option `--enable-kaserver-db' + +Fri May 15 19:39:18 1998 Johan Danielsson + + * lib/krb5/get_cred.c: Better error if local tgt couldn't be + found. + +Tue May 12 21:11:02 1998 Assar Westerlund + + * Release 0.0p + + * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set + encryption type in auth_context if it's compatible with the type + of the session key + +Mon May 11 21:11:14 1998 Johan Danielsson + + * kdc/hprop.c: add support for ka-server databases + + * appl/ftp/ftpd: link with -lcrypt, if needed + +Fri May 1 07:29:52 1998 Assar Westerlund + + * configure.in: don't test for winsock.h + +Sat Apr 18 21:43:11 1998 Johan Danielsson + + * Release 0.0o + +Sat Apr 18 00:31:11 1998 Johan Danielsson + + * lib/krb5/sock_principal.c: Save hostname. + +Sun Apr 5 11:29:45 1998 Johan Danielsson + + * lib/krb5/mk_req_ext.c: Use same enctype as in ticket. + + * kdc/hprop.c (v4_prop): Check for null key. + +Fri Apr 3 03:54:54 1998 Johan Danielsson + + * lib/krb5/str2key.c: Fix DES3 string-to-key. + + * lib/krb5/keytab.c: Get default keytab name from context. + + * lib/krb5/context.c: Get `default_keytab_name' value. + + * kadmin/util.c (foreach_principal): Print error message if + `kadm5_get_principals' fails. + + * kadmin/kadmind.c: Use `kadmind_loop'. + + * lib/kadm5/server.c: Replace several other functions with + `kadmind_loop'. + +Sat Mar 28 09:49:18 1998 Assar Westerlund + + * lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead + of O_APPEND + + * configure.in: generate ftp Makefiles + + * kuser/klist.c (print_cred_verbose): print IPv4-address in a + portable way. + + * admin/srvconvert.c (srvconv): return 0 if successful + +Tue Mar 24 00:40:33 1998 Johan Danielsson + + * lib/krb5/keytab.c: MIT compatible changes: add and use sizes to + keytab entries, and change default keytab to `/etc/krb5.keytab'. + +Mon Mar 23 23:43:59 1998 Johan Danielsson + + * lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'. + + * lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'. + Fix bug in checking of pad. + + * lib/gssapi/{un,}wrap.c: Add support for just integrity + protecting data. + + * lib/gssapi/accept_sec_context.c: Use + `gssapi_krb5_verify_8003_checksum'. + + * lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'. + + * lib/gssapi/init_sec_context.c: Zero cred, and store session key + properly in auth-context. + +Sun Mar 22 00:47:22 1998 Johan Danielsson + + * lib/kadm5/delete_s.c: Check immutable bit. + + * kadmin/kadmin.c: Pass client name to kadm5_init. + + * lib/kadm5/init_c.c: Get creds for client name passed in. + + * kdc/hprop.c (v4_prop): Check for `changepw.kerberos'. + +Sat Mar 21 22:57:13 1998 Johan Danielsson + + * lib/krb5/mk_error.c: Verify that error_code is in the range + [0,127]. + + * kdc/kerberos5.c: Move checking of principal flags to new + function `check_flags'. + +Sat Mar 21 14:38:51 1998 Assar Westerlund + + * lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt + + * configure.in: define SunOS if running solaris + +Sat Mar 21 00:26:34 1998 Johan Danielsson + + * lib/kadm5/server.c: Unifdef test for same principal when + changing password. + + * kadmin/util.c: If kadm5_get_principals failes, we might still be + able to perform the requested opreration (for instance someone if + trying to change his own password). + + * lib/kadm5/init_c.c: Try to get ticket via initial request, if + not possible via tgt. + + * lib/kadm5/server.c: Check for principals changing their own + passwords. + + * kdc/kerberos5.c (tgs_rep2): check for interesting flags on + involved principals. + + * kadmin/util.c: Fix order of flags. + +Thu Mar 19 16:54:10 1998 Johan Danielsson + + * kdc/kerberos4.c: Return sane error code if krb_rd_req fails. + +Wed Mar 18 17:11:47 1998 Assar Westerlund + + * acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6 + +Wed Mar 18 09:58:18 1998 Johan Danielsson + + * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't + free keyseed; use correct keytab + +Tue Mar 10 09:56:16 1998 Assar Westerlund + + * acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives + +Mon Mar 16 23:58:23 1998 Johan Danielsson + + * Release 0.0n + +Fri Mar 6 00:41:30 1998 Johan Danielsson + + * lib/gssapi/{accept_sec_context,release_cred}.c: Use + krb5_kt_close/krb5_kt_resolve. + + * lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver + to lookup hosts, so CNAMEs can be ignored. + + * lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http): + Add support for using proxy. + + * lib/krb5/context.c: Initialize `http_proxy' from + `libdefaults/http_proxy'. + + * lib/krb5/krb5.h: Add `http_proxy' to context. + + * lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol + specifications. + +Wed Mar 4 01:47:29 1998 Johan Danielsson + + * admin/ktutil.c: Implement `add' and `remove' functions. Make + `--keytab' a global option. + + * lib/krb5/keytab.c: Implement remove with files. Add memory + operations. + +Tue Mar 3 20:09:59 1998 Johan Danielsson + + * lib/krb5/keytab.c: Use function pointers. + + * admin: Remove kdb_edit. + +Sun Mar 1 03:28:42 1998 Assar Westerlund + + * lib/kadm5/dump_log.c: print operation names + +Sun Mar 1 03:04:12 1998 Assar Westerlund + + * configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth} + + * lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c: + remove arbitrary limit + + * kdc/hprop-common.c: use krb5_{read,write}_message + + * lib/kadm5/ipropd_master.c (send_diffs): more careful use + krb5_{write,read}_message + + * lib/kadm5/ipropd_slave.c (get_creds): get credentials for + `iprop/master' directly. + (main): use `krb5_read_message' + +Sun Mar 1 02:05:11 1998 Johan Danielsson + + * kadmin/kadmin.c: Cleanup commands list, and add help strings. + + * kadmin/get.c: Add long, short, and terse (equivalent to `list') + output formats. Short is the default. + + * kadmin/util.c: Add `include_time' flag to timeval2str. + + * kadmin/init.c: Max-life and max-renew can, infact, be zero. + + * kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'. + + * kadmin/util.c: Add function `foreach_principal', that loops over + all principals matching an expression. + + * kadmin/kadmin.c: Add usage string to `privileges'. + + * lib/kadm5/get_princs_s.c: Also try to match aganist the + expression appended with `@default-realm'. + + * lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that + excludes the realm if it's the same as the default realm. + +Fri Feb 27 05:02:21 1998 Assar Westerlund + + * configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing + headers and functions error -> com_err + + (krb5_get_init_creds_keytab): use krb5_keytab_key_proc + + * lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc' + global + + * lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data' + + * lib/hdb/ndbm.c: use `struct ndbm_db' everywhere. + +Fri Feb 27 04:49:24 1998 Assar Westerlund + + * lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240. + This should be fixed the correct way. + + * lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly + (send_diffs): compare versions correctly + (main): reorder handling of events + + * lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion + +Thu Feb 26 02:22:35 1998 Assar Westerlund + + * lib/kadm5/ipropd_{slave,master}.c: new files + + * lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as + argument + + * lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct + et_list *' + + * aux/make-proto.pl: Should work with perl4 + +Mon Feb 16 17:20:22 1998 Johan Danielsson + + * lib/krb5/krb5_locl.h: Remove (it gets included via + {asn1,krb5}_err.h). + +Thu Feb 12 03:28:40 1998 Assar Westerlund + + * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference + is larger than max_skew, return KRB5KRB_AP_ERR_SKEW + + * lib/kadm5/log.c (get_version): globalize + + * lib/kadm5/kadm5_locl.h: include + + * lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY + + * kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of + initializing local struct in declaration. + +Sat Jan 31 17:28:58 1998 Johan Danielsson + + * kdc/524.c: Use krb5_decode_EncTicketPart. + + * kdc/kerberos5.c: Check at runtime whether to use enctypes + instead of keytypes. If so use the same value to encrypt ticket, + and kdc-rep as well as `keytype' for session key. Fix some obvious + bugs with the handling of additional tickets. + + * lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and + krb5_decode_Authenticator. + + * lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart. + + * lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart. + + * lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption + type, and not a key type. Use krb5_encode_EncAPRepPart. + + * lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO. + + * lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart. + + * lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart. + + * lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart. + + * lib/krb5/build_auth.c: Use krb5_encode_Authenticator. + + * lib/krb5/codec.c: Enctype conversion stuff. + + * lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running + setuid. Get configuration for libdefaults ktype_is_etype, and + default_etypes. + + * lib/krb5/encrypt.c: Add krb5_string_to_etype, rename + krb5_convert_etype to krb5_decode_keytype, and add + krb5_decode_keyblock. + +Fri Jan 23 00:32:09 1998 Johan Danielsson + + * lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype. + + * lib/krb5/encrypt.c: Add krb5_convert_etype function - converts + from protocol keytypes (that really are enctypes) to internal + representation. + +Thu Jan 22 21:24:36 1998 Johan Danielsson + + * lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information + on keys in the database; and also a new `pa-key-info' padata-type. + + * kdc/kerberos5.c: If pre-authentication fails, return a list of + keytypes, salttypes, and salts. + + * lib/krb5/init_creds_pw.c: Add better support for + pre-authentication, by looking at hints from the KDC. + + * lib/krb5/get_in_tkt.c: Add better support for specifying what + pre-authentication to use. + + * lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and + KEYTYPE_DES_AFS3. + + * lib/krb5/krb5.h: Add pre-authentication structures. + + * kdc/connect.c: Don't fail if realloc(X, 0) returns NULL. + +Wed Jan 21 06:20:40 1998 Assar Westerlund + + * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize + `log_context.socket_name' and `log_context.socket_fd' + + * lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram + to inform the possible running ipropd of an update. + +Wed Jan 21 01:34:09 1998 Johan Danielsson + + * lib/krb5/get_in_tkt.c: Return error-packet to caller. + + * lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error. + + * kdc/kerberos5.c: Add some support for using enctypes instead of + keytypes. + + * lib/krb5/get_cred.c: Fixes to send authorization-data to the + KDC. + + * lib/krb5/build_auth.c: Only generate local subkey if there is + none. + + * lib/krb5/krb5.h: Add krb5_authdata type. + + * lib/krb5/auth_context.c: Add + krb5_auth_con_set{,localsub,remotesub}key. + + * lib/krb5/init_creds_pw.c: Return some error if prompter + functions return failure. + +Wed Jan 21 01:16:13 1998 Assar Westerlund + + * kpasswd/kpasswd.c: detect bad password. use krb5_err. + + * kadmin/util.c (edit_entry): remove unused variables + +Tue Jan 20 22:58:31 1998 Assar Westerlund + + * kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible. + + * lib/kadm5/kadm5_locl.h: add kadm5_log_context and + kadm5_log*-functions + + * lib/kadm5/create_s.c (kadm5_s_create_principal): add change to + log + + * lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to + log + + * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize + log_context + + * lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to + log + + * lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to + log + + * lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to + log + + * lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to + log + + * lib/kadm5/Makefile.am: add log.c, dump_log and replay_log + + * lib/kadm5/replay_log.c: new file + + * lib/kadm5/dump_log.c: new file + + * lib/kadm5/log.c: new file + + * lib/krb5/str2key.c (get_str): initialize pad space to zero + + * lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL + + * kpasswd/kpasswdd.c: rewritten to use the kadm5 API + + * kpasswd/Makefile.am: link with kadm5srv + + * kdc/kerberos5.c (tgs_rep): initialize `i' + + * kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp + + * include/Makefile.am: added admin.h + +Sun Jan 18 01:41:34 1998 Johan Danielsson + + * lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes. + + * lib/krb5/mcache.c (mcc_store_cred): restore linked list if + copy_creds fails. + +Tue Jan 6 04:17:56 1998 Assar Westerlund + + * lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp} + + * lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask. + + * lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use + krb5_getportbyname + + * kadmin/kadmind.c (main): htons correctly. + moved kadm5_server_{recv,send} + + * kadmin/kadmin.c (main): only set admin_server if explicitly + given + +Mon Jan 5 23:34:44 1998 Johan Danielsson + + * lib/hdb/ndbm.c: Implement locking of database. + + * kdc/kerberos5.c: Process AuthorizationData. + +Sat Jan 3 22:07:07 1998 Johan Danielsson + + * kdc/string2key.c: Use AFS string-to-key from libkrb5. + + * lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case. + + * lib/krb5/krb5.h: Add value for AFS salts. + + * lib/krb5/str2key.c: Add support for AFS string-to-key. + + * lib/kadm5/rename_s.c: Use correct salt. + + * lib/kadm5/ent_setup.c: Always enable client. Only set max-life + and max-renew if != 0. + + * lib/krb5/config_file.c: Add context to all krb5_config_*get_*. + +Thu Dec 25 17:03:25 1997 Assar Westerlund + + * kadmin/ank.c (ank): don't zero password if --random-key was + given. + +Tue Dec 23 01:56:45 1997 Assar Westerlund + + * Release 0.0m + + * lib/kadm5/ent_setup.c (attr_to_flags): try to set `client' + + * kadmin/util.c (edit_time): only set mask if != 0 + (edit_attributes): only set mask if != 0 + + * kadmin/init.c (init): create `default' + +Sun Dec 21 09:44:05 1997 Assar Westerlund + + * kadmin/util.c (str2deltat, str2attr, get_deltat): return value + as pointer and have return value indicate success. + + (get_response): check NULL from fgets + + (edit_time, edit_attributes): new functions for reading values and + offering list of answers on '?' + + (edit_entry): use edit_time and edit_attributes + + * kadmin/ank.c (add_new_key): test the return value of + `krb5_parse_name' + + * kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say + that the checksum has to be keyed, even though later drafts do. + Accept unkeyed checksums to be compatible with MIT. + + * kadmin/kadmin_locl.h: add some prototypes. + + * kadmin/util.c (edit_entry): return a value + + * appl/afsutil/afslog.c (main): return a exit code. + + * lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes + + * lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function. + + * lib/krb5/build_auth.c (krb5_build_authenticator): use + krb5_{free,copy}_keyblock instead of the _contents versions + +Fri Dec 12 14:20:58 1997 Johan Danielsson + + * lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey + +Mon Dec 8 08:48:09 1997 Johan Danielsson + + * lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid + +Sat Dec 6 10:09:40 1997 Johan Danielsson + + * lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL + keyblock + +Sat Dec 6 08:26:10 1997 Assar Westerlund + + * Release 0.0l + +Thu Dec 4 03:38:12 1997 Johan Danielsson + + * lib/krb5/send_to_kdc.c: Add TCP client support. + + * lib/krb5/store.c: Add k_{put,get}_int. + + * kadmin/ank.c: Set initial kvno to 1. + + * kdc/connect.c: Send version 5 TCP-reply as length+data. + +Sat Nov 29 07:10:11 1997 Assar Westerlund + + * lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug + + * kdc/kaserver.c (create_reply_ticket): use a random nonce in the + reply packet. + + * kdc/connect.c (init_sockets): less reallocing. + + * **/*.c: changed `struct fd_set' to `fd_set' + +Sat Nov 29 05:12:01 1997 Johan Danielsson + + * lib/krb5/get_default_principal.c: More guessing. + +Thu Nov 20 02:55:09 1997 Johan Danielsson + + * lib/krb5/rd_req.c: Use principal from ticket if no server is + given. + +Tue Nov 18 02:58:02 1997 Johan Danielsson + + * kuser/klist.c: Use krb5_err*(). + +Sun Nov 16 11:57:43 1997 Johan Danielsson + + * kadmin/kadmin.c: Add local `init', `load', `dump', and `merge' + commands. + +Sun Nov 16 02:52:20 1997 Assar Westerlund + + * lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct + `enctype' + + * lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype' + if set. + + * lib/krb5/get_cred.c: handle the case of a specific keytype + + * lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a + parameter instead of guessing it. + + * lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter + `enctype' + + * appl/test/common.c (common_setup): don't use `optarg' + + * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function + (krb5_kt_get_entry): retrieve the latest version if kvno == 0 + + * lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE + + * lib/krb5/creds.c (krb5_compare_creds): check for + KRB5_TC_MATCH_KEYTYPE + + * lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove + unused variable + + * lib/krb5/creds.c (krb5_copy_creds_contents): only free the + contents if we fail. + +Sun Nov 16 00:32:48 1997 Johan Danielsson + + * kpasswd/kpasswdd.c: Get password expiration time from config + file. + + * lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size. + +Wed Nov 12 02:35:57 1997 Assar Westerlund + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): + restructured and fixed. + + * lib/krb5/addr_families.c (krb5_h_addr2addr): new function. + +Wed Nov 12 01:36:01 1997 Johan Danielsson + + * lib/krb5/get_addrs.c: Fall back to hostname's addresses if other + methods fail. + +Tue Nov 11 22:22:12 1997 Johan Danielsson + + * kadmin/kadmin.c: Add `-l' flag to use local database. + + * lib/kadm5/acl.c: Use KADM5_PRIV_ALL. + + * lib/kadm5: Use function pointer trampoline for easier dual use + (without radiation-hardening capability). + +Tue Nov 11 05:15:22 1997 Assar Westerlund + + * lib/krb5/encrypt.c (krb5_etype_valid): new function + + * lib/krb5/creds.c (krb5_copy_creds_contents): zero target + + * lib/krb5/context.c (valid_etype): remove + + * lib/krb5/checksum.c: remove dead code + + * lib/krb5/changepw.c (send_request): free memory on error. + + * lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value + from malloc. + + * lib/krb5/auth_context.c (krb5_auth_con_init): free memory on + failure correctly. + (krb5_auth_con_setaddrs_from_fd): return error correctly. + + * lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files + +Tue Nov 11 02:53:19 1997 Johan Danielsson + + * lib/krb5/auth_context.c: Implement auth_con_setuserkey. + + * lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey. + + * lib/krb5/keyblock.c: Rename krb5_free_keyblock to + krb5_free_keyblock_contents, and reimplement krb5_free_keyblock. + + * lib/krb5/rd_req.c: Use auth_context->keyblock if + ap_options.use_session_key. + +Tue Nov 11 02:35:17 1997 Assar Westerlund + + * lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'. + fix callers. + + * lib/krb5/krb5_locl.h: include and + + * include/Makefile.am: add xdbm.h + +Tue Nov 11 01:58:22 1997 Johan Danielsson + + * lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc. + +Mon Nov 10 22:41:53 1997 Johan Danielsson + + * lib/krb5/ticket.c: Implement copy_ticket. + + * lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible. + + * lib/krb5/data.c: Implement free_data and copy_data. + +Sun Nov 9 02:17:27 1997 Johan Danielsson + + * lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals. + + * kadmin/kadmin.c: Add get_privileges function. + + * lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with + specification. + + * kdc/connect.c: Exit if no sockets could be bound. + + * kadmin/kadmind.c: Check return value from krb5_net_read(). + + * lib/kadm5,kadmin: Fix memory leaks. + +Fri Nov 7 02:45:26 1997 Johan Danielsson + + * lib/kadm5/create_s.c: Get some default values from `default' + principal. + + * lib/kadm5/ent_setup.c: Add optional default entry to get some + values from. + +Thu Nov 6 00:20:41 1997 Johan Danielsson + + * lib/error/compile_et.awk: Remove generated destroy_*_error_table + prototype + + * kadmin/kadmind.c: Crude admin server. + + * kadmin/kadmin.c: Update to use remote protocol. + + * kadmin/get.c: Fix principal formatting. + + * lib/kadm5: Add client support. + + * lib/kadm5/error.c: Error code mapping. + + * lib/kadm5/server.c: Kadmind support function. + + * lib/kadm5/marshall.c: Kadm5 marshalling. + + * lib/kadm5/acl.c: Simple acl system. + + * lib/kadm5/kadm5_locl.h: Add client stuff. + + * lib/kadm5/init_s.c: Initialize acl. + + * lib/kadm5/*: Return values. + + * lib/kadm5/create_s.c: Correct kvno. + +Wed Nov 5 22:06:50 1997 Johan Danielsson + + * lib/krb5/log.c: Fix parsing of log destinations. + +Mon Nov 3 20:33:55 1997 Johan Danielsson + + * lib/krb5/principal.c: Reduce number of reallocs in unparse_name. + +Sat Nov 1 01:40:53 1997 Johan Danielsson + + * kadmin: Simple kadmin utility. + + * admin/ktutil.c: Print keytype. + + * lib/kadm5/get_s.c: Set correct n_key_data. + + * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use + master key. + + * lib/kadm5/destroy_s.c: Check for allocated context. + + * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys(). + +Sat Nov 1 00:21:00 1997 Assar Westerlund + + * configure.in: test for readv, writev + +Wed Oct 29 23:41:26 1997 Assar Westerlund + + * lib/krb5/warn.c (_warnerr): handle the case of an illegal error + code + + * kdc/kerberos5.c (encode_reply): return success + +Wed Oct 29 18:01:59 1997 Johan Danielsson + + * kdc/kerberos5.c (find_etype) Return correct index of selected + etype. + +Wed Oct 29 04:07:06 1997 Assar Westerlund + + * Release 0.0k + + * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG' + environment variable + + * *: use the roken_get*-macros from roken.h for the benefit of + Crays. + + * configure.in: add --{enable,disable}-otp. check for compatible + prototypes for gethostbyname, gethostbyaddr, getservbyname, and + openlog (they have strange prototypes on Crays) + + * acinclude.m4: new macro `AC_PROTO_COMPAT' + +Tue Oct 28 00:11:22 1997 Johan Danielsson + + * kdc/connect.c: Log bad requests. + + * kdc/kerberos5.c: Move stuff that's in common between as_rep and + tgs_rep to separate functions. + + * kdc/kerberos5.c: Fix user-to-user authentication. + + * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials: + - add a kdc-options argument to krb5_get_credentials, and rename + it to krb5_get_credentials_with_flags + - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options + - add some more user-to-user glue + + * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new + function, krb5_decrypt_ticket, so it is easier to decrypt and + check a ticket without having an ap-req. + + * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER + flags. + + * lib/krb5/crc.c (crc_init_table): Check if table is already + inited. + +Sun Oct 26 04:51:02 1997 Johan Danielsson + + * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case + indefinite encoding. + + * lib/asn1/gen_glue.c (generate_units): Check for empty + member-list. + +Sat Oct 25 07:24:57 1997 Johan Danielsson + + * lib/error/compile_et.awk: Allow specifying table-base. + +Tue Oct 21 20:21:40 1997 Johan Danielsson + + * kdc/kerberos5.c: Check version number of krbtgt. + +Mon Oct 20 01:14:53 1997 Assar Westerlund + + * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the + case of unhidden prompts. + + * lib/krb5/str2key.c (string_to_key_internal): return error + instead of aborting. always free memory + + * admin/ktutil.c: add `help' command + + * admin/kdb_edit.c: implement new commands: add_random_key(ark), + change_password(cpw), change_random_key(crk) + +Thu Oct 16 05:16:36 1997 Assar Westerlund + + * kpasswd/kpasswdd.c: change all the keys in the database + + * kdc: removed all unsealing, now done by the hdb layer + + * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key' + and `hdb_clear_master_key' + + * admin/misc.c: removed + +Wed Oct 15 22:47:31 1997 Assar Westerlund + + * kuser/klist.c: print year as YYYY iff verbose + +Wed Oct 15 20:02:13 1997 Johan Danielsson + + * kuser/klist.c: print etype from ticket + +Mon Oct 13 17:18:57 1997 Johan Danielsson + + * Release 0.0j + + * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be + used to decrypt the reply from DCE secds. + + * lib/krb5/auth_context.c: Add {get,set}enctype. + + * lib/krb5/get_cred.c: Fix for DCE secd. + + * lib/krb5/store.c: Store keytype twice, as MIT does. + + * lib/krb5/get_in_tkt.c: Use etype from reply. + +Fri Oct 10 00:39:48 1997 Johan Danielsson + + * kdc/connect.c: check for leading '/' in http request + +Tue Sep 30 21:50:18 1997 Assar Westerlund + + * Release 0.0i + +Mon Sep 29 15:58:43 1997 Assar Westerlund + + * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know + the kvno or keytype before receiving the AP-REQ + + * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to + use from the keytype. + + * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what + cksumtype to use from the keytype. + + * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use + from the keytype. + + * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out + what etype to use from the keytype. + + * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): + handle other key types than DES + + * lib/krb5/encrypt.c (key_type): add `best_cksumtype' + (krb5_keytype_to_cksumtype): new function + + * lib/krb5/build_auth.c (krb5_build_authenticator): figure out + what etype to use from the keytype. + + * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype' + and `enctype' to 0 + + * admin/extkeytab.c (ext_keytab): extract all keys + + * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge + + * configure.in: check for . check for -linet6 + +Tue Sep 23 03:00:53 1997 Assar Westerlund + + * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1 + + * lib/krb5/rd_safe.c: fix check for keyed and collision-proof + checksum + + * lib/krb5/context.c (valid_etype): remove hard-coded constants + (default_etypes): include DES3 + + * kdc/kerberos5.c: fix check for keyed and collision-proof + checksum + + * admin/util.c (init_des_key, set_password): DES3 keys also + + * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means + no contact? + + * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr' + +Mon Sep 22 11:44:27 1997 Johan Danielsson + + * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by + the client is used to select wich key to encrypt the kdc rep with + (in case of as-req), and with the server info to select the + session key type. The server key the ticket is encrypted is based + purely on the keys in the database. + + * kdc/string2key.c: Add keytype support. Default to version 5 + keys. + + * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse. + + * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add + many *_to_* functions. + + * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument + to krb5_string_to_key(). + + * lib/krb5/checksum.c: Some cleanup, and added: + - rsa-md5-des3 + - hmac-sha1-des3 + - keyed and collision proof flags to each checksum method + - checksum<->string functions. + + * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock. + +Sun Sep 21 15:19:23 1997 Assar Westerlund + + * kdc/connect.c: use new addr_families functions + + * kpasswd/kpasswdd.c: use new addr_families functions. Now works + over IPv6 + + * kuser/klist.c: use correct symbols for address families + + * lib/krb5/sock_principal.c: use new addr_families functions + + * lib/krb5/send_to_kdc.c: use new addr_families functions + + * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6 + + * lib/krb5/get_addrs.c: use new addr_families functions + + * lib/krb5/changepw.c: use new addr_families functions. Now works + over IPv6 + + * lib/krb5/auth_context.c: use new addr_families functions + + * lib/krb5/addr_families.c: new file + + * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6. Updated + uses. + + * acinclude.m4: new macro `AC_KRB_IPV6'. Use it. + +Sat Sep 13 23:04:23 1997 Johan Danielsson + + * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable + principals. + +Sat Sep 13 00:59:36 1997 Assar Westerlund + + * Release 0.0h + + * appl/telnet/telnet/commands.c: AF_INET6 support + + * admin/misc.c: new file + + * lib/krb5/context.c: new configuration variable `max_retries' + + * lib/krb5/get_addrs.c: fixes and better #ifdef's + + * lib/krb5/config_file.c: implement krb5_config_get_int + + * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c: + AF_INET6 support + + * kuser/klist.c: support for printing IPv6-addresses + + * kdc/connect.c: support AF_INET6 + + * configure.in: test for gethostbyname2 and struct sockaddr_in6 + +Thu Sep 11 07:25:28 1997 Assar Westerlund + + * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF + PA-DATA' + +Wed Sep 10 21:20:17 1997 Johan Danielsson + + * kdc/kerberos5.c: Fixes for cross-realm, including (but not + limited to): + - allow client to be non-existant (should probably check for + "local realm") + - if server isn't found and it is a request for a krbtgt, try to + find a realm on the way to the requested realm + - update the transited encoding iff + client-realm != server-realm != tgt-realm + + * lib/krb5/get_cred.c: Several fixes for cross-realm. + +Tue Sep 9 15:59:20 1997 Johan Danielsson + + * kdc/string2key.c: Fix password handling. + + * lib/krb5/encrypt.c: krb5_key_to_string + +Tue Sep 9 07:46:05 1997 Assar Westerlund + + * lib/krb5/get_addrs.c: rewrote. Now should be able to handle + aliases and IPv6 addresses + + * kuser/klist.c: try printing IPv6 addresses + + * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192 + + * configure.in: check for + +Mon Sep 8 02:57:14 1997 Assar Westerlund + + * doc: fixes + + * admin/util.c (init_des_key): increase kvno + (set_password): return -1 if `des_read_pw_string' failed + + * admin/mod.c (doit2): check the return value from `set_password' + + * admin/ank.c (doit): don't add a new entry if `set_password' + failed + +Mon Sep 8 02:20:16 1997 Johan Danielsson + + * lib/krb5/verify_init.c: fix ap_req_nofail semantics + + * lib/krb5/transited.c: something that might resemble + domain-x500-compress + +Mon Sep 8 01:24:42 1997 Assar Westerlund + + * kdc/hpropd.c (main): check number of arguments + + * appl/popper/pop_init.c (pop_init): check number of arguments + + * kpasswd/kpasswd.c (main): check number of arguments + + * kdc/string2key.c (main): check number of arguments + + * kuser/kdestroy.c (main): check number of arguments + + * kuser/kinit.c (main): check number of arguments + + * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to + break out of select when a signal arrives + + * kdc/main.c (main): use sigaction without SA_RESTART to break out + of select when a signal arrives + + * kdc/kstash.c: default to HDB_DB_DIR "/m-key" + + * kdc/config.c (configure): add `--version'. Check the number of + arguments. Handle the case of there being no specification of port + numbers. + + * admin/util.c: seal and unseal key at appropriate places + + * admin/kdb_edit.c (main): parse arguments, config file and read + master key iff there's one. + + * admin/extkeytab.c (ext_keytab): unseal key while extracting + +Sun Sep 7 20:41:01 1997 Assar Westerlund + + * lib/roken/roken.h: include + + * kdc/kerberos5.c (set_salt_padata): new function + + * appl/telnet/telnetd/telnetd.c: Rename some variables that + conflict with cpp symbols on HP-UX 10.20 + + * change all calls of `gethostbyaddr' to cast argument 1 to `const + char *' + + * acconfig.h: only use SGTTY on nextstep + +Sun Sep 7 14:33:50 1997 Johan Danielsson + + * kdc/kerberos5.c: Check invalid flag. + +Fri Sep 5 14:19:38 1997 Johan Danielsson + + * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds. + + * lib/kafs: Move functions common to krb/krb5 modules to new file, + and make things more modular. + + * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST + -> krb5_config_list + +Thu Sep 4 23:39:43 1997 Johan Danielsson + + * lib/krb5/get_addrs.c: Fix loopback test. + +Thu Sep 4 04:45:49 1997 Assar Westerlund + + * lib/roken/roken.h: fallback definition of `O_ACCMODE' + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when + checking for a v4 reply + +Wed Sep 3 18:20:14 1997 Johan Danielsson + + * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags. + + * lib/hdb/hdb.c: new {seal,unseal}_keys functions + + * kdc/{hprop,hpropd}.c: Add support to dump database to stdout. + + * kdc/hprop.c: Don't use same master key as version 4. + + * admin/util.c: Don't dump core if no `default' is found. + +Wed Sep 3 16:01:07 1997 Johan Danielsson + + * kdc/connect.c: Allow run time port specification. + + * kdc/config.c: Add flags for http support, and port + specifications. + +Tue Sep 2 02:00:03 1997 Assar Westerlund + + * include/bits.c: Don't generate ifndef's in bits.h. Instead, use + them when building the program. This makes it possible to include + bits.h without having defined all HAVE_INT17_T symbols. + + * configure.in: test for sigaction + + * doc: updated documentation. + +Tue Sep 2 00:20:31 1997 Johan Danielsson + + * Release 0.0g + +Mon Sep 1 17:42:14 1997 Johan Danielsson + + * lib/krb5/data.c: don't return ENOMEM if len == 0 + +Sun Aug 31 17:15:49 1997 Johan Danielsson + + * lib/hdb/hdb.asn1: Include salt type in salt. + + * kdc/hprop.h: Change port to 754. + + * kdc/hpropd.c: Verify who tries to transmit a database. + + * appl/popper: Use getarg and krb5_log. + + * lib/krb5/get_port.c: Add context parameter. Now takes port in + host byte order. + +Sat Aug 30 18:48:19 1997 Johan Danielsson + + * kdc/connect.c: Add timeout to select, and log about expired tcp + connections. + + * kdc/config.c: Add `database' option. + + * kdc/hpropd.c: Log about duplicate entries. + + * lib/hdb/{db,ndbm}.c: Use common routines. + + * lib/hdb/common.c: Implement more generic fetch/store/delete + functions. + + * lib/hdb/hdb.h: Add `replace' parameter to store. + + * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor + entries. + +Fri Aug 29 03:13:23 1997 Assar Westerlund + + * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket + + * aux/make-proto.pl: fix __P for stone age mode + +Fri Aug 29 02:45:46 1997 Johan Danielsson + + * lib/45/mk_req.c: implementation of krb_mk_req that uses 524 + protocol + + * lib/krb5/init_creds_pw.c: make change_password and + get_init_creds_common static + + * lib/krb5/krb5.h: Merge stuff from removed headerfiles. + + * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops + + * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops + +Fri Aug 29 01:45:25 1997 Johan Danielsson + + * lib/krb5/krb5.h: Remove all prototypes. + + * lib/krb5/convert_creds.c: Use `struct credentials' instead of + `CREDENTIALS'. + +Fri Aug 29 00:08:18 1997 Assar Westerlund + + * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions + and units for bit strings. + + * admin/util.c: flags2int, int2flags, and flag_units are now + generated by asn1_compile + + * lib/roken/parse_units.c: generalised `parse_units' and + `unparse_units' and added new functions `parse_flags' and + `unparse_flags' that use these + + * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h + + * admin/util.c: Use {un,}parse_flags for printing and parsing + hdbflags. + +Thu Aug 28 03:26:12 1997 Assar Westerlund + + * lib/krb5/get_addrs.c: restructured + + * lib/krb5/warn.c (_warnerr): leak less memory + + * lib/hdb/hdb.c (hdb_free_entry): zero keys + (hdb_check_db_format): leak less memory + + * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement + NDBM__get, NDBM__put + + * lib/hdb/db.c (DB_seq): check for valid hdb_entries + +Thu Aug 28 02:06:58 1997 Johan Danielsson + + * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets. + +Thu Aug 28 01:13:17 1997 Assar Westerlund + + * kuser/kinit.1, klist.1, kdestroy.1: new man pages + + * kpasswd/kpasswd.1, kpasswdd.8: new man pages + + * kdc/kstash.8, hprop.8, hpropd.8: new man pages + + * admin/ktutil.8, admin/kdb_edit.8: new man pages + + * admin/mod.c: new file + + * admin/life.c: renamed gettime and puttime to getlife and putlife + and moved them to life.c + + * admin/util.c: add print_flags, parse_flags, init_entry, + set_created_by, set_modified_by, edit_entry, set_password. Use + them. + + * admin/get.c: use print_flags + + * admin: removed unused stuff. use krb5_{warn,err}* + + * admin/ank.c: re-organized and abstracted. + + * admin/gettime.c: removed + +Thu Aug 28 00:37:39 1997 Johan Danielsson + + * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply. + + * lib/roken/base64.c: Add base64 functions. + + * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support. + +Wed Aug 27 00:29:20 1997 Johan Danielsson + + * include/Makefile.am: Don't make links to built files. + + * admin/kdb_edit.c: Add command to set the database path. + + * lib/hdb: Include version number in database. + +Tue Aug 26 20:14:54 1997 Johan Danielsson + + * admin/ktutil: Merged v4 srvtab conversion. + +Mon Aug 25 23:02:18 1997 Assar Westerlund + + * lib/roken/roken.h: add F_OK + + * lib/gssapi/acquire_creds.c: fix typo + + * configure.in: call AC_TYPE_MODE_T + + * acinclude.m4: Add AC_TYPE_MODE_T + +Sun Aug 24 16:46:53 1997 Assar Westerlund + + * Release 0.0f + +Sun Aug 24 08:06:54 1997 Assar Westerlund + + * appl/popper/pop_pass.c: log poppers + + * kdc/kaserver.c: some more checks + + * kpasswd/kpasswd.c: removed `-p' + + * kuser/kinit.c: removed `-p' + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If + KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again. + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out + krb-error text + + * lib/gssapi/import_name.c (input_name): more names types. + + * admin/load.c (parse_keys): handle the case of an empty salt + + * kdc/kaserver.c: fix up memory deallocation + + * kdc/kaserver.c: quick hack at talking kaserver protocol + + * kdc/kerberos4.c: Make `db-fetch4' global + + * configure.in: add --enable-kaserver + + * kdc/rx.h, kdc/kerberos4.h: new header files + + * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o + +Sun Aug 24 03:52:44 1997 Johan Danielsson + + * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific + type conflicts. + + * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits. + + * lib/des/{md4,md5,sha}.c: Now works on Crays. + +Sat Aug 23 18:15:01 1997 Johan Danielsson + + * appl/afsutil/afslog.c: If no cells or files specified, get + tokens for all local cells. Better test for files. + +Thu Aug 21 23:33:38 1997 Assar Westerlund + + * lib/gssapi/v1.c: new file with v1 compatibility functions. + +Thu Aug 21 20:36:13 1997 Johan Danielsson + + * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket. + + * kdc/kerberos4.c: Check database when converting v4 principals. + + * kdc/kerberos5.c: Include kvno in Ticket. + + * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData. + + * kuser/klist.c: Print version number of ticket, include more + flags. + +Wed Aug 20 21:26:58 1997 Johan Danielsson + + * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for + expiration. + +Wed Aug 20 17:40:31 1997 Assar Westerlund + + * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff + there's an error. + + * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol + documentation and process KRB-ERROR's + +Tue Aug 19 20:41:30 1997 Johan Danielsson + + * kdc/kerberos4.c: Fix memory leak in v4 protocol handler. + +Mon Aug 18 05:15:09 1997 Assar Westerlund + + * lib/gssapi/accept_sec_context.c: Added + `gsskrb5_register_acceptor_identity' + +Sun Aug 17 01:40:20 1997 Assar Westerlund + + * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't + always pass server == NULL to krb5_rd_req. + + * lib/gssapi: new files: canonicalize_name.c export_name.c + context_time.c compare_name.c release_cred.c acquire_cred.c + inquire_cred.c, from Luke Howard + + * lib/krb5/config_file.c: Add netinfo support from Luke Howard + + + * lib/editline/sysunix.c: sgtty-support from Luke Howard + + + * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke + Howard + +Sat Aug 16 00:44:47 1997 Assar Westerlund + + * Release 0.0e + +Sat Aug 16 00:23:46 1997 Johan Danielsson + + * appl/afsutil/afslog.c: Use new libkafs. + + * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol. + + * lib/krb5/warn.c: Fix format string for *x type. + +Fri Aug 15 22:15:01 1997 Assar Westerlund + + * admin/get.c (get_entry): print more information about the entry + + * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed + + * lib/krb5/config_file.c: new functions `krb5_config_get_time' and + `krb5_config_vget_time'. Use them. + +Fri Aug 15 00:09:37 1997 Johan Danielsson + + * admin/ktutil.c: Keytab manipulation program. + + * lib/krb5/keytab.c: Return sane values from resolve and + start_seq_get. + + * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'. + + * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using + krb524_convert_creds_kdc. + + * lib/krb5/convert_creds.c: Implementation of + krb524_convert_creds_kdc. + + * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL + + * kdc/524.c: A somewhat working 524-protocol module. + + * kdc/kerberos4.c: Add version 4 ticket encoding and encryption + functions. + + * lib/krb5/context.c: Fix kdc_timeout. + + * lib/hdb/{ndbm,db}.c: Free name in close. + + * kdc/kerberos5.c (tgs_check_autenticator): Return error code + +Thu Aug 14 21:29:03 1997 Johan Danielsson + + * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply. + + * lib/krb5/store_emem.c: Fix reallocation bug. + +Tue Aug 12 01:29:46 1997 Assar Westerlund + + * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use + `krb5_sock_to_principal'. Send server parameter to + krb5_rd_req/krb5_recvauth. Set addresses in auth_context. + + * lib/krb5/recvauth.c: Set addresses in auth_context if there + aren't any + + * lib/krb5/auth_context.c: New function + `krb5_auth_con_setaddrs_from_fd' + + * lib/krb5/sock_principal.c: new function + `krb5_sock_to_principal' + + * lib/krb5/time.c: new file with `krb5_timeofday' and + `krb5_us_timeofday'. Use these functions. + + * kuser/klist.c: print KDC offset iff verbose + + * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if + [libdefaults]kdc_timesync is set. + + * lib/krb5/fcache.c: Implement version 4 of the ccache format. + +Mon Aug 11 05:34:43 1997 Assar Westerlund + + * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory + + * lib/krb5/principal.c (krb5_unparse_name): allocate memory + properly + + * kpasswd/kpasswd.c: Use `krb5_change_password' + + * lib/krb5/init_creds_pw.c (init_cred): set realm of server + correctly. + + * lib/krb5/init_creds_pw.c: support changing of password when it + has expired + + * lib/krb5/changepw.c: new file + + * kuser/klist.c: use getarg + + * admin/init.c (init): add `kadmin/changepw' + +Mon Aug 11 04:30:47 1997 Johan Danielsson + + * lib/krb5/get_cred.c: Make get_credentials handle cross-realm. + +Mon Aug 11 00:03:24 1997 Assar Westerlund + + * lib/krb5/config_file.c: implement support for #-comments + +Sat Aug 9 02:21:46 1997 Johan Danielsson + + * kdc/hprop*.c: Add database propagation programs. + + * kdc/connect.c: Max request size. + +Sat Aug 9 00:47:28 1997 Assar Westerlund + + * lib/otp: resurrected from krb4 + + * appl/push: new program for fetching mail with POP. + + * appl/popper/popper.h: new include files. new fields in `POP' + + * appl/popper/pop_pass.c: Implement both v4 and v5. + + * appl/popper/pop_init.c: Implement both v4 and v5. + + * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5 + + * appl/popper: Popper from krb4. + + * configure.in: check for inline and generate + files in appl/popper, appl/push, and lib/otp + +Fri Aug 8 05:51:02 1997 Assar Westerlund + + * lib/krb5/get_cred.c: clean-up and try to free memory even when + there're errors + + * lib/krb5/get_cred.c: adapt to new `extract_ticket' + + * lib/krb5/get_in_tkt.c: reorganize. check everything and try to + return memory even if there are errors. + + * kuser/kverify.c: new file + + * lib/krb5/free_host_realm.c: new file + + * lib/krb5/principal.c (krb5_sname_to_principal): implement + different nametypes. Also free memory. + + * lib/krb5/verify_init.c: more functionality + + * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum + + * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the + principals in creds. Should also compare them with that received + from the KDC + + * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated + krb5_ccache + (krb5_cc_destroy): call krb5_cc_close + (krb5_cc_retrieve_cred): delete the unused creds + +Fri Aug 8 02:30:40 1997 Johan Danielsson + + * lib/krb5/log.c: Allow better control of destinations of logging + (like passing explicit destinations, and log-functions). + +Fri Aug 8 01:20:39 1997 Assar Westerlund + + * lib/krb5/get_default_principal.c: new file + + * kpasswd/kpasswdd.c: use krb5_log* + +Fri Aug 8 00:37:47 1997 Johan Danielsson + + * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab. + +Fri Aug 8 00:37:17 1997 Assar Westerlund + + * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'. + Print password expire information. + + * kdc/config.c: new variable `kdc_warn_pwexpire' + + * kpasswd/kpasswd.c: converted to getarg and get_init_creds + +Thu Aug 7 22:17:09 1997 Assar Westerlund + + * lib/krb5/mcache.c: new file + + * admin/gettime.c: new function puttime. Use it. + + * lib/krb5/keyblock.c: Added krb5_free_keyblock and + krb5_copy_keyblock + + * lib/krb5/init_creds_pw.c: more functionality + + * lib/krb5/creds.c: Added krb5_free_creds_contents and + krb5_copy_creds. Changed callers. + + * lib/krb5/config_file.c: new functions krb5_config_get and + krb5_config_vget + + * lib/krb5/cache.c: cleanup added mcache + + * kdc/kerberos5.c: include last-req's of type 6 and 7, if + applicable + +Wed Aug 6 20:38:23 1997 Johan Danielsson + + * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'. + +Tue Aug 5 22:53:54 1997 Assar Westerlund + + * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c, + prompter_posix.c: the beginning of an implementation of the cygnus + initial-ticket API. + + * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is + almost krb5_get_in_tkt but doesn't write the creds to the ccache. + Small fixes in krb5_get_in_tkt + + * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include + loopback. + +Mon Aug 4 20:20:48 1997 Johan Danielsson + + * kdc: Make context global. + +Fri Aug 1 17:23:56 1997 Assar Westerlund + + * Release 0.0d + + * lib/roken/flock.c: new file + + * kuser/kinit.c: check for and print expiry information in the + `kdc_rep' + + * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL + + * kdc/kerberos5.c: Check the valid times on client and server. + Check the password expiration. + Check the require_preauth flag. + Send an lr_type == 6 with pw_end. + Set key.expiration to min(valid_end, pw_end) + + * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw' + + * admin/util.c, admin/load.c: handle the new flags. + +Fri Aug 1 16:56:12 1997 Johan Danielsson + + * lib/hdb: Add some simple locking. + +Sun Jul 27 04:44:31 1997 Johan Danielsson + + * lib/krb5/log.c: Add some general logging functions. + + * kdc/kerberos4.c: Add version 4 protocol handler. The requrement + for this to work is that all involved principals has a des key in + the database, and that the client has a version 4 (un-)salted + key. Furthermore krb5_425_conv_principal has to do it's job, as + present it's not very clever. + + * lib/krb5/principal.c: Quick patch to make 425_conv work + somewhat. + + * lib/hdb/hdb.c: Add keytype->key and next key functions. + +Fri Jul 25 17:32:12 1997 Assar Westerlund + + * lib/krb5/build_auth.c (krb5_build_authenticator): don't free + `cksum'. It's allocated and freed by the caller + + * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'. + + * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined + `client' to return as part of the KRB-ERROR + +Thu Jul 24 08:13:59 1997 Johan Danielsson + + * kdc/kerberos5.c: Unseal keys from database before use. + + * kdc/misc.c: New functions set_master_key, unseal_key and + free_key. + + * lib/roken/getarg.c: Handle `-f arg' correctly. + +Thu Jul 24 01:54:43 1997 Assar Westerlund + + * kuser/kinit.c: implement `-l' aka `--lifetime' + + * lib/roken/parse_units.c, parse_time.c: new files + + * admin/gettime.c (gettime): use `parse_time' + + * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending + KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA. + + * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set + addresses in auth_context bind one socket per interface. + + * kpasswd/kpasswd.c: use sequence numbers + + * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying + the timestamps + + * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key + from auth_context + + * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key + from auth_context + + * lib/krb5/mk_error.c (krb5_mk_error): return an error number and + not a comerr'd number. + + * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error + number in KRB-ERROR correctly. + + * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error + number in KRB-ERROR correctly. + + * lib/asn1/k5.asn1: Add `METHOD-DATA' + + * removed some memory leaks. + +Wed Jul 23 07:53:18 1997 Assar Westerlund + + * Release 0.0c + + * lib/krb5/rd_cred.c, get_for_creds.c: new files + + * lib/krb5/get_host_realm.c: try default realm as last chance + + * kpasswd/kpasswdd.c: updated to hdb changes + + * appl/telnet/libtelnet/kerberos5.c: Implement forwarding + + * appl/telnet/libtelnet: removed totally unused files + + * admin/ank.c: fix prompts and generation of random keys + +Wed Jul 23 04:02:32 1997 Johan Danielsson + + * admin/dump.c: Include salt in dump. + + * admin: Mostly updated for new db-format. + + * kdc/kerberos5.c: Update to use new db format. Better checking of + flags and such. More logging. + + * lib/hdb/hdb.c: Use generated encode and decode functions. + + * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code. + + * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none + in the reply. + +Sun Jul 20 16:22:30 1997 Assar Westerlund + + * kuser/kinit.c: break if des_read_pw_string() != 0 + + * kpasswd/kpasswdd.c: send a reply + + * kpasswd/kpasswd.c: restructured code. better report on + krb-error break if des_read_pw_string() != 0 + + * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for + starttime and renew_till + + * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a + keyblock to krb5_verify_chekcsum + +Sun Jul 20 06:35:46 1997 Johan Danielsson + + * Release 0.0b + + * kpasswd/kpasswd.c: Avoid using non-standard struct names. + +Sat Jul 19 19:26:23 1997 Assar Westerlund + + * lib/krb5/keytab.c (krb5_kt_get_entry): check return from + `krb5_kt_start_seq_get'. From + +Sat Jul 19 04:07:39 1997 Johan Danielsson + + * lib/asn1/k5.asn1: Update with more pa-data types from + draft-ietf-cat-kerberos-revisions-00.txt + + * admin/load.c: Update to match current db-format. + + * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving + up. Send back an empty pa-data if the client has the v4 flag set. + + * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted + pa-data. DTRT if there is any pa-data in the reply. + + * lib/krb5/str2key.c: XOR with some sane value. + + * lib/hdb/hdb.h: Add `version 4 salted key' flag. + + * kuser/kinit.c: Ask for password before calling get_in_tkt. This + makes it possible to call key_proc more than once. + + * kdc/string2key.c: Add flags to output version 5 (DES only), + version 4, and AFS string-to-key of a password. + + * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or + ENOMEM). + +Fri Jul 18 02:54:58 1997 Assar Westerlund + + * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the + name2name thing + + * kdc/misc.c: check result of hdb_open + + * admin/kdb_edit: updated to new sl + + * lib/sl: sl_func now returns an int. != 0 means to exit. + + * kpasswd/kpasswdd: A crude (but somewhat working) implementation + of `draft-ietf-cat-kerb-chg-password-00.txt' + +Fri Jul 18 00:55:39 1997 Johan Danielsson + + * kuser/krenew.c: Crude ticket renewing program. + + * kdc/kerberos5.c: Rewritten flags parsing, it now might work to + get forwarded and renewed tickets. + + * kuser/kinit.c: Add `-r' flag. + + * lib/krb5/get_cred.c: Move most of contents of get_creds to new + function get_kdc_cred, that always contacts the kdc and doesn't + save in the cache. This is a hack. + + * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request + (a bit kludgy). + + * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in. + + * lib/krb5/send_to_kdc.c: Get timeout from context. + + * lib/krb5/context.c: Add kdc_timeout to context struct. + +Thu Jul 17 20:35:45 1997 Johan Danielsson + + * kuser/klist.c: Print start time of ticket if available. + + * lib/krb5/get_host_realm.c: Return error if no realm was found. + +Thu Jul 17 20:28:21 1997 Assar Westerlund + + * kpasswd: non-working kpasswd added + +Thu Jul 17 00:21:22 1997 Johan Danielsson + + * Release 0.0a + + * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement. + +Wed Jul 16 03:37:41 1997 Johan Danielsson + + * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req. + + * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote + subkey. + + * lib/krb5/principal.c (krb5_free_principal): Check for NULL. + + * lib/krb5/send_to_kdc.c: Check for NULL return from + gethostbyname. + + * lib/krb5/set_default_realm.c: Try to get realm of local host if + no default realm is available. + + * Remove non ASN.1 principal code. + +Wed Jul 16 03:17:30 1997 Johan Danielsson + + * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better + error handing. Do some logging. + + * kdc/log.c: Some simple logging facilities. + + * kdc/misc.c (db_fetch): Take a krb5_principal. + + * kdc/connect.c: Pass address of request to as_rep and + tgs_rep. Send KRB-ERROR. + + * lib/krb5/mk_error.c: Add more fields. + + * lib/krb5/get_cred.c: Print normal error code if no e_text is + available. + +Wed Jul 16 03:07:50 1997 Assar Westerlund + + * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'. + Change encryption type of pa_enc_timestamp to DES-CBC-MD5 + + * lib/krb5/context.c: recognize all encryption types actually + implemented + + * lib/krb5/auth_context.c (krb5_auth_con_init): Change default + encryption type to `DES_CBC_MD5' + + * lib/krb5/read_message.c, write_message.c: new files + +Tue Jul 15 17:14:21 1997 Assar Westerlund + + * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'. + + * lib/error/compile_et.awk: generate a prototype for the + `destroy_foo_error_table' function. + +Mon Jul 14 12:24:40 1997 Assar Westerlund + + * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also + with `kerberos.REALM' + + * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use + `max_skew' + + * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator + subkey + + * lib/krb5/build_auth.c (krb5_build_authenticator): always + generate a subkey. + + * lib/krb5/address.c: implement `krb5_address_order' + + * lib/gssapi/import_name.c: Implement `gss_import_name' + + * lib/gssapi/external.c: Use new OID + + * lib/gssapi/encapsulate.c: New functions + `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed + callers. + + * lib/gssapi/decapsulate.c: New function + `gssaspi_krb5_verify_header'. Changed callers. + + * lib/asn1/gen*.c: Give tags to generated structs. + Use `err' and `asprintf' + + * appl/test/gss_common.c: new file + + * appl/test/gssapi_server.c: removed all krb5 calls + + * appl/telnet/libtelnet/kerberos5.c: Add support for genering and + verifying checksums. Also start using session subkeys. + +Mon Jul 14 12:08:25 1997 Johan Danielsson + + * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up. + +Sun Jul 13 03:07:44 1997 Assar Westerlund + + * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT + + * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and + `DES_encrypt_key_ivec' + + * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des + + * kdc/kerberos5.c (tgs_rep): support keyed checksums + + * lib/krb5/creds.c: new file + + * lib/krb5/get_in_tkt.c: better freeing + + * lib/krb5/context.c (krb5_free_context): more freeing + + * lib/krb5/config_file.c: New function `krb5_config_file_free' + + * lib/error/compile_et.awk: Generate a `destroy_' function. + + * kuser/kinit.c, klist.c: Don't leak memory. + +Sun Jul 13 02:46:27 1997 Johan Danielsson + + * kdc/connect.c: Check filedescriptor in select. + + * kdc/kerberos5.c: Remove most of the most common memory leaks. + + * lib/krb5/rd_req.c: Free allocated data. + + * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of + fields. + +Sun Jul 13 00:32:16 1997 Assar Westerlund + + * appl/telnet: Conditionalize the krb4-support. + + * configure.in: Test for krb4 + +Sat Jul 12 17:14:12 1997 Assar Westerlund + + * kdc/kerberos5.c: check if the pre-auth was decrypted properly. + set the `pre_authent' flag + + * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce. + + * lib/krb5/encrypt.c: Made `generate_random_block' global. + + * appl/test: Added gssapi_client and gssapi_server. + + * lib/krb5/data.c: Add `krb5_data_zero' + + * appl/test/tcp_client.c: try `mk_safe' and `mk_priv' + + * appl/test/tcp_server.c: try `rd_safe' and `rd_priv' + +Sat Jul 12 16:45:58 1997 Johan Danielsson + + * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but + returns zero length from SIOCGIFCONF. + +Sat Jul 12 16:38:34 1997 Assar Westerlund + + * appl/test: new programs + + * lib/krb5/rd_req.c: add address compare + + * lib/krb5/mk_req_ext.c: allow no checksum + + * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string + + * lib/krb5/address.c: fix `krb5_address_compare' + +Sat Jul 12 15:03:16 1997 Johan Danielsson + + * lib/krb5/get_addrs.c: Fix ip4 address extraction. + + * kuser/klist.c: Add verbose flag, and split main into smaller + pieces. + + * lib/krb5/fcache.c: Save ticket flags. + + * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and + flags. + + * lib/krb5/krb5.h: Add ticket_flags to krb5_creds. + +Sat Jul 12 13:12:48 1997 Assar Westerlund + + * configure.in: Call `AC_KRB_PROG_LN_S' + + * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4 + +Sat Jul 12 00:57:01 1997 Johan Danielsson + + * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to + pass options. + +Fri Jul 11 15:04:22 1997 Assar Westerlund + + * appl/telnet: telnet & telnetd seems to be working. + + * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed + krb5_config_vget_next + + * appl/telnet/libtelnet/kerberos5.c: update to current API + +Thu Jul 10 14:54:39 1997 Assar Westerlund + + * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call + `krb5_kuserok' + + * appl/telnet: Added. + +Thu Jul 10 05:09:25 1997 Johan Danielsson + + * lib/error/compile_et.awk: Remove usage of sub, gsub, and + functions for compatibility with awk. + + * include/bits.c: Must use signed char. + + * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets + here. + + * lib/error/error.c: Replace krb5_get_err_text with new function + com_right. + + * lib/error/compile_et.awk: Avoid using static variables. + + * lib/error/error.c: Don't use krb5_locl.h + + * lib/error/error.h: Move definitions of error_table and + error_list from krb5.h. + + * lib/error: Moved from lib/krb5. + +Wed Jul 9 07:42:04 1997 Johan Danielsson + + * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data. + +Wed Jul 9 06:58:00 1997 Assar Westerlund + + * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff + according to pseudocode from 1510 + +Wed Jul 9 06:06:06 1997 Johan Danielsson + + * lib/hdb/hdb.c: Add hdb_etype2key. + + * kdc/kerberos5.c: Check authenticator. Use more general etype + functions. + +Wed Jul 9 03:51:12 1997 Assar Westerlund + + * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to + draft-ietf-cat-kerberos-r-00.txt + + * lib/krb5/principal.c (krb5_parse_name): default to local realm + if none given + + * kuser/kinit.c: New option `-p' and prompt + +Wed Jul 9 02:30:06 1997 Johan Danielsson + + * lib/krb5/keyblock.c: Keyblock generation functions. + + * lib/krb5/encrypt.c: Use functions from checksum.c. + + * lib/krb5/checksum.c: Move checksum functions here. Add + krb5_cksumsize function. + +Wed Jul 9 01:15:38 1997 Assar Westerlund + + * lib/krb5/get_host_realm.c: implemented + + * lib/krb5/config_file.c: Redid part. New functions: + krb5_config_v?get_next + + * kuser/kdestroy.c: new program + + * kuser/kinit.c: new flag `-f' + + * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress + + * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN + + * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all + users. + + * lib/krb5/get_addrs.c: figure out all local addresses, possibly + even IPv6! + + * lib/krb5/checksum.c: table-driven checksum + +Mon Jul 7 21:13:28 1997 Johan Danielsson + + * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as + krb5_encrypt. + +Mon Jul 7 11:15:51 1997 Assar Westerlund + + * lib/roken/vsyslog.c: new file + + * lib/krb5/encrypt.c: add des-cbc-md4. + adjust krb5_encrypt and krb5_decrypt to reality + +Mon Jul 7 02:46:31 1997 Johan Danielsson + + * lib/krb5/encrypt.c: Implement as a vector of function pointers. + + * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and + des-cbc-md5 in separate functions. + + * lib/krb5/krb5.h: Add more checksum and encryption types. + + * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt. + +Sun Jul 6 23:02:59 1997 Assar Westerlund + + * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files + + * lib/krb5/config_file.[ch]: new c-based configuration reading + stuff + +Wed Jul 2 23:12:56 1997 Assar Westerlund + + * configure.in: Set WFLAGS if using gcc + +Wed Jul 2 17:47:03 1997 Johan Danielsson + + * lib/asn1/der_put.c (der_put_int): Return size correctly. + + * admin/ank.c: Be compatible with the asn1 principal format. + +Wed Jul 1 23:52:20 1997 Johan Danielsson + + * lib/asn1: Now all decode_* and encode_* functions now take a + final size_t* argument, that they return the size in. Return + values are zero for success, and anything else (such as some + ASN1_* constant) for error. + +Mon Jun 30 06:08:14 1997 Assar Westerlund + + * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to + O_WRONLY | O_APPEND + + * lib/krb5/get_cred.c: removed stale prototype for + `extract_ticket' and corrected call. + + * lib/asn1/gen_length.c (length_type): Make the length functions + for SequenceOf non-destructive + + * admin/ank.c (doit): Fix reading of `y/n'. + +Mon Jun 16 05:41:43 1997 Assar Westerlund + + * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number + + * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number. + + * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set + KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum. + + * lib/gssapi/8003.c: New file. + + * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1 + Authenticator. + + * lib/krb5/auth_context.c: New functions + `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber' + +Tue Jun 10 00:35:54 1997 Johan Danielsson + + * lib/krb5: Preapre for use of some asn1-types. + + * lib/asn1/*.c (copy_*): Constness. + + * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an + octet_string. + + * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * -> + general_string + + * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't + have anything to do with asn1_compile. + + * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes. + +Sun Jun 8 03:51:55 1997 Assar Westerlund + + * kdc/kerberos5.c: Fix PA-ENC-TS-ENC + + * kdc/connect.c(process_request): Set `new' + + * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way. + + * lib: Added editline,sl,roken. + +Mon Jun 2 00:37:48 1997 Johan Danielsson + + * lib/krb5/fcache.c: Move file cache from cache.c. + + * lib/krb5/cache.c: Allow more than one cache type. + +Sun Jun 1 23:45:33 1997 Johan Danielsson + + * admin/extkeytab.c: Merged with kdb_edit. + +Sun Jun 1 23:23:08 1997 Assar Westerlund + + * kdc/kdc.c: more support for ENC-TS-ENC + + * lib/krb5/get_in_tkt.c: redone to enable pre-authentication + +Sun Jun 1 22:45:11 1997 Johan Danielsson + + * lib/hdb/db.c: Merge fetch and store. + + * admin: Merge to one program. + + * lib/krb5/str2key.c: Fill in keytype and length. + +Sun Jun 1 16:31:23 1997 Assar Westerlund + + * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c, + lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for + KRB5_AUTH_CONTEXT_DO_SEQUENCE + + * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an + KRB_ERROR. Some support for PA_ENC_TS_ENC. + + * lib/krb5/auth_context.c: implemented seq_number functions + + * lib/krb5/generate_subkey.c, generate_seq_number.c: new files + + * lib/gssapi/gssapi.h: avoid including + + * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake + happy + + * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP + + * configure.in: adapted to automake 1.1p + +Mon May 26 22:26:21 1997 Johan Danielsson + + * lib/krb5/principal.c: Add contexts to many functions. + +Thu May 15 20:25:37 1997 Johan Danielsson + + * lib/krb5/verify_user.c: First stab at a verify user. + + * lib/auth/sia/sia5.c: SIA module for Kerberos 5. + +Mon Apr 14 00:09:03 1997 Assar Westerlund + + * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be + able to (mostly) run gss-client and gss-server. + + * lib/krb5/keytab.c: implemented krb5_kt_add_entry, + krb5_kt_store_principal, krb5_kt_store_keyblock + + * lib/des/md5.[ch], sha.[ch]: new files + + * lib/asn1/der_get.c (generalizedtime2time): use `timegm' + + * lib/asn1/timegm.c: new file + + * admin/extkeytab.c: new program + + * admin/admin_locl.h: new file + + * admin/Makefile.am: Added extkeytab + + * configure.in: moved config to include + removed timezone garbage + added lib/gssapi and admin + + * Makefile.am: Added admin + +Mon Mar 17 11:34:05 1997 Johan Danielsson + + * kdc/kdc.c: Use new copying functions, and free some data. + + * lib/asn1/Makefile.am: Try to not always rebuild generated files. + + * lib/asn1/der_put.c: Add fix_dce(). + + * lib/asn1/der_{get,length,put}.c: Fix include files. + + * lib/asn1/der_free.c: Remove unused functions. + + * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free, + gen_length, and gen_copy. + +Sun Mar 16 18:13:52 1997 Assar Westerlund + + * lib/krb5/sendauth.c: implemented functionality + + * lib/krb5/rd_rep.c: Use `krb5_decrypt' + + * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' == + NULL + + * lib/krb5/principal.c (krb5_free_principal): added `context' + argument. Changed all callers. + + (krb5_sname_to_principal): new function + + * lib/krb5/auth_context.c (krb5_free_authenticator): add `context' + argument. Changed all callers + + * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files + + * lib/asn1/gen.c: Fix encoding and decoding of BitStrings + +Fri Mar 14 11:29:00 1997 Assar Westerlund + + * configure.in: look for *dbm? + + * lib/asn1/gen.c: Fix filename in generated files. Check fopens. + Put trailing newline in asn1_files. + +Fri Mar 14 05:06:44 1997 Johan Danielsson + + * lib/krb5/get_in_tkt.c: Fix some memory leaks. + + * lib/krb5/krbhst.c: Properly free hostlist. + + * lib/krb5/decrypt.c: CRCs are 32 bits. + +Fri Mar 14 04:39:15 1997 Johan Danielsson + + * lib/asn1/gen.c: Generate one file for each type. + +Fri Mar 14 04:13:47 1997 Assar Westerlund + + * lib/asn1/gen.c: Generate `length_FOO' functions + + * lib/asn1/der_length.c: new file + + * kuser/klist.c: renamed stime -> printable_time to avoid conflict + on HP/UX + +Fri Mar 14 03:37:23 1997 Johan Danielsson + + * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free + datums. Don't add .db to filename. + +Fri Mar 14 02:49:51 1997 Johan Danielsson + + * kdc/dump.c: Database dump program. + + * kdc/ank.c: Trivial database editing program. + + * kdc/{kdc.c, load.c}: Use libhdb. + + * lib/hdb: New database routine library. + + * lib/krb5/error/Makefile.am: Add hdb_err. + +Wed Mar 12 17:41:14 1997 Johan Danielsson + + * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support. + + * lib/asn1/gen.c: Generate free functions. + + * Some specific free functions. + +Wed Mar 12 12:30:13 1997 Assar Westerlund + + * lib/krb5/krb5_mk_req_ext.c: new file + + * lib/asn1/gen.c: optimize the case with a simple type + + * lib/krb5/get_cred.c (krb5_get_credentials): Use + `mk_req_extended' and remove old code. + + * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an + EncASRepPart, then with an EncTGSRepPart. + +Wed Mar 12 08:26:04 1997 Johan Danielsson + + * lib/krb5/store_emem.c: New resizable memory storage. + + * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c + + * lib/krb5/krb5.h: Add free entry to krb5_storage. + + * lib/krb5/decrypt.c: Make keyblock const. + +Tue Mar 11 20:22:17 1997 Johan Danielsson + + * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket. + + * lib/krb5/rd_req.c: Return whole asn.1 ticket in + krb5_ticket->tkt. + + * lib/krb5/get_in_tkt.c: TGS -> AS + + * kuser/kfoo.c: Print error string rather than number. + + * kdc/kdc.c: Some kind of non-working TGS support. + +Mon Mar 10 01:43:22 1997 Assar Westerlund + + * lib/asn1/gen.c: reduced generated code by 1/5 + + * lib/asn1/der_put.c: (der_put_length_and_tag): new function + + * lib/asn1/der_get.c (der_match_tag_and_length): new function + + * lib/asn1/der.h: added prototypes + +Mon Mar 10 01:15:43 1997 Johan Danielsson + + * lib/krb5/krb5.h: Include . Add prototype for + krb5_rd_req_with_keyblock. + + * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that + takes a precomputed keyblock. + + * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code. + + * lib/krb5/mk_req.c: Calculate checksum of in_data. + +Sun Mar 9 21:17:58 1997 Johan Danielsson + + * lib/krb5/error/compile_et.awk: Add a declaration of struct + error_list, and multiple inclusion block to header files. + +Sun Mar 9 21:01:12 1997 Assar Westerlund + + * lib/krb5/rd_req.c: do some checks on times + + * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c, + address.c}: new files + + * lib/krb5/auth_context.c: more code + + * configure.in: try to figure out timezone + +Sat Mar 8 11:41:07 1997 Johan Danielsson + + * lib/krb5/error/error.c: Try strerror if error code wasn't found. + + * lib/krb5/get_in_tkt.c: Remove realm parameter from + krb5_get_salt. + + * lib/krb5/context.c: Initialize error table. + + * kdc: The beginnings of a kdc. + +Sat Mar 8 08:16:28 1997 Assar Westerlund + + * lib/krb5/rd_safe.c: new file + + * lib/krb5/checksum.c (krb5_verify_checksum): New function + + * lib/krb5/get_cred.c: use krb5_create_checksum + + * lib/krb5/checksum.c: new file + + * lib/krb5/store.c: no more arithmetic with void* + + * lib/krb5/cache.c: now seems to work again + +Sat Mar 8 06:58:09 1997 Johan Danielsson + + * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5. + + * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c. + + * lib/krb5/asn1_glue.c: Moved some asn1-stuff here. + + * lib/krb5/{cache,keytab}.c: Use new storage functions. + + * lib/krb5/krb5.h: Protypes for new storage functions. + + * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write + data to more than file descriptors. + +Sat Mar 8 01:01:17 1997 Assar Westerlund + + * lib/krb5/encrypt.c: New file. + + * lib/krb5/Makefile.am: More -I + + * configure.in: Test for big endian, random, rand, setitimer + + * lib/asn1/gen.c: perhaps even decodes bitstrings + +Thu Mar 6 19:05:29 1997 Johan Danielsson + + * lib/krb5/config_file.y: Better return values on error. + +Sat Feb 8 15:59:56 1997 Assar Westerlund + + * lib/asn1/parse.y: ifdef HAVE_STRDUP + + * lib/asn1/lex.l: ifdef strdup + brange-dead version of list of special characters to make stupid + lex accept it. + + * lib/asn1/gen.c: A DER integer should really be a `unsigned' + + * lib/asn1/der_put.c: A DER integer should really be a `unsigned' + + * lib/asn1/der_get.c: A DER integer should really be a `unsigned' + + * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is + needed. + + * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c, + lib/krb/store.h: new files. + + * lib/krb5/keytab.c: now even with some functionality. + + * lib/asn1/gen.c: changed paramater from void * to Foo * + + * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty + string. + +Sun Jan 19 06:17:39 1997 Assar Westerlund + + * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in + cc before getting new ones. + + * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype. + + * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the + CRC should be stored LSW first. (?) + + * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and + `krb5_free_keyblock' + + * lib/**/Makefile.am: Rename foo libfoo.a + + * include/Makefile.in: Use test instead of [ + -e does not work with /bin/sh on psoriasis + + * configure.in: Search for awk + create lib/krb/error/compile_et + +Tue Jan 14 03:46:26 1997 Assar Westerlund + + * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c + +Wed Dec 18 00:53:55 1996 Johan Danielsson + + * kuser/kinit.c: Guess principal. + + * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some + warnings. + + * lib/krb5/error/asn1_err.et: Add ASN.1 error messages. + + * lib/krb5/mk_req.c: Get client from cache. + + * lib/krb5/cache.c: Add better error checking some useful return + values. + + * lib/krb5/krb5.h: Fix krb5_auth_context. + + * lib/asn1/der.h: Make krb5_data compatible with krb5.h + +Tue Dec 17 01:32:36 1996 Johan Danielsson + + * lib/krb5/error: Add primitive error library. + +Mon Dec 16 16:30:20 1996 Johan Danielsson + + * lib/krb5/cache.c: Get correct address type from cache. + + * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1. + diff --git a/crypto/external/bsd/heimdal/dist/ChangeLog.1999 b/crypto/external/bsd/heimdal/dist/ChangeLog.1999 new file mode 100644 index 000000000..e022b9682 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/ChangeLog.1999 @@ -0,0 +1,2194 @@ +1999-12-30 Assar Westerlund + + * configure.in (krb4): use `-ldes' in tests + +1999-12-26 Assar Westerlund + + * lib/hdb/print.c (event2string): handle events without principal. + From Luke Howard + +1999-12-25 Assar Westerlund + + * Release 0.2j + +Tue Dec 21 18:03:17 1999 Assar Westerlund + + * lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and + related systems + + * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and + related systems + + * include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and + related systems + +1999-12-20 Assar Westerlund + + * Release 0.2i + +1999-12-20 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1 + + * lib/krb5/send_to_kdc.c (send_via_proxy): free data + * lib/krb5/send_to_kdc.c (send_via_proxy): new function use + getaddrinfo instead of gethostbyname{,2} + * lib/krb5/get_for_creds.c: use getaddrinfo instead of + getnodebyname{,2} + +1999-12-17 Assar Westerlund + + * Release 0.2h + +1999-12-17 Assar Westerlund + + * Release 0.2g + +1999-12-16 Assar Westerlund + + * lib/krb5/Makefile.am: bump version to 6:2:1 + + * lib/krb5/principal.c (krb5_sname_to_principal): handle + ai_canonname not being set + * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle + ai_canonname not being set + + * appl/test/uu_server.c: print messages to stderr + * appl/test/tcp_server.c: print messages to stderr + * appl/test/nt_gss_server.c: print messages to stderr + * appl/test/gssapi_server.c: print messages to stderr + + * appl/test/tcp_client.c (proto): remove shadowing `context' + * appl/test/common.c (client_doit): add forgotten ntohs + +1999-12-13 Assar Westerlund + + * configure.in (VERISON): bump to 0.2g-pre + +1999-12-12 Assar Westerlund + + * lib/krb5/principal.c (krb5_425_conv_principal_ext): be more + robust and handle extra dot at the beginning of default_domain + +1999-12-12 Assar Westerlund + + * Release 0.2f + +1999-12-12 Assar Westerlund + + * lib/krb5/Makefile.am: bump version to 6:1:1 + + * lib/krb5/changepw.c (get_kdc_address): use + `krb5_get_krb_changepw_hst' + + * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add + + * lib/krb5/get_host_realm.c: add support for _kerberos.domain + (according to draft-ietf-cat-krb-dns-locate-01.txt) + +1999-12-06 Assar Westerlund + + * Release 0.2e + +1999-12-06 Assar Westerlund + + * lib/krb5/changepw.c (krb5_change_password): use the correct + address + + * lib/krb5/Makefile.am: bump version to 6:0:1 + + * lib/asn1/Makefile.am: bump version to 1:4:0 + +1999-12-04 Assar Westerlund + + * configure.in: move AC_KRB_IPv6 to make sure it's performed + before AC_BROKEN + (el_init): use new feature of AC_FIND_FUNC_NO_LIBS + + * appl/test/uu_client.c: use client_doit + * appl/test/test_locl.h (client_doit): add prototype + * appl/test/tcp_client.c: use client_doit + * appl/test/nt_gss_client.c: use client_doit + * appl/test/gssapi_client.c: use client_doit + * appl/test/common.c (client_doit): move identical code here and + start using getaddrinfo + + * appl/kf/kf.c (doit): rewrite to use getaddrinfo + * kdc/hprop.c: re-write to use getaddrinfo + * lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo + * lib/krb5/expand_hostname.c (krb5_expand_hostname): use + getaddrinfo + * lib/krb5/changepw.c: re-write to use getaddrinfo + * lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo + +1999-12-03 Assar Westerlund + + * configure.in (BROKEN): check for freeaddrinfo, getaddrinfo, + getnameinfo, gai_strerror + (socklen_t): check for + +1999-12-02 Johan Danielsson + + * lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key + +1999-11-23 Assar Westerlund + + * lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes + within unicode characters. this should probably be done in some + arbitrarly complex way to do it properly and you would have to + know what character encoding was used for the password and salt + string. + + * lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0 + (INADDR_ANY) + (ipv6_uninteresting): remove unused macro + +1999-11-22 Johan Danielsson + + * lib/krb5/krb5.h: rc4->arcfour + + * lib/krb5/crypto.c: rc4->arcfour + +1999-11-17 Assar Westerlund + + * lib/krb5/krb5_locl.h: add + * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4 + * lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might + not be totally different from some small company up in the + north-west corner of the US + + * lib/krb5/get_addrs.c (find_all_addresses): change code to + actually increment buf_size + +1999-11-14 Assar Westerlund + + * lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces' + * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces + scanning optional + * lib/krb5/context.c (init_context_from_config_file): set + `scan_interfaces' + + * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c + * lib/krb5/add_et_list.c (krb5_add_et_list): new function + +1999-11-12 Assar Westerlund + + * lib/krb5/get_default_realm.c (krb5_get_default_realm, + krb5_get_default_realms): set realms if they were unset + * lib/krb5/context.c (init_context_from_config_file): don't + initialize default realms here. it's done lazily instead. + + * lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned + * lib/asn1/gen_glue.c (generate_2int, generate_units): make sure + bit constants are unsigned + * lib/asn1/gen.c (define_type): make length in sequences be + unsigned. + + * configure.in: remove duplicate test for setsockopt test for + struct tm.tm_isdst + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate + preauthentication information if we get back ERR_PREAUTH_REQUIRED + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove + preauthentication generation code. it's now in krb5_get_in_cred + + * configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct + tm.tm_gmtoff and timezone + +1999-11-11 Johan Danielsson + + * kdc/main.c: make this work with multi-db + + * kdc/kdc_locl.h: make this work with multi-db + + * kdc/config.c: make this work with multi-db + +1999-11-09 Johan Danielsson + + * kdc/misc.c: update for multi-database code + + * kdc/main.c: update for multi-database code + + * kdc/kdc_locl.h: update + + * kdc/config.c: allow us to have more than one database + +1999-11-04 Assar Westerlund + + * Release 0.2d + + * lib/krb5/Makefile.am: bump version to 5:0:0 to be safe + (krb5_context_data has changed and some code do (might) access + fields directly) + + * lib/krb5/krb5.h (krb5_context_data): add `etypes_des' + + * lib/krb5/get_cred.c (init_tgs_req): use + krb5_keytype_to_enctypes_default + + * lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new + function + + * lib/krb5/context.c (set_etypes): new function + (init_context_from_config_file): set both `etypes' and `etypes_des' + +1999-11-02 Assar Westerlund + + * configure.in (VERSION): bump to 0.2d-pre + +1999-10-29 Assar Westerlund + + * lib/krb5/principal.c (krb5_parse_name): check memory allocations + +1999-10-28 Assar Westerlund + + * Release 0.2c + + * lib/krb5/dump_config.c (print_tree): check for empty tree + + * lib/krb5/string-to-key-test.c (tests): update the test cases + with empty principals so that they actually use an empty realm and + not the default. use the correct etype for 3DES + + * lib/krb5/Makefile.am: bump version to 4:1:0 + + * kdc/config.c (configure): more careful with the port string + +1999-10-26 Assar Westerlund + + * Release 0.2b + +1999-10-20 Assar Westerlund + + * lib/krb5/Makefile.am: bump version to 4:0:0 + (krb524_convert_creds_kdc and potentially some other functions + have changed prototypes) + + * lib/hdb/Makefile.am: bump version to 4:0:1 + + * lib/asn1/Makefile.am: bump version to 1:3:0 + + * configure.in (LIB_roken): add dbopen. getcap in roken + references dbopen and with shared libraries we need to add this + dependency. + + * lib/krb5/verify_krb5_conf.c (main): support speicifying the + configuration file to test on the command line + + * lib/krb5/config_file.c (parse_binding): handle line with no + whitespace before = + (krb5_config_parse_file_debug): set lineno earlier so that we don't + use it unitialized + + * configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need + more include files for these tests + + * lib/krb5/set_default_realm.c (krb5_set_default_realm): use + krb5_config_get_strings, which means that your configuration file + should look like: + + [libdefaults] + default_realm = realm1 realm2 realm3 + + * lib/krb5/set_default_realm.c (config_binding_to_list): fix + copy-o. From Michal Vocu + + * kdc/config.c (configure): add a missing strdup. From Michal + Vocu + +1999-10-17 Assar Westerlund + + * Release 0.2a + + * configure.in: only test for db.h with using berkeley_db. remember + to link with LIB_tgetent when checking for el_init. add xnlock + + * appl/Makefile.am: add xnlock + + * kdc/kerberos5.c (find_etype): support null keys + + * kdc/kerberos4.c (get_des_key): support null keys + + * lib/krb5/crypto.c (krb5_get_wrapped_length): more correct + calculation + +1999-10-16 Johan Danielsson + + * kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc + +1999-10-12 Johan Danielsson + + * lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning + +1999-10-10 Assar Westerlund + + * lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm + + * lib/krb5/krb5.h (krb5_ccache_data): make `ops' const + + * lib/krb5/crypto.c (krb5_string_to_salttype): new function + + * **/*.[ch]: const-ize + +1999-10-06 Assar Westerlund + + * lib/krb5/creds.c (krb5_compare_creds): const-ify + + * lib/krb5/cache.c: clean-up and comment-up + + * lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the + strings + + * lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the + correct realm part + + * kdc/connect.c (handle_tcp): things work much better when ret is + initialized + +1999-10-03 Assar Westerlund + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the + type of the session key + + * lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell + correctly + + * lib/krb5/creds.c (krb5_compare_creds): fix spelling of + krb5_enctypes_compatible_keys + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new + credentials from the KDC if the existing one doesn't have a DES + session key. + + * lib/45/get_ad_tkt.c (get_ad_tkt): update to new + krb524_convert_creds_kdc + +1999-10-03 Johan Danielsson + + * lib/krb5/keytab_keyfile.c: make krb5_akf_ops const + + * lib/krb5/keytab_memory.c: make krb5_mkt_ops const + + * lib/krb5/keytab_file.c: make krb5_fkt_ops const + +1999-10-01 Assar Westerlund + + * lib/krb5/config_file.c: rewritten to allow error messages + + * lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf + (libkrb5_la_SOURCES): add config_file_netinfo.c + + * lib/krb5/verify_krb5_conf.c: new program for verifying that + krb5.conf is corret + + * lib/krb5/config_file_netinfo.c: moved netinfo code here from + config_file.c + +1999-09-28 Assar Westerlund + + * kdc/hpropd.c (dump_krb4): kludge default_realm + + * lib/asn1/check-der.c: add test cases for Generalized time and + make sure we return the correct value + + * lib/asn1/der_put.c: simplify by using der_put_length_and_tag + + * lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of + krb5_verify_user that tries in all the local realms + + * lib/krb5/set_default_realm.c: add support for having several + default realms + + * lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms' + + * lib/krb5/get_default_realm.c (krb5_get_default_realms): add + + * lib/krb5/krb5.h (krb5_context_data): change `default_realm' to + `default_realms' + + * lib/krb5/context.c: change from `default_realm' to + `default_realms' + + * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use + krb5_get_default_realms + + * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c + + * lib/krb5/copy_host_realm.c: new file + +1999-09-27 Johan Danielsson + + * lib/asn1/der_put.c (encode_generalized_time): encode length + + * lib/krb5/recvauth.c: new function `krb5_recvauth_match_version' + that allows more intelligent matching of the application version + +1999-09-26 Assar Westerlund + + * lib/asn1/asn1_print.c: add err.h + + * kdc/config.c (configure): use parse_bytes + + * appl/test/nt_gss_common.c: use the correct header file + +1999-09-24 Johan Danielsson + + * kuser/klist.c: add a `--cache' flag + + * kuser/kinit.c (main): only get default value for `get_v4_tgt' if + it's explicitly set in krb5.conf + +1999-09-23 Assar Westerlund + + * lib/asn1/asn1_print.c (tag_names); add another univeral tag + + * lib/asn1/der.h: update universal tags + +1999-09-22 Assar Westerlund + + * lib/asn1/asn1_print.c (loop): print length of octet string + +1999-09-21 Johan Danielsson + + * admin/ktutil.c (kt_get): add `--help' + +1999-09-21 Assar Westerlund + + * kuser/Makefile.am: add kdecode_ticket + + * kuser/kdecode_ticket.c: new debug program + + * appl/test/nt_gss_server.c: new program to test against `Sample * + SSPI Code' in Windows 2000 RC1 SDK. + + * appl/test/Makefile.am: add nt_gss_client and nt_gss_server + + * lib/asn1/der_get.c (decode_general_string): remember to advance + ret over the length-len + + * lib/asn1/Makefile.am: add asn1_print + + * lib/asn1/asn1_print.c: new program for printing DER-structures + + * lib/asn1/der_put.c: make functions more consistent + + * lib/asn1/der_get.c: make functions more consistent + +1999-09-20 Johan Danielsson + + * kdc/kerberos5.c: be more informative in pa-data error messages + +1999-09-16 Assar Westerlund + + * configure.in: test for strlcpy, strlcat + +1999-09-14 Assar Westerlund + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return + KRB5_LIBOS_PWDINTR when interrupted + + * lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return + value from des_read_pw_string + + * kuser/kinit.c (main): don't print any error if reading the + password was interrupted + + * kpasswd/kpasswd.c (main): don't print any error if reading the + password was interrupted + + * kdc/string2key.c (main): check the return value from fgets + + * kdc/kstash.c (main): check return value from des_read_pw_string + + * admin/ktutil.c (kt_add): check the return-value from fgets and + overwrite the password for paranoid reasons + + * lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the + newline if it's there + +1999-09-13 Assar Westerlund + + * kdc/hpropd.c (main): remove bogus error with `--print'. remove + sysloging of number of principals transferred + + * kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL + principals + (main): get rid of bogus opening of hdb database when propagating + ka-server database + +1999-09-12 Assar Westerlund + + * lib/krb5/krb5_locl.h (O_BINARY): add fallback definition + + * lib/krb5/krb5.h (krb5_context_data): add keytab types + + * configure.in: revert back awk test, not worked around in + roken.awk + + * lib/krb5/keytab_krb4.c: remove O_BINARY + + * lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's. From + Love + + * lib/krb5/keytab_file.c: remove O_BINARY + + * lib/krb5/keytab.c: move the list of keytab types to the context + + * lib/krb5/fcache.c: remove O_BINARY + + * lib/krb5/context.c (init_context_from_config_file): register all + standard cache and keytab types + (krb5_free_context): free `kt_types' + + * lib/krb5/cache.c (krb5_cc_resolve): move the registration of the + standard types of credential caches to context + + * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c + +1999-09-10 Assar Westerlund + + * lib/krb5/keytab.c: add comments and clean-up + + * admin/ktutil.c: add `ktutil copy' + + * lib/krb5/keytab_krb4.c: new file + + * lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field + + * lib/krb5/Makefile.am: add keytab_krb4.c + + * lib/krb5/keytab.c: add krb4 and correct some if's + + * admin/srvconvert.c (srvconv): move common code + + * lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables + + * lib/krb5/keytab.c: move out file and memory functions + + * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c, + keytab_memory.c + + * lib/krb5/keytab_memory.c: new file + + * lib/krb5/keytab_file.c: new file + + * kpasswd/kpasswdd.c: move out password quality functions + +1999-09-07 Assar Westerlund + + * lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c. From + Love + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check + return value from `krb5_sendto_kdc' + +1999-09-06 Assar Westerlund + + * lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and + remove the sending of data. add a parameter `limit'. let callers + send the date themselves (and preferably with net_write on tcp + sockets) + (send_and_recv_tcp): read first the length field and then only that + many bytes + +1999-09-05 Assar Westerlund + + * kdc/connect.c (handle_tcp): try to print warning `TCP data of + strange type' less often + + * lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly. + return on EOF. always free data. check return value from + realloc. + (send_and_recv_tcp, send_and_recv_http): check advertised length + against actual length + +1999-09-01 Johan Danielsson + + * configure.in: check for sgi capabilities + +1999-08-27 Johan Danielsson + + * lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return + extra addresses + + * kpasswd/kpasswdd.c: use HDB keytabs; change some error messages; + add --realm flag + + * lib/krb5/address.c (krb5_append_addresses): remove duplicates + +1999-08-26 Johan Danielsson + + * lib/hdb/keytab.c: HDB keytab backend + +1999-08-25 Johan Danielsson + + * lib/krb5/keytab.c + (krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL + pointer + +1999-08-24 Johan Danielsson + + * kpasswd/kpasswdd.c: add `--keytab' flag + +1999-08-23 Assar Westerlund + + * lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr' + instead of the non-standard `s6_addr32'. From Yoshinobu Inoue + by way of the KAME repository + +1999-08-18 Assar Westerlund + + * configure.in (--enable-new-des3-code): remove check for `struct + addrinfo' + + * lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable + des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards + compatability + + * lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key + derivation) just got assigned etype 16 by . keep the + old etype at 7. + +1999-08-16 Assar Westerlund + + * lib/krb5/sendauth.c (krb5_sendauth): only look at errno if + krb5_net_read actually returns -1 + + * lib/krb5/recvauth.c (krb5_recvauth): only look at errno if + krb5_net_read actually returns -1 + + * appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't + returned -1 + + * appl/test/tcp_server.c (proto): only trust errno if + krb5_net_read actually returns -1 + + * appl/kf/kfd.c (proto): be more careful with the return value + from krb5_net_read + +1999-08-13 Assar Westerlund + + * lib/krb5/get_addrs.c (get_addrs_int): try the different ways + sequentially instead of just one. this helps if your heimdal was + built with v6-support but your kernel doesn't have it, for + example. + +1999-08-12 Assar Westerlund + + * kdc/hpropd.c: add inetd flag. default means try to figure out + if stdin is a socket or not. + + * Makefile.am (ACLOCAL): just use `cf', this variable is only used + when the current directory is $(top_srcdir) anyways and having + $(top_srcdir) there breaks if it's a relative path + +1999-08-09 Johan Danielsson + + * configure.in: check for setproctitle + +1999-08-05 Assar Westerlund + + * lib/krb5/principal.c (krb5_sname_to_principal): remember to call + freehostent + + * appl/test/tcp_client.c: call freehostent + + * appl/kf/kf.c (doit): call freehostent + + * appl/kf/kf.c: make v6 friendly and simplify + + * appl/kf/kfd.c: make v6 friendly and simplify + + * appl/test/tcp_server.c: simplify by using krb5_err instead of + errx + + * appl/test/tcp_client.c: simplify by using krb5_err instead of + errx + + * appl/test/tcp_server.c: make v6 friendly and simplify + + * appl/test/tcp_client.c: make v6 friendly and simplify + +1999-08-04 Assar Westerlund + + * Release 0.1m + +1999-08-04 Assar Westerlund + + * kuser/kinit.c (main): some more KRB4-conditionalizing + + * lib/krb5/get_in_tkt.c: type correctness + + * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in + flags. From Miroslav Ruda + + * kuser/kinit.c (main): add config file support for forwardable + and krb4 support. From Miroslav Ruda + + * kdc/kerberos5.c (as_rep): add an empty X500-compress string as + transited. + (fix_transited_encoding): check length. + From Miroslav Ruda + + * kdc/hpropd.c (dump_krb4): check the realm so that we don't dump + principals in some other realm. From Miroslav Ruda + + (main): rename sa_len -> sin_len, sa_lan is a define on some + platforms. + + * appl/kf/kfd.c: add regpag support. From Miroslav Ruda + + + * appl/kf/kf.c: add `-G' and forwardable option in krb5.conf. + From Miroslav Ruda + + * lib/krb5/config_file.c (parse_list): don't run past end of line + + * appl/test/gss_common.h: new prototypes + + * appl/test/gssapi_client.c: use gss_err instead of abort + + * appl/test/gss_common.c (gss_verr, gss_err): add + +1999-08-03 Assar Westerlund + + * lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this + otherwise it doesn't build with shared libraries + + * kdc/hpropd.c: v6-ify + + * kdc/hprop.c: v6-ify + +1999-08-01 Assar Westerlund + + * lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname + +1999-07-31 Assar Westerlund + + * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new + function that takes a FQDN + + * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c + + * lib/krb5/expand_hostname.c: new file + +1999-07-28 Assar Westerlund + + * Release 0.1l + +1999-07-28 Assar Westerlund + + * lib/asn1/Makefile.am: bump version to 1:2:0 + + * lib/krb5/Makefile.am: bump version to 3:1:0 + + * configure.in: more inet_pton to roken + + * lib/krb5/principal.c (krb5_sname_to_principal): use + getipnodebyname + +1999-07-26 Assar Westerlund + + * Release 0.1k + +1999-07-26 Johan Danielsson + + * lib/krb5/Makefile.am: bump version number (changed function + signatures) + + * lib/hdb/Makefile.am: bump version number (changes to some + function signatures) + +1999-07-26 Assar Westerlund + + * lib/krb5/Makefile.am: bump version to 3:0:2 + + * lib/hdb/Makefile.am: bump version to 2:1:0 + + * lib/asn1/Makefile.am: bump version to 1:1:0 + +1999-07-26 Assar Westerlund + + * Release 0.1j + +1999-07-26 Assar Westerlund + + * configure.in: rokenize inet_ntop + + * lib/krb5/store_fd.c: lots of changes from size_t to ssize_t + + * lib/krb5/store_mem.c: lots of changes from size_t to ssize_t + + * lib/krb5/store_emem.c: lots of changes from size_t to ssize_t + + * lib/krb5/store.c: lots of changes from size_t to ssize_t + (krb5_ret_stringz): check return value from realloc + + * lib/krb5/mk_safe.c: some type correctness + + * lib/krb5/mk_priv.c: some type correctness + + * lib/krb5/krb5.h (krb5_storage): change return values of + functions from size_t to ssize_t + +1999-07-24 Assar Westerlund + + * Release 0.1i + + * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \# + in lib/roken/roken.awk + + * lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to + step over addresses if there's no `sa_lan' field + + * lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by + using `struct sockaddr_storage' + + * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using + `struct sockaddr_storage' + + * lib/krb5/changepw.c (krb5_change_password): simplify by using + `struct sockaddr_storage' + + * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): + simplify by using `struct sockaddr_storage' + + * kpasswd/kpasswdd.c (*): simplify by using `struct + sockaddr_storage' + + * kdc/connect.c (*): simplify by using `struct sockaddr_storage' + + * configure.in (sa_family_t): just test for existence + (sockaddr_storage): also specify include file + + * configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i + (sa_family_t): test for + (struct sockaddr_storage): test for + + * kdc/hprop.c (propagate_database): typo, NULL should be + auth_context + + * lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of + AF_INET6 + + * appl/kf/kf.c (main): use warnx + + * appl/kf/kf.c (proto): remove shadowing context + + * lib/krb5/get_addrs.c (find_all_addresses): try to handle the + case of getting back an `sockaddr_in6' address when sizeof(struct + sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to + tell us how large the address is. This obviously doesn't work + with unknown protocol types. + +1999-07-24 Assar Westerlund + + * Release 0.1h + +1999-07-23 Assar Westerlund + + * appl/kf/kfd.c: clean-up and more paranoia + + * etc/services.append: add kf + + * appl/kf/kf.c: rename tk_file to ccache for consistency. clean-up + +1999-07-22 Assar Westerlund + + * lib/krb5/n-fold-test.c (main): print the correct data + + * appl/Makefile.am (SUBDIRS): add kf + + * appl/kf: new program. From Miroslav Ruda + + * kdc/hprop.c: declare some variables unconditionally to simplify + things + + * kpasswd/kpasswdd.c: initialize kadm5 connection for every change + (otherwise the modifier in the database doesn't get set) + + * kdc/hpropd.c: clean-up and re-organize + + * kdc/hprop.c: clean-up and re-organize + + * configure.in (SunOS): define to xy for SunOS x.y + +1999-07-19 Assar Westerlund + + * configure.in (AC_BROKEN): test for copyhostent, freehostent, + getipnodebyaddr, getipnodebyname + +1999-07-15 Assar Westerlund + + * lib/asn1/check-der.c: more test cases for integers + + * lib/asn1/der_length.c (length_int): handle the case of the + largest negative integer by not calling abs + +1999-07-14 Assar Westerlund + + * lib/asn1/check-der.c (generic_test): check malloc return value + properly + + * lib/krb5/Makefile.am: add string_to_key_test + + * lib/krb5/prog_setup.c (krb5_program_setup): always initialize + the context + + * lib/krb5/n-fold-test.c (main): return a relevant return value + + * lib/krb5/krbhst.c: do SRV lookups for admin server as well. + some clean-up. + +1999-07-12 Assar Westerlund + + * configure.in: handle not building X programs + +1999-07-06 Assar Westerlund + + * lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate + variable + (ipv6_sockaddr2port): fix typo + + * etc/services.append: beginning of a file with services + + * lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if + there's no prefix. also clean-up a little bit. + + * kdc/hprop.c (--kaspecials): new flag for handling special KA + server entries. From "Brandon S. Allbery KF8NH" + + +1999-07-05 Assar Westerlund + + * kdc/connect.c (handle_tcp): make sure we have data before + starting to look for HTTP + + * kdc/connect.c (handle_tcp): always do getpeername, we can't + trust recvfrom to return anything sensible + +1999-07-04 Assar Westerlund + + * lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with + all enctypes + + * kpasswd/kpasswdd.c (change): fetch the salt-type from the entry + + * admin/srvconvert.c (srvconv): better error messages + +1999-07-03 Assar Westerlund + + * lib/krb5/principal.c (unparse_name): error check malloc properly + + * lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc + properly + + * lib/krb5/crypto.c (*): do some malloc return-value checks + properly + + * lib/hdb/hdb.c (hdb_process_master_key): simplify by using + krb5_data_alloc + + * lib/hdb/hdb.c (hdb_process_master_key): check return value from + malloc + + * lib/asn1/gen_decode.c (decode_type): fix generation of decoding + information for TSequenceOf. + + * kdc/kerberos5.c (get_pa_etype_info): check return value from + malloc + +1999-07-02 Assar Westerlund + + * lib/asn1/der_copy.c (copy_octet_string): don't fail if length == + 0 and malloc returns NULL + +1999-06-29 Assar Westerlund + + * lib/krb5/addr_families.c (ipv6_parse_addr): implement + +1999-06-24 Assar Westerlund + + * lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address + as an addrport one + + * lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT): + add + (krb5_auth_context): add local and remote port + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the + local and remote address and add them to the krb-cred packet + + * lib/krb5/auth_context.c: save the local and remove ports in the + auth_context + + * lib/krb5/address.c (krb5_make_addrport): create an address of + type KRB5_ADDRESS_ADDRPORT from (addr, port) + + * lib/krb5/addr_families.c (krb5_sockaddr2port): new function for + grabbing the port number out of the sockaddr + +1999-06-23 Assar Westerlund + + * admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key. + increase possible verbosity. + + * lib/krb5/config_file.c (parse_list): handle blank lines at + another place + + * kdc/connect.c (add_port_string): don't return a value + + * lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred + cache if the principals are different. close and NULL the old one + so that we create a new one. + + * configure.in: move around cgywin et al + (LIB_kdb): set at the end of krb4-block + (krb4): test for krb_enable_debug and krb_disable_debug + +1999-06-16 Assar Westerlund + + * kuser/kdestroy.c (main): try to destroy v4 ticket even if the + destruction of the v5 one fails + + * lib/krb5/crypto.c (DES3_postproc): new version that does the + right thing + (*): don't put and recover length in 3DES encoding + other small fixes + +1999-06-15 Assar Westerlund + + * lib/krb5/get_default_principal.c: rewrite to use + get_default_username + + * lib/krb5/Makefile.am: add n-fold-test + + * kdc/connect.c: add fallbacks for all lookups by service name + (handle_tcp): break-up and clean-up + +1999-06-09 Assar Westerlund + + * lib/krb5/addr_families.c (ipv6_uninteresting): don't consider + the loopback address as uninteresting + + * lib/krb5/get_addrs.c: new magic flag to get loopback address if + there are no other addresses. + (krb5_get_all_client_addrs): use that flag + +1999-06-04 Assar Westerlund + + * lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the + length + (checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64 + (encrypt_internal_derived): don't include the length and don't + decrease by the checksum size twice + (_get_derived_key): the constant should be 5 bytes + +1999-06-02 Johan Danielsson + + * configure.in: use KRB_CHECK_X + + * configure.in: check for netinet/ip.h + +1999-05-31 Assar Westerlund + + * kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize + on RTLD_NOW + +1999-05-23 Assar Westerlund + + * appl/test/uu_server.c: removed unused stuff + + * appl/test/uu_client.c: removed unused stuff + +1999-05-21 Assar Westerlund + + * kuser/kgetcred.c (main): correct error message + + * lib/krb5/crypto.c (verify_checksum): call (*ct->checksum) + directly, avoiding redundant lookups and memory leaks + + * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free + local and remote addresses + + * lib/krb5/get_default_principal.c (get_logname): also try + $USERNAME + + * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) + + * lib/krb5/principal.c (USE_RESOLVER): try to define only if we + have a libresolv (currently by checking for res_search) + +1999-05-18 Johan Danielsson + + * kdc/connect.c (handle_tcp): remove %-escapes in request + +1999-05-14 Assar Westerlund + + * Release 0.1g + + * admin/ktutil.c (kt_remove): -t should be -e + + * configure.in (CHECK_NETINET_IP_AND_TCP): use + + * kdc/hpropd.c: support for dumping to krb4. From Miroslav Ruda + + + * admin/ktutil.c (kt_add): new option `--no-salt'. From Miroslav + Ruda + + * configure.in: add cygwin and DOS tests replace sendmsg, recvmsg, + and innetgr with roken versions + + * kuser/kgetcred.c: new program + +Tue May 11 14:09:33 1999 Johan Danielsson + + * lib/krb5/mcache.c: fix paste-o + +1999-05-10 Johan Danielsson + + * configure.in: don't use uname + +1999-05-10 Assar Westerlund + + * acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four + arguments :-) + + * appl/test/uu_server.c (setsockopt): cast to get rid of a warning + + * appl/test/tcp_server.c (setsockopt): cast to get rid of a + warning + + * appl/test/tcp_client.c (proto): call krb5_sendauth with ccache + == NULL + + * appl/test/gssapi_server.c (setsockopt): cast to get rid of a + warning + + * lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by + setting the default ccache. + + * configure.in (getsockopt, setsockopt): test for + (AM_INIT_AUTOMAKE): bump version to 0.1g + + * appl/Makefile.am (SUBDIRS): add kx + + * lib/hdb/convert_db.c (main): handle the case of no master key + +1999-05-09 Assar Westerlund + + * Release 0.1f + + * kuser/kinit.c: add --noaddresses + + * lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an + empty sit of list as to not ask for any addresses. + +1999-05-08 Assar Westerlund + + * acconfig.h (_GNU_SOURCE): define this to enable (used) + extensions on glibc-based systems such as linux + +1999-05-03 Assar Westerlund + + * lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free + `*out_creds' properly + + * lib/krb5/creds.c (krb5_compare_creds): just verify that the + keytypes/enctypes are compatible, not that they are the same + + * kuser/kdestroy.c (cache): const-correctness + +1999-05-03 Johan Danielsson + + * lib/hdb/hdb.c (hdb_set_master_key): initialise master key + version + + * lib/hdb/convert_db.c: add support for upgrading database + versions + + * kdc/misc.c: add flags to fetch + + * kdc/kstash.c: unlink keyfile on failure, chmod to 400 + + * kdc/hpropd.c: add --print option + + * kdc/hprop.c: pass flags to hdb_foreach + + * lib/hdb/convert_db.c: add some flags + + * lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2; + build prototype headers + + * lib/hdb/hdb_locl.h: update prototypes + + * lib/hdb/print.c: move printable version of entry from kadmin + + * lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is + sealed or not; add flags to hdb_foreach + + * lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and + NDBM_nextkey + + * lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey + + * lib/hdb/common.c: add flags to _hdb_{fetch,store} + + * lib/hdb/hdb.h: add master_key_version to struct hdb, update + prototypes + + * lib/hdb/hdb.asn1: make mkvno optional, update version to 2 + + * configure.in: --enable-netinfo + + * lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO + + * config.sub: fix for crays + + * config.guess: new version from automake 1.4 + + * config.sub: new version from automake 1.4 + +Wed Apr 28 00:21:17 1999 Assar Westerlund + + * Release 0.1e + + * lib/krb5/mcache.c (mcc_get_next): get the current cursor + correctly + + * acconfig.h: correct definition of KRB_PUT_INT for old krb4 code. + From Ake Sandgren + +1999-04-27 Johan Danielsson + + * kdc/kerberos5.c: fix arguments to decrypt_ticket + +1999-04-25 Assar Westerlund + + * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old + DCE secd's that are not able to handle MD5 checksums by defaulting + to MD4 if the keytype was DES-CBC-CRC + + * lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype + + * lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and + `cksumtype' + + * lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for + secd + (init_tgs_req): add all supported enctypes for the keytype in + `in_creds->session.keytype' if it's set + + * lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol + encryption types + (do_checksum): new function + (verify_checksum): take the checksum to use from the checksum message + and not from the crypto struct + (etypes): add F_PSEUDO flags + (krb5_keytype_to_enctypes): new function + + * lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype + and cksumtype + (krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement + (krb5_auth_setkeytype, krb5_auth_getkeytype): implement + (krb5_auth_setenctype): comment out, it's rather bogus anyway + +Sun Apr 25 16:55:50 1999 Johan Danielsson + + * lib/krb5/krb5_locl.h: fix for stupid aix warnings + + * lib/krb5/fcache.c (erase_file): don't malloc + +Sat Apr 24 18:35:21 1999 Johan Danielsson + + * kdc/config.c: pass context to krb5_config_file_free + + * kuser/kinit.c: add `--fcache-version' to set cache version to + create + + * kuser/klist.c: print cache version if verbose + + * lib/krb5/transited.c (krb5_domain_x500_decode): don't abort + + * lib/krb5/principal.c: abort -> krb5_abortx + + * lib/krb5/mk_rep.c: abort -> krb5_abortx + + * lib/krb5/config_file.c: abort -> krb5_abortx + + * lib/krb5/context.c (init_context_from_config_file): init + fcache_version; add krb5_{get,set}_fcache_version + + * lib/krb5/keytab.c: add support for reading (and writing?) old + version keytabs + + * lib/krb5/cache.c: add krb5_cc_get_version + + * lib/krb5/fcache.c: add support for reading and writing old + version cache files + + * lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags + + * lib/krb5/store_emem.c (krb5_storage_emem): zero flags + + * lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags + + * lib/krb5/store.c: add flags to change how various fields are + stored, used for old cache version support + + * lib/krb5/krb5.h: add support for reading and writing old version + cache files, and keytabs + +Wed Apr 21 00:09:26 1999 Assar Westerlund + + * configure.in: fix test for readline.h remember to link with + $LIB_tgetent when trying linking with readline + + * lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time + is given, request a postdated ticket. + + * lib/krb5/data.c (krb5_data_free): free data as long as it's not + NULL + +Tue Apr 20 20:18:14 1999 Assar Westerlund + + * kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen + + * lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add + + * lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and + KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is + invalid + +Tue Apr 20 12:42:08 1999 Johan Danielsson + + * kpasswd/kpasswdd.c: don't try to load library by default; get + library and function name from krb5.conf + + * kpasswd/sample_passwd_check.c: sample password checking + functions + +Mon Apr 19 22:22:19 1999 Assar Westerlund + + * lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use + krb5_data_alloc and be careful with checking allocation and sizes. + + * kuser/klist.c (--tokens): conditionalize on KRB4 + + * kuser/kinit.c (renew_validate): set all flags + (main): fix cut-n-paste error when setting start-time + + * kdc/kerberos5.c (check_tgs_flags): starttime of a validate + ticket should be > than current time + (*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket + + * kuser/kinit.c (renew_validate): use the client realm instead of + the local realm when renewing tickets. + + * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function + (krb5_get_forwarded_creds): correct freeing of out_creds + + * kuser/kinit.c (renew_validate): hopefully fix up freeing of + memory + + * configure.in: do all the krb4 tests with "$krb4" != "no" + + * lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero + keyvalue if it's NULL. noticed by Ake Sandgren + + * lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes + instead of just taking the first one. fix all callers. From + "Brandon S. Allbery KF8NH" + + * kdc/kdc_locl.h (enable_kaserver): declaration + + * kdc/hprop.c (ka_convert): print the failing principal. AFS 3.4a + creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around. From + "Brandon S. Allbery KF8NH" + + * kdc/hpropd.c (open_socket): stupid cast to get rid of a warning + + * kdc/connect.c (add_standard_ports, process_request): look at + enable_kaserver. From "Brandon S. Allbery KF8NH" + + + * kdc/config.c: new flag --kaserver and config file option + enable-kaserver. From "Brandon S. Allbery KF8NH" + + +Mon Apr 19 12:32:04 1999 Johan Danielsson + + * configure.in: check for dlopen, and dlfcn.h + + * kpasswd/kpasswdd.c: add support for dlopen:ing password quality + check library + + * configure.in: add appl/su + +Sun Apr 18 15:46:53 1999 Johan Danielsson + + * lib/krb5/cache.c: add krb5_cc_get_type that returns type of a + cache + +Fri Apr 16 17:58:51 1999 Assar Westerlund + + * configure.in: LIB_kdb: -L should be before -lkdb + test for prototype of strsep + +Thu Apr 15 11:34:38 1999 Johan Danielsson + + * lib/krb5/Makefile.am: update version + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use + ALLOC_SEQ + + * lib/krb5/fcache.c: add some support for reading and writing old + cache formats; + (fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use + krb5_ret_creds + + * lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc, + initialize host_byteorder + + * lib/krb5/store_fd.c (krb5_storage_from_fd): initialize + host_byteorder + + * lib/krb5/store_emem.c (krb5_storage_emem): initialize + host_byteorder + + * lib/krb5/store.c (krb5_storage_set_host_byteorder): add; + (krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16): + check host_byteorder flag; (krb5_store_creds): add; + (krb5_ret_creds): add + + * lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for + storage of numbers + + * lib/krb5/heim_err.et: add `host not found' error + + * kdc/connect.c: don't use data after clearing decriptor + + * lib/krb5/auth_context.c: abort -> krb5_abortx + + * lib/krb5/warn.c: add __attribute__; add *abort functions + + * configure.in: check for __attribute__ + + * kdc/connect.c: log bogus requests + +Tue Apr 13 18:38:05 1999 Johan Danielsson + + * lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts + for all DES keys + +1999-04-12 Assar Westerlund + + * lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit + + * lib/krb5/get_cred.c (init_tgs_req): some more error checking + + * lib/krb5/generate_subkey.c (krb5_generate_subkey): check return + value from malloc + +Sun Apr 11 03:47:23 1999 Johan Danielsson + + * lib/krb5/krb5.conf.5: update to reality + + * lib/krb5/krb5_425_conv_principal.3: update to reality + +1999-04-11 Assar Westerlund + + * lib/krb5/get_host_realm.c: handle more than one realm for a host + + * kpasswd/kpasswd.c (main): use krb5_program_setup and + print_version + + * kdc/string2key.c (main): use krb5_program_setup and + print_version + +Sun Apr 11 02:35:58 1999 Johan Danielsson + + * lib/krb5/principal.c (krb5_524_conv_principal): make it actually + work, and check built-in list of host-type first-components + + * lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm + + * lib/krb5/context.c: add srv_* flags to context + + * lib/krb5/principal.c: add default v4_name_convert entries + + * lib/krb5/krb5.h: add srv_* flags to context + +Sat Apr 10 22:52:28 1999 Johan Danielsson + + * kadmin/kadmin.c: complain about un-recognised commands + + * admin/ktutil.c: complain about un-recognised commands + +Sat Apr 10 15:41:49 1999 Assar Westerlund + + * kadmin/load.c (doit): fix error message + + * lib/krb5/crypto.c (encrypt_internal): free checksum if lengths + fail to match. + (krb5_get_wrapped_length): new function + + * configure.in: security/pam_modules.h: check for + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge + around `ret_as_reply' semantics by only freeing it when ret == 0 + +Fri Apr 9 20:24:04 1999 Assar Westerlund + + * kuser/klist.c (print_cred_verbose): handle the case of a bad + enctype + + * configure.in: test for more header files + (LIB_roken): set + +Thu Apr 8 15:01:59 1999 Johan Danielsson + + * configure.in: fixes for building w/o krb4 + + * ltmain.sh: update to libtool 1.2d + + * ltconfig: update to libtool 1.2d + +Wed Apr 7 23:37:26 1999 Assar Westerlund + + * kdc/hpropd.c: fix some error messages to be more understandable. + + * kdc/hprop.c (ka_dump): remove unused variables + + * appl/test/tcp_server.c: remove unused variables + + * appl/test/gssapi_server.c: remove unused variables + + * appl/test/gssapi_client.c: remove unused variables + +Wed Apr 7 14:05:15 1999 Johan Danielsson + + * lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code + + * kuser/klist.c: make it compile w/o krb4 + + * kuser/kdestroy.c: make it compile w/o krb4 + + * admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help + strings + +Mon Apr 5 16:13:46 1999 Johan Danielsson + + * configure.in: test for MIPS ABI; new test_package + +Thu Apr 1 11:00:40 1999 Johan Danielsson + + * include/Makefile.am: clean krb5-private.h + + * Release 0.1d + + * kpasswd/kpasswdd.c (doit): pass context to + krb5_get_all_client_addrs + + * kdc/connect.c (init_sockets): pass context to + krb5_get_all_server_addrs + + * lib/krb5/get_in_tkt.c (init_as_req): pass context to + krb5_get_all_client_addrs + + * lib/krb5/get_cred.c (get_cred_kdc_la): pass context to + krb5_get_all_client_addrs + + * lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses + + * lib/krb5/krb5.h: add support for adding an extra set of + addresses + + * lib/krb5/context.c: add support for adding an extra set of + addresses + + * lib/krb5/addr_families.c: add krb5_parse_address + + * lib/krb5/address.c: krb5_append_addresses + + * lib/krb5/config_file.c (parse_binding): don't zap everything + after first whitespace + + * kuser/kinit.c (renew_validate): don't allocate out + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't + allocate out_creds + + * lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make + out_creds pointer; + (krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags): + free more memory + + * lib/krb5/crypto.c (encrypt_internal): free checksum + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply, + and ticket + + * kuser/Makefile.am: remove kfoo + + * lib/Makefile.am: add auth + + * lib/kadm5/iprop.h: getarg.h + + * lib/kadm5/replay_log.c: use getarg + + * lib/kadm5/ipropd_slave.c: use getarg + + * lib/kadm5/ipropd_master.c: use getarg + + * lib/kadm5/dump_log.c: use getarg + + * kpasswd/kpasswdd.c: use getarg + + * Makefile.am.common: make a more working check-local target + + * lib/asn1/main.c: use getargs + +Mon Mar 29 20:19:57 1999 Johan Danielsson + + * kuser/klist.c (print_cred_verbose): use krb5_print_address + + * lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int + + * lib/krb5/addr_families.c (krb5_print_address): handle unknown + address types; (ipv6_print_addr): print in 16-bit groups (as it + should) + + * lib/krb5/crc.c: crc_{init_table,update} -> + _krb5_crc_{init_table,update} + + * lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int + crc_{init_table,update} -> _krb5_crc_{init_table,update} + + * lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int + + * lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int + + * lib/krb5/krb5_locl.h: include krb5-private.h + + * kdc/connect.c (addr_to_string): use krb5_print_address + + * lib/krb5/addr_families.c (krb5_print_address): int -> size_t + + * lib/krb5/addr_families.c: add support for printing ipv6 + addresses, either with inet_ntop, or ugly for-loop + + * kdc/524.c: check that the ticket came from a valid address; use + the address of the connection as the address to put in the v4 + ticket (if this address is AF_INET) + + * kdc/connect.c: pass addr to do_524 + + * kdc/kdc_locl.h: prototype for do_524 + +Sat Mar 27 17:48:31 1999 Johan Danielsson + + * configure.in: check for OSF C2; bind/bitypes.h, getudbnam, + setlim; check for auth modules; siad.h, getpwnam_r; + lib/auth/Makefile, lib/auth/sia/Makefile + + * lib/krb5/crypto.c: n_fold -> _krb5_n_fold + + * lib/krb5/n-fold.c: n_fold -> _krb5_n_fold + +Thu Mar 25 04:35:21 1999 Assar Westerlund + + * lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping + it + + * lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data' + + * lib/hdb/ndbm.c (NDBM_destroy): clear master key + + * lib/hdb/db.c (DB_destroy): clear master key + (DB_open): check malloc + + * kdc/connect.c (init_sockets): free addresses + + * kadmin/kadmin.c (main): make code more consistent. always free + configuration information. + + * kadmin/init.c (create_random_entry): free the entry + +Wed Mar 24 04:02:03 1999 Assar Westerlund + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): + re-organize the code to always free `kdc_reply' + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about + freeing memory + + * lib/krb5/fcache.c (fcc_destroy): don't call fcc_close + + * lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto' + + * lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0 + header + + * configure.in (db_185.h): check for + + * admin/srvcreate.c: new file. contributed by Daniel Kouril + + + * admin/ktutil.c: srvcreate: new command + + * kuser/klist.c: add support for printing AFS tokens + + * kuser/kdestroy.c: add support for destroying v4 tickets and AFS + tokens. based on code by Love + + * kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries + + * configure.in: sys/ioccom.h: test for + + * kuser/klist.c (main): don't print `no ticket file' with --test. + From: Love + + * kpasswd/kpasswdd.c (doit): more braces to make gcc happy + + * kdc/connect.c (init_socket): get rid of a stupid warning + + * include/bits.c (my_strupr): cast away some stupid warnings + +Tue Mar 23 14:34:44 1999 Johan Danielsson + + * lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite + loops, please + +Tue Mar 23 00:00:45 1999 Assar Westerlund + + * lib/kadm5/Makefile.am (install_build_headers): recover from make + rewriting the names of the headers kludge to help solaris make + + * lib/krb5/Makefile.am: kludge to help solaris make + + * lib/hdb/Makefile.am: kludge to help solaris make + + * configure.in (LIB_kdb): make sure there's a -L option in here by + adding $(LIB_krb4) + + * lib/asn1/gen_glue.c (generate_2int, generate_int2): int -> + unsigned + + * configure.in (SunOS): set to a number KRB4, KRB5 conditionals: + remove the `dnl' to work around an automake flaw + +Sun Mar 21 15:08:49 1999 Johan Danielsson + + * lib/krb5/get_default_realm.c: char* -> krb5_realm + +Sun Mar 21 14:08:30 1999 Johan Danielsson + + * include/bits.c: + + * lib/krb5/Makefile.am: create krb5-private.h + +Sat Mar 20 00:08:59 1999 Assar Westerlund + + * configure.in (gethostname): remove duplicate + +Fri Mar 19 14:48:03 1999 Johan Danielsson + + * lib/hdb/Makefile.am: add version-info + + * lib/gssapi/Makefile.am: add version-info + + * lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der + to check_PROGRAMS + + * lib/Makefile.am: add 45 + + * lib/kadm5/Makefile.am: split in client and server libraries + (breaks shared libraries otherwise) + +Thu Mar 18 11:33:30 1999 Johan Danielsson + + * include/kadm5/Makefile.am: clean a lot of header files (since + automake lacks a clean-hook) + + * include/Makefile.am: clean a lot of header files (since automake + lacks a clean-hook) + + * lib/kadm5/Makefile.am: fix build-installation of headers + + * lib/krb5/Makefile.am: remove include_dir hack + + * lib/hdb/Makefile.am: remove include_dir hack + + * lib/asn1/Makefile.am: remove include_dir hack + + * include/Makefile.am: remove include_dir hack + + * doc/whatis.texi: define sub for html + + * configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h + + * lib/asn1/Makefile.am: der.h + + * kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h + + * kdc/Makefile.am: remove junk + + * kadmin/Makefile.am: sl.a -> sl.la + + * appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS + + * admin/Makefile.am: sl.a -> sl.la + + * configure.in: condition KRB5; AC_CHECK_XAU + + * Makefile.am: include Makefile.am.common + + * include/kadm5/Makefile.am: include Makefile.am.common; don't + install headers from here + + * include/Makefile.am: include Makefile.am.common; don't install + headers from here + + * doc/Makefile.am: include Makefile.am.common + + * lib/krb5/Makefile.am: include Makefile.am.common + + * lib/kadm5/Makefile.am: include Makefile.am.common + + * lib/hdb/Makefile.am: include Makefile.am.common + + * lib/gssapi/Makefile.am: include Makefile.am.common + + * lib/asn1/Makefile.am: include Makefile.am.common + + * lib/Makefile.am: include Makefile.am.common + + * lib/45/Makefile.am: include Makefile.am.common + + * kuser/Makefile.am: include Makefile.am.common + + * kpasswd/Makefile.am: include Makefile.am.common + + * kdc/Makefile.am: include Makefile.am.common + + * kadmin/Makefile.am: include Makefile.am.common + + * appl/test/Makefile.am: include Makefile.am.common + + * appl/afsutil/Makefile.am: include Makefile.am.common + + * appl/Makefile.am: include Makefile.am.common + + * admin/Makefile.am: include Makefile.am.common + +Wed Mar 17 03:04:38 1999 Assar Westerlund + + * lib/krb5/store.c (krb5_store_stringz): braces fix + + * lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix + + * lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix + + * kdc/connect.c (loop): braces fix + + * lib/krb5/config_file.c: cast to unsigned char to make is* happy + + * lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy + + * lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to + be consistent + + * kadmin/util.c (timeval2str): more braces to make gcc happy + + * kadmin/load.c: cast in is* to get rid of stupid warning + + * kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid + warning + + * kdc/kaserver.c: malloc checks and fixes + + * lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading + dot (if any) when looking up realms. + +Fri Mar 12 13:57:56 1999 Johan Danielsson + + * lib/krb5/get_host_realm.c: add dns support + + * lib/krb5/set_default_realm.c: use krb5_free_host_realm + + * lib/krb5/free_host_realm.c: check for NULL realmlist + + * lib/krb5/context.c: don't print warning if there is no krb5.conf + +Wed Mar 10 19:29:46 1999 Johan Danielsson + + * configure.in: use AC_WFLAGS + +Mon Mar 8 11:49:43 1999 Johan Danielsson + + * Release 0.1c + + * kuser/klist.c: use print_version + + * kuser/kdestroy.c: use print_version + + * kdc/hpropd.c: use print_version + + * kdc/hprop.c: use print_version + + * kdc/config.c: use print_version + + * kadmin/kadmind.c: use print_version + + * kadmin/kadmin.c: use print_version + + * appl/test/common.c: use print_version + + * appl/afsutil/afslog.c: use print_version + +Mon Mar 1 10:49:14 1999 Johan Danielsson + + * lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN -> + HAVE_STRUCT_SOCKADDR_SA_LEN + + * configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13 + +Sun Feb 28 18:19:20 1999 Johan Danielsson + + * lib/asn1/gen.c: make `BIT STRING's unsigned + + * lib/asn1/{symbol.h,gen.c}: add TUInteger type + + * lib/krb5/verify_user.c (krb5_verify_user): pass prompter to + krb5_get_init_creds_password + + * lib/krb5/fcache.c (fcc_gen_new): implement + +Sat Feb 27 22:41:23 1999 Johan Danielsson + + * doc/install.texi: krb4 is now automatically detected + + * doc/misc.texi: update procedure to set supported encryption + types + + * doc/setup.texi: change some silly wordings + +Sat Feb 27 22:17:30 1999 Johan Danielsson + + * lib/krb5/keytab.c (fkt_remove_entry): make this work + + * admin/ktutil.c: add minimally working `get' command + +Sat Feb 27 19:44:49 1999 Johan Danielsson + + * lib/hdb/convert_db.c: more typos + + * include/Makefile.am: remove EXTRA_DATA (as of autoconf + 2.13/automake 1.4) + + * appl/Makefile.am: OTP_dir + +Fri Feb 26 17:37:00 1999 Johan Danielsson + + * doc/setup.texi: add kadmin section + + * lib/asn1/check-der.c: fix printf warnings + +Thu Feb 25 11:16:49 1999 Johan Danielsson + + * configure.in: -O does not belong in WFLAGS + +Thu Feb 25 11:05:57 1999 Johan Danielsson + + * lib/asn1/der_put.c: fix der_put_int + +Tue Feb 23 20:35:12 1999 Johan Danielsson + + * configure.in: use AC_BROKEN_GLOB + +Mon Feb 22 15:12:44 1999 Johan Danielsson + + * configure.in: check for glob + +Mon Feb 22 11:32:42 1999 Johan Danielsson + + * Release 0.1b + +Sat Feb 20 15:48:06 1999 Johan Danielsson + + * lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and + des3-cbc-md5 + + * lib/krb5/crypto.c (DES3_string_to_key): make this actually do + what the draft said it should + + * lib/hdb/convert_db.c: little program for database conversion + + * lib/hdb/db.c (DB_open): try to open database w/o .db extension + + * lib/hdb/ndbm.c (NDBM_open): add test for database format + + * lib/hdb/db.c (DB_open): add test for database format + + * lib/asn1/gen_glue.c (generate_2int): don't depend on flags being + unsigned + + * lib/hdb/hdb.c: change `hdb_set_master_key' to take an + EncryptionKey, and add a new function `hdb_set_master_keyfile' to + do what `hdb_set_master_key' used to do + + * kdc/kstash.c: add `--convert-file' option to change keytype of + existing master key file + +Fri Feb 19 07:04:14 1999 Assar Westerlund + + * Release 0.1a + +Sat Feb 13 17:12:53 1999 Assar Westerlund + + * lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf + is now a `u_char *' + + * lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int' + + * lib/krb5/get_host_realm.c (krb5_get_host_realm): constize + orig_host + + (krb5_salttype_to_string): new function (RSA_MD5_DES_verify, + RSA_MD5_DES3_verify): initialize ret + + * lib/gssapi/init_sec_context.c (init_auth): remove unnecessary + gssapi_krb5_init. ask for KEYTYPE_DES credentials + + * kadmin/get.c (print_entry_long): print the keytypes and salts + available for the principal + + * configure.in (WFLAGS): add `-O' to catch unitialized variables + and such + (gethostname, mkstemp, getusershell, inet_aton): more tests + + * lib/hdb/hdb.h: update prototypes + + * configure.in: homogenize broken detection with krb4 + + * lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused + `error' + + * lib/asn1/Makefile.am (check-der): add + + * lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead + of `unsigned' + + * lib/asn1/der_length.c (length_unsigned): new function + (length_int): handle signed integers + + * lib/asn1/der_put.c (der_put_unsigned): new function + (der_put_int): handle signed integers + + * lib/asn1/der_get.c (der_get_unsigned): new function + (der_get_int): handle signed integers + + * lib/asn1/der.h: all integer functions take `int' instead of + `unsigned' + + * lib/asn1/lex.l (filename): unused. remove. + + * lib/asn1/check-der.c: new test program for der encoding and + decoding. + +Mon Feb 1 04:09:06 1999 Assar Westerlund + + * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call + gethostbyname2 with AF_INET6 if we actually have IPv6. From + "Brandon S. Allbery KF8NH" + + * lib/krb5/changepw.c (get_kdc_address): dito + +Sun Jan 31 06:26:36 1999 Assar Westerlund + + * kdc/connect.c (parse_prots): always bind to AF_INET, there are + v6-implementations without support for `mapped V4 addresses'. + From Jun-ichiro itojun Hagino + +Sat Jan 30 22:38:27 1999 Assar Westerlund + + * Release 0.0u + +Sat Jan 30 13:43:02 1999 Assar Westerlund + + * lib/krb5/Makefile.am: explicit rules for *.et files + + * lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if + krb5_get_credentials was succesful. + (get_new_cache): return better error codes and return earlier. + (get_cred_cache): only delete default_client if it's different + from client + (kadm5_c_init_with_context): return a more descriptive error. + + * kdc/kerberos5.c (check_flags): handle NULL client or server + + * lib/krb5/sendauth.c (krb5_sendauth): return the error in + `ret_error' iff != NULL + + * lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents): + new functions + + * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more + type-correctness + + * lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR + + * lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use + + * lib/krb5/get_cred.c: KRB5_TGS_NAME: use + + * lib/kafs/afskrb5.c (afslog_uid_int): update to changes + + * lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove + instead of rename, but shouldn't this just call rename? + + * lib/kadm5/get_s.c (kadm5_s_get_principal): always return an + error if the principal wasn't found. + + * lib/hdb/ndbm.c (NDBM_seq): unseal key + + * lib/hdb/db.c (DB_seq): unseal key + + * lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch] + + * kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when + finding cross-realm tgts in the v4 database + + * kadmin/mod.c (mod_entry): check the number of arguments. check + that kadm5_get_principal worked. + + * lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if + we weren't able to remove it. + + * admin/ktutil.c: less drive-by-deleting. From Love + + + * kdc/connect.c (parse_ports): copy the string before mishandling + it with strtok_r + + * kdc/kerberos5.c (tgs_rep2): print the principal with mismatching + kvnos + + * kadmin/kadmind.c (main): convert `debug_port' to network byte + order + + * kadmin/kadmin.c: allow specification of port number. + + * lib/kadm5/kadm5_locl.h (kadm5_client_context): add + `kadmind_port'. + + * lib/kadm5/init_c.c (_kadm5_c_init_context): move up + initalize_kadm5_error_table_r. + allow specification of port number. + + From Love + + * kuser/klist.c: add option -t | --test + diff --git a/crypto/external/bsd/heimdal/dist/ChangeLog.2000 b/crypto/external/bsd/heimdal/dist/ChangeLog.2000 new file mode 100644 index 000000000..a1cb687f5 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/ChangeLog.2000 @@ -0,0 +1,1320 @@ +2000-12-31 Assar Westerlund + + * lib/krb5/test_get_addrs.c (main): handle krb5_init_context + failure consistently + * lib/krb5/string-to-key-test.c (main): handle krb5_init_context + failure consistently + * lib/krb5/prog_setup.c (krb5_program_setup): handle + krb5_init_context failure consistently + * lib/hdb/convert_db.c (main): handle krb5_init_context failure + consistently + * kuser/kverify.c (main): handle krb5_init_context failure + consistently + * kuser/klist.c (main): handle krb5_init_context failure + consistently + * kuser/kinit.c (main): handle krb5_init_context failure + consistently + * kuser/kgetcred.c (main): handle krb5_init_context failure + consistently + * kuser/kdestroy.c (main): handle krb5_init_context failure + consistently + * kuser/kdecode_ticket.c (main): handle krb5_init_context failure + consistently + * kuser/generate-requests.c (generate_requests): handle + krb5_init_context failure consistently + * kpasswd/kpasswd.c (main): handle krb5_init_context failure + consistently + * kpasswd/kpasswd-generator.c (generate_requests): handle + krb5_init_context failure consistently + * kdc/main.c (main): handle krb5_init_context failure consistently + * appl/test/uu_client.c (proto): handle krb5_init_context failure + consistently + * appl/kf/kf.c (main): handle krb5_init_context failure + consistently + * admin/ktutil.c (main): handle krb5_init_context failure + consistently + + * admin/get.c (kt_get): more error checking + +2000-12-29 Assar Westerlund + + * lib/asn1/asn1_print.c (loop): check for length longer than data. + inspired by lha@stacken.kth.se + +2000-12-16 Johan Danielsson + + * admin/ktutil.8: reflect recent changes + + * admin/copy.c: don't copy an entry that already exists in the + keytab, and warn if the keyblock differs + +2000-12-15 Johan Danielsson + + * admin/Makefile.am: merge srvconvert and srvcreate with copy + + * admin/copy.c: merge srvconvert and srvcreate with copy + + * lib/krb5/Makefile.am: always build keytab_krb4.c + + * lib/krb5/context.c: always register the krb4 keytab functions + + * lib/krb5/krb5.h: declare krb4_ftk_ops + + * lib/krb5/keytab_krb4.c: We don't really need to include krb.h + here, since we only use the principal size macros, so define these + here. Theoretically someone could have a krb4 system where these + values are != 40, but this is unlikely, and + krb5_524_conv_principal also assume they are 40. + +2000-12-13 Johan Danielsson + + * lib/krb5/krb5.h: s/krb5_donot_reply/krb5_donot_replay/ + + * lib/krb5/replay.c: fix query-replace-o from MD5 API change, and + the struct is called krb5_donot_replay + +2000-12-12 Assar Westerlund + + * admin/srvconvert.c (srvconvert): do not use data after free:ing + it + +2000-12-11 Assar Westerlund + + * Release 0.3d + +2000-12-11 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 14:0:0 + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 6:3:0 + * lib/krb5/Makefile.am (libkrb5_la_LIBADD): add library + dependencies + +2000-12-10 Johan Danielsson + + * lib/krb5/auth_context.c: implement krb5_auth_con_{get,set}rcache + +2000-12-08 Assar Westerlund + + * lib/krb5/krb5.h (krb5_enctype): add ETYPE_DES3_CBC_NONE_IVEC as + a new pseudo-type + + * lib/krb5/crypto.c (DES_AFS3_CMU_string_to_key): always treat + cell names as lower case + (krb5_encrypt_ivec, krb5_decrypt_ivec): new functions that allow an + explicit ivec to be specified. fix all sub-functions. + (DES3_CBC_encrypt_ivec): new function that takes an explicit ivec + +2000-12-06 Johan Danielsson + + * lib/krb5/Makefile.am: actually build replay cache code + + * lib/krb5/replay.c: implement krb5_get_server_rcache + + * kpasswd/kpasswdd.c: de-pointerise auth_context parameter to + krb5_mk_rep + + * lib/krb5/recvauth.c: de-pointerise auth_context parameter to + krb5_mk_rep + + * lib/krb5/mk_rep.c: auth_context should not be a pointer + + * lib/krb5/auth_context.c: implement krb5_auth_con_genaddrs, and + make setaddrs_from_fd use that + + * lib/krb5/krb5.h: add some more KRB5_AUTH_CONTEXT_* flags + +2000-12-05 Johan Danielsson + + * lib/krb5/Makefile.am: add kerberos.8 manpage + + * lib/krb5/cache.c: check for NULL remove_cred function + + * lib/krb5/fcache.c: pretend that empty files are non-existant + + * lib/krb5/get_addrs.c (find_all_addresses): use getifaddrs, from + Jason Thorpe + +2000-12-01 Assar Westerlund + + * configure.in: remove configure-time generation of krb5-config + * tools/Makefile.am: add generation of krb5-config at make-time + instead of configure-time + + * tools/krb5-config.in: add --prefix and --exec-prefix + +2000-11-30 Assar Westerlund + + * tools/Makefile.am: add krb5-config.1 + * tools/krb5-config.in: add kadm-client and kadm5-server as + libraries + +2000-11-29 Assar Westerlund + + * tools/krb5-config.in: add --prefix, --exec-prefix and gssapi + +2000-11-29 Johan Danielsson + + * configure.in: add roken/Makefile here, since it can't live in + rk_ROKEN + +2000-11-16 Assar Westerlund + + * configure.in: use the libtool -rpath, do not rely on ld + understanding -rpath + + * configure.in: fix the -Wl stuff for krb4 linking add some + gratuitous extra options when linking with an existing libdes + +2000-11-15 Assar Westerlund + + * lib/hdb/hdb.c (hdb_next_enctype2key): const-ize a little bit + * lib/Makefile.am (SUBDIRS): try to only build des when needed + * kuser/klist.c: print key versions numbers of v4 tickets in + verbose mode + + * kdc/kerberos5.c (tgs_rep2): adapt to new krb5_verify_ap_req2 + * appl/test/gss_common.c (read_token): remove unused variable + + * configure.in (krb4): add -Wl + (MD4Init et al): look for these in more libraries + (getmsg): only run test if we have the function + (AC_OUTPUT): create tools/krb5-config + + * tools/krb5-config.in: new script for storing flags to use + * Makefile.am (SUBDIRS): add tools + + * lib/krb5/get_cred.c (make_pa_tgs_req): update to new + krb5_mk_req_internal + * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): allow different + usages for the encryption. change callers + * lib/krb5/rd_req.c (decrypt_authenticator): add an encryption + `usage'. also try the old + (and wrong) usage of KRB5_KU_AP_REQ_AUTH for backwards compatibility + (krb5_verify_ap_req2): new function for specifying the usage different + from the default (KRB5_KU_AP_REQ_AUTH) + * lib/krb5/build_auth.c (krb5_build_authenticator): add a `usage' + parameter to permit the generation of authenticators with + different crypto usage + + * lib/krb5/mk_req.c (krb5_mk_req_exact): new function that takes a + krb5_principal + (krb5_mk_req): use krb5_mk_req_exact + + * lib/krb5/mcache.c (mcc_close): free data + (mcc_destroy): don't free data + +2000-11-13 Assar Westerlund + + * lib/hdb/ndbm.c: handle both ndbm.h and gdbm/ndbm.h + * lib/hdb/hdb.c: handle both ndbm.h and gdbm/ndbm.h + +2000-11-12 Johan Danielsson + + * kdc/hpropd.8: remove extra .Xc + +2000-10-27 Johan Danielsson + + * kuser/kinit.c: fix v4 fallback lifetime calculation + +2000-10-10 Johan Danielsson + + * kdc/524.c: fix log messge + +2000-10-08 Assar Westerlund + + * lib/krb5/changepw.c (krb5_change_password): check for fd's being + too large to select on + * kpasswd/kpasswdd.c (add_new_tcp): check for the socket fd being + too large to select on + * kdc/connect.c (add_new_tcp): check for the socket fd being too + large to selct on + * kdc/connect.c (loop): check that the socket fd is not too large + to select on + * lib/krb5/send_to_kdc.c (recv_loop): check `fd' for being too + large to be able to select on + + * kdc/kaserver.c (do_authenticate): check for time skew + +2000-10-01 Assar Westerlund + + * kdc/524.c (set_address): allocate memory for storing addresses + in if the original request had an empty set of addresses + * kdc/524.c (set_address): fix bad return of pointer to automatic + data + + * config.sub: update to version 2000-09-11 (aka 1.181) from + subversions.gnu.org + + * config.guess: update to version 2000-09-05 (aka 1.156) from + subversions.gnu.org plus some minor tweaks + +2000-09-20 Assar Westerlund + + * Release 0.3c + +2000-09-19 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to + 13:1:0 + + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 6:2:0 + +2000-09-17 Assar Westerlund + + * lib/krb5/rd_req.c (krb5_decrypt_ticket): plug some memory leak + (krb5_rd_req): try not to return an allocated auth_context on error + + * lib/krb5/log.c (krb5_vlog_msg): fix const-ness + +2000-09-10 Assar Westerlund + + * kdc/524.c: re-organize + * kdc/kerberos5.c (tgs_rep2): try to avoid leaking auth_context + * kdc/kerberos4.c (valid_princ): check return value of functions + (encode_v4_ticket): add some const + * kdc/misc.c (db_fetch): check malloc + (free_ent): new function + + * lib/krb5/log.c (krb5_vlog_msg): log just the format string it we + fail to allocate the actual string to log, should at least provide + some hint as to where things went wrong + +2000-09-10 Johan Danielsson + + * kdc/log.c: use DEFAULT_LOG_DEST + + * kdc/config.c: use _PATH_KDC_CONF + + * kdc/kdc_locl.h: add macro constants for kdc.conf, and kdc.log + +2000-09-09 Assar Westerlund + + * lib/krb5/crypto.c (_key_schedule): re-use an existing schedule + +2000-09-06 Johan Danielsson + + * configure.in: fix dpagaix test + +2000-09-05 Assar Westerlund + + * configure.in: with_dce -> enable_dce. noticed by Ake Sandgren + + +2000-09-01 Johan Danielsson + + * kdc/kstash.8: update manual page + + * kdc/kstash.c: fix typo, and remove unused option + + * lib/krb5/kerberos.7: short kerberos intro page + +2000-08-27 Assar Westerlund + + * include/bits.c: add __attribute__ for gcc's pleasure + * lib/hdb/keytab.c: re-write to delay the opening of the database + till it's known which principal is being sought, thereby allowing + the usage of multiple databases, however they need to be specified + in /etc/krb5.conf since all the programs using this keytab do not + read kdc.conf + + * appl/test/test_locl.h (keytab): add + * appl/test/common.c: add --keytab + * lib/krb5/crypto.c: remove trailing commas + (KRB5_KU_USAGE_SEQ): renamed from KRB5_KU_USAGE_MIC + +2000-08-26 Assar Westerlund + + * lib/krb5/send_to_kdc.c (send_via_proxy): handle `http://' at the + beginning of the proxy specification. use getaddrinfo correctly + (krb5_sendto): always return a return code + + * lib/krb5/krb5.h (KRB5_KU_USAGE_MIC): rename to KRB5_KU_USAGE_SEQ + * lib/krb5/auth_context.c (krb5_auth_con_free): handle + auth_context == NULL + +2000-08-23 Assar Westerlund + + * kdc/kerberos5.c (find_type): make sure of always setting + `ret_etype' correctly. clean-up structure some + +2000-08-23 Johan Danielsson + + * lib/krb5/mcache.c: implement resolve + +2000-08-18 Assar Westerlund + + * kuser/kdecode_ticket.c: check return value from krb5_crypto_init + * kdc/kerberos5.c, kdc/524.c: check return value from krb5_crypto_init + * lib/krb5/*.c: check return value from krb5_crypto_init + +2000-08-16 Assar Westerlund + + * Release 0.3b + +2000-08-16 Assar Westerlund + + * lib/krb5/Makefile.am: bump version to 13:0:0 + + * lib/hdb/Makefile.am: set version to 6:1:0 + + * configure.in: do getmsg testing the same way as in krb4 + + * lib/krb5/config_file.c (krb5_config_parse_file_debug): make sure + of closing the file on error + + * lib/krb5/crypto.c (encrypt_internal_derived): free the checksum + after use + + * lib/krb5/warn.c (_warnerr): initialize args to make third, + purify et al happy + +2000-08-13 Assar Westerlund + + * kdc/kerberos5.c: re-write search for keys code. loop over all + supported enctypes in order, looping over all keys of each type, + and picking the one with the v5 default salt preferably + +2000-08-10 Assar Westerlund + + * appl/test/gss_common.c (enet_read): add and use + * lib/krb5/krb5.h (heimdal_version, heimdal_long_version): make + const + + * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): add comment on + checksum type selection + + * lib/krb5/context.c (krb5_init_context): do not leak memory on + failure + (default_etypes): prefer arcfour-hmac-md5 to des-cbc-md5 + + * lib/krb5/principal.c: add fnmatch.h + +2000-08-09 Assar Westerlund + + * configure.in: call AC_PROG_CC and AC_PROG_CPP to make sure later + checks that should require them don't fail + * acconfig.h: add HAVE_UINT17_T + +2000-08-09 Johan Danielsson + + * kdc/mit_dump.c: handle all sorts of weird MIT salt types + +2000-08-08 Johan Danielsson + + * doc/setup.texi: port 212 -> 2121 + + * lib/krb5/principal.c: krb5_principal_match + +2000-08-04 Johan Danielsson + + * lib/asn1/der_get.c: add comment on *why* DCE sometimes used BER + encoding + + * kpasswd/Makefile.am: link with pidfile library + + * kpasswd/kpasswdd.c: write a pid file + + * kpasswd/kpasswd_locl.h: util.h + + * kdc/Makefile.am: link with pidfile library + + * kdc/main.c: write a pid file + + * kdc/headers.h: util.h + +2000-08-04 Assar Westerlund + + * lib/krb5/principal.c (krb5_425_conv_principal_ext): always put + hostnames in lower case + (default_v4_name_convert): add imap + +2000-08-03 Assar Westerlund + + * lib/krb5/crc.c (_krb5_crc_update): const-ize (finally) + +2000-07-31 Johan Danielsson + + * configure.in: check for uint*_t + * include/bits.c: define uint*_t + +2000-07-29 Assar Westerlund + + * kdc/kerberos5.c (check_tgs_flags): set endtime correctly when + renewing, From Derrick J Brashear + +2000-07-28 Assar Westerlund + + * Release 0.3a + +2000-07-27 Assar Westerlund + + * kdc/hprop.c (dump_database): write an empty message to signal + end of dump + +2000-07-26 Assar Westerlund + + * lib/krb5/changepw.c (krb5_change_password): try to be more + careful when not to resend + + * lib/hdb/db3.c: always create a cursor with db3. From Derrick J + Brashear + +2000-07-25 Johan Danielsson + + * lib/hdb/Makefile.am: bump version to 6:0:0 + + * lib/asn1/Makefile.am: bump version to 3:0:1 + + * lib/krb5/Makefile.am: bump version to 12:0:1 + + * lib/krb5/krb5_config.3: manpage + + * lib/krb5/krb5_appdefault.3: manpage + + * lib/krb5/appdefault.c: implementation of the krb5_appdefault set + of functions + +2000-07-23 Assar Westerlund + + * lib/krb5/init_creds_pw.c (change_password): reset forwardable + and proxiable. copy preauthentication list correctly from + supplied options + + * kdc/hpropd.c (main): check that the ticket was for `hprop/' for + paranoid reasons + + * lib/krb5/sock_principal.c (krb5_sock_to_principal): look in + aliases for the real name + +2000-07-22 Johan Danielsson + + * doc/setup.texi: say something about starting kadmind from the + command line + +2000-07-22 Assar Westerlund + + * kpasswd/kpasswdd.c: use kadm5_s_chpass_principal_cond instead of + mis-doing it here + + * lib/krb5/changepw.c (krb5_change_password): make timeout 1 + + 2^{0,1,...}. also keep track if we got an old packet back and + then just wait without sending a new packet + * lib/krb5/changepw.c: use a datagram socket and remove the + sequence numbers + * lib/krb5/changepw.c (krb5_change_password): clarify an + expression, avoiding a warning + +2000-07-22 Johan Danielsson + + * kuser/klist.c: make -a and -n aliases for -v + + * lib/krb5/write_message.c: ws + + * kdc/hprop-common.c: nuke extra definitions of + krb5_read_priv_message et.al + + * lib/krb5/read_message.c (krb5_read_message): return error if EOF + +2000-07-20 Assar Westerlund + + * kpasswd/kpasswd.c: print usage consistently + * kdc/hprop.h (HPROP_KEYTAB): use HDB for the keytab + * kdc/hpropd.c: add --keytab + * kdc/hpropd.c: don't care what principal we recvauth as + + * lib/krb5/get_cred.c: be more careful of not returning creds at + all when an error is returned + * lib/krb5/fcache.c (fcc_gen_new): do mkstemp correctly + +2000-07-19 Johan Danielsson + + * fix-export: use autoreconf + + * configure.in: remove stuff that belong in roken, and remove some + obsolete constructs + +2000-07-18 Johan Danielsson + + * configure.in: fix some typos + + * appl/Makefile.am: dceutil*s* + + * missing: update to missing from automake 1.4a + +2000-07-17 Johan Danielsson + + * configure.in: try to get xlc flags from ibmcxx.cfg use + conditional for X use readline cf macro + + * configure.in: subst AIX compiler flags + +2000-07-15 Johan Danielsson + + * configure.in: pass sixth parameter to test-package; use some + newer autoconf constructs + + * ltmain.sh: update to libtool 1.3c + + * ltconfig: update to libtool 1.3c + + * configure.in: update this to newer auto*/libtool + + * appl/Makefile.am: use conditional for dce + + * lib/Makefile.am: use conditional for dce + +2000-07-11 Johan Danielsson + + * lib/krb5/write_message.c: krb5_write_{priv,save}_message + * lib/krb5/read_message.c: krb5_read_{priv,save}_message + * lib/krb5/convert_creds.c: try port kerberos/88 if no response on + krb524/4444 + + * lib/krb5/convert_creds.c: use krb5_sendto + + * lib/krb5/send_to_kdc.c: add more generic krb5_sendto that send + to a port at arbitrary list of hosts + +2000-07-10 Johan Danielsson + + * doc/misc.texi: language; say something about kadmin del_enctype + +2000-07-10 Assar Westerlund + + * appl/kf/Makefile.am: actually install + +2000-07-08 Assar Westerlund + + * configure.in (AM_INIT_AUTOMAKE): bump to 0.3a-pre + (AC_ROKEN): roken is now at 10 + + * lib/krb5/string-to-key-test.c: add a arcfour-hmac-md5 test case + * kdc/Makefile.am (INCLUDES): add ../lib/krb5 + * configure.in: update for standalone roken + * lib/Makefile.am (SUBDIRS): make roken conditional + * kdc/hprop.c: update to new hdb_seal_keys_mkey + * lib/hdb/mkey.c (_hdb_unseal_keys_int, _hdb_seal_keys_int): + rename and export them + + * kdc/headers.h: add krb5_locl.h (since we just use some stuff + from there) + +2000-07-08 Johan Danielsson + + * kuser/klist.1: update for -f and add some more text for -v + + * kuser/klist.c: use rtbl to format cred listing, add -f and -s + + * lib/krb5/crypto.c: fix type in des3-cbc-none + + * lib/hdb/mkey.c: add key usage + + * kdc/kstash.c: remove writing of old keyfile, and treat + --convert-file as just reading and writing the keyfile without + asking for a new key + + * lib/hdb/mkey.c (read_master_encryptionkey): handle old keytype + based files, and convert the key to cfb64 + + * lib/hdb/mkey.c (hdb_read_master_key): set mkey to NULL before + doing anything else + + * lib/krb5/send_to_kdc.c: use krb5_eai_to_heim_errno + + * lib/krb5/get_for_creds.c: use krb5_eai_to_heim_errno + + * lib/krb5/changepw.c: use krb5_eai_to_heim_errno + + * lib/krb5/addr_families.c: use krb5_eai_to_heim_errno + + * lib/krb5/eai_to_heim_errno.c: convert getaddrinfo error codes to + something that can be passed to get_err_text + +2000-07-07 Assar Westerlund + + * lib/hdb/hdb.c (hdb_next_enctype2key): make sure of skipping + `*key' + + * kdc/kerberos4.c (get_des_key): rewrite some, be more careful + +2000-07-06 Assar Westerlund + + * kdc/kerberos5.c (as_rep): be careful as to now overflowing when + calculating the end of lifetime of a ticket. + + * lib/krb5/context.c (default_etypes): add ETYPE_ARCFOUR_HMAC_MD5 + + * lib/hdb/db3.c: only use a cursor when needed, from Derrick J + Brashear + + * lib/krb5/crypto.c: introduce the `special' encryption methods + that are not like all other encryption methods and implement + arcfour-hmac-md5 + +2000-07-05 Johan Danielsson + + * kdc/mit_dump.c: set initial master key version number to 0 + instead of 1; if we lated bump the mkvno we don't risk using the + wrong key to decrypt + + * kdc/hprop.c: only get master key if we're actually going to use + it; enable reading of MIT krb5 dump files + + * kdc/mit_dump.c: read MIT krb5 dump files + + * lib/hdb/mkey.c (read_master_mit): fix this + + * kdc/kstash.c: make this work with the new mkey code + + * lib/hdb/Makefile.am: add mkey.c, and bump version number + + * lib/hdb/hdb.h: rewrite master key handling + + * lib/hdb/mkey.c: rewrite master key handling + + * lib/krb5/crypto.c: add some more pseudo crypto types + + * lib/krb5/krb5.h: change some funny etypes to use negative + numbers, and add some more + +2000-07-04 Assar Westerlund + + * lib/krb5/krbhst.c (get_krbhst): only try SRV lookup if there are + none in the configuration file + +2000-07-02 Assar Westerlund + + * lib/krb5/keytab_keyfile.c (akf_add_entry): remove unused + variable + + * kpasswd/kpasswd-generator.c: new test program + * kpasswd/Makefile.am: add kpasswd-generator + + * include/Makefile.am (CLEANFILES): add rc4.h + + * kuser/generate-requests.c: new test program + * kuser/Makefile.am (noinst_PROGRAMS): add generate-requests + +2000-07-01 Assar Westerlund + + * configure.in: add --enable-dce and related stuff + * appl/Makefile.am (SUBDIRS): add $(APPL_dce) + +2000-06-29 Assar Westerlund + + * kdc/kerberos4.c (get_des_key): fix thinkos/typos + +2000-06-29 Johan Danielsson + + * admin/purge.c: use parse_time to parse age + + * lib/krb5/log.c (krb5_vlog_msg): use krb5_format_time + + * admin/list.c: add printing of timestamp and key data; some + cleanup + + * lib/krb5/time.c (krb5_format_time): new function to format time + + * lib/krb5/context.c (init_context_from_config_file): init + date_fmt, also do some cleanup + + * lib/krb5/krb5.h: add date_fmt to context + +2000-06-28 Johan Danielsson + + * kdc/{kerberos4,kaserver,524}.c (get_des_key): change to return + v4 or afs keys if possible + +2000-06-25 Johan Danielsson + + * kdc/hprop.c (ka_convert): allow using null salt, and treat 0 + pw_expire as never (from Derrick Brashear) + +2000-06-24 Johan Danielsson + + * kdc/connect.c (add_standard_ports): only listen to port 750 if + serving v4 requests + +2000-06-22 Assar Westerlund + + * lib/asn1/lex.l: fix includes, and lex stuff + * lib/asn1/lex.h (error_message): update prototype + (yylex): add + * lib/asn1/gen_length.c (length_type): fail on malloc error + * lib/asn1/gen_decode.c (decode_type): fail on malloc error + +2000-06-21 Assar Westerlund + + * lib/krb5/get_for_creds.c: be more compatible with MIT code. + From Daniel Kouril + * lib/krb5/rd_cred.c: be more compatible with MIT code. From + Daniel Kouril + * kdc/kerberos5.c (get_pa_etype_info): do not set salttype if it's + vanilla pw-salt, that keeps win2k happy. also do the malloc check + correctly. From Daniel Kouril + +2000-06-21 Johan Danielsson + + * kdc/hprop.c: add hdb keytabs + +2000-06-20 Johan Danielsson + + * lib/krb5/principal.c: back out rev. 1.64 + +2000-06-19 Johan Danielsson + + * kdc/kerberos5.c: pa_* -> KRB5_PADATA_* + + * kdc/hpropd.c: add realm override flag + + * kdc/v4_dump.c: code for reading krb4 dump files + + * kdc/hprop.c: generalize source database handing, add support for + non-standard local realms (from by Daniel Kouril + and Miroslav Ruda ), and + support for using different ports (requested by the Czechs, but + implemented differently) + + * lib/krb5/get_cred.c: pa_* -> KRB5_PADATA_* + + * lib/krb5/get_in_tkt.c: pa_* -> KRB5_PADATA_* + + * lib/krb5/krb5.h: use some definitions from asn1.h + + * lib/hdb/hdb.asn1: use new import syntax + + * lib/asn1/k5.asn1: use distinguished value integers + + * lib/asn1/gen_length.c: support for distinguished value integers + + * lib/asn1/gen_encode.c: support for distinguished value integers + + * lib/asn1/gen_decode.c: support for distinguished value integers + + * lib/asn1/gen.c: support for distinguished value integers + + * lib/asn1/lex.l: add support for more standards like import + statements + + * lib/asn1/parse.y: add support for more standards like import + statements, and distinguished value integers + +2000-06-11 Assar Westerlund + + * lib/krb5/get_for_creds.c (add_addrs): ignore addresses of + unknown type + * lib/krb5/get_for_creds.c (add_addrs): zero memory before + starting to copy memory + +2000-06-10 Assar Westerlund + + * lib/krb5/test_get_addrs.c: test program for get_addrs + * lib/krb5/get_addrs.c (find_all_addresses): remember to add in + the size of ifr->ifr_name when using SA_LEN. noticed by Ken + Raeburn + +2000-06-07 Assar Westerlund + + * configure.in: add db3 detection stuff do not use streamsptys on + HP-UX 11 + * lib/hdb/hdb.h (HDB): add dbc for db3 + * kdc/connect.c (add_standard_ports): also listen on krb524 aka + 4444 + * etc/services.append (krb524): add + * lib/hdb/db3.c: add berkeley db3 interface. contributed by + Derrick J Brashear + * lib/hdb/hdb.h (struct HDB): add + +2000-06-07 Johan Danielsson + + * kdc/524.c: if 524 is not enabled, just generate error reply and + exit + + * kdc/kerberos4.c: if v4 is not enabled, just generate error reply + and exit + + * kdc/connect.c: only listen to port 4444 if 524 is enabled + + * kdc/config.c: add options to enable/disable v4 and 524 requests + +2000-06-06 Johan Danielsson + + * kdc/524.c: handle non-existant server principals (from Daniel + Kouril) + +2000-06-03 Assar Westerlund + + * admin/ktutil.c: print name when failing to open keytab + + * kuser/kinit.c: try also to fallback to v4 when no KDC is found + +2000-05-28 Assar Westerlund + + * kuser/klist.c: continue even we have no v5 ccache. make showing + your krb4 tickets the default (if build with krb4 support) + * kuser/kinit.c: add a fallback that tries to get a v4 ticket if + built with krb4 support and we got back a version error from the + KDC + +2000-05-23 Johan Danielsson + + * lib/krb5/keytab_keyfile.c: make this actually work + +2000-05-19 Assar Westerlund + + * lib/krb5/store_emem.c (emem_store): make it write-compatible + * lib/krb5/store_fd.c (fd_store): make it write-compatible + * lib/krb5/store_mem.c (mem_store): make it write-compatible + * lib/krb5/krb5.h (krb5_storage): make store write-compatible + +2000-05-18 Assar Westerlund + + * configure.in: add stdio.h in dbopen test + +2000-05-16 Assar Westerlund + + * Release 0.2t + +2000-05-16 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:1:0 + * lib/krb5/fcache.c: fix second lseek + * lib/krb5/principal.c (krb5_524_conv_principal): fix typo + +2000-05-15 Assar Westerlund + + * Release 0.2s + +2000-05-15 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:0:0 + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 4:2:1 + * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump to 2:0:0 + * lib/krb5/principal.c (krb5_524_conv_principal): comment-ize, and + simplify string copying + +2000-05-12 Assar Westerlund + + * lib/krb5/fcache.c (scrub_file): new function + (erase_file): re-write, use scrub_file + * lib/krb5/krb5.h (KRB5_DEFAULT_CCFILE_ROOT): add + + * configure.in (dbopen): add header files + + * lib/krb5/krb5.h (krb5_key_usage): add some more + * lib/krb5/fcache.c (erase_file): try to detect symlink games. + also call revoke. + * lib/krb5/changepw.c (krb5_change_password): remember to close + the socket on error + + * kdc/main.c (main): also call sigterm on SIGTERM + +2000-05-06 Assar Westerlund + + * lib/krb5/config_file.c (krb5_config_vget_string_default, + krb5_config_get_string_default): add + +2000-04-25 Assar Westerlund + + * lib/krb5/fcache.c (fcc_initialize): just forget about + over-writing the old cred cache. it's too much of a hazzle trying + to do this safely. + +2000-04-11 Assar Westerlund + + * lib/krb5/crypto.c (krb5_get_wrapped_length): rewrite into + different parts for the derived and non-derived cases + * lib/krb5/crypto.c (krb5_get_wrapped_length): the padding should + be done after having added confounder and checksum + +2000-04-09 Assar Westerlund + + * lib/krb5/get_addrs.c (find_all_addresses): apperently solaris + can return EINVAL when the buffer is too small. cope. + * lib/asn1/Makefile.am (gen_files): add asn1_UNSIGNED.x + * lib/asn1/gen_locl.h (filename): add prototype + (init_generate): const-ize + * lib/asn1/gen.c (filename): new function clean-up a little bit. + * lib/asn1/parse.y: be more tolerant in ranges + * lib/asn1/lex.l: count lines correctly. + (error_message): print filename in messages + +2000-04-08 Assar Westerlund + + * lib/krb5/rd_safe.c (krb5_rd_safe): increment sequence number + after comparing + * lib/krb5/rd_priv.c (krb5_rd_priv): increment sequence number + after comparing + * lib/krb5/mk_safe.c (krb5_mk_safe): make `tmp_seq' unsigned + * lib/krb5/mk_priv.c (krb5_mk_priv): make `tmp_seq' unsigned + * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): make + `seqno' be unsigned + * lib/krb5/mk_safe.c (krb5_mk_safe): increment local sequence + number after the fact and only increment it if we were successful + * lib/krb5/mk_priv.c (krb5_mk_priv): increment local sequence + number after the fact and only increment it if we were successful + * lib/krb5/krb5.h (krb5_auth_context_data): make sequence number + unsigned + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): + `in_tkt_service' can be NULL + +2000-04-06 Assar Westerlund + + * lib/asn1/parse.y: regonize INTEGER (0..UNIT_MAX). + (DOTDOT): add + * lib/asn1/lex.l (DOTDOT): add + * lib/asn1/k5.asn1 (UNSIGNED): add. use UNSIGNED for all sequence + numbers. + * lib/asn1/gen_length.c (length_type): add TUInteger + * lib/asn1/gen_free.c (free_type): add TUInteger + * lib/asn1/gen_encode.c (encode_type, generate_type_encode): add + TUInteger + * lib/asn1/gen_decode.c (decode_type, generate_type_decode): add + TUInteger + * lib/asn1/gen_copy.c (copy_type): add TUInteger + * lib/asn1/gen.c (define_asn1): add TUInteger + * lib/asn1/der_put.c (encode_unsigned): add + * lib/asn1/der_length.c (length_unsigned): add + * lib/asn1/der_get.c (decode_unsigned): add + * lib/asn1/der.h (decode_unsigned, encode_unsigned, + length_unsigned): add prototypes + + * lib/asn1/k5.asn1: update pre-authentication types + * lib/krb5/krb5_err.et: add some error codes from pkinit + +2000-04-05 Assar Westerlund + + * lib/hdb/hdb.c: add support for hdb methods (aka back-ends). + include ldap. + * lib/hdb/hdb-ldap.c: tweak the ifdef to OPENLDAP + * lib/hdb/Makefile.am: add hdb-ldap.c and openldap + * kdc/Makefile.am, kpasswd/Makefile.am, kadmin/Makefile.am: add + * configure.in: bump version to 0.2s-pre add options and testing + for (open)ldap + +2000-04-04 Assar Westerlund + + * configure.in (krb4): fix the krb_mk_req test + +2000-04-03 Assar Westerlund + + * configure.in (krb4): add test for const arguments to krb_mk_req + * lib/45/mk_req.c (krb_mk_req): conditionalize const-ness of + arguments + +2000-04-03 Assar Westerlund + + * Release 0.2r + +2000-04-03 Assar Westerlund + + * lib/krb5/Makefile.am: set version to 10:0:0 + * lib/45/mk_req.c (krb_mk_req): const-ize the arguments + +2000-03-30 Assar Westerlund + + * lib/krb5/principal.c (krb5_425_conv_principal_ext): add some + comments. add fall-back on adding the realm name in lower case. + +2000-03-29 Assar Westerlund + + * kdc/connect.c: remember to repoint all descr->sa to _ss after + realloc as this might have moved the memory around. problem + discovered and diagnosed by Brandon S. Allbery + +2000-03-27 Assar Westerlund + + * configure.in: recognize solaris 2.8 + * config.guess, config.sub: update to current version from + :pserver:anoncvs@subversions.gnu.org:/home/cvs + + * lib/krb5/init_creds_pw.c (print_expire): do not assume anything + about the size of time_t, i.e. make it 64-bit happy + +2000-03-13 Assar Westerlund + + * kuser/klist.c: add support for display v4 tickets + +2000-03-11 Assar Westerlund + + * kdc/kaserver.c (do_authenticate, do_getticket): call check_flags + * kdc/kerberos4.c (do_version4): call check_flags. + * kdc/kerberos5.c (check_flags): make global + +2000-03-10 Assar Westerlund + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): evil + hack to avoid recursion + +2000-03-04 Assar Westerlund + + * kuser/kinit.c: add `krb4_get_tickets' per realm. add --anonymous + * lib/krb5/krb5.h (krb5_get_init_creds_opt): add `anonymous' and + KRB5_GET_INIT_CREDS_OPT_ANONYMOUS + * lib/krb5/init_creds_pw.c (get_init_creds_common): set + request_anonymous flag appropriatly + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_anonymous): + add + + * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): new parameter to + determine whetever to ignore client name of not. always copy + client name from kdc. fix callers. + + * kdc: add support for anonymous tickets + + * kdc/string2key.8: add man-page for string2key + +2000-03-03 Assar Westerlund + + * kdc/hpropd.c (dump_krb4): get expiration date from `valid_end' + and not `pw_end' + + * kdc/kadb.h (ka_entry): fix name pw_end -> valid_end. add some + more fields + + * kdc/hprop.c (v4_prop): set the `valid_end' from the v4 + expiration date instead of the `pw_expire' + (ka_convert): set `valid_end' from ka expiration data and `pw_expire' + from pw_change + pw_expire + (main): add a default database for ka dumping + +2000-02-28 Assar Westerlund + + * lib/krb5/context.c (init_context_from_config_file): change + rfc2052 default to no. 2782 says that underscore should be used. + +2000-02-24 Assar Westerlund + + * lib/krb5/fcache.c (fcc_initialize, fcc_store_cred): verify that + stores and close succeed + * lib/krb5/store.c (krb5_store_creds): check to see that the + stores are succesful. + +2000-02-23 Assar Westerlund + + * Release 0.2q + +2000-02-22 Assar Westerlund + + * lib/krb5/Makefile.am: set version to 9:2:0 + + * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): copy + the correct hostname + + * kdc/connect.c (add_new_tcp): use the correct entries in the + descriptor table + * kdc/connect.c: initialize `descr' uniformly and correctly + +2000-02-20 Assar Westerlund + + * Release 0.2p + +2000-02-19 Assar Westerlund + + * lib/krb5/Makefile.am: set version to 9:1:0 + + * lib/krb5/expand_hostname.c (krb5_expand_hostname): make sure + that realms is filled in even when getaddrinfo fails or does not + return any canonical name + + * kdc/connect.c (descr): add sockaddr and string representation + (*): re-write to use the above mentioned + +2000-02-16 Assar Westerlund + + * lib/krb5/addr_families.c (krb5_parse_address): use + krb5_sockaddr2address to copy the result from getaddrinfo. + +2000-02-14 Assar Westerlund + + * Release 0.2o + +2000-02-13 Assar Westerlund + + * lib/krb5/Makefile.am: set version to 9:0:0 + + * kdc/kaserver.c (do_authenticate): return the kvno of the server + and not the client. Thanks to Brandon S. Allbery KF8NH + and Chaskiel M Grundman + for debugging. + + * kdc/kerberos4.c (do_version4): if an tgs-req is received with an + old kvno, return an error reply and write a message in the log. + +2000-02-12 Assar Westerlund + + * appl/test/gssapi_server.c (proto): with `--fork', create a child + and send over/receive creds with export/import_sec_context + * appl/test/gssapi_client.c (proto): with `--fork', create a child + and send over/receive creds with export/import_sec_context + * appl/test/common.c: add `--fork' / `-f' (only used by gssapi) + +2000-02-11 Assar Westerlund + + * kdc/kdc_locl.h: remove keyfile add explicit_addresses + * kdc/connect.c (init_sockets): pay attention to + explicit_addresses some more comments. better error messages. + * kdc/config.c: add some comments. + remove --key-file. + add --addresses. + + * lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use + proper abstraction + +2000-02-07 Johan Danielsson + + * lib/krb5/changepw.c: use roken_getaddrinfo_hostspec + +2000-02-07 Assar Westerlund + + * Release 0.2n + +2000-02-07 Assar Westerlund + + * lib/krb5/Makefile.am: set version to 8:0:0 + * lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy + (krb5_kt_add_entry): set timestamp + +2000-02-06 Assar Westerlund + + * lib/krb5/krb5.h: add macros for accessing krb5_realm + * lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead + of `int32_t' + + * lib/krb5/replay.c (checksum_authenticator): update to new API + for md5 + + * lib/krb5/krb5.h: remove des.h, it's not needed and applications + should not have to make sure to find it. + +2000-02-03 Assar Westerlund + + * lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to + `out_key' to avoid conflicting with label. reported by Sean Doran + + +2000-02-02 Assar Westerlund + + * lib/krb5/expand_hostname.c: remember to lower-case host names. + bug reported by + + * kdc/kerberos4.c (do_version4): look at check_ticket_addresses + and emulate that by setting krb_ignore_ip_address (not a great + interface but it doesn't seem like the time to go around fixing + libkrb stuff now) + +2000-02-01 Johan Danielsson + + * kuser/kinit.c: change --noaddresses into --no-addresses + +2000-01-28 Assar Westerlund + + * kpasswd/kpasswd.c (main): make sure the ticket is not + forwardable and not proxiable + +2000-01-26 Assar Westerlund + + * lib/krb5/crypto.c: update to pseudo-standard APIs for + md4,md5,sha. some changes to libdes calls to make them more + portable. + +2000-01-21 Assar Westerlund + + * lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to + clean up the correct creds. + +2000-01-16 Assar Westerlund + + * lib/krb5/principal.c (append_component): change parameter to + `const char *'. check malloc + * lib/krb5/principal.c (append_component, va_ext_princ, va_princ): + const-ize + * lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname' + const + * lib/krb5/principal.c (replace_chars): also add space here + * lib/krb5/principal.c: (quotable_chars): add space + +2000-01-12 Assar Westerlund + + * kdc/kerberos4.c (do_version4): check if preauth was required and + bail-out if so since there's no way that could be done in v4. + Return NULL_KEY as an error to the client (which is non-obvious, + but what can you do?) + +2000-01-09 Assar Westerlund + + * lib/krb5/principal.c (krb5_sname_to_principal): use + krb5_expand_hostname_realms + * lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms + * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new + variant of krb5_expand_hostname that tries until it expands into + something that's digestable by krb5_get_host_realm, returning also + the result from that function. + +2000-01-08 Assar Westerlund + + * Release 0.2m + +2000-01-08 Assar Westerlund + + * configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN + + * lib/krb5/Makefile.am: bump version to 7:1:0 + + * lib/krb5/principal.c (krb5_sname_to_principal): use + krb5_expand_hostname + * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle + ai_canonname being set in any of the addresses returnedby + getaddrinfo. glibc apparently returns the reverse lookup of every + address in ai_canonname. + +2000-01-06 Assar Westerlund + + * Release 0.2l + +2000-01-06 Assar Westerlund + + * lib/krb5/Makefile.am: set version to 7:0:0 + * lib/krb5/principal.c (krb5_sname_to_principal): remove `hp' + + * lib/hdb/Makefile.am: set version to 4:1:1 + + * kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms' + * lib/krb5/get_in_tkt.c (add_padata): change types to make + everything work out + (krb5_get_in_cred): remove const to make types match + * lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature + * lib/krb5/principal.c (krb5_sname_to_principal): handle not + getting back a canonname + +2000-01-06 Assar Westerlund + + * Release 0.2k + +2000-01-06 Assar Westerlund + + * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that + we actually parse the port number. based on a patch from Leif + Johansson + +2000-01-02 Assar Westerlund + + * admin/purge.c: remove all non-current and old entries from a + keytab + + * admin: break up ktutil.c into files + + * admin/ktutil.c (list): support --verbose (also listning time + stamps) + (kt_add, kt_get): set timestamp in newly created entries + (kt_change): add `change' command + + * admin/srvconvert.c (srvconv): set timestamp in newly created + entries + * lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp, + always go the a predicatble position on error + * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp + * lib/krb5/keytab_file.c (fkt_add_entry): store timestamp + (fkt_next_entry_int): return timestamp + * lib/krb5/krb5.h (krb5_keytab_entry): add timestamp diff --git a/crypto/external/bsd/heimdal/dist/ChangeLog.2001 b/crypto/external/bsd/heimdal/dist/ChangeLog.2001 new file mode 100644 index 000000000..b048488f8 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/ChangeLog.2001 @@ -0,0 +1,1122 @@ +2001-12-20 Johan Danielsson + + * lib/krb5/crypto.c: use our own des string-to-key function, since + the one from openssl sometimes generates wrong output + +2001-12-05 Jacques Vidrine + + * lib/hdb/mkey.c: fix a bug in which kstash would crash if + there were no /etc/krb5.conf + +2001-11-09 Johan Danielsson + + * lib/krb5/krb5_verify_user.3: sort references (from Thomas + Klausner) + + * lib/krb5/krb5_principal_get_realm.3: add section to reference + (from Thomas Klausner) + + * lib/krb5/krb5_krbhst_init.3: sort references (from Thomas + Klausner) + + * lib/krb5/krb5_keytab.3: white space fixes (from Thomas Klausner) + + * lib/krb5/krb5_get_krbhst.3: remove extra white space (from + Thomas Klausner) + + * lib/krb5/krb5_get_all_client_addrs.3: add section to reference + (from Thomas Klausner) + +2001-10-29 Jacques Vidrine + + * admin/get.c: fix a bug in which a reference to a data + structure on the stack was being kept after the containing + function's lifetime, resulting in a segfault during `ktutil + get'. + +2001-10-22 Assar Westerlund + + * lib/krb5/crypto.c: make all high-level encrypting and decrypting + functions check the return value of the underlying function and + handle errors more consistently. noted by Sam Hartman + + +2001-10-21 Assar Westerlund + + * lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a + non-keyed checksum when it should be non-keyed + +2001-09-29 Assar Westerlund + + * kuser/kinit.1: add the kauth alias + * kuser/kinit.c: allow specification of afslog in krb5.conf, noted + by jhutz@cs.cmu.edu + +2001-09-27 Assar Westerlund + + * lib/asn1/gen.c: remove the need for libasn1.h, also make + generated files include all files from IMPORTed modules + + * lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values + * kpasswd/kpasswd.c: improve error message printing + * lib/krb5/changepw.c (krb5_passwd_result_to_string): add change + to use sequence numbers connect the udp socket so that we can + figure out the local address + +2001-09-25 Assar Westerlund + + * lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED + +2001-09-20 Johan Danielsson + + * lib/krb5/principal.c (krb5_425_conv_principal_ext): try using + lower case realm as domain, but only when given a verification + function + +2001-09-20 Assar Westerlund + + * lib/asn1/der_put.c (der_put_length): do not even try writing + anything when len == 0 + +2001-09-18 Johan Danielsson + + * kdc/hpropd.c: add realm override option + + * lib/krb5/set_default_realm.c (krb5_set_default_realm): make + realm parameter const + + * kdc/hprop.c: more free's + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key + proc data + + * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free + addrinfo + + * lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when + not returning error + +2001-09-16 Assar Westerlund + + * lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time): + make realm const + + * lib/krb5/crypto.c: use des functions to avoid generating + warnings with openssl's prototypes + +2001-09-05 Johan Danielsson + + * configure.in: check for termcap.h + + * lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy + +2001-09-03 Assar Westerlund + + * lib/krb5/addr_families.c (krb5_print_address): handle snprintf + returning < 0. noticed by hin@stacken.kth.se + +2001-09-03 Assar Westerlund + + * Release 0.4e + +2001-09-02 Johan Danielsson + + * kuser/Makefile.am: install kauth as a symlink to kinit + + * kuser/kinit.c: get v4_tickets by default + + * lib/asn1/Makefile.am: fix for broken automake + +2001-08-31 Johan Danielsson + + * lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke + Howard + + * kuser/kinit.1: remove references to kauth + + * kuser/Makefile.am: kauth is no more + + * kuser/kinit.c: use appdefaults for everything. defaults are now + as in kauth. + + * lib/krb5/appdefault.c: also check libdefaults, and realms/realm + + * lib/krb5/context.c (krb5_free_context): free more stuff + +2001-08-30 Johan Danielsson + + * lib/krb5/verify_krb5_conf.c: do some checks of the values in the + file + + * lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling + + * lib/krb5/context.c: don't init srv_try_txt, since it isn't used + anymore + +2001-08-29 Jacques Vidrine + + * configure.in: Check for already-installed com_err. + +2001-08-28 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1 + +2001-08-24 Assar Westerlund + + * kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require + no special treatment now + + * kuser/generate-requests.c: parse arguments in a useful way + * kuser/kverify.c: add --help/--verify + +2001-08-22 Assar Westerlund + + * configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4 + + * configure.in: re-write the handling of crypto libraries. try to + use the one of openssl's libcrypto or krb4's libdes that has all + the required functionality (md4, md5, sha1, des, rc4). if there + is no such library, the included lib/des is built. + + * kdc/headers.h: include libutil.h if it exists + * kpasswd/kpasswd_locl.h: include libutil.h if it exists + * kdc/kerberos4.c (get_des_key): check for null keys even if + is_server + +2001-08-21 Assar Westerlund + + * lib/asn1/asn1_print.c: print some size_t correctly + * configure.in: remove extra space after -L check for libutil.h + +2001-08-17 Johan Danielsson + + * kdc/kdc_locl.h: fix prototype for get_des_key + + * kdc/kaserver.c: fix call to get_des_key + + * kdc/524.c: fix call to get_des_key + + * kdc/kerberos4.c (get_des_key): if getting a key for a server, + return any des-key not just keys that can be string-to-keyed by + the client + +2001-08-10 Assar Westerlund + + * Release 0.4d + +2001-08-10 Assar Westerlund + + * configure.in: check for openpty + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0 + +2001-08-08 Assar Westerlund + + * configure.in: just add -L (if required) from krb4 when testing + for libdes/libcrypto + +2001-08-04 Assar Westerlund + + * lib/krb5/Makefile.am (man_MANS): add some missing man pages + * fix-export: fix the sed expression for finding the man pages + +2001-07-31 Assar Westerlund + + * kpasswd/kpasswd-generator.c (main): implement --version and + --help + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to + 18:1:1 + +2001-07-27 Assar Westerlund + + * lib/krb5/context.c (init_context_from_config_file): check + parsing of addresses + +2001-07-26 Assar Westerlund + + * lib/krb5/sock_principal.c (krb5_sock_to_principal): rename + sa_len -> salen to avoid the macro that's defined on irix. noted + by "Jacques A. Vidrine" + +2001-07-24 Johan Danielsson + + * lib/krb5/addr_families.c: add support for type + KRB5_ADDRESS_ADDRPORT + + * lib/krb5/addr_families.c (krb5_address_order): complain about + unsuppored address types + +2001-07-23 Johan Danielsson + + * admin/get.c: don't open connection to server until we loop over + the principals, at that time we know the realm of the (first) + principal and we can default to that admin server + + * admin: add a rename command + +2001-07-19 Assar Westerlund + + * kdc/hprop.c (usage): clarify a tiny bit + +2001-07-19 Assar Westerlund + + * Release 0.4c + +2001-07-19 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to + 18:0:1 + + * lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave + the same way as the MIT function + + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0 + * lib/krb5/sock_principal.c (krb5_sock_to_principal): use + getnameinfo + + * lib/krb5/krbhst.c (srv_find_realm): handle port numbers + consistenly in local byte order + + * lib/krb5/get_default_realm.c (krb5_get_default_realm): set an + error string + + * kuser/kinit.c (renew_validate): invert condition correctly. get + v4 tickets if we succeed renewing + * lib/krb5/principal.c (krb5_principal_get_type): add + (default_v4_name_convert): add "smtp" + +2001-07-13 Assar Westerlund + + * configure.in: remove make-print-version from LIBOBJS, it's no + longer in lib/roken but always built in lib/vers + +2001-07-12 Johan Danielsson + + * lib/hdb/mkey.c: more set_error_string + +2001-07-12 Assar Westerlund + + * lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library + dependencies + + * lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library + dependencies + +2001-07-11 Johan Danielsson + + * kdc/hprop.c: remove v4 master key handling; remove old v4-db and + ka-db flags; add defaults for v4_realm and afs_cell + +2001-07-09 Assar Westerlund + + * lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname + before calling krb5_sname_to_principal. from "Jacques A. Vidrine" + + +2001-07-08 Johan Danielsson + + * lib/krb5/context.c: use krb5_copy_addresses instead of + copy_HostAddresses + +2001-07-06 Assar Westerlund + + * configure.in (LIB_des_a, LIB_des_so): add these so that they can + be used by lib/auth/sia + + * kuser/kinit.c: re-do some of the v4 fallbacks: look at + get-tokens flag do not print extra errors do not try to do 524 if + we got tickets from a v4 server + +2001-07-03 Assar Westerlund + + * lib/krb5/replay.c (krb5_get_server_rcache): cast argument to + printf + + * lib/krb5/get_addrs.c (find_all_addresses): call free_addresses + on ignore_addresses correctly + * lib/krb5/init_creds.c + (krb5_get_init_creds_opt_set_default_flags): change to take a + const realm + + * lib/krb5/principal.c (krb5_425_conv_principal_ext): if the + instance is the first component of the local hostname, the + converted host should be the long hostname. from + + +2001-07-02 Johan Danielsson + + * lib/krb5/Makefile.am: address.c is no more; add a couple of + manpages + + * lib/krb5/krb5_timeofday.3: new manpage + + * lib/krb5/krb5_get_all_client_addrs.3: new manpage + + * lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as + wildcard + + * lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as + wildcard + + * lib/krb5/get_addrs.c: don't include client addresses that match + ignore_addresses + + * lib/krb5/context.c: initialise ignore_addresses + + * lib/krb5/addr_families.c: add new `arange' fake address type, + that matches more than one address; this required some internal + changes to many functions, so all of address.c got moved here + (wasn't much left there) + + * lib/krb5/krb5.h: add list of ignored addresses to context + +2001-07-03 Assar Westerlund + + * Release 0.4b + +2001-07-03 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0 + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0 + +2001-07-03 Assar Westerlund + + * Release 0.4a + +2001-07-02 Johan Danielsson + + * kuser/kinit.c: make this compile without krb4 support + + * lib/krb5/write_message.c: remove priv parameter from + write_safe_message; don't know why it was there in the first place + + * doc/install.texi: remove kaserver switches, it's always compiled + in now + + * kdc/hprop.c: always include kadb support + + * kdc/kaserver.c: always include kaserver support + +2001-07-02 Assar Westerlund + + * kpasswd/kpasswdd.c (doit): make failing to bind a socket a + non-fatal error, and abort if no sockets were bound + +2001-07-01 Assar Westerlund + + * lib/krb5/krbhst.c: remember the real port number when falling + back from kpasswd -> kadmin, and krb524 -> kdc + +2001-06-29 Assar Westerlund + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if + no_addresses is set, do not add any local addresses to KRB_CRED + + * kuser/kinit.c: remove extra clearing of password and some + redundant code + +2001-06-29 Johan Danielsson + + * kuser/kinit.c: move ticket conversion code to separate function, + and call that from a couple of places, like when renewing a + ticket; also add a flag for just converting a ticket + + * lib/krb5/init_creds_pw.c: set renew-life to some sane value + + * kdc/524.c: don't send more data than required + +2001-06-24 Assar Westerlund + + * lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns + + * lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY: + (any_start_seq_get): remove a double free + (any_next_entry): iterate over all (sub) keytabs and avoid leave data + around to be freed again + + * kdc/kdc_locl.h: add a define for des_new_random_key when using + openssl's libcrypto + + * configure.in: move v6 tests down + + * lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052 + + * update to libtool 1.4 and autoconf 2.50 + +2001-06-22 Johan Danielsson + + * lib/hdb/hdb.c: use krb5_add_et_list + +2001-06-21 Johan Danielsson + + * lib/hdb/Makefile.am: add generation number + * lib/hdb/common.c: add generation number code + * lib/hdb/hdb.asn1: add generation number + * lib/hdb/print.c: use krb5_storage to make it more dynamic + +2001-06-21 Assar Westerlund + + * lib/krb5/krb5.conf.5: update to changed names used by + krb5_get_init_creds_opt_set_default_flags + * lib/krb5/init_creds.c + (krb5_get_init_creds_opt_set_default_flags): make the appdefault + keywords have the same names + + * configure.in: only add -L and -R to the krb4 libdir if we are + actually using it + + * lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing + dot of hostname add some comments + * lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when + testing for kerberos.REALM. this allows reusing that information + when actually contacting the server and thus avoids one DNS lookup + +2001-06-20 Johan Danielsson + + * lib/krb5/krb5.h: include k524_err.h + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test + for keytype, the server will do this for us if it has anything to + complain about + + * lib/krb5/context.c: add protocol compatible krb524 error codes + + * lib/krb5/Makefile.am: add protocol compatible krb524 error codes + + * lib/krb5/k524_err.et: add protocol compatible krb524 error codes + + * lib/krb5/krb5_principal_get_realm.3: manpage + + * lib/krb5/principal.c: add functions `krb5_principal_get_realm' + and `krb5_principal_get_comp_string' that returns parts of a + principal; this is a replacement for the internal + `krb5_princ_realm' and `krb5_princ_component' macros that everyone + seem to use + +2001-06-19 Assar Westerlund + + * kuser/kinit.c (main): dereference result from krb5_princ_realm. + from Thomas Nystrom + +2001-06-18 Johan Danielsson + + * lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done + * lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak + * lib/krb5/krbhst.c (config_get_hosts): free hostlist + * kuser/kinit.c: free principal + +2001-06-18 Assar Westerlund + + * lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra + freeaddrinfo + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache): + remove some unused variables + + * lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly + * kdc/kerberos5.c: update to new krb5_auth_con* names + * kdc/hpropd.c: update to new krb5_auth_con* names + * lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions + and remove some comments + * lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right + order: remote - local - session + * lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the + auth_context + * lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct + order: remote - local - session + * lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order, + local - remote - session + +2001-06-18 Johan Danielsson + + * lib/krb5/convert_creds.c: use starttime instead of authtime, + from Chris Chiappa + + * lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match + the MIT function by the same name; add + krb524_convert_creds_kdc_ccache that does what the old version did + + * admin/list.c (do_list): make sure list of keys is NULL + terminated; similar to patch sent by Chris Chiappa + +2001-06-18 Assar Westerlund + + * lib/krb5/mcache.c (mcc_remove_cred): use + krb5_free_creds_contents + + * lib/krb5/auth_context.c: name function krb5_auth_con more + consistenly + * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use + renamed krb5_auth_con_getauthenticator + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to + use krb5_krbhst API + * lib/krb5/changepw.c (krb5_change_password): update to use + krb5_krbhst API + * lib/krb5/send_to_kdc.c: update to use krb5_krbhst API + * lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port + in krb5_krbhst_info + (krb5_krbhst_free): free everything + + * lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add + (krb5_krbhst_info): add def_port (default port for this service) + + * lib/krb5/krbhst-test.c: make it more verbose and useful + * lib/krb5/krbhst.c: remove some more memory leaks do not try any + dns operations if there is local configuration admin: fallback to + kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin + add some comments + + * configure.in: remove initstate and setstate, they should be in + cf/roken-frag.m4 + + * lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test + * lib/krb5/krbhst-test.c: new program for testing krbhst + * lib/krb5/krbhst.c (common_init): remove memory leak + (main): move test program into krbhst-test + +2001-06-17 Johan Danielsson + + * lib/krb5/krb5_krbhst_init.3: manpage + + * lib/krb5/krb5_get_krbhst.3: manpage + +2001-06-16 Johan Danielsson + + * lib/krb5/krb5.h: add opaque krb5_krbhst_handle type + + * lib/krb5/krbhst.c: change void* to krb5_krbhst_handle + + * lib/krb5/krb5.h: types for new krbhst api + + * lib/krb5/krbhst.c: implement a new api that looks up one host at + a time, instead of making a list of hosts + +2001-06-09 Johan Danielsson + + * configure.in: test for initstate and setstate + + * lib/krb5/krbhst.c: remove rfc2052 support + +2001-06-08 Johan Danielsson + + * fix some manpages for broken mdoc.old grog test + +2001-05-28 Assar Westerlund + + * lib/krb5/krb5.conf.5: add [appdefaults] + * lib/krb5/init_creds_pw.c: remove configuration reading that is + now done in krb5_get_init_creds_opt_set_default_flags + * lib/krb5/init_creds.c + (krb5_get_init_creds_opt_set_default_flags): add reading of + libdefaults versions of these and add no_addresses + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string + when preauth was required and we retry + +2001-05-25 Assar Westerlund + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call + krb5_get_krb524hst + * lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the + support functions + +2001-05-22 Assar Westerlund + + * kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec + properly + +2001-05-17 Assar Westerlund + + * Release 0.3f + +2001-05-17 Assar Westerlund + + * lib/krb5/Makefile.am: bump version to 16:0:0 + * lib/hdb/Makefile.am: bump version to 7:1:0 + * lib/asn1/Makefile.am: bump version to 5:0:0 + * lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4 + * lib/krb5/codec.c: remove dead code + +2001-05-17 Johan Danielsson + + * kdc/config.c: actually check the ticket addresses + +2001-05-15 Assar Westerlund + + * lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct + parenthesis + + * lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add + `errno' (called system_error) to allow callers to make sure they + pass the current and relevant value. update callers + +2001-05-14 Johan Danielsson + + * lib/krb5/verify_user.c: krb5_verify_user_opt + + * lib/krb5/krb5.h: verify_opt + + * kdc/kerberos5.c: pass context to krb5_domain_x500_decode + +2001-05-14 Assar Westerlund + + * kpasswd/kpasswdd.c: adapt to new address functions + * kdc/kerberos5.c: adapt to changing address functions use LR_TYPE + * kdc/connect.c: adapt to changing address functions + * kdc/config.c: new krb5_config_parse_file + * kdc/524.c: new krb5_sockaddr2address + * lib/krb5/*: add some krb5_{set,clear}_error_string + + * lib/asn1/k5.asn1 (LR_TYPE): add + * lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x + +2001-05-11 Assar Westerlund + + * kdc/kerberos5.c (tsg_rep): fix typo in variable name + + * kpasswd/kpasswd-generator.c (nop_prompter): update prototype + * lib/krb5/init_creds_pw.c: update to new prompter, use prompter + types and send two prompts at once when changning password + * lib/krb5/prompter_posix.c (krb5_prompter_posix): add name + * lib/krb5/krb5.h (krb5_prompt): add type + (krb5_prompter_fct): add anem + + * lib/krb5/cache.c (krb5_cc_next_cred): transpose last two + paramaters to krb5_cc_next_cred (as MIT does, and not as they + document). From "Jacques A. Vidrine" + +2001-05-11 Johan Danielsson + + * lib/krb5/Makefile.am: store-test + + * lib/krb5/store-test.c: simple bit storage test + + * lib/krb5/store.c: add more byteorder storage flags + + * lib/krb5/krb5.h: add more byteorder storage flags + + * kdc/kerberos5.c: don't use NULL where we mean 0 + + * kdc/kerberos5.c: put referral test code in separate function, + and test for KRB5_NT_SRV_INST + +2001-05-10 Assar Westerlund + + * admin/list.c (do_list): do not close the keytab if opening it + failed + * admin/list.c (do_list): always print complete names. print + everything to stdout. + * admin/list.c: print both v5 and v4 list by default + * admin/remove.c (kt_remove): reorganize some. open the keytab + (defaulting to the modify one). + * admin/purge.c (kt_purge): reorganize some. open the keytab + (defaulting to the modify one). correct usage strings + * admin/list.c (kt_list): reorganize some. open the keytab + * admin/get.c (kt_get): reorganize some. open the keytab + (defaulting to the modify one) + * admin/copy.c (kt_copy): default to modify key name. re-organise + * admin/change.c (kt_change): reorganize some. open the keytab + (defaulting to the modify one) + * admin/add.c (kt_add): reorganize some. open the keytab + (defaulting to the modify one) + * admin/ktutil.c (main): do not open the keytab, let every + sub-function handle it + + * kdc/config.c (configure): call free_getarg_strings + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for + a few more errors + + * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make + `use_dns' parameter boolean + + * lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify + * lib/krb5/context.c (init_context_from_config_file): set + default_keytab_modify + * lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to + ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab + (KEYTAB_DEFAULT_MODIFY): add + * lib/krb5/keytab.c (krb5_kt_default_modify_name): add + (krb5_kt_resolve): set error string for failed keytab type + +2001-05-08 Assar Westerlund + + * lib/krb5/crypto.c (encryption_type): make field names more + consistent + (create_checksum): separate usage and type + (krb5_create_checksum): add a separate type parameter + (encrypt_internal): only free once on mismatched checksum length + + * lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what + realm we didn't manage to reach any KDC for in the error string + + * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free + the entire subkey. from + +2001-05-07 Johan Danielsson + + * lib/krb5/keytab_keyfile.c (akf_start_seq_get): return + KT_NOTFOUND if the file is empty + +2001-05-07 Assar Westerlund + + * lib/krb5/fcache.c: call krb5_set_error_string when open fails + fatally + * lib/krb5/keytab_file.c: call krb5_set_error_string when open + fails fatally + + * lib/krb5/warn.c (_warnerr): print error_string in context in + preference to error string derived from error code + * kuser/kinit.c (main): try to print the error string + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible + error strings for errors + + * lib/krb5/krb5.h (krb5_context_data): add error_string and + error_buf + * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c + * lib/krb5/error_string.c: new file + +2001-05-02 Johan Danielsson + + * lib/krb5/time.c: krb5_string_to_deltat + + * lib/krb5/sock_principal.c: one less data copy + + * lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's + + * lib/krb5/get_default_principal.c: change this slightly + + * lib/krb5/crypto.c: make checksum_types into an array of pointers + + * lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc + ticket + +2001-04-29 Assar Westerlund + + * kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for + the right realm if we fail to find a non-krbtgt service in the + database and the second component does a succesful non-dns lookup + to get the real realm (which has to be different from the + originally-supplied realm). this should help windows 2000 clients + that always start their lookups in `their' realm and do not have + any idea of how to map hostnames into realms + * kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm + +2001-04-27 Johan Danielsson + + * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra + parameter to request use of dns or not + +2001-04-25 Assar Westerlund + + * admin/get.c (kt_get): allow specification of encryption types + * lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to + close an unopened ccache, noted by + + * lib/krb5/krb5.h (krb5_any_ops): add declaration + * lib/krb5/context.c (init_context_from_config_file): register + krb5_any_ops + + * lib/krb5/keytab_any.c: new file, implementing union of keytabs + * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c + + * lib/krb5/init_creds_pw.c (get_init_creds_common): handle options + == NULL. noted by + +2001-04-19 Johan Danielsson + + * lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything + else, from Jacques Vidrine + +2001-04-18 Johan Danielsson + + * lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h + + * lib/asn1/Makefile.am: add asn1_ENCTYPE.x + + * lib/krb5/krb5.h: adapt to asn1 changes + + * lib/asn1/k5.asn1: move enctypes here + + * lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid + conflicts + + * lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid + conflicts + + * lib/asn1/lex.l: use strtol to parse constants + +2001-04-06 Johan Danielsson + + * kuser/kinit.c: add simple support for running commands + +2001-03-26 Assar Westerlund + + * lib/hdb/hdb-ldap.c: change order of includes to allow it to work + with more versions of openldap + + * kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error + replies + (*): update callers of krb5_km_error + (check_tgs_flags): handle renews requesting non-renewable tickets + + * lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime + and cusec + + * lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add + compatibility names + + * lib/krb5/crypto.c (create_checksum): change so that `type == 0' + means pick from the `crypto' (context) and otherwise use that + type. this is not a large change in practice and allows callers + to specify the exact checksum algorithm to use + +2001-03-13 Assar Westerlund + + * lib/krb5/get_cred.c (get_cred_kdc): add support for falling back + to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad + integrity'. this helps for talking to old (pre 0.3d) KDCs + +2001-03-12 Assar Westerlund + + * lib/krb5/crypto.c (krb5_derive_key): new function, used by + derived-key-test.c + * lib/krb5/string-to-key-test.c: add new test vectors posted by + Ken Raeburn in to + ietf-krb-wg@anl.gov + * lib/krb5/n-fold-test.c: more test vectors from same source + * lib/krb5/derived-key-test.c: more tests from same source + +2001-03-06 Assar Westerlund + + * acconfig.h: include roken_rename.h when appropriate + +2001-03-06 Assar Westerlund + + * lib/krb5/krb5.h (krb5_enctype): remove trailing comma + +2001-03-04 Assar Westerlund + + * lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for + compatibility with MIT krb5 + +2001-03-02 Assar Westerlund + + * kuser/kinit.c (main): only request a renewable ticket when + explicitly requested. it still gets a renewable one if the renew + life is specified + * kuser/kinit.c (renew_validate): treat -1 as flags not being set + +2001-02-28 Johan Danielsson + + * lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list + +2001-02-27 Johan Danielsson + + * lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt + +2001-02-25 Assar Westerlund + + * configure.in: do not use -R when testing for des functions + +2001-02-14 Assar Westerlund + + * configure.in: test for lber.h when trying to link against + openldap to handle openldap v1, from Sumit Bose + + +2001-02-19 Assar Westerlund + + * lib/asn1/libasn1.h: add string.h (for memset) + +2001-02-15 Assar Westerlund + + * lib/krb5/warn.c (_warnerr): add printf attributes + * lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address + returned by getaddrinfo before trying the next kdc. from + thorpej@netbsd.org + + * lib/krb5/krb5.conf.5: fix default_realm in example + + * kdc/connect.c: fix a few kdc_log format types + + * configure.in: try to handle libdes/libcrypto ont requiring -L + +2001-02-10 Assar Westerlund + + * lib/asn1/gen_decode.c (generate_type_decode): zero the data at + the beginning of the generated function, and add a label `fail' + that the code jumps to in case of errors that frees all allocated + data + +2001-02-07 Assar Westerlund + + * configure.in: aix dce: fix misquotes, from Ake Sandgren + + + * configure.in (dpagaix_LDFLAGS): try to add export file + +2001-02-05 Assar Westerlund + + * lib/krb5/krb5_keytab.3: new man page, contributed by + + + * kdc/kaserver.c: update to new db_fetch4 + +2001-02-05 Assar Westerlund + + * Release 0.3e + +2001-01-30 Assar Westerlund + + * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key + properly + (kdb_prop): decrypt key properly + * kdc/hprop.c: handle building with KRB4 always try to decrypt v4 + data with the master key leave it up to the v5 how to encrypt with + that master key + + * kdc/kstash.c: include file name in error messages + * kdc/hprop.c: fix a typo and check some more return values + * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s + correctly. From Jacques Vidrine + * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than + ENOENT + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to + 15:0:0 + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0 + * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2 + * kdc/misc.c (db_fetch): return an error code. change callers to + look at this and try to print it in log messages + + * lib/krb5/crypto.c (decrypt_internal_derived): check that there's + enough data + +2001-01-29 Assar Westerlund + + * kdc/hprop.c (realm_buf): move it so it becomes properly + conditional on KRB4 + + * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey, + hdb_unseal_keys, hdb_seal_keys): check that we have the correct + master key and that we manage to decrypt the key properly, + returning an error code. fix all callers to check return value. + + * tools/krb5-config.in: use @LIB_des_appl@ + * tools/Makefile.am (krb5-config): add LIB_des_appl + * configure.in (LIB_des): set correctly + (LIB_des_appl): add for the use by krb5-config.in + + * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write} + to make sure of not dropping data when doing it over a socket. + (this might break when used with ordinary files on win32) + + * lib/hdb/hdb_err.et (NO_MKEY): add + + * kdc/kerberos5.c (as_rep): be paranoid and check + krb5_enctype_to_string for failure, noted by + + * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3, + lib/krb5/krb5_auth_context.3: add new man pages, contributed by + + + * use the openssl api for md4/md5/sha and handle openssl/*.h + + * kdc/kaserver.c (do_getticket): check length of ticket. noted by + + +2001-01-28 Assar Westerlund + + * configure.in: send -R instead of -rpath to libtool to set + runtime library paths + + * lib/krb5/Makefile.am: remove all dependencies on libkrb + +2001-01-27 Assar Westerlund + + * appl/rcp: add port of bsd rcp changed to use existing rsh, + contributed by Richard Nyberg + +2001-01-27 Johan Danielsson + + * lib/krb5/get_port.c: don't warn if the port name can't be found, + nobody cares anyway + +2001-01-26 Johan Danielsson + + * kdc/hprop.c: make it possible to convert a v4 dump file without + having any v4 libraries; the kdb backend still require them + + * kdc/v4_dump.c: include shadow definition of kdb Principal, so we + don't have to depend on any v4 libraries + + * kdc/hprop.h: include shadow definition of kdb Principal, so we + don't have to depend on any v4 libraries + + * lib/hdb/print.c: reduce number of memory allocations + + * lib/hdb/mkey.c: add support for reading krb4 /.k files + +2001-01-19 Assar Westerlund + + * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server + for realms document capath better + + * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look + at kpasswd_server before admin_server + + * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in + [libdefaults]capath for better hint of realm to send request to. + this allows the client to specify `realm routing information' in + case it cannot be done at the server (which is preferred) + + * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as + zero when we were expecting a sequence number. MIT krb5 cannot + generate a sequence number of zero, instead generating no sequence + number + * lib/krb5/rd_safe.c (krb5_rd_safe): dito + +2001-01-11 Assar Westerlund + + * kpasswd/kpasswdd.c: add --port option + +2001-01-10 Assar Westerlund + + * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition + just before returning + +2001-01-09 Assar Westerlund + + * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred + +2001-01-05 Johan Danielsson + + * kuser/kinit.c: call a time `time', and not `seconds' + + * lib/krb5/init_creds.c: not much point in setting the anonymous + flag here + + * lib/krb5/krb5_appdefault.3: document appdefault_time + +2001-01-04 Johan Danielsson + + * lib/krb5/verify_user.c: use + krb5_get_init_creds_opt_set_default_flags + + * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags + + * lib/krb5/init_creds.c: new function + krb5_get_init_creds_opt_set_default_flags to set options from + krb5.conf + + * lib/krb5/rd_cred.c: make this match the MIT function + + * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL + def_val + (krb5_appdefault_time): new function + +2001-01-03 Assar Westerlund + + * kdc/hpropd.c (main): handle EOF when reading from stdin diff --git a/crypto/external/bsd/heimdal/dist/ChangeLog.2002 b/crypto/external/bsd/heimdal/dist/ChangeLog.2002 new file mode 100644 index 000000000..8101be147 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/ChangeLog.2002 @@ -0,0 +1,726 @@ +2002-12-19 Johan Danielsson + + * lib/krb5/mk_rep.c: free allocated storage; reported by Howard + Chu + +2002-12-08 Johan Danielsson + + * kdc/kdc_locl.h: remove old encrypt_v4_ticket prototype + +2002-12-02 Johan Danielsson + + * kpasswd/kpasswdd.c (doit): initialise sa_size to size of + sockaddr_storage + + * kdc/connect.c (init_socket): initialise sa_size to size of + sockaddr_storage + +2002-11-15 Johan Danielsson + + * lib/krb5/krb5.h: remove trailing comma in enum + +2002-11-07 Johan Danielsson + + * kdc/524.c: implement crude b2 style (non-)conversion for use + with afs + + * kdc/kerberos4.c: move encrypt_v4_ticket to 524.c, since that's + where it's used + +2002-10-21 Johan Danielsson + + * lib/krb5/keytab_keyfile.c: more strcspn + + * lib/krb5/store_emem.c (emem_store): limit how much we allocate + (from Olaf Kirch) + + * lib/krb5/principal.c: don't allow trailing backslashes in + components + + * kdc/connect.c: check that %-quotes are followed by two hex + digits + + * lib/krb5/keytab_any.c: properly close the open keytabs (from + Larry Greenfield) + + * kdc/kaserver.c: make sure life is positive (from John Godehn) + +2002-10-17 Johan Danielsson + + * kuser/klist.c (display_tokens): allow tokens up to size of + buffer (from Magnus Holmberg) + +2002-09-29 Johan Danielsson + + * lib/krb5/changepw.c (process_reply): fix reply length check + calculation (reported by various people) + +2002-09-24 Johan Danielsson + + * lib/krb5/keytab_file.c (fkt_remove_entry): check return value + from start_seq_get (from Wynn Wilkes) + +2002-09-19 Johan Danielsson + + * lib/krb5/context.c (krb5_set_config_files): return ENXIO instead + of ENOENT when "unconfigured" + +2002-09-16 Jacques Vidrine + + * lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn + to convert the newline to NUL in fgets results. + +2002-09-13 Johan Danielsson + + * kuser/kinit.1: remove unneeded Ns + + * lib/krb5/krb5_appdefault.3: remove extra "application" + + * fix-export: remove autom4ate.cache + +2002-09-10 Johan Danielsson + + * include/make_crypto.c: don't use function macros if possible + + * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX + + * include/Makefile.am: use make_crypto to create crypto-headers.h + + * include/make_crypto.c: crypto header generation tool + + * configure.in: move crypto test to just after testing for krb4, + and move roken tests to after both, this speeds up various failure + cases with krb4 + + * lib/krb5/config_file.c: don't use NULL when we mean 0 + + * configure.in: we don't set package_libdir anymore, so no point + in testing for it + + * tools/Makefile.am: subst INCLUDE_des + + * tools/krb5-config.in: add INCLUDE_des to cflags + + * configure.in: use AC_CONFIG_SRCDIR + + * fix-export: remove some unneeded stuff + + * kuser/kinit.c (do_524init): free principals + +2002-09-09 Jacques Vidrine + + * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding), + kdc/kaserver.c (krb5_ret_xdr_data), + lib/krb5/transited.c (krb5_domain_x500_decode): Validate some + counts: Check that they are non-negative, and that they are small + enough to avoid integer overflow when used in memory allocation + calculations. Potential problem areas pointed out by + Sebastian Krahmer . + + * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when + creating a new keyfile. + +2002-09-09 Johan Danielsson + + * configure.in: don't try to build pam module + +2002-09-05 Johan Danielsson + + * appl/kf/kf.c: fix warning string + + * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we + know we need it + +2002-09-04 Assar Westerlund + + * kdc/kerberos5.c (encode_reply): correct error logging + +2002-09-04 Johan Danielsson + + * lib/krb5/sendauth.c: close ccache if we opened it + + * appl/kf/kf.c: handle new protocol + + * appl/kf/kfd.c: use krb5_err instead of sysloging directly, + handle the new protocol, and bail out if an old client tries to + connect + + * appl/kf/kf_locl.h: we need a protocol version string + + * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE + + * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE + + * kdc/hprop.c: set AP_OPTS_USE_SUBKEY + + * lib/hdb/common.c: use ASN1_MALLOC_ENCODE + + * lib/asn1/gen.c: add convenience macro that allocates a buffer + and encoded into that + + * lib/krb5/get_cred.c (init_tgs_req): use + in_creds->session.keytype literally instead of trying to convert + to a list of enctypes (it should already be an enctype) + + * lib/krb5/get_cred.c (init_tgs_req): init ret + +2002-09-03 Johan Danielsson + + * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC + + * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC + + * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use + zero ivec in DES3_CBC_encrypt if passed ivec is NULL + + * lib/krb5/Makefile.am: back out 1.144, since it will re-create + krb5-protos.h at build-time, which requires perl, which is bad + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't + blindly use the local subkey + + * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that + extracts the required blocksize from a crypto context + + * lib/krb5/build_auth.c: just get the length of the encoded + authenticator instead of trying to grow a buffer + +2002-09-03 Assar Westerlund + + * configure.in: add --disable-mmap option, and tests for + sys/mman.h and mmap + +2002-09-03 Jacques Vidrine + + * lib/krb5/changepw.c: verify lengths in response + + * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for + truncated integers + +2002-09-02 Johan Danielsson + + * lib/krb5/mk_req_ext.c: generate a local subkey if + AP_OPTS_USE_SUBKEY is set + + * lib/krb5/build_auth.c: we don't have enough information about + whether to generate a local subkey here, so don't try to + + * lib/krb5/auth_context.c: new function + krb5_auth_con_generatelocalsubkey + + * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an + initial ticket + + * lib/krb5/context.c (init_context_from_config_file): simplify + initialisation of srv_lookup + + * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY + + * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY + +2002-08-30 Assar Westerlund + + * lib/krb5/name-45-test.c: also test krb5_524_conv_principal + * lib/krb5/Makefile.am (TESTS): add name-45-test + * lib/krb5/name-45-test.c: add testcases for + krb5_425_conv_principal + +2002-08-29 Assar Westerlund + + * lib/krb5/parse-name-test.c: also test unparse_short functions + * lib/asn1/asn1_print.c: use com_err/error_message API + * lib/krb5/Makefile.am: add parse-name-test + * lib/krb5/parse-name-test.c: add a program for testing parsing + and unparsing principal names + +2002-08-28 Assar Westerlund + + * kdc/config.c: add missing ifdef DAEMON + +2002-08-28 Johan Danielsson + + * configure.in: use rk_SUNOS + + * kdc/config.c: add detach options + + * kdc/main.c: maybe detach from console? + + * kdc/kdc.8: markup changes + + * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE + + * configure.in: use rk_TELNET, rename some other macros, and don't + add -ldes to krb4 link command + + * kuser/kinit.1: whitespace fix (from NetBSD) + + * include/bits.c: we may need unistd.h for ssize_t + +2002-08-26 Assar Westerlund + + * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA + rrs before A ones when using the resolver to verify a mapping, + also use getaddrinfo when resolver is not available + + * lib/hdb/keytab.c (find_db): const-correctness in parameters to + krb5_config_get_next + + * lib/asn1/gen.c: include in the generated files (for + memset) + +2002-08-22 Assar Westerlund + + * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use + getarg so that it can handle --help and --version (and thus make + check can pass) + + * lib/asn1/check-der.c: make this build again + +2002-08-22 Assar Westerlund + + * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a + patch from Love + +2002-08-22 Johan Danielsson + + * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP + KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter + + * kdc/kdc.8: add blurb about adding and removing addresses; update + kdc.conf section to match reality + + * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so + don't define it + +2002-08-21 Assar Westerlund + + * lib/asn1/asn1_print.c: print OIDs too, based on a patch from + Love + +2002-08-21 Johan Danielsson + + * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2 + since it might not exist, and we don't actually care about the key + +2002-08-20 Johan Danielsson + + * lib/krb5/krb5.conf.5: correct documentation for + verify_ap_req_nofail + + * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from + Mattias Amnefelt) + + * kuser/klist.c (display_tokens): increase token buffer size, and + add more checks of the kernel data (from Love) + +2002-08-19 Johan Danielsson + + * fix-export: use make to parse Makefile.am instead of perl + + * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it + groks AC_INIT with package name etc. + + * kpasswd/kpasswdd.c: include + + * lib/asn1/asn1_print.c: include com_right.h + + * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t + + * include/bits.c: define krb5_socklen_t type; this should really + go someplace else, but this was easy + + * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file + fails, just warn about it + + * kdc/log.c (kdc_openlog): no need for a config_file parameter + + * kdc/config.c: just treat kdc.conf like any other config file + + * lib/krb5/context.c (krb5_get_default_config_files): ignore + duplicate files + +2002-08-16 Johan Danielsson + + * lib/krb5/krb5.h: turn strings into pointers, so we can assign to + them + + * lib/krb5/constants.c: turn strings into pointers, so we can + assign to them + + * lib/krb5/get_addrs.c (get_addrs_int): initialise res if + SCAN_INTERFACES is not set + + * lib/krb5/context.c: fix various borked stuff in previous commits + +2002-08-16 Jacques Vidrine + + * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using + the `admin_server' entry for kpasswd, override the `proto' result + to be UDP. + +2002-08-15 Johan Danielsson + + * lib/krb5/auth_context.c: check return value of + krb5_sockaddr2address + + * lib/krb5/addr_families.c: check return value of + krb5_sockaddr2address + + * lib/krb5/context.c: get the default keytab from KRB5_KTNAME + +2002-08-14 Johan Danielsson + + * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file + + * lib/krb5/context.c: allow changing config files with the + function krb5_set_config_files, there are also related functions + krb5_get_default_config_files and krb5_free_config_files; these + should work similar to their MIT counterparts + + * lib/krb5/config_file.c: allow the use of more than one config + file by using the new function krb5_config_parse_file_multi + +2002-08-12 Johan Danielsson + + * use sysconfdir instead of /etc + + * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc + to appease automake; force sysconfdir and localstatedir to /etc + and /var/heimdal for now + + * kdc/connect.c (addr_to_string): check return value of + sockaddr2address + +2002-08-09 Johan Danielsson + + * lib/krb5/rd_cred.c: if the remote address isn't an addrport, + don't try comparing to one; this should make old clients work with + new servers + + * lib/asn1/gen_decode.c: remove unused variable + +2002-07-31 Johan Danielsson + + * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick + Brashear) + + * lib/krb5/principal.c: actually lower case the lower case + instance name (spotted by Derrick Brashear) + +2002-07-24 Johan Danielsson + + * fix-export: if DATEDVERSION is set, change the version to + current date + + * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set + LTLIBOBJS + +2002-07-04 Johan Danielsson + + * kdc/connect.c: add some cache-control-foo to the http responses + (from Gombas Gabor) + + * lib/krb5/addr_families.c (krb5_print_address): don't copy size + if ret_len == NULL + +2002-06-28 Johan Danielsson + + * kuser/klist.c (display_tokens): don't bail out before we get + EDOM (signaling the end of the tokens), the kernel can also return + ENOTCONN, meaning that the index does not exist anymore (for + example if the token has expired) + +2002-06-06 Johan Danielsson + + * lib/krb5/changepw.c: make sure we return an error if there are + no changepw hosts found; from Wynn Wilkes + +2002-05-29 Johan Danielsson + + * lib/krb5/cache.c (krb5_cc_register): break out of loop when the + same type is found; spotted by Wynn Wilkes + +2002-05-28 Johan Danielsson + + * lib/krb5/keytab_file.c: check size of entry before trying to + read 32-bit kvno; also fix typo in previous + +2002-05-24 Johan Danielsson + + * include/Makefile.am: only add to INCLUDES + + * lib/45/mk_req.c: fix for storage change + + * lib/hdb/print.c: fix for storage change + +2002-05-15 Johan Danielsson + + * kdc/kerberos5.c: don't free encrypted padata until we're really + done with it + +2002-05-07 Johan Danielsson + + * kdc/kerberos5.c: when decrypting pa-data, try all keys matching + enctype + + * kuser/kinit.1: document -a + + * kuser/kinit.c: add command line switch for extra addresses + +2002-04-30 Johan Danielsson + + * configure.in: remove some duplicate tests + + * configure.in: use AC_HELP_STRING + +2002-04-29 Johan Danielsson + + * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is + unknown + +2002-04-25 Johan Danielsson + + * configure.in: use rk_DESTDIRS + +2002-04-22 Johan Danielsson + + * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies + the principal + +2002-04-19 Johan Danielsson + + * lib/krb5/verify_init.c: fix typo in error string + +2002-04-18 Johan Danielsson + + * acconfig.h: remove some stuff that is defined elsewhere + + * lib/krb5/krb5_locl.h: include + + * lib/krb5/acl.c: rename acl_string parameter + + * lib/krb5/Makefile.am: remove __P from protos, and put parameter + names in comments + + * kuser/klist.c: better align some headers + + * kdc/kerberos4.c: storage tweaks + + * kdc/kaserver.c: storage tweaks + + * kdc/524.c: storage tweaks + + * lib/krb5/keytab_krb4.c: storage tweaks + + * lib/krb5/keytab_keyfile.c: storage tweaks + + * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero + sized keytab files + + * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END + + * lib/krb5/fcache.c: storage tweaks + + * lib/krb5/store_mem.c: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable + + * lib/krb5/store_fd.c: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable + + * lib/krb5/store_emem.c: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable + + * lib/krb5/store.c: make the krb5_storage opaque, and add function + wrappers for store/fetch/seek, and also make the eof-code + configurable + + * lib/krb5/store-int.h: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable + + * lib/krb5/krb5.h: make the krb5_storage opaque, and add function + wrappers for store/fetch/seek, and also make the eof-code + configurable + + * include/bits.c: include to get socklen_t + + * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by + requested KDC-REQ etypes + + * kdc/hpropd.c: constify + + * kdc/hprop.c: constify + + * kdc/string2key.c: constify + + * kdc/kdc_locl.h: make port_str const + + * kdc/config.c: constify + + * lib/krb5/config_file.c: constify + + * kdc/kstash.c: constify + + * lib/krb5/verify_user.c: remove unnecessary cast + + * lib/krb5/recvauth.c: constify + + * lib/krb5/principal.c (krb5_parse_name): const qualify + + * lib/krb5/mcache.c (mcc_get_name): constify return type + + * lib/krb5/context.c (krb5_free_context): don't try to free the + ccache prefix + + * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the + prefix + + * lib/krb5/krb5.h: constify some struct members + + * lib/krb5/log.c: constify + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const + qualify + + * lib/krb5/get_in_tkt.c (krb5_init_etype): constify + + * lib/krb5/crypto.c: constify some + + * lib/krb5/config_file.c: constify + + * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): + constify local variable + + * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify + +2002-04-17 Johan Danielsson + + * lib/krb5/verify_krb5_conf.c: add some log checking + + * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing + +2002-04-16 Johan Danielsson + + * lib/krb5/crypto.c (krb5_crypto_init): check that the key size + matches the expected length + +2002-03-27 Johan Danielsson + + * lib/krb5/send_to_kdc.c: rename send parameter to send_data + + * lib/krb5/mk_error.c: rename ctime parameter to client_time + +2002-03-22 Johan Danielsson + + * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from + Reinoud Zandijk) + +2002-03-18 Johan Danielsson + + * lib/asn1/k5.asn1: add the GSS-API checksum type here + +2002-03-11 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to + 18:3:1 + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0 + * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0 + +2002-03-10 Assar Westerlund + + * lib/krb5/rd_cred.c: handle addresses with port numbers + + * lib/krb5/keytab_file.c, lib/krb5/keytab.c: + store the kvno % 256 as the byte and the complete 32 bit kvno after + the end of the current keytab entry + + * lib/krb5/init_creds_pw.c: + handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): + handle ports giving for the remote address + + * lib/krb5/get_cred.c: + get a ticket with no addresses if no-addresses is set + + * lib/krb5/crypto.c: + rename functions DES_* to krb5_* to avoid colliding with modern + openssl + + * lib/krb5/addr_families.c: + make all functions taking 'struct sockaddr' actually take a socklen_t + instead of int and that acts as an in-out parameter (indicating the + maximum length of the sockaddr to be written) + + * kdc/kerberos4.c: + make the kvno's in the krb4 universe by the real one % 256, since they + cannot only be 8 bit, and the v5 ones are actually 32 bits + +2002-02-15 Johan Danielsson + + * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file + before we need to write to it + (from Åke Sandgren) + +2002-02-14 Johan Danielsson + + * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via + rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES + directly + + * lib/krb5/rd_safe.c: actually use the correct key (from Daniel + Kouril) + +2002-02-12 Johan Danielsson + + * lib/krb5/context.c (krb5_get_err_text): protect against NULL + context + +2002-02-11 Johan Danielsson + + * admin/ktutil.c: no need to use the "modify" keytab anymore + + * lib/krb5/keytab_any.c: implement add and remove + + * lib/krb5/keytab_krb4.c: implement add and remove + + * lib/krb5/store_emem.c (emem_free): clear memory before freeing + (this should perhaps be selectable with a flag) + +2002-02-04 Johan Danielsson + + * kdc/config.c (get_dbinfo): if there are database specifications + in the config file, don't automatically try to use the default + values (from Gombas Gabor) + + * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer + (from Gombas Gabor) + +2002-01-30 Johan Danielsson + + * admin/list.c: get the default keytab from krb5.conf, and list + all parts of an ANY type keytab + + * lib/krb5/context.c: default default_keytab_modify to NULL + + * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify + name is specified take it from the first component of the default + keytab name + +2002-01-29 Johan Danielsson + + * lib/krb5/keytab.c: compare keytab types case insensitively + +2002-01-07 Assar Westerlund + + * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's + not really a krb5_key_usage). From Ben Harris + * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben + Harris + * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben + Harris + * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris + diff --git a/crypto/external/bsd/heimdal/dist/ChangeLog.2003 b/crypto/external/bsd/heimdal/dist/ChangeLog.2003 new file mode 100644 index 000000000..1ffd9dec1 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/ChangeLog.2003 @@ -0,0 +1,1795 @@ +2003-12-19 Love Hörnquist Åstrand + + * lib/krb5/error_string.c: protect error_string with mutex + + * lib/krb5/context.c: allocate and destroy mutex in krb5_context + + * lib/krb5/krb5.h (krb5_context_data): add mutex for error_string + +2003-12-18 Love Hörnquist Åstrand + + * kuser/kinit.c: make -9 work again + +2003-12-17 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c: try handle ts preauth better, still + not good, but at least it work with older heimdal releases that + doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was + sent + +2003-12-16 Love Hörnquist Åstrand + + * lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer + used + +2003-12-11 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as + parameters, required by CMS + +2003-12-07 Love Hörnquist Åstrand + + * lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab): + avoid memory leak that snuck in when krb5_keytab_key_proc was + exported, pointed out by Panases Inc + + * lib/krb5/keytab_file.c: do locking, found to be a problem for + Panasas Inc + + * lib/krb5/fcache.c: internally export x{,un}lock and thus prefix + them with _krb5_ + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use + KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded + krb-cred + + * lib/krb5/krb5_auth_context.3: some text about + krb5_auth_con_{add,remove}flags + + * lib/krb5/auth_context.c: add krb5_auth_con_addflags and + krb5_auth_con_removeflags + +2003-12-03 Love Hörnquist Åstrand + + * lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to + avoid memory leak + +2003-12-02 Love Hörnquist Åstrand + + * lib/krb5/crypto.c: require cipher-text to be padded to padsize + + * lib/krb5/eai_to_heim_errno.c: EAI_ADDRFAMILY and EAI_NODATA is + deprecated in RFC3493 + + * lib/krb5/verify_krb5_conf.c (check_host): don't check for + EAI_NODATA, because its depricated in RFC3493 Pointed out by + Hajimu UMEMOTO on heimdal-discuss + +2003-12-01 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS + + * lib/krb5/test_crypto.c: add --version,--help + + * kuser/kinit.c (main): return the return value from simple_execvp + +2003-11-26 Love Hörnquist Åstrand + + * kuser/kinit.c: don't use PKINIT DH per default since its too + slow + + * lib/krb5/pkinit.c: tweek to make pkinit work with the fact the + asn1_compile can't generate code for context tagless optionals + + * kdc/pkinit.c: add support for KDC side of DH PKINIT + + * lib/krb5/pkinit.c: clean up error handling, make enc-type work + again + +2003-11-25 Love Hörnquist Åstrand + + * kuser/kinit.c: add flag to make it work with pkinit dh + + * lib/krb5/pkinit.c: make PKINIT DH support work + +2003-11-24 Love Hörnquist Åstrand + + * lib/hdb/Makefile.am (LDADD): link with LIB_dlopen + + * kdc/pkinit.c: clean up + + * lib/krb5/krb5.h: make pkinit_win2k_compatible into a flag field + + * lib/krb5/pkinit.c: remove most compile depencies clean up + + * kdc/pkinit.c: print an error and turn of pkinit if openssl + failed to load + + * kdc/config.c: read pkinit (pki-mumble) configuration options + + * kdc/kerberos5.c: add pkinit support + + * kdc/kdc_locl.h: add prototypes for pkinit + + * kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I + removed the dependency on valicert asn1 parser, remove smartcard + and globus support (for now). Work to be done on this: DH support, + Globus support, Smartcard support, windows support (MS implements + -09 of the draft), make it conform to the new draft + + * lib/krb5/pkinit.c: fix bugs, improve error reporting + +2003-11-23 Love Hörnquist Åstrand + + * kuser/kinit.c: add some "struct foo;" glue for pkinit + structures that isn't used + + * lib/krb5/pkinit.c: clean up, make remove depenency on openssl's + api + + * lib/krb5/krb5_locl.h: add some glue for pkinit add reference + counter to _krb5_get_init_creds_opt_private + + * lib/krb5/init_creds.c: reference count krb5_get_init_creds_opt + private component to avoid copy all the data in it + + * lib/krb5/crypto.c (AES_string_to_key): fix memory leak + + * lib/krb5/init_creds_pw.c (init_cred_loop): fix memory leak + + * lib/krb5/heim_threads.h: include pthread.h in the pthread case + +2003-11-18 Love Hörnquist Åstrand + + * kpasswd/kpasswdd.c (main): parse kdc.conf + From: Jeffrey Hutzelman + +2003-11-15 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am (TESTS): add test_crypto + + * lib/krb5/test_crypto.c: time crypto operations + +2003-11-14 Love Hörnquist Åstrand + + * doc/init-creds: spelling, Bruno Rohee + +2003-11-09 Love Hörnquist Åstrand + + * lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free + the ticket now, rewrite error handling to handle that + + * kpasswd/kpasswdd.c (process): don't free ticket, + krb5_free_ticket does that now + + * kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket + does that now + + * lib/krb5/ticket.c (krb5_free_ticket): free the ticket itself to + match mit behavior, pointed out by Derrick Brashear + + * lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket + +2003-11-08 Love Hörnquist Åstrand + + * lib/krb5/padata.c: add krb5_padata_add + + * lib/krb5/krb5.h: krb5_context_data.pkinit_win2k_compatible + + * lib/krb5/Makefile.am: add pkinit.c + + * kuser/kinit.c: add pkinit support + + * lib/krb5/init_creds_pw.c: add support for pkinit + + * lib/krb5/krb5_locl.h: add the opaque krb5_pk_init_ctx to + _krb5_get_init_creds_opt_private + + * lib/krb5/pkinit.c: rename krb5_pk_init_openssl_ctx to + krb5_pk_init_ctx fix win2k error handling + + * lib/krb5/pkinit.c: PKINIT patch from Daniel Kouril and Petr + Holub, I removed the dependency on valicert asn1 parser, remove + smartcard and globus support (for now). Work to be done on this: + DH support, Globus support, Smartcard support, windows support (MS + implements -09 of the draft), verify that it conforms the new + draft + +2003-11-07 Love Hörnquist Åstrand + + * lib/asn1/der_copy.c (copy_oid): copy all components + +2003-10-27 Johan Danielsson + + * lib/krb5/krb5.conf.5: document capaths section + +2003-10-22 Johan Danielsson + + * kdc/kerberos5.c: make sure that the server realm and the krbtgt + second component are identical; get rpath from the capaths section + + * kdc/kerberos5.c: change logic for when to check transited policy + to a tri-state model involving per principal flags (to be + implemented) + + * kdc/kdc_locl.h: change enforce_transited_policy to a tri-state + variable + + * kdc/config.c: change enforce_transited_policy to a tri-state + variable + +2003-10-22 Love Hörnquist Åstrand + + * lib/krb5/transited.c (krb5_domain_x500_encode): always zero out + encoding to make sure it have a defined value on failure + + * lib/krb5/transited.c (krb5_domain_x500_encode): + if num_realms ==0, set encoding and return (avoids malloc(0)), + check return value for malloc + +2003-10-21 Johan Danielsson + + * kdc/kerberos5.c (fix_transited_encoding): always print + cross-realm information + +2003-10-21 Love Hörnquist Åstrand + + * doc/setup.texi: spelling, From: Tracy Di Marco White + + * kdc/kerberos5.c (fix_transited_encoding): set transited type + +2003-10-21 Johan Danielsson + + * kdc/kdc.8: document enforce-transited-policy + + * kdc/kerberos5.c: always check transited policy if flag set + either globally or on principal + + * kdc/config.c: add flag to always check transited policy + + * lib/hdb/hdb.asn1: add flag to enforce transited policy + +2003-10-21 Love Hörnquist Åstrand + + * lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms + to zero not num_realms + + * kuser/kgetcred.1: add --no-transit-check + + * kuser/kgetcred.c: add --no-transit-check + + * doc/setup.texi: describe Transit policy + +2003-10-20 Johan Danielsson + + * kdc/kerberos5.c (fix_transited_encoding): also verify with + policy, unless asked not to + + * lib/krb5/rd_req.c (krb5_decrypt_ticket): try to verify transited + realms, unless the transited-policy-checked flag is set + + * lib/krb5/transited.c (krb5_domain_x500_decode): handle zero + length tr data; + (krb5_check_transited): new function that does more useful stuff + + * lib/krb5/get_cred.c: get capath info from [capaths] section + +2003-10-16 Johan Danielsson + + * lib/krb5/fcache.c: Sleep forever waiting for lock. Previous + method doesn't work well with a large number of clients accessing + the cache at the same time, and there is no simple way to add a + timeout to the lock. + +2003-10-13 Love Hörnquist Åstrand + + * lib/krb5/verify_krb5_conf.c: print the error value + krb5_init_context failed with + + * lib/krb5/config_file.c (krb5_config_parse_file_debug): punt if + there is binding before a section declaration. Bug found by + Arkadiusz Miskiewicz + +2003-10-13 Johan Danielsson + + * lib/krb5/fcache.c (erase_file): revert a change in previous; if + the ccache is a symlink, kdestroy should remove it + + * lib/krb5/fcache.c: implement locking + +2003-10-12 Johan Danielsson + + * kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred + returns error other than KRB5_CC_END + +2003-10-07 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c: add some help function that is common + between ENC_TS and SAM2, free the etype{,2}-infos on failure, move + the pa counter into krb5_get_init_creds_ctx + +2003-10-06 Love Hörnquist Åstrand + + * kdc/kaserver.c (do_getticket): if times data is shorter then 8 + byte, request is malformed. + + * kdc/kaserver.c (do_authenticate): if request length is less then + 8 byte, its a bad request and fail. Pointed out by Marco Foglia + + + * lib/krb5/verify_krb5_conf.c: add flag --warn-mit-syntax that + warns for mit syntax is used and just ignore the mit syntax when + its used + + * lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi] + +2003-10-04 Love Hörnquist Åstrand + + * lib/asn1/lex.l: add BOOLEAN + + * lib/asn1/parse.y: add BOOLEAN + +2003-10-03 Love Hörnquist Åstrand + + * kuser/kinit.c: When running kinit in "fork mode" do pagsh + independent of krb4, also always do krb4 setup of cc. Always try + to destroy the v4 cc. + - add boolean --{,no-}request-pac that will request pac or not + + * kuser/klist.c (check_for_tgt): set client as part of the + pattern/match cred + + * lib/krb5/convert_creds.c (_krb5_krb_dest_tkt): unlink v4 token + (get_krb4_cc_name): move out from _krb5_krb_tf_setup + (_krb5_krb_tf_setup): adapt to allocated filename instead of + static filename + + * lib/krb5/krb5-v4compat.h: add _krb5_krb_dest_tkt and TKT_ROOT + + * lib/krb5/init_creds_pw.c (*) send PA_PAC_REQUEST when the user + have requested either use PAC or not use PAC, if the option not + set from the user, leave it up to the kdc to decide. + (init_creds_loop): clear error string on success + + * lib/krb5/init_creds.c: add + krb5_get_init_creds_opt_set_paq_request break out common part of + extended opt functions to require_ext_opt + + * lib/krb5/krb5_locl.h: add enum krb5_get_init_creds_req_pac and + use it in struct _krb5_get_init_creds_opt_private + + * tools/kdc-log-analyze.pl: handle some more failure lines + + * doc/programming.texi: some diffrences between Heimdal and MIT + Kerberos in the API + + * doc/setup.texi: add Setting up DNS + + * lib/krb5/rd_req.c (krb5_rd_req): always free keyblock since its + alway used + + * lib/asn1/Makefile.am: add SAM types and PAC_REQUEST + + * lib/asn1/k5.asn1: add more preauth types, add PA-PAC-REQUEST + + * lib/asn1: add boolean support + +2003-10-02 Love Hörnquist Åstrand + + * lib/krb5/changepw.c (setpw_send_request): free ap_req_data on + failure + +2003-09-30 Love Hörnquist Åstrand + + * appl/test/http_client.c (do_connect): use ai_protocol 0 + + * lib/krb5/init_creds_pw.c (init_cred_loop): handle + KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again, this time requesting + LARGE_MSG from send to kdc, and if this is the second time bail + out; try to free memory + + * lib/krb5/send_to_kdc.c (krb5_sendto_kdc_flags): new function, + and then implement the order krb5_sendto_kdc* function with this + function. + + * lib/krb5/krbhst.c (krb5_krbhst_init_flags): new function, use it + and adapt callers + (krbhst_get_default_proto): new function, returns udp, or in case + large_msg was requested for the krb5_krbhst_data, use tcp. + (*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid + using udp, use krbhst_get_default_proto + + * lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and + krb5_send_to_kdc_flags) + +2003-09-23 Love Hörnquist Åstrand + + * lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth + context, use that + + * appl/test/uu_client.c: print authorization data if there are any + + * lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String + +2003-09-21 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy + * lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy + + * lib/hdb/Makefile.am: libhdb might depend on LIB_dlopen + + * kuser/kinit.c: don't get v4 tickets by default + +2003-09-20 Love Hörnquist Åstrand + + * kpasswd/kpasswdd.c (process): remove a abort() + + * doc/win2k.texi: add some text about netdom.exe and trusts + + * TODO-1.0: gssapi rc4 done + + * kpasswd/kpasswdd.c: add support for Set password protocol as + defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change + Password and Set Password Protocols + +2003-09-19 Love Hörnquist Åstrand + + * lib/hdb/db3.c: improve readability of ->open ifdef, check if + version >= 4.1 + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_copy): add + + * lib/krb5/rd_req.c (krb5_rd_req): allow caller to pass in a key + in the auth_context, they way processes that doesn't use the + keytab can still pass in the key of the service (matches behavior + of MIT Kerberos). + +2003-09-18 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c: collect all init_creds context into a + structure so it can easier be passed around, also, while here, + change nonce for every request + + * lib/krb5/get_in_tkt.c (init_as_req): don't realloc data before + the loop, add_padata() will handle that itself + + * lib/krb5/get_for_creds.c (add_addrs): don't increase addr->len + until in contains interesting data, use right iteration counter + when clearing the addresses + + * lib/krb5/log.c (log_realloc): increase len after realloc returns + sucessfully + +2003-09-12 Love Hörnquist Åstrand + + * lib/krb5/config_file.c: fix prototypes + From: Fredrik Ljungberg + +2003-09-10 Love Hörnquist Åstrand + + * appl/test/http_client.c: close socket when we are done, don't + allow the server to restart gssapi negotiation + + * lib/hdb/hdb_locl.h: include for ULONG_MAX noted by + Wissler Magnus on heimdal-discuss + + * appl/test/gssapi_client.c (proto): use select_mech + + * appl/test/http_client.c: use getarg + + * appl/test/gss_common.h: prototype for select_mech + + * appl/test/gss_common.c (select_mech): return the gss_OID from a + mech name + + * appl/test/http_client.c: print both source and target + + * appl/test/Makefile.am: build http_client + +2003-09-09 Love Hörnquist Åstrand + + * lib/asn1/asn1_print.c: add support for printing Enumerated + + * appl/test/gssapi_client.c: allow user to select mech; krb5, + spnego, and no-oid + + * appl/test/test_locl.h: add mech + + * appl/test/common.c: add --mech,-m argument + + * appl/test/gssapi_server.c: print the mech that was used + + * kdc/kerberos5.c (only_older_enctype_p): check request if the + client only supports old enctypes, before it used the database + +2003-09-08 Love Hörnquist Åstrand + + * **/*.c: add context argument to krb5_get_init_creds_opt_alloc + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): add + context argument + + * lib/krb5/krb5_get_init_creds.3: spelling + +2003-09-04 Love Hörnquist Åstrand + + * lib/krb5/context.c (add_file): make len argument an pointer to + an integer + + * lib/asn1/k5.asn1: add SAM types + + * lib/krb5/init_creds_pw.c: break out the encrypt timestamp + preauth to its function break out the pa_data_to_key_plain to its + own function make more variables const + +2003-09-04 Johan Danielsson + + * lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt} + +2003-09-03 Love Hörnquist Åstrand + + * lib/krb5/krb5.h: Add key usage for encryption of the + SAM-NONCE-OR-SAD field. + + * include/make_crypto.c: include in the openssl + case + + * kdc/hprop.h: use new DES_ api + + * lib/krb5/krb5-v4compat.h: assume session key is a char array of + length 8 + + * lib/krb5/prompter_posix.c: + s/des_read_pw_string/UI_UTIL_read_pw_string/ + + * kuser/kinit.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ + + * kdc/string2key.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ + + * kdc/kstash.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ + + * admin/add.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ + + * lib/krb5/crypto.c: switch from the des_ to the DES_ api + + * kdc/hprop.c: use DES_KEY_SZ instead of sizeof(des_block) + + * kuser/kverify.c: use + krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free + + * kpasswd/kpasswd-generator.c: use + krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free + + * kdc/hprop.c: use + krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free compare + a uint32_t with 0xffffffff instead of -1 + + * lib/krb5/krb5_425_conv_principal.3: fix [Gt] + + * kuser/kinit.c: use + krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): handle + password passed in though context + + * lib/krb5/Makefile.am (TESTS): += test_config + + * lib/krb5/aes-test.c: move variable thats used within a #ifdef to + be defined within that #ifdef + + * lib/krb5/data.c (krb5_data_free): reset whole krb5_data when + freeing it + + * lib/krb5/keyblock.c (krb5_keyblock_zero): new function, zeros + out a keyblock + + * lib/krb5/init_creds_pw.c: rewrite/implement + krb5_get_init_creds_password with new preauth handing, still it + can only work with krb5-pa-enc-timestamp for preauth, but now it + can handle etype-info2 + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): allocate + a opt structure + (krb5_get_init_creds_opt_free): free a opt structure + (krb5_get_init_creds_opt_set_pa_password): set preauth info for + enc-timestamp + + * lib/krb5/krb5_locl.h: add struct + _krb5_get_init_creds_opt_private + +2003-09-02 Love Hörnquist Åstrand + + * lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef, + add a pointer to a private part of krb5_get_init_creds_opt + + * kdc/string2key.c (main): avoid const warning by using a extra + variable + +2003-08-31 Love Hörnquist Åstrand + + * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): + reindent + + * lib/krb5/ticket.c (krb5_copy_ticket): free all data when + failing, copy data to right memory, the later pointed out by Luke + Howard. + +2003-08-30 Love Hörnquist Åstrand + + * lib/krb5/krb5.h: cfx-01 use diffrent usage numbers + +2003-08-29 Love Hörnquist Åstrand + + * lib/hdb/db3.c: try to include more db headers + + * lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss + From: Luke Howard + +2003-08-28 Love Hörnquist Åstrand + + * lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56 + + * appl/test/gssapi_client.c: send both INT and CONF wrapped token + + * appl/test/gssapi_server.c: recv both INT and CONF wrapped token + + * lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE + +2003-08-27 Love Hörnquist Åstrand + + * appl/test/uu_client.c (proto): fill in client in the match cred + +2003-08-26 Love Hörnquist Åstrand + + * lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers + + * lib/krb5/crypto.c (usage2arcfour): simplify, only include + special cases From: Luke Howard + +2003-08-25 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: code rewrite from Luke Howard + + + * lib/krb5/crypto.c (arcfour_checksum_p): return true when is + arcfour, not when its not pointed out by Luke Howard + + * doc/ack.texi: update Luke Howard email address + +2003-08-24 Love Hörnquist Åstrand + + * lib/krb5/krb5_encrypt.3: document: + krb5_crypto_getconfoundersize, krb5_crypto_getblocksize + krb5_crypto_getenctype, krb5_crypto_getpadsize + + * lib/krb5/crypto.c (krb5_crypto_getpadsize, + krb5_crypto_getconfoundersize): added From: Luke Howard + + +2003-08-23 Love Hörnquist Åstrand + + * kdc/connect.c (handle_tcp): handle recvfrom returning 0 + (connection closed) + + * kdc/connect.c (grow_descr): increment the size after we succeed + to allocate the space + + * lib/krb5/krb5_create_checksum.3: text about when + krb5_crypto_get_checksum_type is useful + + * lib/krb5/crypto.c (krb5_crypto_get_checksum_type): fix format + string + + * lib/krb5/krb5_create_checksum.3: document + krb5_crypto_get_checksum_type + + * lib/krb5/crypto.c: add krb5_crypto_get_checksum_type + From: Luke Howard + + * lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code + From: Luke Howard + +2003-08-21 Love Hörnquist Åstrand + + * include/make_crypto.c: include aes.h inc in the local libdes + case too + +2003-08-20 Johan Danielsson + + * lib/asn1/der_free.c: set free'd poiners to NULL + + * lib/asn1/gen_free.c: set free'd poiners to NULL + +2003-08-20 Love Hörnquist Åstrand + + * lib/krb5/heim_threads.h: XXX don't use "plain" pthread support + on netbsd + + * lib/krb5/crypto.c: Do the arcfour checksum mapping for + krb5_create_checksum and krb5_verify_checksum, From: Luke Howard + + +2003-08-18 Love Hörnquist Åstrand + + * lib/krb5/test_config.c: check krb5_prepend_config_files_default + and krb5_prepend_config_files + + * lib/krb5/context.c: add krb5_prepend_config_files and + krb5_prepend_config_files_default + +2003-08-17 Love Hörnquist Åstrand + + * lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t + as argument + + * lib/krb5/parse-name-test.c: please lint (and me) + + * kdc/config.c (configure): remove only set variable 'e' + + * kdc/connect.c (init_socket): sockaddr size argument to + krb5_addr2sockaddr is a krb5_addr2sockaddr * + + * kdc/kerberos5.c (as_rep): remove usused variable + (tgs_rep2): don't use a temporary ret-variable, ret is reset later + + * lib/krb5/krb5_get_in_cred.3: these function will be deprecated + + * lib/krb5/Makefile.am: man_MANS += krb5_get_init_creds.3 + + * lib/krb5/krb5_get_init_creds.3: begining of documentation of + krb5_get_init_creds + + * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): for compatibility with + with the mit implemtation, don't free `creds' argument when done, + its up the the caller to do that, also allow a NULL ccache. + +2003-08-16 Love Hörnquist Åstrand + + * lib/krb5/krb5.conf.5: document tgs_require_subkey + + * lib/asn1/Makefile.am: remove trance of generate tests files, its + not really for consumption yet + + * lib/hdb/Makefile.am: split generated source from non generated + source we make-proto.pl can generate prototypes for non + generate-source only (make-proto.pl dies on asn1compile's .c + files) + + * lib/krb5/get_cred.c (init_tgs_req): make generation of subkey + optional on configuration parameter + [realms]realm={tgs_require_subkey=bool} + defaults to off. The RFC1510 weakly defines the correct behavior, + so old DCE secd apparently required the subkey to be there, and MS + will use it when its there. But the request isn't encrypted in the + subkey, so you get to choose if you want to talk to a MS mdc or a + old DCE secd. + + * kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero + +2003-08-15 Love Hörnquist Åstrand + + * lib/krb5/principal.c (unparse_name): len can't be zero, so, + don't check for that + +2003-08-13 Love Hörnquist Åstrand + + * lib/krb5/principal.c (unparse_name): make sure there are space + for a NUL, set *name to NULL when there is a failure (so caller + can't get hold of a freed pointer) + +2003-07-26 Love Hörnquist Åstrand + + * lib/krb5/kerberos.8: remove duplicate manual, from + cjep@netbsd.org + +2003-07-25 Love Hörnquist Åstrand + + * lib/krb5/cache.c: indent + + * lib/krb5/cache.c (krb5_cc_set_default_name): only read + KRB5CCNAME when not suid + +2003-07-24 Love Hörnquist Åstrand + + * lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes, + use a char array instead of des_cblock + +2003-07-23 Love Hörnquist Åstrand + + * kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2 + + * lib/krb5/crypto.c (hmac): make it return an error when out of + memory, update callsites to either return error or use krb5_abortx + (krb5_hmac): expose hmac + +2003-07-22 Love Hörnquist Åstrand + + * lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype + of keyblock + + * lib/krb5/Makefile.am (man_MANS): += krb5_keyblock.3 + + * lib/krb5/krb5_keyblock.3: some information about krb5_keyblock + and related functions + + * lib/krb5/heim_threads.h: make the non-debug version of the mutex + macros "use" the "mutex" integer so the compile wont complain + about defined unused variables + + * lib/krb5/heim_threads.h: make thread local storage macros take a + "return" argument so no functions need to be created for the + no-pthread case + + * lib/krb5/heim_threads.h: adding RWLOCKS and [sg]etspecific + + * configure.in: use KRB_PTHREADS + + * lib/asn1/Makefile.am (gen_files): add asn1_KerberosString and + sort + + * lib/asn1/k5.asn1 (ETYPE-INFO2-ENTRY): salt is a KerberosString + + * lib/krb5/krb5.3: add ticket access functions + * lib/krb5/krb5_ticket.3: ditto + * lib/krb5/ticket.c: ditto + * lib/krb5/Makefile.am: ditto + + * lib/krb5/mit_glue.c: add some more krb5_c functions + + * lib/krb5/krb5_c_make_checksum.3: add some more krb5_c functions + + * lib/krb5/crypto.c (krb5_cksumtype_valid): check is checksum type + is a valid one + + * lib/krb5/crypto.c (krb5_checksum_is_keyed): only set extented + error string when there is a context + (krb5_checksum_is_collision_proof): ditto + +2003-07-21 Love Hörnquist Åstrand + + * lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data + argument optional + (krb5_c_{encrypt,decrypt}): return "better" error codes for + invalid ivec length + + * lib/krb5/krb5_c_make_checksum.3: update krb5_c_get_checksum + usage + + * lib/krb5/crypto.c (krb5_crypto_getenctype): new function + + * include/make_crypto.c: avoid redefining + OPENSSL_DES_LIBDES_COMPATIBILITY + + * lib/krb5/krb5.h: add krb5_enc_data + +2003-07-19 Love Hörnquist Åstrand + + * lib/krb5/krb5.3: add krb5_c_ functions + + * lib/krb5/mit_glue.c: support passing in NULL as the + cipher_state/ivec + + * lib/krb5/aes-test.c: add test for krb5_c_encrypt_length and + krb5_c_decrypt + + * lib/krb5/krb5_c_make_checksum.3: krb5_c encryption glue + + * lib/krb5/crypto.c (wrapped_length/wrapped_length_derived): when + calculating the length of the encrypted data, use the keyed + checksum length if the enctype supports a keyed checksum. This + only matter for aes, for all other enctypes the key and unkeyed + checksum have the same length. + +2003-07-18 Love Hörnquist Åstrand + + * lib/krb5/mit_glue.c: first version of krb5_c encryption glue + + * doc/install.texi: update pointer to luke ldap documentation + + * lib/hdb/hdb.c (hdb_create): check for dynamic backend after + static to avoid warning from dynamic backend when using a known + static backend + +2003-07-16 Love Hörnquist Åstrand + + * lib/krb5/cache.c: don't return value in void function + +2003-07-15 Love Hörnquist Åstrand + + * lib/krb5/creds.c (krb5_compare_creds): if client is specified in + the mcreds, check that too + + * lib/krb5/{keytab_file.c,principal.c,mk_error.c,krb5.h,get_cred.c}: + prefix libasn1 types with heim_ + + * lib/asn1: prefix typedefs and structs with heim_ + +2003-07-13 Love Hörnquist Åstrand + + * lib/hdb/hdb.c: avoid unnecessary setting of variable + +2003-07-07 Love Hörnquist Åstrand + + * kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred + + * appl/test/uu_client.c (proto): use krb5_cc_clear_mcred + + * lib/krb5/get_cred.c (init_tgs_req): in case of error, don't free + in the req_body addresses since they where pass in by caller + (find_cred): use krb5_cc_clear_mcred + + * lib/krb5/krb5_ccache.3: document krb5_cc_clear_mcred + + * lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a + krb5_creds to use with krb5_cc_retrieve_cred + +2003-06-30 Love Hörnquist Åstrand + + * lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix, + don't load anything + +2003-06-29 Love Hörnquist Åstrand + + * lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke + Howard + + * lib/hdb/hdb.h: add struct hdb_so_method and + HDB_INTERFACE_VERSION + +2003-06-28 Love Hörnquist Åstrand + + * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using + arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since + Microsoft calculates the keyed checksum with the subkey of the + authenticator. + + * kuser/kinit.c: write out v4 credential caches with + _krb5_krb_tf_setup + + * lib/krb5/krb5-v4compat.h: add _krb5_krb_tf_setup + + * lib/krb5/convert_creds.c (_krb5_krb_tf_setup): create/append v4 + credential to a new krb4 ticket file + +2003-06-27 Johan Danielsson + + * lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since + it contains more than 9 words; from wiz + +2003-06-25 Love Hörnquist Åstrand + + * lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from + stefan sokoll + +2003-06-24 Love Hörnquist Åstrand + + * lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text + + * lib/krb5/time.c: improve comment for krb5_set_real_time + +2003-06-23 Johan Danielsson + + * kuser/kinit.1: document -A + + * kuser/kinit.c: add -A as an alias for --no-addresses + +2003-06-22 Love Hörnquist Åstrand + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a + krb5_timestamp to krb5_us_timeofday + + * lib/krb5/mk_error.c (krb5_mk_error): pass in a krb5_timestamp to + krb5_us_timeofday + + * lib/krb5/time.c (krb5_set_real_time): fix comment and make it + work + + * lib/krb5/time.c, lib/krb5/krb5_timeofday.3, + lib/krb5/Makefile.am lib/krb5/test_time.c: + + implement krb5_set_real_time, used by SAMBA, requested by Luke + Howard + + * lib/asn1/k5.asn1: make the aes and sha1 checksum types match + draft-ietf-krb-wg-crypto-05 + +2003-06-21 Love Hörnquist Åstrand + + * lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data + + * lib/krb5/crypto.c: clean up AES code to use a structure instead + of a key array + (_krb5_AES_string_to_default_iterator): set to 4096 as described in + aes draft -04 + (derive_key): always remove the key->schedule since its + will contain the wrong (parent key) info + +2003-06-18 Love Hörnquist Åstrand + + * lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn + * doc/setup.texi: add more kdc's to the example + +2003-06-17 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto + Patino , Luke Howard + Pointed out by Andrew Bartlett of Samba + + * lib/krb5/heim_threads.h: remove freebsd comment, don't use debug + pthread stubs by default + + * lib/krb5/Makefile.am (man_MANS): drop krb5_free_addresses.3 + + * lib/krb5/krb5_free_addresses.3: removed file, functions are + documented in krb5_address.3 + + * lib/krb5/codec.c: add krb5_{de,en}code_ETYPE_INFO2 + + * lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add + krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256 + +2003-06-06 Love Hörnquist Åstrand + + * doc/setup.texi: Point out that slave needs /var/heimdal + directory and masterkey From: Mans Nilsson , + Fix spelling while here + +2003-06-02 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3: + add manpage for: krb5_get_in_cred, krb5_get_in_tkt, + krb5_get_in_tkt_with_keytab, krb5_get_in_tkt_with_password, + krb5_get_in_tkt_with_skey + +2003-05-28 Assar Westerlund + + * lib/krb5/heim_threads.h: Fix unlock/destroy macros for the + non-threaded cases to work. Fix typo. + +2003-05-27 Johan Danielsson + + * lib/asn1/{der_put.c,der_length.c,check-der.c}: Fix encoding of + "unsigned" integers. If MSB is set, we need to pad with a zero + byte. + +2003-05-27 Love Hörnquist Åstrand + + * lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes + + * lib/hdb/hdb-ldap.c (LDAP__connect): bind sasl "EXTERNAL" to ldap + connection + (LDAP_store): remove superfluous argument to asprintf + + From Alberto Patino + +2003-05-26 Love Hörnquist Åstrand + + * lib/krb5/*.[0-9]: pacify mdoclink + + * lib/krb5/krb5_ccache.3: document diffrences between mit and + heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$// + +2003-05-21 Love Hörnquist Åstrand + + * appl/test/gssapi_server.c (proto): start to use + gss_krb5_copy_ccache + + * appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t + groveling for now + +2003-05-20 Love Hörnquist Åstrand + + * lib/asn1: + - add parser/generate glue for UTF8String and NULL + (DER primitive encode/decode functions missing) + - handle parsing of DEFAULT and, ... + +2003-05-16 Love Hörnquist Åstrand + + * lib/krb5/heim_threads.h: add missing argument to mutex_init + + * lib/krb5/crypto.c: protect the random initiator with a mutex + + * lib/krb5/mcache.c: protect the mcc_head with a mutex + + * lib/krb5/krb5_locl.h: include heim_threads.h + + * lib/krb5/heim_threads.h: wrapper macros for thread + synchronization primitives + +2003-05-15 Love Hörnquist Åstrand + + * lib/krb5/krb5_principal.3 + lib/krb5/Makefile.am: + Add all Kerberos principal function to one manpage, add a few more + principal function to it, remove old now dup manpages + + * lib/krb5/krb5_build_principal.3: remove file + * lib/krb5/krb5_free_principal.3: remove file + * lib/krb5/krb5_sname_to_principal.3: remove file + * lib/krb5/krb5_principal_get_realm.3: remove file + +2003-05-14 Love Hörnquist Åstrand + + * lib/krb5/verify_krb5_conf.8: sort sections, from netbsd + + * lib/krb5/krb5_verify_user.3: .Sh EXAMPLE -> .Sh EXAMPLES, from + netbsd + + * lib/krb5/krb5_openlog.3: .Sh EXAMPLE -> .Sh EXAMPLES, sort + sections, from netbsd + + * lib/krb5/krb5_keytab.3: .Sh EXAMPLE -> .Sh EXAMPLES, mdoc fixes, + from netbsd + + * lib/krb5/krb5_get_krbhst.3: .Sh EXAMPLE -> .Sh EXAMPLES, from + netbsd + + * lib/krb5/krb5_get_all_client_addrs.3: add .Os, from NetBSD + + * lib/krb5/krb5_build_principal.3: sort sections, from NetBSD + + * lib/krb5/krb5.conf.5: .Sh EXAMPLE -> .Sh EXAMPLES, from netbsd + + * lib/krb5/get_default_realm.c: compatability -> compatibility, + from netbsd + + * lib/krb5/krb5_warn.3: add copyright/license + + * lib/krb5/krb5_context.3: add SYNOPSIS and LIBRARY + + * lib/krb5/krb5.3: add RCSID + + * kdc/hprop.8: fix mdoc problem, from netbsd + + * lib/krb5/krb5_krbhst_init.3: uppercase url, from Thomas Klausner + + + * kuser/kinit.1: setup -> set up, new sentence, new line from + Thomas Klausner + +2003-05-13 Love Hörnquist Åstrand + + * kpasswd/kpasswd.1: handle setting passwords for multiple + principals at the same time + + * kpasswd/kpasswd.c: handle setting passwords for multiple + principals at the same time + + * lib/krb5/changepw.c: draft-ietf-cat-kerb-chg-password-02 and + rfc3244 share the response packet sure more constants now that + they exists + +2003-05-12 Love Hörnquist Åstrand + + * lib/krb5/krb5.h: some define for rfc3244 + + * lib/krb5/krb5.3: add krb5_change_password and krb5_set_password + + * kpasswd/kpasswd.1: document --admin-principal + + * kpasswd/kpasswd.c: use krb5_set_password + + * lib/krb5/krb5_set_password.3: document krb5_change_password and + krb5_set_password + + * lib/krb5/changepw.c: implement rfc3244, partly from + shadow@dementia.org + + * lib/asn1/Makefile.am (gen_files): asn1_ChangePasswdDataMS.x for + RFC3244 + + * lib/asn1/k5.asn1: add ChangePasswdDataMS, for + RFC3244 + +2003-05-08 Love Hörnquist Åstrand + + * kuser/kdestroy.c: destroy tokens even if there isn't v4 support + + * kuser/kinit.c: get token even if there isn't v4 support + + * kuser/klist.c: print tokens even if there isn't v4 support + +2003-05-06 Johan Danielsson + + * lib/krb5/name-45-test.c: need to use empty krb5.conf for some + tests + + * lib/asn1/check-gen.c: there is no \e escape sequence; replace + everything with hex-codes, and cast to unsigned char* to make some + compilers happy + +2003-05-06 Love Hörnquist Åstrand + + * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first + argument to krb5_us_timeofday have correct type + +2003-05-05 Assar Westerlund + + * include/make_crypto.c (main): include aes.h if ENABLE_AES + +2003-05-05 Love Hörnquist Åstrand + + * make-release: when fixing a valid cvs tag from release name + replace all number. to number- for all non-overlapping matches + +2003-05-04 Love Hörnquist Åstrand + + * lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and + asn1_ETYPE_INFO2_ENTRY.x + (libasn1_la_LDFLAGS): set version to 6:1:1 + + * doc/Makefile.am: add apps.texi + + * doc/setup.texi: add move forward link to applications + + * doc/heimdal.texi: add applications + + * doc/misc.texi: move afs stuff to applications add link to + applications + + * doc/apps.texi: text about applications using kerberos + move afs text here + +2003-05-03 Love Hörnquist Åstrand + + * doc/setup.texi: add cross realm text + +2003-04-29 Love Hörnquist Åstrand + + * lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and + krb5_string_to_enctype + +2003-04-28 Love Hörnquist Åstrand + + * kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd + +2003-04-26 Love Hörnquist Åstrand + + * lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2 + * lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2 + +2003-04-25 Johan Danielsson + + * lib/krb5/build_auth.c (krb5_build_authenticator): if the local + sequence number is non-zero, don't generate a new one + + * lib/krb5/mk_rep.c (krb5_mk_rep): if the local sequence number is + non-zero, don't generate a new one + + * lib/krb5/time.c (krb5_us_timeofday): make the sec parameter a + krb5_timestamp + + * lib/krb5/mk_priv.c lib/krb5/mk_safe.c lib/krb5/rd_priv.c + lib/krb5/rd_safe.c lib/krb5/rd_cred.c: implement RET_SEQUENCE and + RET_TIME + + * lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching + asn1) + +2003-04-24 Love Hörnquist Åstrand + + * doc/programming.texi: s/managment/management/, from jmc + + +2003-04-23 Love Hörnquist Åstrand + + * lib/krb5/context.c (default_etypes): also advertise that we + handle aes encryption types + + * lib/krb5/Makefile.am: add krb5_c_ checksum related functions + + * lib/krb5/krb5_c_make_checksum.3: document krb5_c_ checksum + related functions + + * lib/krb5/mit_glue.c: add compat mit krb5_c checksum related + functions + + * lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY + +2003-04-22 Love Hörnquist Åstrand + + * lib/krb5/krbhst.c: copy NUL too, from janj@wenf.org via openbsd + +2003-04-17 Love Hörnquist Åstrand + + * lib/asn1/der_copy.c (copy_general_string): use strdup + * lib/asn1/der_put.c: remove sprintf + * lib/asn1/gen.c: remove strcpy/sprintf + + * lib/krb5/name-45-test.c: use a more unique name then ratatosk so + that other (me) have such hosts in the local domain and the tests + fails, to take hokkigai.pdc.kth.se instead + + * lib/krb5/test_alname.c: add --version and --help + +2003-04-16 Love Hörnquist Åstrand + + * lib/krb5/krb5_warn.3: add krb5_get_err_text + + * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd + * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd + * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use + strlcpy, from openbsd + * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd + * appl/kf/kfd.c: use strlcpy, from openbsd + +2003-04-16 Johan Danielsson + + * configure.in: fix for large file support in AIX, _LARGE_FILES + needs to be defined on the command line, since lex likes to + include stdio.h before we get to config.h + +2003-04-16 Love Hörnquist Åstrand + + * lib/krb5/*.3: Change .Fd #include to .In header.h, + from Thomas Klausner + + * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner + + +2003-04-15 Love Hörnquist Åstrand + + * kdc/kerberos5.c: fix some more memory leaks + +2003-04-11 Love Hörnquist Åstrand + + * appl/kf/kf.1: spelling, from jmc + +2003-04-08 Love Hörnquist Åstrand + + * admin/ktutil.8: typos, from jmc + +2003-04-06 Love Hörnquist Åstrand + + * lib/krb5/krb5.3: s/kerberos/Kerberos/ + * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ + * lib/krb5/krb5_address.3: s/kerberos/Kerberos/ + * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/ + * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/ + * kuser/kinit.1: s/kerberos/Kerberos/ + * kdc/kdc.8: s/kerberos/Kerberos/ + +2003-04-01 Love Hörnquist Åstrand + + * lib/krb5/test_alname.c: more krb5_aname_to_localname tests + + * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when + converting too root, make sure user is ok according to + krb5_kuserok before allowing it. + + * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname + + * lib/krb5/test_alname.c: add test for krb5_aname_to_localname + + * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1 + instead of the "illegal" salt #~, same change as kth-krb did + 1999. Problems occur with crypt() that behaves like AT&T crypt + (openssl does this). Pointed out by Marcus Watts. + + * admin/change.c (kt_change): collect all principals we are going + to change, and pick the highest kvno and use that to guess what + kvno the resulting kvno is going to be. Now two ktutil change in a + row works. XXX fix the protocol to pass the kvno back. + +2003-03-31 Love Hörnquist Åstrand + + * appl/kf/kf.1: afs->AFS, from jmc + +2003-03-30 Love Hörnquist Åstrand + + * doc/setup.texi: add description on how to turn on v4, 524 and + kaserver support + +2003-03-29 Love Hörnquist Åstrand + + * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog + and afs-use-524 + +2003-03-28 Love Hörnquist Åstrand + + * kdc/kerberos5.c (as_rep): when the second enctype_to_string + failes, remember to free memory from the first enctype_to_string + + * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2, + from Harald Joerg + (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc + + * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key + length when key is longer then expected length, its probably + longer since the encrypted data was padded, reported by Aidan + Cully + + * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of + encyption type, inspired by Aidan Cully + +2003-03-27 Love Hörnquist Åstrand + + * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 + (wildcard kvno) after principal when the keytab entry isn't found, + reported by Chris Chiappa + +2003-03-26 Love Hörnquist Åstrand + + * doc/misc.texi: update 2b example to match reality (from + mattiasa@e.kth.se) + + * doc/misc.texi: spelling and add `Configuring AFS clients' + subsection + +2003-03-25 Love Hörnquist Åstrand + + * lib/krb5/krb5.3: add krb5_free_data_contents.3 + + * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT + API + + * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat + with MIT API + + * lib/krb5/krb5_verify_user.3: write more about how the ccache + argument should be inited when used + +2003-03-25 Johan Danielsson + + * lib/krb5/addr_families.c (krb5_print_address): make sure + print_addr is defined for the given address type; make addrports + printable + + * kdc/string2key.c: print the used enctype for kerberos 5 keys + +2003-03-25 Love Hörnquist Åstrand + + * lib/krb5/aes-test.c: add another arcfour test + +2003-03-22 Love Hörnquist Åstrand + + * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 + +2003-03-20 Love Hörnquist Åstrand + + * lib/krb5/krb5_ccache.3: update .Dd + + * lib/krb5/krb5.3: sort in krb5_data functions + + * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 + + * lib/krb5/krb5_data.3: document krb5_data + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if + prompter is NULL, don't try to ask for a password to + change. reported by Iain Moffat @ ufl.edu via Howard Chu + + +2003-03-19 Love Hörnquist Åstrand + + * lib/krb5/krb5_keytab.3: spelling, from + + + * lib/krb5/krb5.conf.5: . means new line + + * lib/krb5/krb5.conf.5: spelling, from + + + * lib/krb5/krb5_auth_context.3: spelling, from + + +2003-03-18 Love Hörnquist Åstrand + + * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 + + * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time + + * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time + + * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out + #ifdef KRB4 from enable_v4_cross_realm since 524 needs it + + * kdc/config.c: 524 is independent of kerberos 4, so move out + enable_v4_cross_realm from #ifdef KRB4 since 524 needs it + +2003-03-17 Assar Westerlund + + * kdc/kdc.8: document --kerberos4-cross-realm + * kdc/kerberos4.c: pay attention to enable_v4_cross_realm + * kdc/kdc_locl.h (enable_v4_cross_realm): add + * kdc/524.c (encode_524_response): check the enable_v4_cross_realm + flag before giving out v4 tickets for foreign v5 principals + * kdc/config.c: add --enable-kerberos4-cross-realm option (default + to off) + +2003-03-17 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 + + * lib/krb5/krb5_aname_to_localname.3: manpage for + krb5_aname_to_localname + + * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ + +2003-03-16 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 + + * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 + + * lib/krb5/krb5_set_default_realm.3: Manpage for + krb5_free_host_realm, krb5_get_default_realm, + krb5_get_default_realms, krb5_get_host_realm, and + krb5_set_default_realm. + + * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado + via NetBSD + + * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type + + * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab + + * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix + + * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more + types, add krb5_fcc_ops and krb5_mcc_ops + + * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for + a id + +2003-03-15 Love Hörnquist Åstrand + + * doc/intro.texi: add reference to source code, binaries and the + manual + + * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal + +2003-03-14 Love Hörnquist Åstrand + + * kdc/kdc.8: better/difrent english + + * kdc/kdc.8: . -> .\n, copyright/license + + * kdc/kdc.8: changed configuration file -> restart kdc + + * kdc/kerberos4.c: add krb4 into the most error messages written + to the logfile + + * lib/krb5/krb5_ccache.3: add missing name of argument + (krb5_context) to most functions + +2003-03-13 Love Hörnquist Åstrand + + * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of + function and return FALSE when there isn't a local account for + `luser'. + + * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text + describing the function + +2003-03-12 Love Hörnquist Åstrand + + * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name + returned memory, don't return ENOMEM + +2003-03-11 Love Hörnquist Åstrand + + * lib/krb5/krb5.3: add krb5_address stuff and sort + + * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description + + * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 + + * lib/krb5/krb5_address.3: document types krb5_address and + krb5_addresses and their helper functions + +2003-03-10 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 + + * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se + + * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 + + * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se + + * lib/krb5/krb5.3: add more functions + + * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc + functions + + * lib/krb5/krb5_kuserok.3: document krb5_kuserok + + * lib/krb5/krb5_verify_user.3: document + krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior + + * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and + krb5_verify_user_opt + + * lib/krb5/*.[0-9]: add copyright/licenses on more manpages + + * kuser/kdestroy.c (main): handle that krb5_cc_default_name can + return NULL + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor + (TESTS): add test_cc + + * lib/krb5/test_cc.c: test some + krb5_cc_default_name/krb5_cc_set_default_name combinations + + * lib/krb5/context.c (init_context_from_config_file): set + default_cc_name to NULL + (krb5_free_context): free default_cc_name if set + + * lib/krb5/cache.c (krb5_cc_set_default_name): new function + (krb5_cc_default_name): use krb5_cc_set_default_name + + * lib/krb5/krb5.h (krb5_context_data): add default_cc_name + +2003-02-25 Love Hörnquist Åstrand + + * appl/kf/kf.1: s/securly/securely/ from NetBSD + +2003-02-18 Love Hörnquist Åstrand + + * kdc/connect.c: s/intialize/initialize, from + + +2003-02-17 Love Hörnquist Åstrand + + * configure.in: add AM_MAINTAINER_MODE + +2003-02-16 Love Hörnquist Åstrand + + * **/*.[0-9]: add copyright/licenses on all manpages + +2003-14-16 Jacques Vidrine + + * lib/krb5/get_in_tkt.c (init_as_req): Send only a single + PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption + type specified by the KDC. + +2003-02-15 Love Hörnquist Åstrand + + * fix-export: some autoconf put their version number in + autom4te.cache, so remove autom4te*.cache + + * fix-export: make sure $1 is a directory + +2003-02-04 Love Hörnquist Åstrand + + * kpasswd/kpasswdd.8: spelling, from jmc + + * kdc/kdc.8: spelling, from jmc + +2003-01-31 Love Hörnquist Åstrand + + * kdc/hpropd.8: s/databases/a database/ s/Not/not/ + + * kdc/hprop.8: add missing . + +2003-01-30 Love Hörnquist Åstrand + + * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, + address, write out encryption type in sentences, s/Host/host + +2003-01-26 Love Hörnquist Åstrand + + * lib/asn1/check-gen.c: add checks for Authenticator too + +2003-01-25 Love Hörnquist Åstrand + + * doc/setup.texi: in the hprop example, use hprop and the first + component, not host + + * lib/krb5/get_addrs.c (find_all_addresses): address-less + point-to-point might not have an address, just ignore + those. Reported by Harald Barth. + +2003-01-23 Love Hörnquist Åstrand + + * lib/krb5/verify_krb5_conf.c (check_section): when key isn't + found, don't print out all known keys + + * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity + and facility start resp + (check_log): find_value() returns -1 when key isn't found + + * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a + 'const void *' to avoid AES_KEY being exposed in krb5-private.h + + * lib/krb5/krb5.conf.5: add [kdc]use_2b + + * kdc/524.c (encode_524_response): its 2b not b2 + + * doc/misc.texi: quote @ where missing + + * lib/asn1/Makefile.am: add check-gen + + * lib/asn1/check-gen.c: add Principal check + + * lib/asn1/check-common.h: move generic asn1/der functions from + check-der.c to here + + * lib/asn1/check-common.c: move generic asn1/der functions from + check-der.c to here + + * lib/asn1/check-der.c: move out the generic asn1/der functions to + a common file + +2003-01-22 Love Hörnquist Åstrand + + * doc/misc.texi: more text about afs, how to get get your KeyFile, + and how to start use 2b tokens + + * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre + + +2003-01-21 Jacques Vidrine + + * kuser/kuser_locl.h: include crypto-headers.h for + des_read_pw_string prototype + +2003-01-16 Love Hörnquist Åstrand + + * admin/ktutil.8: document -v, --verbose + + * admin/get.c (kt_get): make getarg usage consistent with other + other parts of ktutil + + * admin/copy.c (kt_copy): remove adding verbose_flag to args + struct, since it will overrun the args array (from Sumit Bose) + +2003-01-15 Love Hörnquist Åstrand + + * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = + ... } + + * lib/krb5/aes-test.c: test vectors in aes-draft + + * lib/krb5/Makefile.am: add aes-test.c + + * lib/krb5/crypto.c: Add support for AES + (draft-raeburn-krb-rijndael-krb-02), not enabled by default. + (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify + to support checksumtype that are have a shorter wireformat then + their output block size. + + * lib/krb5/crypto.c (struct encryption_type): split the blocksize + into blocksize and padsize, padsize is the minimum padding + size. they are the same for now + (enctype_*): add padsize + (encrypt_internal): use padsize + (encrypt_internal_derived): use padsize + (wrapped_length): use padsize + (wrapped_length_dervied): use padsize + + * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key + function for each enctype in preparation enctypes that uses + `Encryption and Checksum Specifications for Kerberos 5' draft + + * lib/asn1/k5.asn1: add checksum and enctype for AES from + draft-raeburn-krb-rijndael-krb-02.txt + + * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, + KEYTYPE_AES256 + +2003-01-14 Love Hörnquist Åstrand + + * lib/hdb/common.c (_hdb_fetch): handle error code from + hdb_value2entry + + * kdc/Makefile.am: always include kerberos4.c and 524.c in + kdc_SOURCES to support 524 + + * kdc/524.c: always compile in support for 524 + + * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 + + * kdc/config.c: always compile in support for 524 + + * kdc/connect.c: always compile in support for 524 + + * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() + even when we build without kerberos 4, 524 needs them + + * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out + Kerberos 4 help functions/structures so other parts of the source + tree can use it (like the KDC) + diff --git a/crypto/external/bsd/heimdal/dist/ChangeLog.2004 b/crypto/external/bsd/heimdal/dist/ChangeLog.2004 new file mode 100644 index 000000000..47cd799e9 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/ChangeLog.2004 @@ -0,0 +1,1485 @@ +2004-12-30 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am (CHECK_SYMBOLS): add heim_ and pkcs7_ for + now (used in pkinit) + +2004-12-29 Love Hörnquist Åstrand + + * lib/hdb/Makefile.am: add CHECK_SYMBOLS + + * lib/hdb/keys.c: make all_etypes static + + * lib/krb5/Makefile.am: add CHECK_SYMBOLS, approve of: -com_err + -version krb5_ _krb5_ __heimdal krb524_ krb4_fkt_ops + + * kdc/kerberos5.c: use private version of principalname + + * kdc/kerberos4.c: use private version of principalname + + * kdc/hpropd.c: use private version of principalname + + * kdc/524.c: use private version of principalname + + * lib/krb5/rd_req.c: use private version of principalname + + * lib/krb5/rd_cred.c: use private version of principalname + + * lib/krb5/init_creds_pw.c: use private version of principalname + + * lib/krb5/get_in_tkt.c: use private version of principalname + + * lib/krb5/asn1_glue.c: make principalname functions private + + * lib/krb5/krb5.h: add key usage for server referrals + +2004-12-29 Love Hörnquist Åstrand + + * lib/krb5/principal.c: make default_v4_name_convert static + + * lib/krb5/crypto.c: make lots of crypto related variables static + + * lib/krb5/acache.c: make default_acc_name static + +2004-12-28 Love Hörnquist Åstrand + + * doc/setup.texi: add some text about samba, use example.com + + * lib/hdb/hdb-ldap.c: Add account expiration for samba from James + F. Hranicky . + Add LDAP_addmod_integer and use it. + +2004-12-27 Love Hörnquist Åstrand + + * doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text + fixes, from Dave Love + +2004-12-18 Love Hörnquist Åstrand + + * lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just + needs pthread.h, threadlib is dead + +2004-12-17 Love Hörnquist Åstrand + + * kdc/config.c (configure): check for deprecated + enforce-transited-policy is set and fail if it is + + * lib/asn1/asn1_print.c: don't print garabage for octet strings + +2004-12-13 Love Hörnquist Åstrand + + * kdc/main.c (main): catch sigpipe, we don't bother select()ing + for errors + + * kdc/connect.c (handle_http_tcp): handle error from write(2) + + * doc/setup.texi: clarify credentials refreshing stuff + + * doc/setup.texi: add new node: Providing Kerberos credentials to + servers and programs + + * doc/whatis.texi: fix spurious cross-reference makeinfo warning + + * lib/hdb/hdb-ldap.c (pos): uppercase in character + +2004-12-12 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode + nibbels in the other order + + * lib/hdb/hdb-ldap.c: s/objectclass/objectClass/ check if + attribute exists before we try to delete it LDAP__bytes2hex + encodes in strange byte order, is this really right ? + +2004-12-11 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all + entries, search for samba accounts too, From: "James F. Hranicky" + + + * lib/hdb/hdb-ldap.c (krb5kdcentry_attrs): ask for attribute uid + too + + * lib/hdb/hdb-ldap.c (LDAP_message2entry): if the entry is missing + both krb5PrincipalName and uid, it must be broken, ignore it and + return it doesn't exists. + +2004-12-10 Love Hörnquist Åstrand + + * kdc/hpropd.8: spelling, from OpenBSD + + * kdc/kdc.8: use keeps for options, From OpenBSD k + +2004-12-09 Love Hörnquist Åstrand + + * doc/setup.texi: document --random-key and the need to do backup + of the master key + + * kdc/kstash.8: add --random-key + + * kdc/kstash.c: add --random-key + +2004-12-08 Love Hörnquist Åstrand + + * lib/krb5/verify_krb5_conf.8: spelling, from openbsd + + * lib/krb5/krb5_init_context.3: spelling, from openbsd + + * lib/krb5/krb5.conf.5: spelling, from openbsd + + * kuser/kdestroy.1: use keeps around options, spelling, from + openbsd + + * kpasswd/kpasswdd.8: use ., use keeps around options, from OpenBSD + + * kdc/hpropd.8: use keeps around options, from OpenBSD + + * kdc/hprop.8: use keeps around options, from OpenBSD + +2004-11-30 Love Hörnquist Åstrand + + * lib/krb5/context.c (krb5_free_context): clear error string + before destroying mutex + (krb5_init_context): don't call krb5_free_context before there is a + mutex initialized + +2004-11-18 Love Hörnquist Åstrand + + * kuser/kinit.c (get_new_tickets): only complain about ticket + renewable lifetime when the user asked for a specific renewable + lifetime + +2004-11-15 Love Hörnquist Åstrand + + * kdc/kerberos5.c (find_keys): log what principal is missing + enctypes + +2004-11-13 Love Hörnquist Åstrand + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after + freeing data + + * lib/krb5/init_creds_pw.c (change_password): handle old_options + being NULL From Guenther Deschner on samba-technical. + +2004-11-12 Love Hörnquist Åstrand + + * lib/krb5/krb5_get_init_creds.3: add more text describing the + krb5_get_init_creds functions + +2004-11-11 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work + again + +2004-11-10 Love Hörnquist Åstrand + + * lib/hdb/hdb.asn1: use constrained integers + +2004-11-09 Love Hörnquist Åstrand + + * lib/krb5/krb5_get_init_creds.3: add description for opt_init, + opt_alloc, opt_free + + * lib/krb5/pkinit.c: unexport krb5_get_init_creds_opt_free_pkinit + + * lib/krb5/init_creds.c: unexport + krb5_get_init_creds_opt_free_pkinit + + * lib/krb5/init_creds_pw.c: fold init_init_creds_ctx into + get_init_creds_common + + * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in + options NULL, just make a clean copy + +2004-11-01 Love Hörnquist Åstrand + + * lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier + so we don't leak it on error + +2004-10-31 Love Hörnquist Åstrand + + * lib/krb5/krb5.conf.5: unbreak 2b entry + + * lib/krb5/acache.c (make_cred_from_ccred): the address isn't a + sockaddr but rather a kerberos address, deal with that. Based on + bug report from Jakob Schlyter . + +2004-10-30 Love Hörnquist Åstrand + + * kdc/connect.c: Make sure argument passed to ctype isn't signed + char + +2004-10-14 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: match new error names + + * lib/krb5/krb5_err.et: make error messages sane again + +2004-10-13 Love Hörnquist Åstrand + + * lib/krb5/keytab.c: use KRB5_KT_BADNAME + + * lib/krb5/krb5_err.et: sync with mit krb5_err.et (require major + version bump) add KRB5_DELTAT_BADFORMAT + + * lib/krb5/krb5.conf.5: time defaults to "s" + + * lib/krb5/time.c (krb5_string_to_deltat): default to "s" again, + MIT's behavior was actually that it failed to parse the number + (and thus used the default). Even better, ticket_lifetime (that + was a consumer supposed a of the interface) was documented but + never implemented, when it was implemented, people configuraiton + files started to fail. Also, use KRB5_DELTAT_BADFORMAT as a + failure code. + + * lib/asn1/k5.asn1: sync enctypes with pkinit branch + + * lib/asn1/parse.y (readd) support negative numbers + + * lib/asn1/lex.l: support hex numbers + +2004-10-12 Love Hörnquist Åstrand + + * kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS + + * lib/krb5/crypto.c: add enctype_des3_cbc_none_cms add cms padding + for rc2 don't to padding for blocksize 1 + + * lib/hdb/{keys.c,Makefile.am},lib/kadm5/{keys,set_keys}.c: + Move keyset parsing and password based keyset generation into hdb. + Requested by Andrew Bartlett for hdb-ldb + backend. + +2004-10-07 Love Hörnquist Åstrand + + * kuser/kinit.c: adapt to new signature of + krb5_get_init_creds_opt_set_pkinit + + * lib/krb5/pkinit.c: free openssl engine deal with + RecipientIdentifier -> CMSIdentifier and heim_any -> name change + improve error messages + + * kdc/pkinit.c: free openssl engine deal with RecipientIdentifier + -> CMSIdentifier and heim_any -> name change + +2004-10-04 Johan Danielsson + + * kuser/klist.c: use rtbl_set_separator + +2004-10-03 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: filter out dup openssl engine keys, parse + user options first + + * lib/krb5/pkinit.c: stop using AlgorithmIdentifierNonOpt, add + openssl engine support for private key + + * lib/krb5/crypto.c: support padding as its done in CMS + + * kdc/pkinit.c: improve error logging + + * kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt + +2004-09-30 Love Hörnquist Åstrand + + * lib/krb5/krb5.conf.5: assume minutes for time + + * lib/krb5/config_file.c (krb5_config_vget_time_default): use + krb5_string_to_deltat + + * lib/krb5/appdefault.c (krb5_appdefault_time): use + krb5_string_to_deltat + + * lib/krb5/time.c (krb5_string_to_deltat): set default unit to + minute for compatibility with MIT Kerberos. + + +2004-09-28 Love Hörnquist Åstrand + + * lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large + message safe" transport if we get back + KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner + + +2004-09-23 Johan Danielsson + + * admin/list.c: use rtbl + + * admin/ktutil-commands.in: slc source file + + * lib/krb5/constants.c: check + /Library/Preferences/edu.mit.Kerberos on OSX + +2004-09-21 Johan Danielsson + + * lib/krb5/time.c (krb5_format_time): check return value from + localtime and strftime + +2004-09-14 Johan Danielsson + + * kuser/kinit.c: make sure we don't always get renewable creds + +2004-09-11 Love Hörnquist Åstrand + + * lib/krb5/acache.c: use krb5_ccapi.h + + * lib/krb5/krb5_ccapi.h: break out krb5 api definitions to + separate (not installed) file + + * lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS + since AM_CPPFLAGS overridden by target specific _CPPFLAGS + +2004-09-08 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: make variable shorter, make error messages + from pkinit, make freeing easier + +2004-09-06 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen + + * lib/krb5/crypto.c (seed_something): avoid poking at memory that + is uninitialized, make valgrind unhappy. Pointd out by + abartlet@samba.org. While where, plug the fd leak. + +2004-09-05 Love Hörnquist Åstrand + + * lib/asn1/der_get.c (decode_*): name all tag-length variables the + same + (decode_enumerated): check that the tag-length is not longer the length + + * lib/asn1/der_get.c (decode_boolean): fail if length of tag is + larger then len + +2004-08-31 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be + set in case of failure too, free unconditionally on exit to avoid + memory leak + +2004-08-23 Love Hörnquist Åstrand + + * lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after + free + +2004-08-20 Love Hörnquist Åstrand + + * lib/krb5/context.c (krb5_get_err_text): if neither of com_right + nor strerror finds the error-code, return Unknown error. + +2004-08-19 Johan Danielsson + + * lib/krb5/krb5_kuserok.3: update to reality + + * lib/krb5/kuserok.c: if a .k5login file exist, don't give + implicit rights to anyone; also check owner/mode of .k5login + +2004-08-15 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3 + + * lib/krb5/krb5_getportbyname.3: manpage for krb5_getportbyname + + * lib/krb5/krb5.3: add krb5_getportbyname + + * lib/krb5/krb5.3: krb5_free_salt and krb5_enctype_valid + + * lib/krb5/krb5_encrypt.3: document krb5_enctype_valid + +2004-08-13 Love Hörnquist Åstrand + + * kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes + from the client and filter them out. + + * lib/krb5/krb5_string_to_key.3: document krb5_free_salt + +2004-08-12 Love Hörnquist Åstrand + + * lib/krb5/krb5_ticket.3: data needs to be freed when using + krb5_ticket_get_authorization_data_type + +2004-08-11 Love Hörnquist Åstrand + + * lib/krb5/test_cc.c: test variables in default_cc_name + + * lib/krb5/krb5.conf.5: explain support for varibles in + [libdefaults]default_cc_name + + * lib/krb5/cache.c: drop ${time}, its not very useful + + * lib/krb5/cache.c: Add _krb5_expand_default_cc_name that expand + variables in the default cc name. Supported variables now are: + ${time},${uid} and ${null} + + * lib/krb5/krb5.conf.5: document default_cc_name + + * lib/krb5/cache.c (krb5_cc_set_default_name): + s/libdefault/libdefaults/ + +2004-08-06 Love Hörnquist Åstrand + + * lib/krb5/acache.c: replace magic 3 with ccapi_version_3 + + * lib/krb5/Makefile.am: libkrb5_la_SOURCES += acache.c + + * lib/krb5/krb5.h: add krb5_acc_ops + + * lib/krb5/acache.c: CCAPI v3 implementation, the read only + support was from Magnus Ahltorp and then extended by me to support + all other operations. Tested with MIT kerberos cc cache + implementation on MacOS 10.3.3 + + * lib/krb5/cache.c (krb5_cc_set_default_name): allow setting the + default cc name, this is not very useful for general purpose glue + since its not possible to glue in user information (like uid), but + for CCAPI it works just fine + +2004-08-05 Love Hörnquist Åstrand + + * kuser/kgetcred.1: document --cache/-c + + * kuser/kgetcred.c: allow to specify what credential cache to use + +2004-08-03 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3 + + * lib/krb5/krb5_eai_to_heim_errno.3: document + krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno + + * lib/krb5/krb5.3: add krb5_eai_to_heim_errno, + krb5_h_errno_to_heim_errno + +2004-07-26 Love Hörnquist Åstrand + + * lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms + result should be free with krb5_free_host_realm drop + krb5_get_host_realm text + + * lib/krb5/krb5_set_default_realm.3: krb5_get_host_realm result + should be free with krb5_free_host_realm + + * lib/krb5/krb5_get_in_cred.3: document krb5_free_kdc_rep + + * lib/krb5/krb5_get_init_creds.3: remove dup krb5_get_init_creds + + * lib/krb5/krb5_auth_context.3: sort, add krb5_free_authenticator + + * lib/krb5/Makefile.am: man_MANS += krb5_rd_error + + * lib/krb5/krb5_rd_error.3: krb5_rd_error and friends + + * lib/krb5/krb5_warn.3: clarify on what string + krb5_free_error_string should operate on + + * lib/krb5/krb5_get_credentials.3: add krb5_get_kdc_cred + + * lib/krb5/Makefile.am: krb5_get_credentials, + krb5_get_forwarded_creds and friends + + * lib/krb5/krb5_get_forwarded_creds.3: krb5_get_forwarded_creds + and friends + + * lib/krb5/krb5_get_credentials.3: krb5_get_credentials and + friends + +2004-07-23 Love Hörnquist Åstrand + + * kuser/klist.c (print_cred_verbose): keytypes are no longer, use + enctype + +2004-07-22 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99 + compilers, From metze at samba.org + +2004-07-20 Love Hörnquist Åstrand + + * lib/krb5/test_cc.c: more cc tests + + * lib/krb5/krb5_check_transited.3: document krb5_check_transited + +2004-07-19 Love Hörnquist Åstrand + + * kdc/pkinit.c (pk_principal_from_X509): reverse test, makes + principal in cert work From: Mayur Patel + +2004-07-18 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: add krb5_verify_init_creds.3 + + * lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds + +2004-07-15 Love Hörnquist Åstrand + + * lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org + description for krb5_passwd_result_to_string + +2004-07-14 Love Hörnquist Åstrand + + * lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar + fixes; split sentence in two for better understanding. From + wiz@NetBSD.org. Describe krb5_set_password_using_ccache while here. + + * lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan + Stone + + * lib/krb5/changepw.c (process_reply): cast ssize_t to long and + print that From NetBSD via Havard Eidnes. + +2004-07-09 Love Hörnquist Åstrand + + * configure.in: fix helpstring for hdb-openldap-module + + * lib/krb5/test_cc.c: don't use krb5_err on error code 0 + +2004-07-08 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better + +2004-07-02 Love Hörnquist Åstrand + + * lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const + +2004-07-01 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with + right argument + +2004-06-27 Johan Danielsson + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the + krbtgt is without addresses, default to not sending our own + addrport + + * lib/asn1/lex.l: add support for /* */ and partial line -- + comments + + * kuser/Makefile.am: don't install copy_cred_cache manpage + +2004-06-24 Johan Danielsson + + * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if + copying a static opt, make sure to allocate the "private" field + +2004-06-24 Love + + * kdc/config.c: add enable_pkinit_princ_in_cert + + * kdc/kdc_locl.h: enable_pkinit_princ_in_cert + + * kdc/pkinit.c: Check certificate for Kerberos Principal in + OtherName of subjectAltName Based on patch from Mayur Patel + + +2004-06-21 Love Hörnquist Åstrand + + * lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use + session key for authorization-data + +2004-06-15 Love Hörnquist Åstrand + + * kdc/connect.c (handle_tcp): note who is what that closed the + connection on us + +2004-06-09 Love Hörnquist Åstrand + + * admin/get.c (kt_get): catch errors from krb5_parse_name + +2004-06-05 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: if its the entry just contains the + structural object (no samba nor heimdal object), add an aux + heimdal object on to it. + +2004-06-02 Love Hörnquist Åstrand + + * kpasswd/kpasswd.c: use krb5_set_password_using_ccache + + * lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache + + * lib/krb5/changepw.c: implement krb5_set_password_using_ccache + + * lib/hdb/hdb-ldap.c: Allow the objectClass to be + "sambaSamAccount" or structural_object when searching for uid + entries. + + * lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base + + * lib/hdb/hdb-ldap.c: add creation base that defaults to the + search base + + * lib/hdb/hdb-ldap.c: indent like the rest of the code + +2004-06-01 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: check return values from ldap operations and + close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you + should retry by yourself. + + * lib/hdb/hdb-ldap.c: require search base to be configured, create + local context structure + +2004-05-31 Love Hörnquist Åstrand + + * doc/setup.texi: more ldap text, partly from Tarjei Huse + + +2004-05-28 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: clean, indent + + * lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure + krb5KeyVersionNumber is added on new entires + +2004-05-27 Love Hörnquist Åstrand + + * doc/setup.texi: minor fixes, partly from Tarjei Huse + + + * lib/krb5/krb5.conf.5: some text about dbname and realm + + * lib/krb5/krb5.conf.5: default value for + hdb-ldap-structural-object is account + +2004-05-26 Love Hörnquist Åstrand + + * tools/Makefile.am: use ! instead of , as sed delimiter + +2004-05-25 Love Hörnquist Åstrand + + * lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions + +2004-05-23 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean + + * lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure + option + + * lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From: + Andrew Bartlett + + * lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length + check From: Andrew Bartlett + + * lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword + case, make sure ent->etypes are allocated, From: Andrew Bartlett + + +2004-05-14 Love Hörnquist Åstrand + + * kuser/kinit.c: move "setpag if (argc < 1)" to common path + +2004-05-12 Love Hörnquist Åstrand + + * lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers + + * fix-export: use right argument for -E + +2004-05-06 Johan Danielsson + + * kuser/kinit.c: print some diagnostics if the exec fails + +2004-04-29 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key + From: Luke Howard + + * lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket, + not just a pointer size of it From: Luke Howard + +2004-04-28 Love Hörnquist Åstrand + + * fix-export: add -E flag where needed to make-proto + +2004-04-26 Love Hörnquist Åstrand + + * lib/krb5/crypto.c: add set_param for RC2 + + * lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids + that are no longer needed + + * kdc/pkinit.c: use krb5_enctype_to_oid + + * lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists + before we compare with it + + * lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length + before returning it add aes-oids + + * lib/krb5/crypto.c: add krb5_enctype_to_oid and + krb5_oid_to_enctype + + * kdc/pkinit.c: use krb5_crypto_set_params + + * lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none + + * lib/krb5/krb5.h: add KEYTYPE_AES192 + + * lib/krb5/pkinit.c: use krb5_crypto_get_params to implement + kcrypto RC2 support + + * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype + rc2-cbc XXX RC2CBCParameter is wrong because the compiler is + broken + + * lib/krb5/krb5.h: add KEYTYPE_RC2 + + * lib/krb5/crypto.c: add partial CMS parameter handling, this is + needed for RC2 + + * lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp + + * lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c + + * lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp + + * lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE + + * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype + rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken + +2004-04-26 Johan Danielsson + + * lib/krb5/config_file.c: allow parsing directly from strings with + krb5_config_parse_string_multi + + * lib/krb5/verify_krb5_conf.c: try to resolve hostnames + +2004-04-25 Johan Danielsson + + * lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file + descriptor so we don't have to keep track of it in two places + + * kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in + libkrb5 + + * lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its + own manpage + + * replace krb5_free_creds_contents by krb5_free_cred_contents + + * lib/krb5/cache.c: add krb5_cc_next_cred_match() and + krb5_cc_copy_cred_match() + + * lib/krb5/creds.c (krb5_compare_creds): add more matching options + + * lib/krb5/krb5.h: add more creds match flags + + * kuser/copy_cred_cache: add --valid-for option + + * lib/krb5/store.c (krb5_store_creds): set is_skey flag if length + of second ticket is > 0 + +2004-04-25 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: use the right oid for pkauthdata + + * lib/krb5/pkinit.c: always send both win2k compat version and the + ietf draft one, this is possible since microsoft use + wrong/diffrent PA number. Make the configuration flag boolean + configuring if NOT to send the win2k compat glue. + + * lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec + + * kuser/copy_cred_cache.1: pacify mdoclint + + * kdc/pkinit.c: use IV for envelopeddata encryption, patch + originally from Luke Howard , tweeked by me. + + * lib/krb5/krb5_storage.3: document + KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER + + * lib/krb5/krb5_data.3: document that krb5_data_free cleans the + structure too + + * lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch + originally from Luke Howard , tweeked by me. + +2004-04-24 Johan Danielsson + + * kuser/copy_cred_cache.{c,1}: add cred cache copy tool + + * configure.in: use rk_SYS_LARGEFILE + + * lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder + issue with a storage flag instead of a separate function. + +2004-04-24 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: move out the oid check from get_reply_key + + * lib/krb5/pkinit.c: uniquify error messages + + * lib/krb5/init_creds_pw.c: make the pkinit nonce same os the + plain nonce for now + + * lib/krb5/pkinit.c: more w2k compat from Luke Howard + add RC2 support, clean up error messages + + * lib/krb5/pkinit.c: remove more dependency on + krb5_config->pkinit_flags + + * lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft + style answer to IETF, From Luke Howard + (_krb5_pk_create_sign): ms handles NULL in param, so always send it + (_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool } + + * lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the + digestAlgorithm to sha1 (both for SignerInfo and SignedData, add + new function _set_digest_alg to set it + +2004-04-23 Love Hörnquist Åstrand + + * include/make_crypto.c: include rc2.h, and when I'm here, make + aes mandatory + + * lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT + kerberos + + * lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on + failure + + * lib/krb5/crypto.c (DES3_random_to_key): make it produce the + right result + (DES3_postproc): use DES3_random_to_key + (krb5_random_to_key): check the required number of bits (not the size + of the key) + + * lib/krb5/aes-test.c: test random to key function + + * lib/krb5/string-to-key-test.c: comment out the "@"/"" test for + now + +2004-04-22 Love Hörnquist Åstrand + + * lib/krb5/krb5_string_to_key.3: document that + krb5_string_to_key_derived is broken for non 3des enctypes and + thus deprecated + + * kdc/pkinit.c (generate_dh_keyblock): use the new function + krb5_random_to_key + + * lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they + need special processing + + * lib/krb5/crypto.c (krb5_random_to_key): new function + + * lib/krb5/krb5_keyblock.3: document krb5_random_to_key + +2004-04-21 Love Hörnquist Åstrand + + * kdc/pkinit.c: use the first proposed enable enctype + + * lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the + return from krb5_enctype_valid + + * kdc/pkinit.c: at least try to handle diffrent enveloped enctypes + +2004-04-21 Love Hörnquist Åstrand + + * lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid + components being smaller then 127 and allocate one extra element + since first byte is split to to elements. + +2004-04-20 Love Hörnquist Åstrand + + * lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE: + private use, lukeh@padl.com + +2004-04-19 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode + DH public key + +2004-04-18 Love Hörnquist Åstrand + + * lib/krb5/krb5_init_context.3: add krb5_context to so its added + as manpage-link too + +2004-04-17 Love Hörnquist Åstrand + + * lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation, + XXX add locking + + * kuser/kdestroy.c: add --credential argument that just remove one + credential entry out of the cache specified + + * kdc/pkinit.c: replace the krb5.conf configuration option that + describes the mapping between principals and subject names with a + file, default /var/heimdal/pki-mapping. XXX this should be pushed + into HDB. XXX should add issuer too + + * kdc/config.c: merge certificate/private_key to a user_id + +2004-04-16 Love Hörnquist Åstrand + + * kdc/kdc_locl.h: update prototype for pk_initialize + + * kuser/kinit.c: merge certificate/private_key to a user_id + + * kdc/pkinit.c: adapt to heim_integer changes + + * lib/krb5/pkinit.c: merge certificate/private_key to a user_id + + * kdc/pkinit.c: adapt to heim_integer changes, + merge certificate/private_key to a user_id + +2004-04-15 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE + +2004-04-13 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building + libkrb5.la, add KRB5_LIB_FUNCTION proto + + * lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION + + * configure.in: export KRB5_LIB_FUNCTION when building with + BUILD_KRB5_LIB + + * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add + error strings + + * lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing + is printed on stderr, fflush it + + * lib/krb5/krb5_keyblock.3: free functions also zeros out the key + + * lib/krb5/krb5_get_init_creds.3: some text about + krb5_prompter_posix + + * lib/krb5/krb5.conf.5: document hdb-ldap-structural-object + + * lib/krb5/cache.c: add krb5_cc_get_prefix_ops + + * lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops + +2004-04-05 Love Hörnquist Åstrand + + * appl/test/http_client.c: support GSS_C_DELEG_FLAG and + GSS_C_MUTUAL_FLAG + + * appl/test/http_client.c: verbose logging + +2004-04-02 Love Hörnquist Åstrand + + * kdc/connect.c: case size_t to unsigned long for LP64 platforms + +2004-04-01 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of + default structural object + + * tools/Makefile.am: handle sed expression breaking + +2004-03-31 Love Hörnquist Åstrand + + * lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr + + * lib/krb5/changepw.c: add tcp support to the set protocol, should + be cleaned up to enable sharing code with krb5_sendto + + * kpasswd/kpasswd.c (change_password): remove extra free + + * lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on + osf/1 + +2004-03-30 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't + increase md->len, krb5_padata_add already does that + + * lib/krb5/init_creds.c: its PAC not PAQ + + * kuser/kinit.c: its PAC not PAQ + + * kdc/kerberos4.c: stop the client from renewing tickets into the + future From: Jeffrey Hutzelman + +2004-03-29 Love Hörnquist Åstrand + + * configure.in: try to handle sys/strtty.h needing sys/stream.h + +2004-03-23 Love Hörnquist Åstrand + + * lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no + longer used + + * kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/ + + * lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to + external users by prefixing it with _ + + * lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/ + + * lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external + users by prefixing it with _ + +2004-03-22 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: add missing } + +2004-03-21 Love Hörnquist Åstrand + + * kdc/pkinit.c: adapt to change of signature of + _krb5_pk_load_openssl_id + + * lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add + prompter argument and use it + + * kuser/kinit.c: adapt to signature change of + krb5_get_init_creds_opt_set_pkinit + + * lib/krb5/krb5.3: add more stuff, 105 functions to go + + * lib/krb5/krb5_rcache.3: add krb5_get_server_rcache + + * lib/krb5/krb5_rcache.3: framework for replay cache manpage + + * lib/krb5/krb5_string_to_key.3: document string to key functions + + * lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3 + krb5_find_padata.3 krb5_generate_random_block.3 + + * lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length + + * lib/krb5/krb5.3: add some more, 137 to go + + * lib/krb5/krb5_principal.3: document krb5_get_default_principal + + * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey + + * lib/krb5/krb5_generate_random_block.3: document + krb5_generate_random_block + + * lib/krb5/krb5_find_padata.3: document padata functions + + * lib/krb5/krb5.3: add some more, 142 to go + + * lib/krb5/krb5_creds.3: drop .Pp before .Sh + + * lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm + + * lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname + and krb5_expand_hostname_realms + + * lib/krb5/krb5.3: add more functions, 147 to go + + * lib/krb5/krb5_creds.3: document krb5_creds + + * lib/krb5/krb5_get_init_creds.3: add more functions, some more + text + + * lib/krb5/krb5_ticket.3: document + krb5_ticket_get_authorization_data_type + +2004-03-20 Love Hörnquist Åstrand + + * lib/krb5/aes-test.c: remove #if 0'ed code + + * lib/krb5/krb5.3: add keyblock functions, 177 functions to go + + * lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache + + * lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket + + * lib/krb5/krb5_config.3: document krb5_config_free_strings and + krb5_config_file_free + + * lib/krb5/krb5_create_checksum.3: add krb5_hmac + + * lib/krb5/krb5.3: add keyblock functions, 190 functions to go + + * lib/krb5/krb5_keyblock.3: update .Dd + + * lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and + krb5_generate_random_keyblock + + * lib/krb5/krb5_init_context.3: add krb5_init_ets + + * lib/krb5/krb5_config.3: add more krb5_config_ functions and + prototypes + + * lib/krb5/krb5_init_context.3: document context modifcation + functions: address list, config file, use admin kdc, fcc version + + * lib/krb5/krb5_storage.3: document krb5_storage and related + functions + + * lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc + manpages and test_acl test program + + * lib/krb5/krb5.3: add error string functions and sort + + * lib/krb5/krb5_warn.3: document krb5_abort and error string + functions + + * lib/krb5/krb5.3: add missing functions, only 285 left to + document + + * lib/krb5/krb5_crypto_init.3: remove various enctype related + function + + * lib/krb5/krb5_encrypt.3: add various enctype related function + here + + * lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid + krb5_cksumtype_valid + + * lib/krb5/crypto.c: real return values for + krb5_{enctype,cksumtype}_valid + + * lib/krb5/krb5_create_checksum.3: add some functions and + descriptions + + * lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions + + * lib/krb5/krb5_auth_context.3: document + krb5_auth_con_generatelocalsubkey + + * lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags + + * lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name + + * lib/krb5/krb5_init_context.3: document krb5_add_et_list + + * lib/krb5/krb524_convert_creds_kdc.3: document + krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache + + * lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_* + + * lib/krb5/test_acl.c: test for generic acl code + + * lib/krb5/acl.c: plug memory leak on file matching, + make it not fall over when no non matching acl, + make fnmatch matching useful by switching arguments + +2004-03-19 Love Hörnquist Åstrand + + * kdc/config.c: add --builtin-hdb command + + * lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin + backends + + * doc/setup.texi: include Luke Howard of PADL.COM ldap hdb + documentation + + * doc/win2k.texi: fix bugs in examples, add more restrictions, use + example.com as an example. From: Pavel Ferdan + + +2004-03-18 Johan Danielsson + + * lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin] + password_lifetime; from Henry B. Hotz + +2004-03-14 Love Hörnquist Åstrand + + * lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY + is set send subkey + (generate if needed) + + * lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY + +2004-03-14 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks, + and free memory in error path, assume realloc(NULL, ...) works, + factor out common code, indent + +2004-03-12 Love Hörnquist Åstrand + + * lib/krb5/verify_krb5_conf.c: understand [password_quality] + spelling + + * kuser/kgetcred.1: document --canonicalize + + * kuser/kgetcred.c: add --canonicalize + +2004-03-10 Love Hörnquist Åstrand + + * lib/krb5/fcache.c (fcc_store_cred): NULL terminate + krb5_config_get_bool_default' arglist + +2004-03-09 Love Hörnquist Åstrand + + * kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply + + * kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry + + * kdc/pkinit.c: pass client hdb_entry to pk_check_client + + * kdc/kdc_locl.h: pass client hdb_entry to pk_check_client + + * kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its + more like that language in RFC3280 + + * lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since + its more like that language in RFC3280 + + * lib/krb5/krb5.conf.5: document + [libdefaults]fcc-mit-ticketflags=boolean + + * lib/krb5/fcache.c (fcc_store_cred): use + [libdefaults]fcc-mit-ticketflags=boolean to decide what format to + write the fcc in. Default to mit version (aka heimdal 0.7) + + * lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and + _krb5_store_creds_heimdal_pre_0_7 that store the creds in just + that format make krb5_store_creds default to mit format + + * lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is + the higher bits of the bitfield + +2004-03-08 Love Hörnquist Åstrand + + * lib/krb5/store.c (krb5_store_creds): add disabled code that + store the ticket flags in reverse order + (bitswap32): new function + + * lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags + are set, its a mit cache, reverse the bits, bug pointed out by + Sergio Gelato + +2004-03-07 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP * + + * kuser/kinit.c: when running kinit with a subprocess, fetch new + tickets after half the tickets lifetime + + * lib/hdb/hdb.c: spelling + + * lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba + password database. From: Andrew Bartlett + + * kdc/config.c: add --disable-DES + + * kdc/kdc.8: document --detach and --disable-DES + + * kdc/kerberos5.c: check if enctype is disabled before using it + + * lib/krb5/crypto.c: add support for disabling checksum/encryption + types + + * tools/kdc-log-analyze.pl: add more cases + + * kdc/connect.c: on strange tcp error; log local port number and + socket type + + * lib/asn1/der.h: fix prototype of encode_utf8string + + * lib/asn1/gen.c: catch CHOICE and generate dummy placeholder + + * lib/asn1/lex.l: added dummy parsing of CHOICE + + * lib/asn1/parse.y: added dummy parsing of CHOICE + + * lib/asn1/k5.asn1: drop SMTP_NAME + +2004-03-06 Love Hörnquist Åstrand + + * lib/hdb/Makefile.am: support building ldap backend as module + sort asn1 hdb files + + * lib/hdb/hdb.c: when building ldap as a shared module, don't + include it in the list + + * configure.in: add --enable-hdb-openldap-module + + * lib/hdb/hdb-ldap.c: make ldap possible to build as a shared + module + + * lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew + Bartlett + + * lib/krb5/crypto.c (decrypt_internal_special): do not not modify + the original data test case from Ronnie Sahlberg + + +2004-03-03 Love Hörnquist Åstrand + + * lib/krb5/test_cc.c: more cc tests, mostly related to mcc + behavior + + * lib/krb5/mcache.c (mcc_get_principal): also check for + primary_principal == NULL now that that isn't used as dead flag + + * lib/krb5/mcache.c: don't overload the primary_principal == NULL + as dead since that doesn't always work. Based on patch from + Jeffrey Hutzelman , tweeked by me + +2004-02-22 Love Hörnquist Åstrand + + * kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp + + * lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp + + * lib/hdb/db3.c: fix all db >= 4.1 cases + + * doc/setup.texi: add text about hostname to realm mapping using + DNS + +2004-02-20 Love Hörnquist Åstrand + + * kdc/pkinit.c: update error codes + + * lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_ + + * lib/krb5/pkinit.c: update error codes + +2004-02-19 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort() + + * lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling + + * lib/krb5/store.c: handle memory allocate errors + + * lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok, + and don't put an error in the error strings then + +2004-02-13 Love Hörnquist Åstrand + + * kdc/pkinit.c: s/heim_big_integer/heim_integer/ + + * lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/ + + * kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors + + * lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT + errors + + * lib/krb5/heim_err.et: add HEIM_PKINIT specific errors + +2004-02-12 Love Hörnquist Åstrand + + * configure.in: rename AC_WFLAGS to rk_WFLAGS + + * acinclude.m4: use m4_define, over-quote string + +2004-02-11 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c (change_password): handle that + printf("%.*s", 0, (void*)NULL); doesn't work on solaris + +2004-02-10 Love Hörnquist Åstrand + + * kpasswd/kpasswd.c (change_password): handle that printf("%.*s", + 0, (void*)NULL); doesn't work on solaris + + * lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses + some locate.updatedb, use FILES section to describe where the file + is instead. + +2004-02-07 Love Hörnquist Åstrand + + * lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned + for certain negative integers, it got the length wrong" , from + Panasas, Inc. + + * lib/asn1/der_length.c: Fix len_unsigned for certain negative + integers, it got the length wrong, fix from Panasas, Inc. + + rename len_int and len_unsigned to _heim_\& + + * lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int + +2004-02-06 Dave Love + + * configure.in: Check for sys/socket.h, net/if.h. Modify term.h, + security/pam_appl.h tests. + +2004-02-03 Love Hörnquist Åstrand + + * lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add + up the size of all the elements, don't use just the size of the + last element. + + * lib/krb5/aes-test.c: add "next iv" test for aes128, check + decryption case too + + * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of + the next to last block, fix decryption case too + + * lib/krb5/aes-test.c: add "next iv" test for aes128 + + * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of + the next to last block + + * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode + error + + * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode + error + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1 + encode error + + * lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode + error + + * lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1 + encode error + + * lib/krb5/build_auth.c (krb5_build_authenticator): abort on + internal asn1 encode error + + * lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal + asn1 encode error + +2004-01-30 Love Hörnquist Åstrand + + * doc/setup.texi: some text about order of [capaths] realms + +2004-01-25 Love Hörnquist Åstrand + + * lib/krb5/context.c: register WRFILE ops + + * lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE) + + * lib/krb5/krb5.h: add krb5_wrfkt_ops + + * kpasswd/kpasswdd.c (change): use the right password when + changing the password + +2004-01-21 Love Hörnquist Åstrand + + * lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it + means that the filesystem doesn't support locking + + * lib/krb5/keytab.c: remove #if 0 out file locking code + +2004-01-19 Love Hörnquist Åstrand + + * lib/asn1/gen_length.c (length_type): TSequenceOf: add up the + size of all the elements, don't use just the size of the last + element. + +2004-01-13 Love Hörnquist Åstrand + + * kuser/kinit.c (renew_validate): if renewable_flag and not time + specifed, use "1 month" + +2004-01-08 Love Hörnquist Åstrand + + * lib/krb5/krb5_keyblock.3: add prototypes, describe + krb5_keyblock_zero + +2004-01-05 Love Hörnquist Åstrand + + * lib/krb5/get_for_creds.c (add_addrs): don't add same address + multiple times + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to + handle errors better for previous commit + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets + are address-less, forward address-less tickets. + + * lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and + export it + diff --git a/crypto/external/bsd/heimdal/dist/ChangeLog.2005 b/crypto/external/bsd/heimdal/dist/ChangeLog.2005 new file mode 100644 index 000000000..a594d0924 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/ChangeLog.2005 @@ -0,0 +1,2004 @@ +2005-12-15 Love Hörnquist Åstrand + + * kdc/kerberos5.c (tgs_make_reply): less const on hdb_entry_ex to + make samba happy + + * fix-export: Build kdc-private.h. + +2005-12-14 Love Hörnquist Åstrand + + * kdc/kerberos5.c (tgs_rep2): also print the principal for which + the enctype was missing + +2005-12-13 Love Hörnquist Åstrand + + * kdc/kaserver.c: Finish up transition from hdb_entry to + hdb_entry_ex. + + * kdc/kerberos4.c: Finish up transition from hdb_entry to + hdb_entry_ex. + + * kdc/524.c: Finish up transition from hdb_entry to hdb_entry_ex. + + * kdc/kerberos5.c: Finish up transition from hdb_entry with + hdb_entry_ex. + + * lib/krb5/cache.c (krb5_cc_set_default_name): use + KRB5_DEFAULT_CCNAME. + + * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME, pointer to + default credential cache. + + * lib/hdb/ndbm.c: memset hdb_entry_ex before use + + * lib/hdb/db3.c: memset hdb_entry_ex before use + + * lib/hdb/db.c: memset hdb_entry_ex before use + +2005-12-12 Love Hörnquist Åstrand + + * lib/krb5/krb5.3: Add some more entrypoints. + + * lib/krb5/changepw.c: If there is a target principal, use the + realm of the realm to change the password with, + + * kuser/kinit.c: Default to use DH when fetching keys. + + * lib/hdb, kdc, kadmin/load.c: Wrap hdb_entry with hdb_entry_ex, patch + originally from Andrew Bartlet + + * lib/hdb/hdb-ldap.c: Wrap hdb_entry with hdb_entry_ex, add url + support, add ldapi support. + + * kdc/kerberos5.c (tgs_make_reply): there are no such things a + keytypes any more, just use enctypes. + + * kdc/kdc_locl.h: Remove private prototypes and instead include + . + + * kdc/Makefile.am: Build kdc-private.h and depend on it. + + * kdc/config.c (configure): wrap line + + * doc/kerberos4.texi: KDC 4 support is always compiled in. + + * TODO: Remove some stuff that have been done. + + * Makefile.am: Split long line + + * doc/apps.texi: Spelling, From Måns Nilsson. + + * doc/install.texi: spelling, From Måns Nilsson + +2005-12-11 Love Hörnquist Åstrand + + * lib/krb5/krb5_principal.3: Constify principal argument to on + krb5_principal_get_ functions. + + * lib/krb5/principal.c: Constify principal argument to on + krb5_principal_get_ functions. + +2005-12-08 Love Hörnquist Åstrand + + * lib/hdb: drop convert_db, 0.0 to 0.1 transition was a long long + time ago + +2005-12-05 Love Hörnquist Åstrand + + * lib/krb5/test_keytab.c: more tests, From Andrew Bartlet + + * lib/krb5/keytab_memory.c (mkt_remove_entry): realloc can return + NULL on success in the case 0 entries are allocated, From Andrew + Bartlet + +2005-12-02 Love Hörnquist Åstrand + + * lib/krb5/acl.c (acl_parse_format): tmp needs to be freed too on + failure to parse format specifier. + + * lib/krb5/store-test.c: Free more of the allocated memory. + + * lib/krb5/crypto.c (krb5_derive_key): Free more of the allocated + memory, this function is only used by the test program. + + * lib/krb5/parse-name-test.c: Free more of the allocated memory. + + * lib/krb5/derived-key-test.c: Free more of the allocated memory. + +2005-12-01 Love Hörnquist Åstrand + + * doc/setup.texi: spelling, From Måns Nilsson + + * lib/krb5/krb5_keytab.3: Memory keytab are now named and + refcounted. + + * lib/krb5/test_keytab.c: Test that memory keytab are refcounted. + + * lib/krb5/keytab_memory.c: Index by name and start reference + counting on entries. + +2005-11-30 Love Hörnquist Åstrand + + * lib/krb5/krb5.h (krb5_address_type): add + KRB5_ADDRESS_NETBIOS (20) + + * lib/hdb/hdb.c (find_method): accept relative paths as old db + format too. + + * lib/krb5/aes-test.c: Remove usage of krb5_enctype_to_keytype. + +2005-11-29 Dave Love + + * kcm/connect.c (kcm_loop): Use HAVE_DOOR_CREATE, not HAVE_DOORS. + +2005-11-29 Love Hörnquist Åstrand + + * lib/krb5/verify_krb5_conf.c (libdefaults_entries): add + default_cc_name + + * lib/hdb/hdb.c: Only match db databases on filename starting with + '/'. + + * lib/krb5/rd_req.c (krb5_verify_ap_re2): check timestamp in + authenticator + + * lib/krb5/rd_req.c (check_transited): explain the TR-type 0 + better and why it matters. + + * lib/krb5/test_cc.c: test krb5_cc_get_prefix_ops + + * lib/krb5/cache.c (krb5_cc_get_prefix_ops): change the behavior + to return NULL when its not found, and fcc when the name starts + with a '/'. Almost matches behavior in other parts of the code, + but can't really do that since the name passed in to this function + may only contain the prefix itself without the colon. + + * lib/krb5/cache.c (krb5_cc_get_prefix_ops): if there are not + colon (:) in the name, its a file credential cache + + * lib/hdb/db3.c (hdb_db_create): use calloc to callocate memory + + * lib/hdb/ndbm.c (hdb_ndbm_create): use calloc to allocate memory + + * lib/hdb/db.c (hdb_db_create): use calloc to allocate memory + +2005-11-28 Love Hörnquist Åstrand + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use session + key for delegated credentials + + * kdc/kerberos5.c (_kdc_as_rep): add comment when we send + ETYPE-INFO and ETYPE-INFO2, from Andrew Bartlett + +2005-11-25 Love Hörnquist Åstrand + + * lib/krb5/keytab.c (krb5_kt_get_full_name): new function + +2005-11-24 Love Hörnquist Åstrand + + * lib/krb5/test_crypto.c: Split encryption and s2k iterations to + diffrent counters, 38seconds of aes256 s2k is way too long. + + * lib/krb5/test_crypto.c: Add timing code for s2k function. + +2005-11-07 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Print the time the principal expired, based on + patch from Andrew Bartlett. + +2005-11-01 Love Hörnquist Åstrand + + * lib/krb5/cache.c (krb5_cc_get_full_name): Add + +2005-11-01 Love Hörnquist Åstrand + + * configure.in: Spelling, From Michael Banck + +2005-10-30 Love Hörnquist Åstrand + + * kcm/headers.h: Maybe include . + +2005-10-27 Love Hörnquist Åstrand + + * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): + understand KRB5_AUTHDATA_IF_RELEVANT and KRB5_AUTHDATA_AND_OR (but + have KRB5_AUTHDATA_KDC_ISSUED commented out for now) + +2005-10-26 Love Hörnquist Åstrand + + * kuser/klist.c: In the list caches view, rename the Status field + to Expires. + + * lib/krb5/krb5_encrypt.3: Fix mdoc for + krb5_encrypt_EncryptedData, Johnny Lam + +2005-10-25 Love Hörnquist Åstrand + + * appl/test/gssapi_client.c: Check return value from asprintf + instead of string != NULL since it undefined behavior on + Linux. From Björn Sandell + +2005-10-21 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c (_krb5_dh_group_ok): if not enough bits are + generated from the DH groups, fail. + + * kdc/pkinit.c (get_dh_param): Pass down config so this function + can check pkinit_dh_min_bits + + * kdc/config.c: Fill in pkinit_dh_min_bits from configuration + file. + + * kdc/kdc.h: Add pkinit_dh_min_bits to krb5_kdc_configuration. + +2005-10-20 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Add option to require binding between reply + and response for the win2k version of the protocol. + +2005-10-19 Love Hörnquist Åstrand + + * doc/programming.texi: Text about Kerberos errors. + + * lib/krb5/pkinit.c: Try both ReplyKey and ReplyKey-Win2k for the + Windows case to support the updated -09 protocol (using + asChecksum). Tell KDC we support this by sending + KRB5-PADATA-PK-AS-09-BINDING in the pa-data. + + * lib/krb5/test_cc.c: Test copy FILE -> FILE, and MEMORY -> MEMORY + too. + + * lib/krb5/test_cc.c: Test krb5_cc_copy_cache and + krb5_cc_cache_match. + + * lib/krb5/cache.c (krb5_cc_cache_match): add function that + iterates over all credential caches for a user and returns a + match. + + * lib/krb5/krb5_ccache.3: Add krb5_cc_start_seq_get and an + example. + +2005-10-18 Love Hörnquist Åstrand + + * doc/programming.texi: Try to explain krb5_ccache, krb5_principal + and errors. + +2005-10-13 Love Hörnquist Åstrand + + * lib/krb5/krb5_get_credentials.3: Add example how to use + krb5_get_credentials. + +2005-10-12 Love Hörnquist Åstrand + + * lib/krb5/init_creds.c: Rename private to opt_private. + + * lib/krb5/init_creds_pw.c: Rename private to opt_private. + + * lib/krb5/pkinit.c: rename element private to opt_private to make + c++ picky compilers less upset. + + * lib/krb5/krb5.h (krb5_get_init_creds_opt): rename element + private to opt_private to make c++ picky compilers less upset. + +2005-10-08 Love Hörnquist Åstrand + + * lib/krb5/krbhst.c (_krb5_krbhost_info_move): new function + (_krb5_free_krbhst_info): expose to internal use + + * lib/krb5/init_creds_pw.c: Prepare to pass down a + krb5_krbhst_info into the pre-auth mechs + + * lib/krb5/pkinit.c: Inline short functions, share more code, + rename COMPAT_27 to COMPAT_IETF, pass down a krb5_krbhst_info for + verification of KDC info, and general cleaning up. + +2005-10-07 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: Install krb5.moduli in sysconfdir. + + * lib/krb5/krb5_locl.h: rename moduli file to SYSCONFDIR + "/krb5.moduli" + + * lib/krb5/krb5_locl.h: Add forward declaration for + krb5_dh_moduli. Add define for MODULI_FILE. + + * kdc/pkinit.c: Removing PK-INIT-19 support. + + * lib/krb5/pkinit.c: Removing PK-INIT-19 support. + + * lib/krb5/pkinit.c (_krb5_dh_group_ok): return DH group name on + success. + (krb5_get_init_creds_opt_set_pkinit): use moduli file if it exists + + * kdc/pkinit.c: Save DH group name and print it on success. + + * lib/krb5/pkinit.c (_krb5_dh_group_ok): if q is zero, ignore it. + + * kdc/pkinit.c: Check dh group parameters from client. + + * lib/krb5/krb5_err.et: Match error code with pk-init-27. + + * lib/krb5/pkinit.c: Update error codes. Add name to group. Change + return value of _krb5_dh_group_ok. + + * lib/krb5/pkinit.c: Add support for reading a moduli-file for DH + parameters. + +2005-10-06 Love Hörnquist Åstrand + + * kuser/klist.1: Document --list-caches + + * kuser/klist.c: Change short flag of --list-caches to -l (-v is + already used). + +2005-10-03 Love Hörnquist Åstrand + + * lib/krb5/kerberos.8: RFC 1510 was obsoleted by 4120. + + * lib/krb5/acache.c (init_ccapi): return kerberos errors, callers + expect it + (acc_get_cache_first): don't leak memory or abort on malloc + failure + +2005-10-02 Love Hörnquist Åstrand + + * lib/krb5/kerberos.8: Update text about Kerberos RFC's. + +2005-10-01 Love Hörnquist Åstrand + + * kuser/klist.c: Add option --list-caches that lists the avaible + caches and their status. + + $ klist --list-caches + Principal Cache name Status + lha@E.KTH.SE 2 Valid + lha@SU.SE 1 Expired + lha/root@SU.SE 0 Expired + lha@N.L.NXS.SE Initial default ccache Expired + +2005-09-30 Love Hörnquist Åstrand + + * lib/krb5/keytab_keyfile.c: Use all DES keys, not just + des-cbc-md5, verify that they all are the same. + + * lib/krb5/mcache.c Implement the cache iteration functions. + + * lib/krb5/acache.c: Implement the cache iteration functions. + + * lib/krb5/test_cc.c: Test the new cache iteration functions. + + * lib/krb5/cache.c: Add cache iteration funcations. Add internal + allocation function for the memory of a krb5_ccache, and use it. + + * lib/krb5/krb5.h (krb5_cc_ops): add cache iteration functions + +2005-09-25 Love Hörnquist Åstrand + + * lib/krb5/krb5_mk_req.3: Remove leftovers, remove extra space. + + * kdc/kerberos5.c: More verbose PK-INIT logging. + + * kdc/pkinit.c: The public DH key is encoded as an INTEGER in + subjectPublicKey. Don't verify OID's for now. + + * lib/krb5/pkinit.c: Support cached DH variable (still need to + store it though), don't check the oid of the DH signedData for + now. + +2005-09-22 Love Hörnquist Åstrand + + * lib/krb5/rd_cred.c (krb5_rd_cred): try both the session key and + the sender subkey. Both RFC1510 and RFC4120 say that you have to + use the session key, Heimdal uses subkey. + +2005-09-21 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Don't check oid's too closely, they change in + Windows Vista. + +2005-09-20 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Disable sending -19, fix parsing -27 of the + protocol. + + * kdc/pkinit.c: Support PK-INIT-27 DH (and remove -19) + + * lib/krb5/pkinit.c (pk_verify_chain_standard): set cert to NULL + to make sure its not freed. + +2005-09-19 Love Hörnquist Åstrand + + * lib/krb5/crypto.c (krb5_DES_string_to_key): If the opaque length + it set to 1, and content is 0x01, use the afs3 string-to-key. + + * kdc/kerberos5.c (make_etype_info2_entry): When its a afs3-salted + key, use send the opaque, length 1 (with content set to 0x01) in + ETYPE-INFO2-ENTRY. + + * lib/krb5/kcm.c: Remove signedness warnings. + +2005-09-15 Love Hörnquist Åstrand + + * configure.in: Use libtool's default values for building + shared/static libaries, ie remove AC_ENABLE_SHARED(no), solves + building problems users have on Mac OS X. + +2005-09-08 Love Hörnquist Åstrand + + * lib/krb5/changepw.c: Constify password. + +2005-09-05 Love Hörnquist Åstrand + + * lib/krb5/krb5_mk_req.3: Document krb5_rd_req. + + * lib/krb5/Makefile.am: MAN_mans+= krb5_mk_req.3 + + * lib/krb5/krb5_mk_req.3: Document krb5_mk_req, krb5_mk_req_exact, + krb5_mk_req_extended, krb5_rd_req, krb5_rd_req_with_keyblock, + krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep, + krb5_build_ap_req, krb5_verify_ap_req. + +2005-09-01 Love Hörnquist Åstrand + + * kdc/kerberos5.c (make_etype_info_entry): Dont send salttype at + all, use KRB5-PADATA-AFS3-SALT + +2005-08-31 Love Hörnquist Åstrand + + * kdc/kerberos5.c (log_timestamp): endtime, not endtype + +2005-08-30 Love Hörnquist Åstrand + + * configure.in: Check for . + + * kcm/connect.c (update_client_creds): in case there is no + UCRED_VERSION, skip LOCAL_PEERCRED + + * kcm/headers.h: include + +2005-08-27 Love Hörnquist Åstrand + + * lib/krb5/rd_req.c (check_transited): Allow empty content of type + 0 because that is was Microsoft generates in their TGT. + + * kdc/kerberos5.c (fix_transited_encoding): Allow empty content of + type 0 because that is was Microsoft enerates in their TGT. + +2005-08-26 Love Hörnquist Åstrand + + * doc/intro.texi: RFC 4120 replaces RFC 1510 + +2005-08-25 Love Hörnquist Åstrand + + * configure.in: Add --disable-afs-support. + +2005-08-23 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: Add test_hostname to check_PROGRAMS but + not TESTS, I have no same dns to use. + + * lib/krb5/test_hostname.c: Testprogram for krb5_expand_hostname() + and krb5_expand_hostname_realms(). + + * configure.in: Build KCM if we have doors or unix sockets. + + * lib/krb5/principal.c (krb5_425_conv_principal_ex2): Remove + shadowing variable. + + * lib/krb5/get_host_realm.c (dns_find_realm): Fix const warnings, + plug memory leak. From: Stefan Metzmacher + + * lib/krb5/krb5_config.3: Document what happens with NULL to + krb5_config_free_strings + (nothing). Mdoc nit. + +2005-08-22 Love Hörnquist Åstrand + + * kuser/klist.c (check_for_tgt): Re-order code so it only free the + credential if one was returned. + + * lib/krb5/test_crypto_wrapping.c: Fix printing of size_t. + +2005-08-19 Love Hörnquist Åstrand + + * lib/hdb/dbinfo.c: provide interface to find databases + + * lib/hdb/mkey.c: hdb_seal_key_mkey): dont double encrypt keys + +2005-08-15 Love Hörnquist Åstrand + + * kdc/kdc_locl.h: Update prototype for _kdc_pk_mk_pa_reply. + +2005-08-13 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c: Save the request buffer so that + pre-auth mechanism that needs it can verify the reply. + +2005-08-12 Love Hörnquist Åstrand + + * lib/krb5/test_mem.c: Rename logf to avoid shadowing. + + * lib/krb5/krb5_keytab.3: Fix the version number for + fcc-mit-ticketflags. + + * lib/krb5/fcache.c: Revert previous, I was confused. + + * lib/krb5/krb5_keytab.3: Document fcc-mit-ticketflags in + COMPATIBILITY section. + + * lib/krb5/fcache.c (fcc_store_cred): default to MIT style ticket + flags. + + * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break; + + * lib/krb5/krb5_create_checksum.3: Update prototype for + krb5_create_checksum. + + * kdc/pkinit.c: Make compile. + + * lib/krb5/pkinit.c: Implement verification of asChecksum, now + client side code is using -27 of the pk-init draft. + + * kdc/kdc_locl.h: update prototype for _kdc_as_rep + + * kdc/pkinit.c: Fill in asChecksum, we now implements -27 in the KDC. + + * kdc/process.c: Pass down the request buffer to _kdc_as_rep(). + + * kdc/kerberos5.c (_kdc_as_rep): Pass down the request buffer to + _kdc_pk_mk_pa_reply. + +2005-08-11 Love Hörnquist Åstrand + + * lib/hdb/ext.c: HDB extensions access glue. + + * kcm/acquire.c: Use krb5_set_password instead of + krb5_change_password. + + * configure.in: Add tests/Makefile and tests/db/Makefile. + + * NEWS: New ASN.1 compiler + + * lib/hdb/Makefile.am: Build extensions. + + * lib/hdb/print.c: Print extensions. + + * lib/hdb/hdb_err.et: Add error "Entry contains unknown mandatory + extension". + + * lib/hdb/hdb.h: Update interface version (and indent). + + * lib/hdb/hdb.asn1: Add support for HDB-extension. + +2005-08-10 Love Hörnquist Åstrand + + * lib/krb5/test_pkinit_dh2key.c: add tests vectors from + "Liqiang(Larry) Zhu" + + * lib/hdb/mkey.c: Expose the crypto operations on the master key. + + * lib/krb5/test_pkinit_dh2key.c: even more bits, not done yet + +2005-08-09 Love Hörnquist Åstrand + + * kdc/kerberos5.c (_kdc_as_rep): preserve the error code in the + ENC-TS case. From: Andrew Bartlett + + * kdc/kerberos5.c (tgs_rep2): only needs to log "Failed to verify + authenticator" once, its already done by + tgs_check_authenticator(). + + * kdc/kerberos5.c: Indent strings. + + * kdc/kerberos5.c (log_timestamp): avoid shadow warnings From: + Andrew Bartlett + + * lib/krb5/verify_user.c: Add krb5_verify_opt_alloc and + krb5_verify_opt_free. + + * lib/krb5/krb5_verify_user.3: Document krb5_verify_opt_alloc and + krb5_verify_opt_free. + + * lib/hdb/db3.c (DB_open): catch errors from the d->open calls + instead of letting them slip though to d->cursor. Bug repport from + Andrew Bartlett + +2005-07-29 Love Hörnquist Åstrand + + * kdc/Makefile.am (kdc_LDADD): add LDADD + +2005-07-28 Love Hörnquist Åstrand + + * kdc/kerberos5.c (_kdc_as_rep): log what enctypes was using in + ENC-TS preauth, both for failure and success. + + * kdc/hprop.c: Use the _krb5_krb_life_to_time function from + libkrb5 instead of including our own here too. + + * kdc/kerberos5.c: indent printf strings + + * lib/hdb/mkey.c (hdb_unseal_key_mkey): try to unseal key with + keyusage 0 in case the key was encrypted with MIT Kerberos (old + patch from Johan) + +2005-07-26 Love Hörnquist Åstrand + + * kdc/pkinit.c: update to pkinit-27 + +2005-07-23 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Adapt to IMPLICIT changes in CMS module. + +2005-07-20 Love Hörnquist Åstrand + + * lib/krb5/test_pkinit_dh2key.c: framework for testing + _krb5_pk_octetstring2key + + * kpasswd/kpasswdd.c (doit): krb5_addr2sockaddr takes a + krb5_socklen_t + + * kdc/connect.c (de_http): sscanf takes a char *, not unsigned + ditto, cast approriately + + * lib/krb5/crypto.c (_krb5_pk_octetstring2key): make sha1 output + unsigned char to match openssl + +2005-07-14 Love Hörnquist Åstrand + + * lib/hdb/common.c: Check encoder lengths from ASN1_MALLOC_ENCODE. + +2005-07-13 Love Hörnquist Åstrand + + * lib/krb5/rd_cred.c (krb5_rd_cred): don't leak memory + + * lib/krb5/get_cred.c (krb5_get_credentials_with_flags): only call + krb5_cc_retrieve_cred once, and plug memory leak. + +2005-07-13 Love Hörnquist Åstrand + + * lib/hdb/Makefile.am: the new asn.1 compiler includes the modules + name in the depend file + + * lib/krb5/keytab_file.c (fkt_start_seq_get_int): check return + value from krb5_storage_from_fd + + * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): client do not contribute + to the DH when the server doesn't support the cached DH request. + + * lib/krb5/crypto.c (_krb5_pk_octetstring2key): fix arguments + +2005-07-12 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: clean up pk-init DH support, not finished + yet; improve error reporting + + * lib/krb5/crypto.c (_krb5_pk_octetstring2key): string2key + function used in pk-init-25 + + * configure.in: Use a configure switch to turn on PK-INIT, not by + detecting existence of the new ASN.1 library. + + * lib/asn1: Much improved ASN.1 compiler from joda-choice-branch. + + Highlighs for the compiler is support for CHOICE and in general better + support for tags. This compiler support most of what is needed for + PK-INIT, LDAP, X.509, PKCS-12 and many other protocols. + +2005-07-10 Love Hörnquist Åstrand + + * lib/asn1: make scope variables unique to avoid shadow warnings + +2005-07-09 Love Hörnquist Åstrand + + * lib/krb5/krb5.h: comment out paramenter name in typedef + functions to avoid shadow warnings + + * lib/krb5/crypto.c: make input data to krb5_encrypt{,_ivec} const + + * kuser/klist.c: If there are no addresses, print addressless + instead of nothing. + + * lib/krb5/Makefile.am (TESTS): add test_crypto_wrapping + + * lib/krb5/crypto.c (wrapped_length): the underived encrypted + types checksum are all unkeyed (matches the code in + encrypt_internal() and encrypt_internal_special()) + + * lib/krb5/test_crypto_wrapping.c: ETYPE_ARCFOUR_HMAC_MD5_56 isn't + not supported + + * lib/krb5/test_crypto_wrapping.c: test encryption wrapping + + * lib/krb5/test_crypto.c (time_encryption): free cleartext buffer + +2005-07-08 Love Hörnquist Åstrand + + * configure.in: run AM_INIT_AUTOMAKE before AM_PROG_CC_C_O + otherwise am_aux_dir will be expanded using ac_aux_dir before the + later is set. + + * configure.in: check for strings.h explicitly instead of + depending on AC_HEADER_STDC to check it for us + +2005-07-07 Assar Westerlund + + * configure.in: add AM_PROG_CC_C_O for automake 1.9 + +2005-07-06 Love Hörnquist Åstrand + + * lib/krb5/keytab.c (krb5_kt_get_entry): clear error string when + returning a new error + + * lib/krb5/keytab.c: krb5_kt_close frees all resources, even on + error. + + * lib/krb5/verify_init.c (krb5_verify_init_creds): `entry' unused, + remove From: "Henry B. Hotz" + +2005-07-05 Love Hörnquist Åstrand + + * doc/win2k.texi: arcfour-hmac-md5 support for windows cross was + added in w2k3-sp1 From David Love + + * doc/setup.texi: document kadmin command password-quality instead + of the not installed test_pw_quality + + * lib/krb5/krb5_get_init_creds.3: Spelling, from David Love + + * fix-export: build kdc-protos.h + +2005-07-01 Love Hörnquist Åstrand + + * kdc: prefix pkinit symbols with _kdc + + * kuser/kinit.c: avoid shadowing variables + + * kuser: s/optind/optidx/ + + * kdc: adapt pkinit code to libkdc split + +2005-06-30 Love Hörnquist Åstrand + + * tools/Makefile.am: add depency on LIB_dlopen and LIB_door_create + + * tools/krb5-config.in: add depency on LIB_dlopen and LIB_door_create + + * kdc/kdc_locl.h: indent, remove dup prototypes + + * kdc/libkdc: don't pollute namespace, generate public headerfile + + * lib/krb5/principal.c: add krb5_425_conv_principal_ext2 that work + just like krb5_425_conv_principal_ext but takes a context variable + for the verification function + + * kdc/Makefile.am: there is no export script, not pretend there is + + * kdc: Merge in the libkdc/kdc configuration split from Andrew + Bartlet + + * lib/krb5/crypto.c: optionally compile in support for afs string2key + + * configure.in: add --disable-afs-string-to-key to allow removal + of support for afs string2key (and dependency on crypt) + +2005-06-29 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Add logging of all timestamps in AS-REQ and + TGS-REQ, for auditing + + * kdc/kerberos5.c (as_req): print the supported encryption types + so its possible to know what clients to update. + (find_rpath): return const char * and update callers. + +2005-06-28 Luke Howard + + * kcm/connect.c: fix arguments to kcm_log() when reporting + sendmsg() error + + * kcm/connect.c: don't send socket address in msghdr, it + returns an already connected error on Linux + +2005-06-24 Love Hörnquist Åstrand + + * kdc/524.c: Always include . + +2005-06-23 Love Hörnquist Åstrand + + * doc/intro.texi: no more libdes, gssapi lib is complete + + * lib/krb5/krb5.conf.5: Documentation for password quality + control. From: "James F. Hranicky" + + * lib/krb5/verify_krb5_conf.c (password_quality_entries): add + min_length and min_classes + + * kdc/kaserver.c: log the kaserver requests, avoid shadowing + variables + + * lib/hdb/db3.c (DB_open): in case of error, close database + + * lib/hdb/ndbm.c (NDBM_open): in case of error, close database + + * lib/hdb/db.c (DB_open): in case of error, close database + +2005-06-20 Love Hörnquist Åstrand + + * kcm/kcm.8: fix example + +2005-06-17 Love Hörnquist Åstrand + + * lib/krb5/rd_rep.c: indent + + * lib/krb5/rd_rep.c (krb5_rd_rep): check if + KRB5_AUTH_CONTEXT_DO_TIME set and use that as a que that timestamp + should be checked, DCE-STYLE gssapi needs to be able to tweek this + + * kdc/string2key.c: rename optind to optidx + + * lib/hdb/convert_db.c: rename optind to optidx + + * lib/hdb/keytab.c: const poison, add a unconst where needed + + * lib/krb5/crypto.c (krb5_string_to_key): unconst password + + * lib/asn1/k5.asn1: rename pvno to krb5-pvno + + * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): + unconst argument + + * lib/krb5/verify_krb5_conf.c: rename optind to optidx + + * lib/krb5/transited.c: rename the temporary string variable to + `str' + + * lib/krb5/test_crypto.c: rename optind to optidx + + * lib/krb5/test_alname.c: rename optind to optidx + + * lib/krb5/store.c: unconst argument to krb5_store (XXX this + should be fixed, krb5_store doesn't need to modify its argument) + + * lib/krb5/send_to_kdc.c (krb5_sendto): remove shadowing + unnessecery variable ret + + * lib/krb5/rd_cred.c (krb5_rd_cred): remove shadowing unnessecery + variable len + + * lib/krb5/prog_setup.c: rename optind to optidx + + * lib/krb5/padata.c: rename variable index to idx + + * lib/krb5/log.c: rename variable time to timestr to avoid + shadowing + + * lib/krb5/krbhst.c (krb5_krbhst_init_flags): rename variable to + avoid shadowing + + * lib/krb5/krbhst-test.c: rename optind to optidx + + * lib/krb5/kcm.c: unconst argumen to connect, unconst argument to + krb5_store (XXX this should be fixed, krb5_store doesn't need to + modify its argument) + + * lib/krb5/init_creds_pw.c (default_s2k_func): unconst password + + * lib/krb5/crypto.c: rename `encrypt' to avoid shadow warning + +2005-06-16 Love Hörnquist Åstrand + + * lib/krb5/principal.c: rename index to idx + + * lib/krb5/mk_error.c: use rk_UNCONST + + * lib/krb5/fcache.c: rename to avoid shadowing + + * lib/krb5/config_file.c: rename to avoid shadowing + + * lib/krb5/cache.c (_krb5_expand_default_cc_name): just copy the + string instead of losing const + + * lib/krb5/addr_families.c: use rk_UNCONST to silence const + warning + + * lib/krb5/addr_families.c: rename sin to sin4 + + * lib/asn1/asn1_print.c: rename optind to optidx, remove shadowed + variables + + * lib/asn1/main.c: rename optind to optidx + + * lib/asn1/gen_copy.c: rename to avoid shadowing + + * lib/asn1/gen_locl.h: rename function filename to get_filename + + * lib/asn1/lex.l: use get_filename + + * lib/asn1/gen.c: rename function filename to get_filename + + * lib/krb5/acache.c: use HAVE_DLOPEN around cc_handle + + * configure.in: add headers and prototypes to logwtmp, logout and + openpty checks + + * configure.in: include headerfiles and set prototype for tgetent + + * kdc/kerberos5.c (make_etype_info2_entry): NUL terminate the + string + + * kdc/kerberos5.c: replace strndup with inline copy, free data on + failure + + * lib/krb5/cache.c (_krb5_expand_default_cc_name): replace strndup + with inline copy + + * lib/krb5/log.c: rename close and log to avoid shadow warnings + + * lib/krb5/get_in_tkt.c: rename index to i to avoid shadowing + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): rename two + of the local `realm' to srealm to avoid shadowing + + * kdc/kerberos5.c (tgs_rep2): rename one of the tkey to uukey to + avoid shadow warning + + * kdc/kerberos5.c (tgs_rep2): rename loop to nloop to avoid shadow + warning + +2005-06-15 Love Hörnquist Åstrand + + * Release 0.7, see branch + +2005-06-14 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: TESTS += test_mem libkrb5_la_SOURCES += + kcm.h + + * kuser/kinit.c (main): catch KRB5_CONFIG_BADFORMAT from + krb5_init_context + + * kdc/main.c (main): catch KRB5_CONFIG_BADFORMAT from + krb5_init_context + + * lib/krb5/verify_krb5_conf.c (main): catch KRB5_CONFIG_BADFORMAT + from krb5_init_context From: Mathias Feiler + + + * lib/krb5/verify_krb5_conf.c: Add more missig entires, from + Mathias Feiler + +2005-06-11 Love Hörnquist Åstrand + + * kdc/pkinit.c (pk_principal_from_X509): remember to free + KRB5PrincipalName + + * lib/krb5/log.c (krb5_closelog): free all content in + krb5_log_facility + +2005-06-08 Love Hörnquist Åstrand + + * kdc/524.c: init kvno to please gcc + + * kdc/kaserver.c (do_authenticate): check return value from + unparse_auth_args + +2005-06-07 Dave Love + + * doc/setup.texi: Spelling. + + * doc/programming.texi: Spelling. + +2005-06-02 Dave Love + + * kcm/connect.c (kcm_door_server): Make static. + + * kcm/kcm_locl.h (disallow_getting_krbtgt): Declare. + +2005-06-02 Love Hörnquist Åstrand + + * kdc/mit_dump.c (mit_prop_dump): cast argument to + krb5_parse_principal to avoid warning + + * kdc/mit_dump.c: rename KRB5_TL_MOD_PRINC to + mit_KRB5_TL_MOD_PRINC to hint its a constant originating from mit + codebase + +2005-06-01 Love Hörnquist Åstrand + + * lib/krb5/store.c: If we are allocating 0 entires, avoid failing + if ALLOC returns NULL + + * lib/krb5/verify_krb5_conf.c: Check for [kdc]v4-realm + + * lib/krb5/cache.c: When returning a new error code, set error + string. + +2005-05-31 Love Hörnquist Åstrand + + * lib/krb5/keytab_file.c: Adapt to changed signature of + _krb5_xunlock, clear more error string where needed. + + * lib/krb5/fcache.c (_krb5_xunlock): catch the error and turn it + into something sensable + +2005-05-30 Love Hörnquist Åstrand + + * kdc/kerberos5.c (tgs_make_reply): copy ok-as-delegate flag from + server entry to encrypted ticket flags + +2005-05-30 Johan Danielsson + + * kdc/connect.c: rename sendlength to prependlength (which + hopefully better represents its purpose), and change type to + krb5_boolean + + * kdc/connect.c: log signal causing exit + + * kdc/main.c (sigterm): set exit_flag to signal causing exit; + (main): trap SIGXCPU + +2005-05-30 Love Hörnquist Åstrand + + * kcm/kcm.8: document --disallow-getting-krbtgt and --door-path + + * kcm/protocol.c (kcm_op_retrieve): check server for krbtgt, not + client + + * kcm/main.c: ignore SIGPIPE + + * kcm/protocol.c: Add option to disallow getting krbtgt out from + from KCM. KCM will do the fetching part itself. + + * kcm/config.c: Add option to disallow getting krbtgt out from + from KCM. KCM will do the fetching part itself. + +2005-05-30 Luke Howard + + * kcm/events.c: if credentials have expired when attempting + to renew, attempt to reacquire them using initial creds + +2005-05-29 Love Hörnquist Åstrand + + * lib/krb5/krb5_principal.3: Spelling, from Björn Sandell + + * doc/setup.texi: spelling, from Björn Sandell + + * lib/krb5/name-45-test.c: XXX don't run the test unless the + machine is in kth.se or su.se because it depends on local resolver + configuration. + + * lib/hdb/hdb.c: provde RTLD_NOW and RTLD_GLOBAL if they don't + exists + + * kcm/connect.c: fix doors support, fix signedness warnings + + * kcm/config.c: add --door-path= + + * configure.in: comment what the "detect doors on solaris" + fragment tries to do + + * kcm/acquire.c (generate_random_pw): fix signed-ness warnings + + * kcm/connect.c (update_client_creds): fix compile error in the + getpeerucred case + + * lib/krb5/test_cc.c: change format for expantion variables in + default_cc_name to %{variable} to not confuse them with shell + ditto + + * kcm/headers.h: Maybe include . + + * kcm/kcm_locl.h: add extern door_path; + + * configure.in: detect doors using door_create + + * kcm/Makefile.am: add dependcy on kcm_protos.h add lib depency on + LIB_door_create + + * lib/krb5/kcm.h: add _PATH_KCM_DOOR, default path to kcm door + + * lib/krb5/kcm.c: use [libdefaults]kcm_door to find the door to + kcm + + * lib/krb5/Makefile.am: libkrb5_la_LIBADD += LIB_door_create + + * lib/krb5/krb5_locl.h: Maybe include , maybe include + . + + * lib/krb5/kcm.c (kcm_send_request): add support for doing a door + call to kcm + + * lib/asn1: prefix Der_class with ASN1_C_ to avoid problems with + system headerfiles that pollute the name space + + * kcm/kcm.8: change format for expantion variables in + default_cc_name to %{variable} to not confuse them with shell + ditto + + * lib/krb5/krb5.conf.5: change format for expantion variables in + default_cc_name to %{variable} to not confuse them with shell + ditto + + * lib/krb5/cache.c (_krb5_expand_default_cc_name): change format + for expantion variables to %{variable} to not confuse them with + shell ditto + + * kcm/connect.c: add LOCAL_PEERCRED and experimental doors support + +2005-05-27 Love Hörnquist Åstrand + + * appl/kf/kfd.c: case uid_t to unsigned long in printf format + +2005-05-25 Love Hörnquist Åstrand + + * lib/krb5/krb5_auth_context.3: remove trailing space + +2005-05-24 Love Hörnquist Åstrand + + * kcm/connect.c (do_request): use sendmsg to send the reply + + * fix-export: add make_proto for kcm/kcm_protos.h + + * kcm/kcm_locl.h: remove prototypes and add + + * kcm/Makefile.am (kcm_SOURCES): add headerfiles + (kcm_protos.h): generate prototypes + + * kcm/protocol.c: fix error in last commit, use right function + + * kcm/headers.h: include if we have getpeerucred + + * configure.in: check for functions getpeerucred and getpeereid + + * kcm/connect.c (update_client_creds): add support for + getpeerucred and getpeereid + + * lib/krb5/kcm.c (kcm_alloc): allow kcm socket to be configured by + [libdefaults]kcm_socket=/path + +2005-05-24 David Love + + * kcm/kcm.8: KRB5CCNAME needs an literal uid, not ${uid}, spelling + +2005-05-23 Love Hörnquist Åstrand + + * kcm/protocol.c: Merge the description and function jumptables + into one structure. Use the length of the array when checking if + opcode is value, not a constant. + + * kcm/kcm_locl.h: struct kcm_op: jumptable structure + + * kcm/main.c: move declaration of detach_from_console away from + here to kcm_locl.h, Don't test HAVE_DAEMON since roken supplies it. + + * kcm/kcm_locl.h: move declaration of detach_from_console here + + * kdc/config.c: Don't test HAVE_DAEMON since roken supplies it. + +2005-05-23 Dave Love + + * kcm/config.c: Don't test HAVE_DAEMON since roken supplies it. + + * kdc/main.c: Don't test HAVE_DAEMON since roken supplies it. + +2005-05-23 Love Hörnquist Åstrand + + * lib/krb5/krb5_keytab.3: document WRFILE and JAVA14 + +2005-05-20 Love Hörnquist Åstrand + + * lib/krb5/krbhst.c (srv_get_hosts): if srv_get_hosts failes, + return and ignore the error + + * lib/krb5/krbhst.c (srv_find_realm): make sure `res' and `count' + have good values + + * lib/krb5/test_keytab.c: tests all keytab format + +2005-05-19 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): non non asn1 decoding + errors, fail. Make sure we free memory on error. + (pk_verify_chain_standard): make sure we provide good errors. + + * lib/krb5/verify_krb5_conf.c: add missing options, prompted by + James F. Hranicky mail to heimdal-discuss + + * lib/krb5/verify_krb5_conf.c: add pkinit and password quailty + check options + + * lib/krb5/pkinit.c (pk_verify_chain_standard): store better error + message in the context for certificate errors. + + * lib/krb5/keytab.c (krb5_kt_free_entry): zero out content of all + krb5_free_x_content like functions to make sure data doesnt get + reused, idea from Wynn Wilkes + + * configure.in: depend on automake 1.8, we don't test anything + older + + * lib/krb5/init_creds_pw.c (process_pa_data_to_md): add comment + that the caller always free out_md; remove comment about memory, + it doesn't happen. + (init_cred_loop): free ctx->as_req.padata when its reset (From Wynn + Wilkes ), move a comment close the the code + + * lib/krb5/keytab_krb4.c (fkt_remove_entry): need to call + krb5_kt_free_entry after each krb5_kt_next_entry. + + * lib/krb5/keytab_file.c (fkt_remove_entry): need to call + krb5_kt_free_entry after each fkt_next_entry_int. From: Wynn + Wilkes + +2005-05-18 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: TESTS += test_keytab + + * lib/krb5/keytab_krb4.c (krb4_kt_remove_entry): plug memory leaks, + avoid crashing on empty keytab + + * lib/krb5/krb5_keytab.3: document behavior of + krb5_kt_remove_entry + + * lib/krb5/keytab_memory.c (mkt_remove_entry): check if there + isn't any entries in the keytab before removing any since that + leads to bad pointer arithmetic and crashing. From: Wynn Wilkes + . Make the function return KRB5_KT_NOTFOUND + if the entry wasn't in the keytab (just like the filebased + keytab). + + * lib/krb5/test_keytab.c: test memory corruption in MEMORY keytab + + * lib/krb5{addr_families,context,creds,free,keyblock, + mit_glue,rd_error}.c:zero out content of all krb5_free_x_content + like functions to make sure data doesnt get reused, idea from + Wynn Wilkes + + * lib/krb5/krb5_get_credentials.3: document KRB5_GC_EXPIRED_OK + + * lib/krb5/krb5.3: add krb5_cc_new_unique + +2005-05-17 Love Hörnquist Åstrand + + * lib/krb5/fcache.c (fcc_get_first): check return value from + malloc, memset the structure, make sure cursor doesn't point to + freed memory on failure. From: Wynn Wilkes + + * lib/krb5/krb5_auth_context.3: document + KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED + + * lib/krb5/get_cred.c: Remove expired credentials, based on + patches and comments from Anders Magnusson and Wynn + Wilkes + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): honor + KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED and create unencrypted + (ENCTYPE_NULL) credentials. for use with old mit server and java based + ones as they can't handle encrypted KRB-CRED. Note that the option + needs to turned on because if the consumer sends the KRB-CRED in + clear bad things will happen. + + * lib/krb5/context.c (krb5_init_context): register krb5_javakt_ops + + * lib/krb5/krb5.h: KRB5_GC_EXPIRED_OK: expired credentials is ok + to return from krb5_get_credentials. + KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED: make forward credentials + be unencrypted, for compatibility with mit kerberos and java + kerberos. krb5_javakt_ops: export + +2005-05-16 Love Hörnquist Åstrand + + * lib/krb5/keytab_file.c: Add new keytab file format JAVA14 that + doesn't the use extended kvnos, as hinted, this is needed for + Java's Kerberos implementation. + +2005-05-10 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 + enckey, still no DH + + * kdc/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 enckey, + still no DH + + * kdc/kerberos5.c (as_rep): search for pkinit-9, pkinit-19, and + pkinit-25 pa-data, return empty pkinit pa-data in the + PREAUTH_REQUIRED krb-error + + * doc/ack.texi: add pkinit people + + * lib/krb5/krb5_storage.3: document krb5_storage_is_flags + + * lib/krb5/{krb5_compare_creds.3,krb5_get_init_creds.3, + krb5_krbhst_init.3,krb5_storage.3}: + make more pretty, from Björn Sandell + +2005-05-09 Dave Love + + * doc/setup.texi: Fix and clarify password quality check examples. + +2005-05-09 Love Hörnquist Åstrand + + * lib/krb5/kuserok.c (krb5_kuserok): use POSIX_GETPWNAM_R instead + of HAVE_GETPWNAM_R From: Dave Love + +2005-05-07 Love Hörnquist Åstrand + + * lib/krb5/addr_families.c (krb5_print_address): catch when the + unknown adress don't fit. From Björn Sandell + +2005-05-05 Dave Love + + * configure.in: fix type right test, include for + sys/strtty.h, not sys/ptyvar.h + +2005-05-05 Love Hörnquist Åstrand + + * lib/krb5/krb5.conf.5: spelling + +2005-05-04 Love Hörnquist Åstrand + + * lib/krb5/krb5.conf.5: expand on what "trailing component" means + +2005-05-04 Johan Danielsson + + * lib/krb5/rd_cred.c: put address comparison in separate function + + * lib/krb5/krb5_kuserok.3: check the user's ~/.k5login.d directory + for access files, all of which is handled like the regular + ~/.k5login + + * lib/krb5/kuserok.c: check the user's ~/.k5login.d directory for + access files, all of which is handled like the regular ~/.k5login + +2005-05-03 Love Hörnquist Åstrand + + * doc/ack.texi: Clearify what version of libdes we are using and + who's code in it we are using. + + * kcm/kcm.8: more text about usage + + * kcm/Makefile.am: man_MANS += kcm.8 + + * kcm/kcm.8: initial manpage + + * configure.in: if we have a $srcdir/lib/asn1/pkcs12.asn1, define + PKINIT + +2005-05-02 Dave Love + + * configure.in: sys/tty.h (for sys/ptyvar.h) might need termios.h. + +2005-05-02 Love Hörnquist Åstrand + + * tools/krb5-config.in: add com_err to required libs + + * lib/krb5/pkinit.c (krb5_ui_method_read_string): use the fill in + length + + * lib/krb5/init_creds_pw.c: Now that we fixed the signed-ness of + nonce for windows, remove the code that removed the signed + bit. Instead add comment that they still need to be the same + (Kerberos protocol nonce and pk-init nonce) for Windows. + +2005-05-02 David Love + + * lib/krb5/crypto.c: Don't declare des_salt &c as static with + incomplete type (invalid in c89, at least). + +2005-05-02 Love Hörnquist Åstrand + + * lib/krb5/krb5_locl.h: include + +2005-05-02 David Love + + * kcm/connect.c (init_socket): rename variable sun to un to avoid + namespace collision. + (handle_stream): Cast arg of krb5_warnx. + +2005-04-30 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c: if we are using PKINIT, strip of the + highest bit to make windows PK-INIT happy. Also make the nonces + the same, again for windows, they are using pk-init-9. + + XXX check if it isn't the that nonce is an unsigned variable so + its just a asn1 mismatch. + + * kdc/pkinit.c: pass a NULL prompter data to _krb5_pk_load_openssl_id + + * kuser/kinit.c: krb5_get_init_creds_opt_set_pkinit + + * lib/krb5/pkinit.c: Pass prompter data to the prompter function, + implement a UI prompter function wrapping the kerberos prompter + function so that the the OpenSSL ENGINE can ask for a password + when loading the private key. From: Douglas E. Engert + + * lib/krb5: add in test programs + + * configure.in: sys/ptyvar.h might need + + * lib/krb5/Makefile.am: use LIB_com_err for libkrb5.la + +2005-04-29 Love Hörnquist Åstrand + + * lib/asn1/Makefile.am: use $(LIB_com_err) + +2005-04-28 Love Hörnquist Åstrand + + * lib/krb5/context.c (krb5_set_config_files): ignore permission + denied on configuration files, user might not be allowed to read + /var/heimdal/kdc.conf + +2005-04-26 Dave Love + + * lib/krb5/krb5_locl.h: define _POSIX_PTHREAD_SEMANTICS so we get + posix getpwnam_r + +2005-04-25 Love Hörnquist Åstrand + + * lib/asn1/gen_glue.c: switch the units variable to a + function. gcc-4.1 needs the size of the structure if its defined + as extern struct units foo_units[] an we don't want to include + in the generate headerfile + +2005-04-25 Love Hörnquist Åstrand + + * lib/hdb/hdb.schema: add EQUALITY rule for krb5ValidStart, + krb5ValidEnd, krb5PasswordEnd From Howard Chu + +2005-04-24 Love Hörnquist Åstrand + + * doc/whatis.texi: comment out docbook stuff for now + + * kuser/klist.c: use strlcpy + + * doc/ack.texi: we no longer use eay libdes, make acknowledgment + still be there, but claim that we no longer use it. Mark editline + to be a modified version as required by the license. + + * lib/krb5/pkinit.c: use the unexported oid_to_enctype function + + * lib/krb5/crypto.c: unexport the oid_to_enctype function, not for + external consumers + + * kdc/Makefile.am: always add kaserver + + * lib/krb5/krb5_ccache.3: document krb5_cc_new_unique + + * lib/krb5/cache.c (krb5_cc_new_unique): new function to create a + new credential cache + + * kdc/headers.h: don't include kerberos 4 headers here + + * kdc/hpropd.c: include kerberos 4 headers here + + * kdc/connect.c: add kaserver support independ of having krb4 + support + + * kdc/config.c: add kaserver support unconditionally, make kdc + only fail to start when there are no v4 realm configured and + krb4/kaserver is turned on + + * kdc/kaserver.c: Use the new Kerberos 4 functions in libkrb5 and + so kaserver support is always compiled in (still default disabled) + + * lib/krb5/v4_glue.c: simplify error handling + + * doc/whatis.texi: add docbook version macro of @sub + + * doc/heimdal.texi: change the wrapping around the Top node to + ifnottex, make html generation work + + * lib/krb5/krb5_krbhst_init.3: spelling, from Björn Sandell + + + * lib/krb5/krb5_get_krbhst.3: spelling, from Björn Sandell + + + * lib/krb5/krb5_data.3: spelling, from Björn Sandell + + + * lib/krb5/krb5_aname_to_localname.3: spelling, from Björn Sandell + + + * lib/krb5/krb5_address.3: spelling, from Björn Sandell + + +2005-04-23 Love Hörnquist Åstrand + + * kdc/config.c: Use the new Kerberos 4 functions in libkrb5 and so + kerberos 4 is always compiled in (still default disabled) + + * kdc/kerberos4.c: Use the new Kerberos 4 functions in libkrb5 and + so kerberos 4 is always compiled in (still default disabled) + + * lib/krb5/krb5_locl.h: forward declaration of _krb5_krb_auth_data + + * lib/krb5/convert_creds.c: Move the kerberos v4 replacement + functions to v4_glue.c + + * lib/krb5/v4_glue.c: Implement enough of kerberos 4 protocol to + be a KDC, move the v4 bits over here + + * lib/krb5/krb5-v4compat.h: add more v4 defines + +2005-04-22 Love Hörnquist Åstrand + + * kpasswd/kpasswdd.c: Support multi-realms databases, requires + that all the realms are configured on the KDC in krb5.conf with + [libdefaults]default_realm stanzas. + +2005-04-21 Love Hörnquist Åstrand + + * kdc/kerberos5.c: spell succeeded correctly, From Sean Chittenden + + * lib/krb5/addr_families.c: catch two more snprintf problems + +2005-04-20 Love Hörnquist Åstrand + + * lib/hdb/Makefile.am: this lib include com_err, add -com_err to + CHECK_SYMBOLS + + * appl/test/http_client.c: cast ssize_t to unsigned long, fix + printf format + +2005-04-19 Love Hörnquist Åstrand + + * lib/krb5/kuserok.c: use asprintf to avoid truncating pathnames + + * lib/krb5/get_host_realm.c: check return value of snprintf + + * lib/krb5/test_addr.c: check address truncation + + * lib/krb5/addr_families.c: check return values from snprintf and + clean up semantics of ret_len + + * lib/krb5/krb5_address.3: clarify what ret_len is in + krb5_print_address + + * lib/krb5/test_kuserok.c: add --version and --help + + * lib/krb5/kuserok.c: use getpwnamn_r if it exists + + * lib/krb5/Makefile.am: noinst_PROGRAMS += test_kuserok + + * lib/krb5/test_kuserok.c: test program for krb5_kuserok + +2005-04-18 Love Hörnquist Åstrand + + * lib/krb5/acache.c (acc_resolve): if open_default_ccache failed + with ccErrCCacheNotFound try again with create_default_ccache, + this fixes the problem where the security server apperenly haven't + started yet on Mac OS X + + * lib/krb5/get_default_principal.c + (_krb5_get_default_principal_local): add, for use of functions + that in ccache layer to avoid recursive calls. + + * lib/hdb/hdb-ldap.c: drop , no longer use any of the is* + macros in this file + + * include/make_crypto.c: cast to unsigned char to make sure its + not negative when passing it to is* functions + +2005-04-15 Love Hörnquist Åstrand + + * doc/programming.texi: remove manpage macro, add some more + references to manpages + + * doc/heimdal.texi: define manpage macro + + * doc/setup.texi: document new password policy code + + * kpasswd/kpasswdd.c: add verifier libraries with + kadm5_add_passwd_quality_verifier + + * lib/krb5/krb5_keyblock.3: document krb5_keyblock_init + +2005-04-14 Love Hörnquist Åstrand + + * kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the + same, and clients + (klog) can deal with that the kaserver returns the same thing for + both + + * lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill + in a keyblock from key data. + +2005-04-12 Love Hörnquist Åstrand + + * configure.in: rk_WIN32_EXPORT for roken + +2005-04-10 Love Hörnquist Åstrand + + * appl/test/gssapi_server.c: print out client principla of + delegated credential + +2005-04-07 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check + for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert + +2005-04-07 Love Hörnquist Åstrand + + * .cvsignore: ignore more generate files + +2005-04-04 Love Hörnquist Åstrand + + * lib/asn1/check-der.c: use size_t, print size_t by casting to + unsigned long + + * lib/krb5/test_crypto.c: print size_t by casting to unsigned long + + * lib/krb5/acache.c: Argument to create_new_ccache is a principal, + not a credential cache name. Clean up lossage related to this + problem. + + * lib/hdb/Makefile.am: CHECK_SYMBOLS += HDBFlags2int + + * lib/krb5/addr_families.c + (krb5_address_prefixlen_boundary,krb5_free_address): + use find_atype when we are dealing with a kerberos address type + + * lib/krb5/aes-test.c: size_t vs int + fix printf + + * lib/krb5/pkinit.c: Since the decode can't make out the diffrence + between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to + verify both cases + +2005-04-03 Love Hörnquist Åstrand + + * appl/test/uu_client.c: print size_t by casting to unsigned long + +2005-04-01 Johan Danielsson + + * kdc/kerberos4.c (do_version4): check client and server max_life + + * kdc/kaserver.c (do_getticket): check client max_life + +2005-03-31 Love + + * lib/krb5/verify_krb5_conf.c: const poison + + * lib/krb5/test_alname.c: const poison + + * lib/asn1/main.c: const poison + + * lib/krb5/test_addr.c: test parse IPv6 RANGE addresses + + * lib/krb5/addr_families.c: implement mask boundary for IPv6 + + * lib/asn1/gen.c: avoid const string warnings steming from + writeable-string + +2005-03-28 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: TESTS += test_addr + + * lib/krb5/test_addr.c: simple test for addresses + + * lib/krb5/addr_families.c: make RANGE parse prefixlen style + addresses too, fix printing of RANGE addresses, add + krb5_address_prefixlen_boundary + + * lib/krb5/krb5_keytab.3: stop memory leak in example, expand on + wildcards + +2005-03-26 Love Hörnquist Åstrand + + * lib/krb5/krb5_principal.3: spelling, from Tomas Olsson + + * lib/krb5/krb5_warn.3: spelling, from Tomas Olsson + +2005-03-19 Love Hörnquist Åstrand + + * lib/krb5/acache.c: add mutex for global variables, clean up + returned error codes, implement storing addresses into the ccapi + + * appl/test/gssapi_server.c: free memory, make error strings match + + * appl/test/gssapi_server.c: use print_gss_name, print server name + too + + * appl/test/gss_common.h (print_gss_name): common code for + printing gss name + + * appl/test/gss_common.c (print_gss_name): common code for + printing gss name + + * appl/test/http_client.c: Make constent with rest of the gssapi + test programs + +2005-03-17 Love Hörnquist Åstrand + + * lib/hdb/keys.c: AES is enabled by default, remove ifdefs + + * lib/krb5/crypto.c: AES is enabled by default, remove ifdefs + + * lib/krb5/aes-test.c: use hex encoder from roken AES is enabled + by default, remove ifdefs + + * kdc/kerberos5.c: AES is enabled by default, remove ifdefs + +2005-03-16 Love Hörnquist Åstrand + + * doc/setup.texi: Add some text about modifying the database + +2005-03-15 Love Hörnquist Åstrand + + * kuser/kinit.c: widen lifetime/renewal warning text field, also + make use of unparse_time_approx, no need to be specific to the + second when ticket needs to be renewed or their lifetime. + + * doc/heimdal.texi: copyright maintenance, drop eay, use updated + UCB license + + * lib/krb5/crypto.c: more static and unsigned issues + + * lib/krb5/crypto.c: fix signedness issues, prompted by report of + Magnus Ahltorp + +2005-03-13 Love Hörnquist Åstrand + + * lib/krb5/krb5_keytab.3: more text about how to free returned + resources + +2005-03-10 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: handle the -25 generation path + + * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_19 + + * lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes + +2005-03-09 Love Hörnquist Åstrand + + * kdc/pkinit.c: use generated oid's + + * lib/krb5/pkinit.c: use generated oid's + +2005-03-08 Love Hörnquist Åstrand + + * kdc/pkinit.c: update to the asn1 structures used in -25's + + * lib/krb5/pkinit.c: update to the asn1 structures used in -25's + +2005-03-04 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: use the newly written hex function from + roken and remove the old implementation + +2005-03-01 Love Hörnquist Åstrand + + * appl/test/http_client.c: allow specifing port to connect to + +2005-02-24 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: bump version to 21:0:4 + + * lib/hdb/Makefile.am: bump version to 8:0:1 + + * lib/asn1/Makefile.am: bump version to 7:0:1 + +2005-02-23 Love Hörnquist Åstrand + + * lib/krb5/crypto.c (DES_string_to_key_int): must check for weak + keys after doing the DES_cbc_cksum + +2005-02-19 Luke Howard + + * lib/krb5/krbhst.c: set KD_CONFIG after calling + config_get_hosts() in kpasswd_get_next() + From: Wynn Wilkes + +2005-02-15 Love Hörnquist Åstrand + + * lib/hdb/db3.c (DB_open): correct the check for O_RDONLY + From: Chaskiel M Grundman + +2005-02-09 Love Hörnquist Åstrand + + * lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to + make %d work + +2005-02-08 Love Hörnquist Åstrand + + * lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the + caller requested to provide the user with a glue what the caller + was asking for. + +2005-02-05 Luke Howard + + * lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop + + * kcm/acquire.c: don't leak salt if keyproc called multiple + times + + * kcm/config.c: allow KCM system ccache to be configured from + krb5.conf, in the system_ccache stanza of [kcm] + +2005-02-03 Love Hörnquist Åstrand + + * kcm/protocol.c: use -1 as the invalid pid number + + * kcm/connect.c: support SCM_CREDS (for NetBSD) + + * kcm/Makefile.am: LDADD += LIB_pidfile + + * kcm/connect.c: make it possible to build on systems without + SO_PEERCRED (still doesn't work) + + * kcm/config.c: cast argument to isdigit to unsigned char + + * lib/krb5/krb5.conf.5: document large_msg_size + + * lib/krb5/context.c (init_context_from_config_file): init + large_msg_size to 6000 + + * lib/krb5/krb5.h (krb5_context_data): add large_msg_size, + threshold where we start to use transport protocols without tiny + max data transport sizes. + + * lib/krb5/kcm.h: drop prototypes, they all live in krb5-private.h + by now + +2005-02-02 Luke Howard + + * configure.in: generate kcm/Makefile + + * Makefile.am: recurse into kcm/ if KCM defined + + * kcm: add KCM daemon + +2005-02-02 Love Hörnquist Åstrand + + * lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again + + * lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add + some more error strings + +2005-02-02 Luke Howard + + * configure.in: add --enable-kcm option for Kerberos + Credentials Manager (KCM) + + * lib/krb5/Makefile.am: add kcm.c + + * lib/krb5/cache.c: use cc_retrieve_cred if present rather + than enumerating ccache + + * lib/krb5/context.c: register KCM cc_ops + + * lib/krb5/get_cred.c: pass all options to cc_retrieve_cred + + * lib/krb5/init_creds_pw.c: add krb5_get_init_creds_keyblock + + * lib/krb5/kcm.[ch]: add initial implementation of KCM + client library + + * lib/krb5/krb5.h: fix cc_retrieve prototype, add KCM cc_ops + + * lib/krb5/send_to_kdc.c: add _krb5_send_and_recv_tcp + + * lib/krb5/store.c: add krb5_store_creds_tag, krb5_ret_creds_tag + +2005-01-24 Luke Howard + + * lib/krb5/init_creds_pw.c: allow NULL in_options to be passed + krb5_get_init_creds_password() + + * kdc/kerberos5.c: don't crash when logging no server etype + support if client == NULL + +2005-01-17 Love Hörnquist Åstrand + + * kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love + + +2005-01-12 Love Hörnquist Åstrand + + * doc/apps.texi: Texinfo fixes. Text about irix 6.5 using + PAM. From: Dave Love + +2005-01-08 Love Hörnquist Åstrand + + * lib/krb5/verify_krb5_conf.c: cast argument to isdigit to + unsigned char + + * lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned + char + + * lib/asn1/hash.c (hashcaseadd): cast argument to toupper to + unsigned char + + * appl/kf/kfd.c (kfd_match_version): cast argument to islower to + unsigned char + + * lib/krb5/krb5.3: drop krb5_{checksum,enctype}_is_disabled + + * lib/krb5/krb5_encrypt.3: drop krb5_enctype_is_disabled, more + text about krb5_enctype_valid + + * lib/krb5/krb5_create_checksum.3: drop + krb5_checksum_is_disabled + + * lib/krb5/crypto.c: drop krb5_{checksum,enctype}_isdisabled + + * lib/krb5/context.c: krb5_enctype_is_disabled is the same thing + as krb5_enctype_valid, so use the later since its older and the + api doesn't really need another entry point + + * lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as + krb5_enctype_valid, so use the later since its older and the api + doesn't really need another entry point + + * kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as + krb5_enctype_valid, so use the later since its older and the api + doesn't really need another entry point + +2005-01-05 Love Hörnquist Åstrand + + * kpasswd/kpasswdd.8: document --addresses, controls what + addresses kpasswd should listen too + + * kpasswd/kpasswdd.c: add --addresses, controls what addresses + kpasswd should listen too + + * lib/krb5/addr_families.c (krb5_parse_address): filter out dup + addresses from getaddrinfo + + * kpasswd/kpasswd.1: document -c + + * kpasswd/kpasswd.c: allow specifying a credential cache to use + for the admin principal + + * include/bits.c: constify to avoid warning with -Wwrite-string + + * NEWS: add 0.6.2 and 0.6.3 items + + * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey_extended + + * lib/krb5/krb5_is_thread_safe.3: document function + + * lib/krb5/Makefile.am (man_MANS) += krb5_is_thread_safe.3 + + * lib/krb5/context.c (krb5_is_thread_safe): return TRUE is the + library was compiled with multithreading support. If not, + application must global lock the library, it it uses threads that + call kerberos functions at the same time. + +2005-01-05 Luke Howard + + * lib/krb5/auth_context.c: use krb5_generate_subkey_extended() + + * lib/krb5/appdefault.c: remove redundant KRB5_LIB_FUNCTION + + * lib/krb5/build_auth.c: support for enctype negotiation + (client sends EtypeList in Authenticator authz data) + + * lib/krb5/context.c: mutex should be destroyed last in + krb5_free_context() + + * lib/krb5/generate_subkey.c: add krb5_generate_subkey_extended(), + set *subkey to NULL if key geneartion fails + + * lib/krb5/krb5.h: add KRB5_KU_PA_SERVER_REFERRAL_DATA + + * lib/krb5/mk_req_ext.c: support ETYPE_ARCFOUR_HMAC_MD5_56 + + * lib/krb5/rd_req.c: support for enctype negotiation + (client sends EtypeList in Authenticator authz data) + +2005-01-04 Luke Howard + + * lib/asn1/k5.asn1: add authorization data types for enctype + negotiation implementation + +2005-01-04 Love Hörnquist Åstrand + + * lib/krb5/changepw.c (change_password_loop): on failing to find a + kdc, set result_code to KRB5_KPASSWD_HARDERROR + +2005-01-01 Love Hörnquist Åstrand + + * doc/heimdal.texi: Happy New Year + diff --git a/crypto/external/bsd/heimdal/dist/ChangeLog.2006 b/crypto/external/bsd/heimdal/dist/ChangeLog.2006 new file mode 100644 index 000000000..d48ea8aba --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/ChangeLog.2006 @@ -0,0 +1,2047 @@ +2006-12-28 Love Hörnquist Åstrand + + * kdc/process.c: Handle kx509 requests. + + * kdc/connect.c: Listen to 9878 if kca is turned on. + + * kdc/headers.h: Include . + + * kdc/config.c: code to parse [kdc]enable-kx509 + + * kdc/kdc.h: add enable_kx509 + + * kdc/Makefile.am: add kx509.c + + * kdc/kx509.c: Kx509server (external certificate genration). + + * lib/krb5/ticket.c: add krb5_ticket_get_endtime + + * lib/krb5/krb5_ticket.3: Document krb5_ticket_get_endtime + + * kdc/digest.c: Remove , its already included in + headers.h + + * kdc/digest.c: Return session key for the NTLMv2 case too + + * lib/krb5/digest.c (krb5_ntlm_rep_get_sessionkey): return value + is krb5_error_code + +2006-12-27 Love Hörnquist Åstrand + + * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): use md5 for + des-cbc-md4 and des-cbc-md5. This is for (older) windows that + will be unhappy anything else. From Inna Bort-Shatsky + +2006-12-26 Love Hörnquist Åstrand + + * kdc/digest.c: Prefix internal symbol with _kdc_. + + * kdc/kdc.h: add digests_allowed + + * kdc/digest.c: return NTLM2 targetinfo structure. + + * lib/krb5/digest.c: Add krb5_ntlm_init_get_targetinfo. + + * kdc/config.c: Parse digest acl's + + * kdc/kdc_locl.h: forward decl; + + * kdc/digest.c: Add digest acl's + +2006-12-22 Love Hörnquist Åstrand + + * fix-export: build ntlm-private.h + +2006-12-20 Love Hörnquist Åstrand + + * include/make_crypto.c: Include <.../hmac.h>. + + * kdc/digest.c: reorder to show slot here ntlmv2 code will be + placed. + + * kdc/digest.c: Announce that we support key exchange and add bits + to detect when it wasn't used. + + * kdc/digest.c: Add support for generating NTLM2 session security + answer. + +2006-12-19 Love Hörnquist Åstrand + + * lib/krb5/digest.c: Add sessionkey accessor functions. + +2006-12-18 Love Hörnquist Åstrand + + * kdc/digest.c: Unwrap the NTLM session key and return it to the + server. + +2006-12-17 Love Hörnquist Åstrand + + * lib/krb5/store.c (krb5_ret_principal): Fix a bug in the malloc + failure part, noticed by Arnaud Lacombe in NetBSD coverity scan. + +2006-12-15 Love Hörnquist Åstrand + + * lib/krb5/fcache.c (fcc_get_cache_next): avoid const warning. + + * kdc/digest.c: Support NTLM verification, note that the KDC does + no NTLM packet parsing, its all done by the client side, the KDC + just calculate and verify the digest and return the result to the + service. + + * kuser/kdigest.c: add ntlm-server-init + + * kuser/Makefile.am: kdigest depends on libheimntlm.la + + * kdc/headers.h: Include . + + * kdc/Makefile.am: libkdc needs libheimntlm.la + + * autogen.sh: just run autoreconf -i -f + + * lib/Makefile.am: hook in ntlm + + * configure.in (AC_CONFIG_FILES): add lib/ntlm/Makefile + + * lib/krb5/digest.c: API to authenticate ntlm requests. + + * lib/krb5/fcache.c: Support "iteration" of file credential caches + by giving the user back the default file credential cache and only + that. + + * lib/krb5/krb5_locl.h: Expand the default root for some of the cc + type names. + +2006-12-14 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c (free_paid): free the krb5_data + structure too. Bug report from Stefan Metzmacher. + +2006-12-12 Love Hörnquist Åstrand + + * kuser/kinit.c: Read the appdefault configration before we try to + use the flags. Bug reported by Ingemar Nilsson. + + * kuser/kdigest.c: prefix digest commands with digest_ + + * kuser/kdigest-commands.in: prefix digest commands with digest- + +2006-12-10 Love Hörnquist Åstrand + + * kdc/hprop.c: Return error codes on failure, improve error + reporting. + +2006-12-08 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: sprinkle more _krb5_pk_copy_error + + * lib/krb5/pkinit.c: Copy more hx509 error strings to krb5 error + strings + +2006-12-07 Love Hörnquist Åstrand + + * include/Makefile.am: CLEANFILES += vis.h + +2006-12-06 Love Hörnquist Åstrand + + * kdc/kerberos5.c (_kdc_as_rep): add AD-INITAL-VERIFIED-CAS to the + encrypted ticket + + * kdc/pkinit.c (_kdc_add_inital_verified_cas): new function, adds + an empty (for now) AD_INITIAL_VERIFIED_CAS to tell the clients + that we vouches for the CA. + + * kdc/kerberos5.c (_kdc_tkt_add_if_relevant_ad): new function. + + * lib/Makefile.am: Make the directories test automake conditional + so automake can include directories in make dist step. + + * kdc/pkinit.c (_kdc_pk_rd_padata): leak less memory for + ExternalPrincipalIdentifiers + + * kdc/pkinit.c: Parse and use PA-PK-AS-REQ.trustedCertifiers + + * kdc/pkinit.c: Add comment that the anchors in the signed data + really should be the trust anchors of the client. + + * kuser/generate-requests.c: Use strcspn to remove \n from + string returned by fgets. From Björn Sandell + + * kpasswd/kpasswd-generator.c: Use strcspn to remove \n from + string returned by fgets. From Björn Sandell + +2006-12-05 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: Clear errno before calling the strtol + functions. From Paul Stoeber to OpenBSD by Ray Lai and Björn + Sandell. + + * lib/krb5/config_file.c: Use strcspn to remove \n from fgets + result. Prompted by change by Ray Lai of OpenBSD via Björn + Sandell. + + * kdc/string2key.c: Use strcspn to remove \n from fgets + result. Prompted by change by Ray Lai of OpenBSD via Björn + Sandell. + +2006-11-30 Love Hörnquist Åstrand + + * lib/krb5/krbhst.c (plugin_get_hosts): be more paranoid and pass + in a NULLed plugin list + +2006-11-29 Love Hörnquist Åstrand + + * lib/krb5/verify_krb5_conf.c: add more pkinit options. + + * lib/krb5/pkinit.c: Store what PK-INIT type we used to know reply + to expect, this avoids overwriting the real PK-INIT error from + just a failed requeat with a Windows PK-INIT error (that always + failes). + + * kdc/Makefile.am: Add LIB_pkinit to pacify AIX + + * lib/hdb/Makefile.am: Add LIB_com_err to pacify AIX + +2006-11-28 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: Make build again from the hdb_entry + wrapping. Patch from Andreas Hasenack. + + * kdc/pkinit.c: Need better code in the DH parameter rejection + case, add comment to that effect. + +2006-11-27 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG for too large + packets when using datagram based transports. + + * kdc/process.c: Pass down datagram_reply to _kdc_tgs_rep. + + * lib/krb5/pkinit.c (build_auth_pack): set supportedCMSTypes. + +2006-11-26 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Pass down hx509_peer_info. + + * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and + pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. + + * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and + pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. + +2006-11-24 Love Hörnquist Åstrand + + * lib/krb5/send_to_kdc.c: Set the large_msg_size to 1400, lets not + fragment packets and avoid stupid linklayers that doesn't allow + fragmented packets (unix dgram sockets on Mac OS X) + +2006-11-23 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users + certs in the pool to make sure a path is returned, without this + proxy certificates wont work. + +2006-11-21 Love Hörnquist Åstrand + + * kdc/config.c: Make all pkinit options prefixed with pkinit_ + + * lib/krb5/log.c (krb5_get_warn_dest): return warn_dest from + krb5_context + + * lib/krb5/krb5_warn.3: document krb5_[gs]et_warn_dest + + * lib/krb5/krb5.h: Drop KRB5_KU_TGS_IMPERSONATE. + + * kdc/krb5tgs.c: Use KRB5_KU_OTHER_CKSUM for the impersonate + checksum. + + * lib/krb5/get_cred.c: Use KRB5_KU_OTHER_CKSUM for the impersonate + checksum. + +2006-11-20 Love Hörnquist Åstrand + + * lib/krb5/verify_user.c: Make krb5_get_init_creds_opt_free take a + context argument. + + * lib/krb5/krb5_get_init_creds.3: Make + krb5_get_init_creds_opt_free take a context argument. + + * lib/krb5/init_creds_pw.c: Make krb5_get_init_creds_opt_free take + a context argument. + + * kuser/kinit.c: Make krb5_get_init_creds_opt_free take a context + argument. + + * kpasswd/kpasswd.c: Make krb5_get_init_creds_opt_free take a + context argument. + + * kpasswd/kpasswd-generator.c: Make krb5_get_init_creds_opt_free + take a context argument. + + * kdc/hprop.c: Make krb5_get_init_creds_opt_free take a context + argument. + + * lib/krb5/init_creds.c: Make krb5_get_init_creds_opt_free take a + context argument. + + * appl/gssmask/gssmask.c: Make krb5_get_init_creds_opt_free take a + context argument. + +2006-11-19 Love Hörnquist Åstrand + + * doc/setup.texi: fix pkinit option (s/-/_/) + + * kdc/config.c: revert the enable-pkinit change, and make it + consistant with all other other enable- options + +2006-11-17 Love Hörnquist Åstrand + + * doc/setup.texi: Make all pkinit options prefixed with pkinit_ + + * kdc/config.c: Make all pkinit options prefixed with pkinit_ + + * kdc/pkinit.c: Make app pkinit options prefixed with pkinit_ + + * lib/krb5/pkinit.c: Make app pkinit options prefixed with pkinit_ + + * lib/krb5/mit_glue.c (krb5_c_keylengths): make compile again. + + * lib/krb5/mit_glue.c (krb5_c_keylengths): rename. + + * lib/krb5/mit_glue.c (krb5_c_keylength): mit changed the api, + deal. + +2006-11-13 Love Hörnquist Åstrand + + * lib/krb5/pac.c (fill_zeros): stop using MIN. + + * kuser/kinit.c: Forward decl + + * lib/krb5/test_plugin.c: Use NOTHERE.H5L.SE. + + * lib/krb5/krbhst.c: Fill in hints for picky getaddrinfo()s. + + * lib/krb5/test_plugin.c: Set sin_len if it exists. + + * lib/krb5/krbhst.c: Use plugin for the other realm locate types + too. + +2006-11-12 Love Hörnquist Åstrand + + * lib/krb5/krb5_locl.h: Add plugin api + + * lib/krb5/Makefile.am: Add plugin api. + + * lib/krb5/krbhst.c: Use the resolve plugin interface. + + * lib/krb5/locate_plugin.h: Add plugin interface for resolving + that is API compatible with MITs version. + + * lib/krb5/plugin.c: Add first version of the plugin interface. + + * lib/krb5/test_pac.c: Test signing. + + * lib/krb5/pac.c: Add code to sign PACs, only arcfour for now. + + * lib/krb5/krb5.h: Add struct krb5_pac. + +2006-11-09 Love Hörnquist Åstrand + + * lib/krb5/test_pac.c: PAC testing. + + * lib/krb5/pac.c: Sprinkle error strings. + + * lib/krb5/pac.c: Verify LOGON_NAME. + + * kdc/pkinit.c (_kdc_pk_check_client): drop client_princ as an + argument + + * kdc/kerberos5.c (_kdc_as_rep): drop client_princ from + _kdc_pk_check_client since its not valid in canonicalize case + + * lib/krb5/krb5_c_make_checksum.3: Document krb5_c_keylength. + + * lib/krb5/mit_glue.c: Add krb5_c_keylength. + +2006-11-08 Love Hörnquist Åstrand + + * lib/krb5/pac.c: Almost enough code to do PAC parsing and + verification, missing in the unix2NTTIME and ucs2 corner. The + later will be adressed by finally adding libwind. + + * lib/krb5/krb5_init_context.3: document krb5_[gs]et_max_time_skew + + * kdc/hpropd.c: Remove support dumping to a kerberos 4 database. + +2006-11-07 Love Hörnquist Åstrand + + * lib/krb5/context.c: rename krb5_[gs]et_time_wrap to + krb5_[gs]et_max_time_skew + + * kdc/pkinit.c: Catch error string from hx509_cms_verify_signed. + Check for id-pKKdcEkuOID and warn if its not there. + + * lib/krb5/rd_req.c: Add more krb5_rd_req_out_get functions. + +2006-11-06 Love Hörnquist Åstrand + + * lib/krb5/krb5.h: krb5_rd_req{,_in,_out}_ctx. + + * lib/krb5/rd_req.c (krb5_rd_req_ctx): Add context all singing-all + dancing version of the krb5_rd_req and implement krb5_rd_req and + krb5_rd_req_with_keyblock using it. + +2006-11-04 Love Hörnquist Åstrand + + * kdc/kerberos5.c (_kdc_as_rep): More verbose time skew logging. + +2006-11-03 Love Hörnquist Åstrand + + * lib/krb5/expand_hostname.c: Rename various routines and + constants from canonize to canonicalize. From Andrew Bartlett + + * lib/krb5/context.c: Add krb5_[gs]et_time_wrap + + * lib/krb5/krb5_locl.h: Rename various routines and constants from + canonize to canonicalize. From Andrew Bartlett + + * appl/gssmask/common.c (add_list): fix alloc statement. + From Alex Deiter + +2006-10-25 Love Hörnquist Åstrand + + * include/Makefile.am: Move version.h and version.h.in to + DISTCLEANFILES. + +2006-10-24 Love Hörnquist Åstrand + + * appl/gssmask/gssmask.c: Only log when there are resources left. + + * appl/gssmask/gssmask.c: make compile + + * appl/gssmask/gssmask.c (AcquireCreds): free + krb5_get_init_creds_opt + +2006-10-23 Love Hörnquist Åstrand + + * configure.in: heimdal 0.8-RC1 + +2006-10-22 Love Hörnquist Åstrand + + * lib/krb5/digest.c: Try to not leak memory. + + * kdc/digest.c: Try to not leak memory. + + * Makefile.am: remove valgrind target, it doesn't belong here. + + * kuser/kinit.c: Try to not leak memory. + + * kuser/kgetcred.c: Try to not leak memory. + + * kdc/krb5tgs.c (check_KRB5SignedPath): free KRB5SignedPath on + successful completion too, not just the error cases. + + * fix-export: Make make fix-export less verbose. + + * kuser/kgetcred.c: Try to not leak memory. + + * lib/hdb/keys.c (hdb_generate_key_set): free list of enctype when + done. + + * lib/krb5/crypto.c: Allocate the memory we later use. + + * lib/krb5/test_princ.c: Try to not leak memory. + + * lib/krb5/test_crypto_wrapping.c: Try to not leak memory. + + * lib/krb5/test_cc.c: Try to not leak memory. + + * lib/krb5/addr_families.c (arange_free): Try to not leak memory. + + * lib/krb5/crypto.c (AES_string_to_key): Try to not leak memory. + +2006-10-21 Love Hörnquist Åstrand + + * tools/heimdal-build.sh: Add --test-environment + + * tools/heimdal-build.sh: Add --ccache-dir + + * lib/hdb/Makefile.am: remove dependency on et files covert_db + that now is removed + +2006-10-20 Love Hörnquist Åstrand + + * include/Makefile.am: add gssapi to subdirs + + * lib/hdb/hdb-ldap.c: Make compile. + + * configure.in: add include/gssapi/Makefile. + + * include/Makefile.am: clean more files + + * include/make_crypto.c: Avoid creating a file called --version. + + * include/bits.c: Avoid creating a file called --version. + + * appl/test/Makefile.am: add nt_gss_common.h + + * doc/Makefile.am: Disable TEXI2DVI for now. + + * tools/Makefile.am: more files + + * lib/krb5/context.c (krb5_free_context): free send_to_kdc context + + * doc/heimdal.texi: Put Heimdal in the dircategory Security. + + * lib/krb5/send_to_kdc.c: Add sent_to_kdc hook, from Andrew + Bartlet. + + * lib/krb5/krb5_locl.h: Add send_to_kdc hook. + + * lib/krb5/krb5.h: Add krb5_send_to_kdc_func prototype. + + * kcm/Makefile.am: more files + + * kdc/Makefile.am: more files + + * lib/hdb/Makefile.am: more files + + * lib/krb5/Makefile.am: add more files + +2006-10-19 Love Hörnquist Åstrand + + * tools/Makefile.am: Add heimdal-build.sh to EXTRA_DIST. + + * configure.in: Don't check for timegm, libroken provides it for + us. + + * lib/krb5/acache.c: Does function typecasts instead of void * + type-casts. + + * lib/krb5/krb5.h: Remove bonus , that Love sneeked in. + + * configure.in: make --disable-pk-init help text also negative + +2006-10-18 Love Hörnquist Åstrand + + * kuser/kgetcred.c: Avoid memory leak. + + * tools/heimdal-build.sh: Add more verbose logging, add version of + script and heimdal to the mail. + + * lib/hdb/db3.c: Wrap function call pointer calls in (*func) to + avoid macros rewriting open and close. + + * lib/krb5/Makefile.am: Add test_princ. + + * lib/krb5/principal.c: More error strings, handle realm-less + printing. + + * lib/krb5/test_princ.c: Test principal parsing and unparsing. + +2006-10-17 Love Hörnquist Åstrand + + * lib/krb5/get_host_realm.c (krb5_get_host_realm): make sure we + don't recurse + + * lib/krb5/get_host_realm.c (krb5_get_host_realm): no components + -> no dns. no mapping, try local realm and hope KDC knows better. + + * lib/krb5/krb5.h: Add flags for krb5_unparse_name_flags + + * lib/krb5/krb5_principal.3: Document + krb5_unparse_name{_fixed,}_flags. + + * lib/krb5/principal.c: Add krb5_unparse_name_flags and + krb5_unparse_name_fixed_flags. + + * lib/krb5/krb5_principal.3: Document krb5_parse_name_flags. + + * lib/krb5/principal.c: Add krb5_parse_name_flags. + + * lib/krb5/principal.c: Add krb5_parse_name_flags. + + * lib/krb5/krb5.h: Add krb5_parse_name_flags flags. + + * lib/krb5/krb5_locl.h: Hide krb5_context_data from public + exposure. + + * lib/krb5/krb5.h: Hide krb5_context_data from public exposure. + + * kuser/klist.c: Use krb5_get_kdc_sec_offset. + + * lib/krb5/context.c: Document krb5_get_kdc_sec_offset() + + * lib/krb5/krb5_init_context.3: Add krb5_get_kdc_sec_offset() + + * lib/krb5/krb5_init_context.3: Add krb5_set_dns_canonize_hostname + and krb5_get_dns_canonize_hostname + + * lib/krb5/verify_krb5_conf.c: + add [libdefaults]dns_canonize_hostname + + * lib/krb5/expand_hostname.c: use dns_canonize_hostname to + determin if we should talk to dns to find the canonical name of + the host. + + * lib/krb5/krb5.h (krb5_context): add dns_canonize_hostname. + + * tools/heimdal-build.sh: Set status. + + * appl/gssmask/gssmask.c: handle more bits + + * kdc/kerberos5.c: Prefix asn1 primitives with der_. + +2006-10-16 Love Hörnquist Åstrand + + * fix-export: Build lib/asn1/der-protos.h. + +2006-10-14 Love Hörnquist Åstrand + + * appl/gssmask/Makefile.am: Add explit depenency on libroken. + + * kdc/krb5tgs.c: Prefix der primitives with der_. + + * kdc/pkinit.c: Prefix der primitives with der_. + + * lib/hdb/ext.c: Prefix der primitives with der_. + + * lib/hdb/ext.c: Prefix der primitives with der_. + + * lib/krb5/crypto.c: Remove workaround from when there wasn't + always aes. + + * lib/krb5/ticket.c: Prefix der primitives with der_. + + * lib/krb5/digest.c: Prefix der primitives with der_. + + * lib/krb5/crypto.c: Prefix der primitives with der_. + + * lib/krb5/data.c: Prefix der primitives with der_. + +2006-10-12 Love Hörnquist Åstrand + + * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break. From + Olga Kornievskaia. + + * kdc/kdc.8: document max-kdc-datagram-reply-length + + * include/bits.c: Include Xint64 types. + +2006-10-10 Love Hörnquist Åstrand + + * tools/heimdal-build.sh: Add socketwrapper and cputime limit. + + * kdc/connect.c (loop): Log that the kdc have started. + +2006-10-09 Love Hörnquist Åstrand + + * kdc/connect.c (do_request): tell krb5_kdc_process_request if its + a datagram reply or not + + * kdc/kerberos5.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG error if its + a datagram reply and the datagram reply length limit is reached. + + * kdc/process.c: Rename krb5_kdc_process_generic_request to + krb5_kdc_process_request Add datagram_reply argument. + + * kdc/config.c: check for [kdc]max-kdc-datagram-reply-length + + * kdc/kdc.h (krb5_kdc_config): Add max_datagram_reply_length. + + * lib/hdb/keytab.c: Change || to |, From metze. + + * lib/hdb/keytab.c: Add back :file to sample format. + + * lib/hdb/keytab.c: Add more HDB_F flags to hdb_fetch. Pointed out + by Andrew Bartlet. + + * kdc/krb5tgs.c (tgs_parse_request): set cusec, not csec from + auth->cusec. + +2006-10-08 Love Hörnquist Åstrand + + * fix-export: dist_-ify libkadm5clnt_la_SOURCES too + + * doc/heimdal.texi: Update (c) years. + + * appl/gssmask/protocol.h: Clarify protocol. + + * kdc/hpropd.c: Adapt to signature change of + _krb5_principalname2krb5_principal. + + * kdc/kerberos4.c: Adapt to signature change of + _krb5_principalname2krb5_principal. + + * kdc/connect.c (handle_vanilla_tcp): shorten length when we + shorten the buffer, this matter im the PK-INIT encKey case where a + checksum is done over the whole packet. Reported by Olga + Kornievskaia + +2006-10-07 Love Hörnquist Åstrand + + * include/Makefile.am: crypto-headers.h is a nodist header + + * lib/krb5/aes-test.c: Make argument to PKCS5_PBKDF2_HMAC_SHA1 + unsigned char to make OpenSSL happy. + + * appl/kf/Makefile.am: Add man_MANS to EXTRA_DIST + + * kuser/Makefile.am: split build files into dist_ and noinst_ + SOURCES + + * lib/hdb/Makefile.am: split build files into dist_ and noinst_ + SOURCES + + * lib/krb5/Makefile.am: split build files into dist_ and noinst_ + SOURCES + + * kdc/kerberos5.c: Adapt to signature change of + _krb5_principalname2krb5_principal. + +2006-10-06 Love Hörnquist Åstrand + + * lib/krb5/krbhst.c (common_init): don't try DNS when there is + realm w/o a dot. + + * kdc/524.c: Adapt to signature change of + _krb5_principalname2krb5_principal. + + * kdc/krb5tgs.c: Adapt to signature change of + _krb5_principalname2krb5_principal. + + * lib/krb5/get_in_tkt.c: Adapt to signature change of + _krb5_principalname2krb5_principal. + + * lib/krb5/rd_cred.c: Adapt to signature change of + _krb5_principalname2krb5_principal. + + * lib/krb5/rd_req.c: Adapt to signature change of + _krb5_principalname2krb5_principal. + + * lib/krb5/asn1_glue.c (_krb5_principalname2krb5_principal): add + krb5_context to signature. + + * kdc/524.c (_krb5_principalname2krb5_principal): adapt to + signature change + + * lib/hdb/keytab.c (hdb_get_entry): close and destroy the database + later, the hdb_entry_ex might still contain links to the database + that it expects to use. + + * kdc/digest.c: Make digest argument o MD5_final unsigned char to + help OpenSSL. + + * kuser/kdigest.c: Make digest argument o MD5_final unsigned char + to help OpenSSL. + + * appl/gssmask/common.h: Maybe include . + +2006-10-05 Love Hörnquist Åstrand + + * appl/gssmask/common.h: disable ENABLE_PTHREAD_SUPPORT and + explain why + + * tools/heimdal-build.sh: Another mail header. + + * tools/heimdal-build.sh: small fixes + + * fix-export: More liberal parsing of AC_INIT + + * tools/heimdal-build.sh: first cut + +2006-10-04 Love Hörnquist Åstrand + + * configure.in: Call AB_INIT. + + * kuser/kinit.c: Add flag --pk-use-enckey. + + * kdc/pkinit.c: Sign the request in the encKey case. Bug reported + by Olga Kornievskaia of Umich. + + * lib/krb5/Makefile.am: man_MANS += krb5_digest.3 + + * lib/krb5/krb5_digest.3: Add all protos + +2006-10-03 Love Hörnquist Åstrand + + * lib/krb5/krb5_digest.3: Basic krb5_digest manpage. + +2006-10-02 Love Hörnquist Åstrand + + * fix-export: build gssapi mech private files + + * lib/krb5/init_creds_pw.c: minimize layering and remove + krb5_kdc_flags + + * lib/krb5/get_in_tkt.c: Always use the kdc_flags in the right bit + order. + + * lib/krb5/init_creds_pw.c: Always use the kdc_flags in the right + bit order. + + * kuser/kdigest.c: Don't require --kerberos-realm. + + * lib/krb5/digest.c (digest_request): if NULL is passed in as + realm, use default realm. + + * fix-export: build gssapi mech private files + +2006-09-26 Love Hörnquist Åstrand + + * appl/gssmask/gssmaestro.c: Handle FIRST_CALL in the context + building, better error handling. + + * appl/gssmask/gssmaestro.c: switch from wrap/unwrap to + encrypt/decrypt + + * appl/gssmask/gssmask.c: Don't announce spn if there is none. + + * appl/gssmask/gssmaestro.c: Check that the pre-wrapped data is + the same as afterward. + +2006-09-25 Love Hörnquist Åstrand + + * appl/gssmask/gssmaestro.c: Remove stray GSS_C_DCE_STYLE. + + * appl/gssmask/gssmaestro.c: Add logsocket support. + +2006-09-22 Love Hörnquist Åstrand + + * appl/gssmask/gssmaestro.c (build_context): print the step the + context exchange. + +2006-09-21 Love Hörnquist Åstrand + + * appl/gssmask/gssmaestro.c: Add GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG + to all context flags + + * appl/gssmask/gssmaestro.c: Add wrap and mic tests for all + elements + + * appl/gssmask/gssmask.c: Add mic tests + + * appl/gssmask/gssmaestro.c: dont exit early then when context + is half built. + + * lib/krb5/rd_req.c: disable ETypeList parsing usage for now, cfx + seems broken and its not good to upgrade to a broken enctype. + +2006-09-20 Love Hörnquist Åstrand + + * appl/gssmask/gssmask.c: Add wrap/unwrap ops + + * appl/gssmask/protocol.h: Add eGetVersionAndCapabilities flags + + * appl/gssmask/common.c: Add permutate_all (and support + functions). + + * appl/gssmask/common.h: Add permutate_all + + * appl/gssmask/gssmask.c: use new flags, return moniker + + * appl/gssmask/gssmaestro.c: test self context building and all + permutation of clients + +2006-09-19 Love Hörnquist Åstrand + + * appl/gssmask/gssmask.c: add --logfile option, use htons() on + port number + + * appl/gssmask/gssmaestro.c: Log port in connection message. + + * configure.in: Make pk-init turned on by default. + +2006-09-18 Love Hörnquist Åstrand + + * fix-export: Build lib/hx509/{hx509-protos.h,hx509-private.h}. + + * kuser/Makefile.am: Add tool for printing tickets. + + * kuser/kimpersonate.1: Add tool for printing tickets. + + * kuser/kimpersonate.c: Add tool for printing tickets. + + * kdc/krb5tgs.c: Check the adtkt in the constrained delegation + case too. + +2006-09-16 Love Hörnquist Åstrand + + * kdc/main.c (sigterm): don't _exit, let loop() catch the signal + instead. + + * lib/krb5/krb5_timeofday.3: Fixes from Björn Sandell. + + * lib/krb5/krb5_get_init_creds.3: Fixes from Björn Sandell. + +2006-09-15 Love Hörnquist Åstrand + + * tools/krb5-config.in: Add "kafs" option. + +2006-09-12 Love Hörnquist Åstrand + + * lib/hdb/db.c: By using full function calling conversion (*func) + we avoid problem when close(fd) is overridden using a macro. + + * lib/krb5/cache.c: By using full function calling + conversion (*func) we avoid problem when close(fd) is overridden + using a macro. + +2006-09-11 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Signing outgoing tickets. + + * kdc/krb5tgs.c: Add signing and checking of tickets to s4u2self + works securely. + + * lib/krb5/pkinit.c: Adapt to new signature of + hx509_cms_unenvelope. + +2006-09-09 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c (pk_verify_host): set errorstrings in a + sensable way + +2006-09-08 Love Hörnquist Åstrand + + * lib/krb5/krb5_init_context.3: Prevent a font generation warning, + from Jason McIntyre. + +2006-09-06 Love Hörnquist Åstrand + + * lib/krb5/context.c (krb5_init_ets): Add the hx errortable + + * lib/krb5/krb5_locl.h: Include hx509_err.h. + + * lib/krb5/pkinit.c (_krb5_pk_verify_sign): catch the error string + from the hx509 lib + +2006-09-04 Love Hörnquist Åstrand + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): + fix argument to krb5_get_init_creds_opt_set_addressless. + + * lib/krb5/init_creds_pw.c (init_cred_loop): try to catch the + error when we actually have an error to catch. + + * lib/krb5/init_creds_pw.c: Remove debug printfs. + + * kuser/kinit.c: Remove debug printf + + * lib/krb5/krb5_get_init_creds.3: Document + krb5_get_init_creds_opt_set_addressless. + + * kuser/kinit.c: Use new function + krb5_get_init_creds_opt_set_addressless. + + * lib/krb5/krb5_locl.h: use new addressless, convert pa-pac option + to use the same tri-state option as the new addressless option. + + * lib/krb5/init_creds_pw.c: use new addressless, convert pa-pac + option to use the same tri-state option as the new addressless + option. + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_addressless): + used to control the address-lessness of the initial tickets + instead of passing in the empty set of address into + krb5_get_init_creds_opt_set_addresses. + +2006-09-01 Love Hörnquist Åstrand + + * kuser/kinit.c (renew_validate): inherit the proxiable and + forwardable from the orignal ticket, pointed out by Bernard + Antoine of CERN. + + * doc/setup.texi: More text about the acl_file entry and + hdb-ldap-structural-object. From Rüdiger Ranft. + + * lib/krb5/krbhst.c (fallback_get_hosts): limit the fallback + lookups to 5. Patch from Wesley Craig, umich.edu + + * configure.in: Add special tests for , include test + for sys/param.h and sys/types.h + + * appl/test/tcp_server.c (proto): use keytab for krb5_recvauth + Patch from Ingemar Nilsson + +2006-08-28 Love Hörnquist Åstrand + + * kuser/kdigest.c (help): use sl_slc_help(). + + * kdc/digest.c: Catch more error, add SASL DIGEST MD5. + + * lib/krb5/digest.c: Catch more error. + +2006-08-25 Love Hörnquist Åstrand + + * doc/setup.texi: language. + + * doc/heimdal.texi: Add last updated text. + + * doc/heimdal.css: make box around heimdal title + + * doc/heimdal.css: Inital Heimdal css for the info manual + + * lib/krb5/digest.c: In the case where we get a DigestError back, + save the error string and code. + +2006-08-24 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Remove _kdc_find_etype(), its no longer used. + + * kdc/digest.c: Remove local error label and have just one exit + label, set error strings properly. + + * kdc/digest.c: Simply the disabled-service case. Check the + allow-digest flag in the HDB entry for the client. + + * kdc/process.c (krb5_kdc_process_generic_request): check if we + got a digest request and process it. + + * kdc/main.c: Register hdb keytab operations. + + * kdc/kdc.8: document [kdc]enable-digest=boolean + + * kdc/Makefile.am: add digest to libkdc + + * kdc/digest.c: Make a return a goto to avoid freeing un-inited + memory in cleanup code. + + * kdc/default_config.c (krb5_kdc_default_config): default to all + bits set to zero. + + * kdc/kdc.h (krb5_kdc_configuration): Add enable_digest + + * kdc/headers.h: Include . + + * lib/krb5/context.c (krb5_kerberos_enctypes): new function, + returns the list of Kerberos encryption types sorted in order of + most preferred to least preferred encryption type. + + * kdc/misc.c (_kdc_get_preferred_key): new function, Use the order + list of preferred encryption types and sort the available keys and + return the most preferred key. + + * kdc/krb5tgs.c: Adapt to the new sigature of _kdc_find_keys(). + + * kdc/kerberos5.c: Handle session key etype separately from the + tgt etype, now the krbtgt can be a aes-only key without the need + to support not-as-good etypes for the krbtgt. + +2006-08-23 Love Hörnquist Åstrand + + * kdc/misc.c: Change _kdc_db_fetch() to return the database + pointer to if needed by the consumer. + + * kdc/krb5tgs.c: Change _kdc_db_fetch() to return the database + pointer to if needed by the consumer. + + * kdc/kerberos5.c: Change _kdc_db_fetch() to return the database + pointer to if needed by the consumer. + + * kdc/kerberos4.c: Change _kdc_db_fetch() to return the database + pointer to if needed by the consumer. + + * kdc/kaserver.c: Change _kdc_db_fetch() to return the database + pointer to if needed by the consumer. + + * kdc/524.c: Change _kdc_db_fetch() to return the database pointer + to if needed by the consumer. + + * kuser/kdigest-commands.in: Add --kerberos-realm, add client + request command. + + * lib/krb5/Makefile.am: digest.c + + * lib/krb5/krb5.h: Add digest glue. + + * lib/krb5/digest.c (krb5_digest_set_authentication_user): use + krb5_principal + + * lib/krb5/digest.c: Add digest support to the client side. + +2006-08-21 Love Hörnquist Åstrand + + * lib/krb5/rd_rep.c (krb5_rd_rep): free krb5_ap_rep_enc_part on + error and set return pointer to NULL + (krb5_free_ap_rep_enc_part): permit freeing of NULL + +2006-08-18 Love Hörnquist Åstrand + + * kdc/{Makefile.am,kdigest.c,kdigest-commands.in}: + Frontend for remote digest service in KDC + + * lib/krb5/krb5_storage.3: Document krb5_{ret,store}_stringnl + functions. + + * lib/krb5/store.c: Add krb5_{ret,store}_stringnl functions, + stores/retrieves a \n terminated string. + + * lib/krb5/krb5_locl.h: Default to address-less tickets. + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): clear + error string on error. + +2006-07-20 Love Hörnquist Åstrand + + * lib/krb5/crypto.c: remove aes-192 (CMS) + + * lib/krb5/crypto.c: Remove more CMS bits. + + * lib/krb5/crypto.c: Remove CMS symmetric encryption support. + +2006-07-13 Love Hörnquist Åstrand + + * kdc/pkinit.c (_kdc_pk_check_client): make it not crash when + there are no acl + + * kdc/pkinit.c (_kdc_pk_check_client): use the acl in the kerberos + database + + * lib/hdb/hdb.asn1: Rename HDB-Ext-PKINIT-certificate to + HDB-Ext-PKINIT-hash. Add trust anchor to HDB-Ext-PKINIT-acl. + + * lib/hdb/Makefile.am: rename asn1_HDB_Ext_PKINIT_certificate to + asn1_HDB_Ext_PKINIT_hash + + * lib/hdb/ext.c: Add hdb_entry_get_pkinit_hash(). + +2006-07-10 Love Hörnquist Åstrand + + * kuser/kinit.c: If --password-file gets STDIN, read the password + from the standard input. + + * kuser/kinit.1: Document --password-file=STDIN. + + * lib/krb5/krb5_string_to_key.3: Remove duplicate to. + +2006-07-06 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: (tgs_build_reply): when checking for removed + principals, check the second component of the krbtgt, otherwise + cross realm wont work. Prompted by report from Mattias Amnefelt. + +2006-07-05 Love Hörnquist Åstrand + + * kdc/connect.c (handle_vanilla_tcp): use unsigned integer for for + length + (handle_tcp): if the high bit it set in the unknown case, send + back a KRB_ERR_FIELD_TOOLONG + +2006-07-03 Love Hörnquist Åstrand + + * appl/gssmask/gssmaestro.c: Add get_version_capa, cache + target_name. + + * appl/gssmask/gssmask.c: use utname() to find the local hostname + and version of operatingsystem + + * appl/gssmask/common.h: include + + * appl/gssmask/gssmask.c: break out creation of a client and make + handleServer pthread_create compatible + + * appl/gssmask/gssmaestro.c: break out out the build context + function + +2006-07-01 Love Hörnquist Åstrand + + * appl/gssmask/gssmaestro.c: externalize slave handling, add + GetTargetName glue + + * appl/gssmask/gssmaestro.c: externalize principal/password handling + + * lib/krb5/principal.c (krb5_parse_name): set *principal to NULL + the first thing we do, so that on failure its set to a known value + + * appl/gssmask/gssmask.c: AcquireCreds: set principal to NULL to + avoid memory corruption GetTargetName: always send a string, even + though we don't have a targetname + + * appl/gssmask: break out common function; add gssmaestro (that + only tests one context for now) + +2006-06-30 Love Hörnquist Åstrand + + * lib/krb5/store_fd.c (krb5_storage_from_fd): don't leak fd on + malloc failure + + * appl/gssmask/gssmask.c: split out fetching of credentials for + easier reuse for pk-init testing + + * appl/gssmask: maggot replacement, handles context testing + + * lib/krb5/cache.c (krb5_cc_new_unique): use KRB5_DEFAULT_CCNAME + as the default prefix + +2006-06-28 Love Hörnquist Åstrand + + * doc/heimdal.texi: Add Doug Rabson's license + +2006-06-22 Love Hörnquist Åstrand + + * lib/krb5/init_creds.c: Add storing and getting KRB-ERROR in the + krb5_get_init_creds_opt structure. + + * lib/krb5/init_creds_pw.c: Save KRB-ERROR on error. + + * lib/krb5/krb5_locl.h (_krb5_get_init_creds_opt_private): add + KRB-ERROR + +2006-06-21 Love Hörnquist Åstrand + + * doc/setup.texi: section about verify_krb5_conf and kadmin check + +2006-06-15 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c (get_init_creds_common): drop cred + argument, its unused + + * lib/krb5/Makefile.am: install krb5_get_creds.3 + + * lib/krb5/krb5_get_creds.3: new file + +2006-06-14 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: don't use the sambaNTPassword if there is + ARCFOUR key already. Idea from Andreas Hasenack. While here, set + pw change time using sambaPwdLastSet + + * kdc/kerberos4.c: Use enable_v4_per_principal and check the new + hdb flag. + + * kdc/kdc.h: Add enable_v4_per_principal + +2006-06-12 Love Hörnquist Åstrand + + * kdc/kerberos5.c (_kdc_as_rep): if kdc_time + + config->kdc_warn_pwexpire is past pw_end, add expiration + message. From Bernard Antoine. + + * kdc/default_config.c (krb5_kdc_default_config): set + kdc_warn_pwexpire to 0 + + * kdc/kerberos5.c: indent. + +2006-06-07 Love Hörnquist Åstrand + + * kdc/kerberos5.c: constify + +2006-06-06 Love Hörnquist Åstrand + + * lib/krb5/get_cred.c: Allow setting additional tickets in the + tgs-req + + * kuser/kgetcred.c: add --delegation-credential-cache + + * kdc/krb5tgs.c (tgs_build_reply): add constrained delegation. + + * kdc/krb5tgs.c: Add impersonation. + + * kuser/kgetcred.c: use new krb5_get_creds interface, add + impersonation. + + * lib/krb5/get_cred.c (krb5_get_creds): add + KRB5_GC_NO_TRANSIT_CHECK + + * lib/krb5/misc.c: Add impersonate support functions. + + * lib/krb5/get_cred.c: Add impersonate and new krb5_get_creds interface. + + * lib/hdb/hdb.asn1 (HDBFlags): add trusted-for-delegation + + * lib/krb5/krb5.h: Add krb5_get_creds_opt_data and some more + KRB5_GC flags. + +2006-06-01 Love Hörnquist Åstrand + + * lib/hdb/ext.c (hdb_entry_get_ConstrainedDelegACL): new function. + + * lib/krb5/pkinit.c: Avoid more shadowing. + + * kdc/connect.c (do_request): clean reply with krb5_data_zero + + * kdc/krb5tgs.c: Split up the reverse cross krbtgt check and local + clien must exists test. + + * kdc/krb5tgs.c: Plug old memory leaks, unify all goto's. + + * kdc/krb5tgs.c: Split tgs_rep2 into tgs_parse_request and + tgs_build_reply. + + * kdc/kerberos5.c: split out krb5 tgs req to make it easier to + reorganize the code. + +2006-05-29 Love Hörnquist Åstrand + + * lib/krb5/krb5_get_init_creds.3: spelling Björn Sandell + + * lib/krb5/krb5_get_in_cred.3: spelling Björn Sandell + +2006-05-13 Love Hörnquist Åstrand + + * kpasswd/kpasswdd.c (change): select the realm based on the + target principal From Gabor Gombas + + * lib/krb5/krb5_get_init_creds.3: Add KRB5_PROMPT_TYPE_INFO + + * lib/krb5/krb5.h: Add KRB5_PROMPT_TYPE_INFO + +2006-05-12 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Hidden field of hx509 prompter is removed. + Fix a warning. + + * doc/setup.texi: Point to more examples, hint that you have to + use openssl 0.9.8a or later. + + * doc/setup.texi: DIR now handles both PEM and DER. + + * kuser/kinit.c: Pass down prompter and password to + krb5_get_init_creds_opt_set_pkinit. + + * lib/krb5/pkinit.c (_krb5_pk_load_id): only use password if its + longer then 0 + + * doc/ack.texi: Add Jason McIntyre. + + * lib/krb5/krb5_acl_match_file.3: Various tweaks, from Jason + McIntyre. + +2006-05-11 Love Hörnquist Åstrand + + * kuser/kinit.c: Move parsing of the PK-INIT configuration file to + the library so application doesn't need to deal with it. + + * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit): move + parsing of the configuration file to the library so application + doesn't need to deal with it. + + * lib/krb5/pkinit.c (_krb5_pk_load_id): pass the hx509_lock to + when trying to read the user certificate. + + * lib/krb5/pkinit.c (hx_pass_prompter): return 0 on success and 1 + on failure. Pointed out by Douglas E. Engert. + +2006-05-08 Love Hörnquist Åstrand + + * lib/krb5/crypto.c: Catches both keyed checkout w/o crypto + context cases and doesn't reset the string, and corrects the + grammar. + + * lib/krb5/crypto.c: Drop aes-cbc, rc2 and CMS padding support, + its all containted in libhcrypto and libhx509 now. + +2006-05-07 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c (_krb5_pk_verify_sign): Use + hx509_get_one_cert. + + * lib/krb5/crypto.c (create_checksum): provide a error message + that a key checksum needs a key. From Andew Bartlett. + +2006-05-06 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Now that hcrypto supports DH, remove check + for hx509 null DH. + + * kdc/pkinit.c: Don't call DH_check_pubkey, it doesn't exists in + older OpenSSL. + + * doc/heimdal.texi: Add blob about imath. + + * doc/ack.texi: Add blob about imath. + + * include/make_crypto.c: Move up evp.h to please OpenSSL, from + Douglas E. Engert. + + * kcm/acl.c: Multicache kcm interation isn't done yet, let wait + with this enum. + +2006-05-05 Love Hörnquist Åstrand + + * lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Björn + Sandell + + * lib/krb5/krb5_rcache.3: Spelling/mdoc from Björn Sandell + + * lib/krb5/krb5_keytab.3: Spelling/mdoc from Björn Sandell + + * lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Björn Sandell + + * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Björn + Sandell + + * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Björn + Sandell + + * lib/krb5/keytab_file.c (fkt_next_entry_int): read the 32 bit + kvno if the reset of the data is longer then 4 bytes in hope to be + forward compatible. Pointed out by Michael B Allen. + + * doc/programming.texi: Add fileformats. + + * appl/test: Rename u_intXX_t to uintXX_t + + * kuser: Rename u_intXX_t to uintXX_t + + * kdc: Rename u_intXX_t to uintXX_t + + * lib/hdb: Rename u_intXX_t to uintXX_t + + * lib/45]: Rename u_intXX_t to uintXX_t + + * lib/krb5: Rename u_intXX_t to uintXX_t + + * lib/krb5/Makefile.am: Add test_store to TESTS + + * lib/krb5/pkinit.c: Catch using hx509 null DH and print a more + useful error message. + + * lib/krb5/store.c: Rewrite the krb5_ret_u as proposed by Johan. + +2006-05-04 Love Hörnquist Åstrand + + * kdc/kerberos4.c: Use the new unsigned integer storage types. + + * kdc/kaserver.c: Use the new unsigned integer storage + types. Sprinkle some error handling. + + * lib/krb5/krb5_storage.3: Document ret and store function for the + unsigned fixed size integer types. + + * lib/krb5/v4_glue.c: Use the new unsigned integer storage + types. Fail that the address doesn't match, not the reverse. + + * lib/krb5/store.c: Add ret and store function for the unsigned + fixed size integer types. + + * lib/krb5/test_store.c: Test the integer storage types. + +2006-05-03 Love Hörnquist Åstrand + + * lib/krb5/store.c (krb5_store_principal): make it take a + krb5_const_principal, indent + + * lib/krb5/krb5_storage.3: krb5_store_principal takes a + krb5_const_principal + + * lib/krb5/pkinit.c: Deal with that hx509_prompt.reply is no + longer a pointer. + + * kdc/kdc.h (krb5_kdc_configuration): add pkinit_kdc_ocsp_file + + * kdc/config.c: read [kdc]pki-kdc-ocsp + +2006-05-02 Love Hörnquist Åstrand + + * kdc/pkinit.c (_kdc_pk_mk_pa_reply): send back ocsp response if + it seems to be valid, simplfy the pkinit-windows DH case (it + doesn't exists). + +2006-05-01 Love Hörnquist Åstrand + + * lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Björn Sandell. + + * lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Björn + Sandell. + + * lib/krb5/krb5_verify_init_creds.3: Spelling/mdoc changes, from + Björn Sandell. + + * lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Björn + Sandell. + + * lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Björn + Sandell. + + * lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Björn + Sandell. + + * lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Björn + Sandell. + + * lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Björn + Sandell. + + * lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Björn + Sandell. + + * lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Björn + Sandell. + + * lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Björn + Sandell. + + * lib/krb5/krb5_is_thread_safe.3: Spelling/mdoc changes, from + Björn Sandell. + + * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, + from Björn Sandell. + + * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, + from Björn Sandell. + + * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc changes, from + Björn Sandell. + + * lib/krb5/krb5_check_transited.3: Spelling/mdoc changes, from + Björn Sandell. + + * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc changes, from + Björn Sandell. + + * lib/krb5/krb5_address.3: Spelling/mdoc changes, from + Björn Sandell. + + * lib/krb5/krb5_acl_match_file.3: Spelling/mdoc changes, from + Björn Sandell. + + * lib/krb5/krb5.3: Spelling, from Björn Sandell. + + * doc/ack.texi: add Björn + +2006-04-30 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c (cert2epi): don't include subject if its null + +2006-04-29 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Send over what trust anchors the client have + configured. + + * lib/krb5/pkinit.c (pk_verify_host): set better error string, + only check kdc name/address when we got a hostname/address passed + in the the function. + + * kdc/pkinit.c (_kdc_pk_check_client): reorganize and make log + when a SAN matches. + +2006-04-28 Love Hörnquist Åstrand + + * doc/setup.texi: More options and some text about windows + clients, certificate and KDCs. + + * doc/setup.texi: notice about pki-mappings file space sensitive + + * doc/setup.texi: Example pki-mapping file. + + * lib/krb5/pkinit.c (pk_verify_host): verify hostname/address + + * lib/hdb/hdb.h: Bump hdb interface version to 4. + +2006-04-27 Love Hörnquist Åstrand + + * kuser/kdestroy.1: Document --credential=principal. + + * kdc/kerberos5.c (tgs_rep2): check that the client exists in the + kerberos database if its local request. + + * kdc/{misc.c,524.c,kaserver.c,kerberos5.c}: pass down HDB_F_GET_ + flags as appropriate + + * kdc/kerberos4.c (_kdc_db_fetch4): pass down flags though + krb5_425_conv_principal_ext2 + + * kdc/misc.c (_kdc_db_fetch): Break out the that we request from + principal from the entry and pass it in as a seprate argument. + + * lib/hdb/keytab.c (hdb_get_entry): Break out the that we request + from principal from the entry and pass it in as a seprate + argument. + + * lib/hdb/common.c: Break out the that we request from principal + from the entry and pass it in as a seprate argument. + + * lib/hdb/hdb.h: Break out the that we request from principal from + the entry and pass it in as a seprate argument. Add more flags to + ->hdb_get(). Re-indent. + +2006-04-26 Love Hörnquist Åstrand + + * doc/setup.texi: document pki-allow-proxy-certificate + + * kdc/pkinit.c: Add option [kdc]pki-allow-proxy-certificate=bool + to allow using proxy certificate. + + * lib/krb5/pkinit.c (_krb5_pk_allow_proxy_certificates): expose + hx509_verify_set_proxy_certificate + + * kdc/pkinit.c (_kdc_pk_check_client): Use + hx509_cert_get_base_subject to get subject name of the + certificate, needed for proxy certificates. + + * kdc/kerberos5.c: Now that find_keys speaks for it self, remove + extra logging. + + * kdc/kerberos5.c (find_keys): add client_name and server_name + argument and use them, and adapt callers. + +2006-04-25 Love Hörnquist Åstrand + + * kuser/kinit.1: document option password-file + + * kuser/kinit.c: Add option password-file, read password from the + first line of a file. + + * configure.in: make tests/kdc/Makefile + + * kdc/kerberos5.c: Catch the case where the client sends no + encryption types or no pa-types. + + * lib/hdb/ext.c (hdb_replace_extension): set error message on + failure, not success. + + * lib/hdb/keys.c (parse_key_set): handle error case better + (hdb_generate_key_set): return better error + +2006-04-24 Love Hörnquist Åstrand + + * lib/hdb/hdb.c (hdb_create): print out what we don't support + + * lib/krb5/principal.c: Remove a double free introduced in 1.93 + + * lib/krb5/log.c (log_file): reset pointer to freed memory + + * lib/krb5/keytab_keyfile.c (get_cell_and_realm): reset d->cell to + make sure its not refereced + + * tools/krb5-config.in: libhcrypto might depend on libasn1, switch + order + + * lib/krb5/recvauth.c: indent + + * doc/heimdal.texi: Add Setting up PK-INIT to Detailed Node + Listing. + + * lib/krb5/pkinit.c: Pass down realm to pk_verify_host so the + function can verify the certificate is from the right realm. + + * lib/krb5/init_creds_pw.c: Pass down realm to + _krb5_pk_rd_pa_reply + +2006-04-23 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c (pk_verify_host): Add begining of finding + subjectAltName_otherName pk-init-san and verifing it. + + * lib/krb5/sendauth.c: reindent + + * doc/Makefile.am: use --no-split to make one large file, mostly + for html + + * doc/setup.texi: "document" pkinit_require_eku and + pkinit_require_krbtgt_otherName + + * lib/krb5/pkinit.c: Add pkinit_require_eku and + pkinit_require_krbtgt_otherName + + * doc/setup.texi: Add text about pk-init + + * tools/kdc-log-analyze.pl: count v5 cross realms too + +2006-04-22 Love Hörnquist Åstrand + + * kdc/pkinit.c: Adapt to change in hx509_cms_create_signed_1. + + * lib/krb5/pkinit.c: Adapt to change in hx509_cms_create_signed_1. + +2006-04-20 Love Hörnquist Åstrand + + * kdc/pkinit.c (_kdc_pk_rd_padata): use + hx509_cms_unwrap_ContentInfo. + + * kdc/config.c: unbreak + + * lib/krb5/pkinit.c: Handle diffrences between libhcrypto and + libcrypto. + + * kdc/config.c: Rename pki-chain to pki-pool to match rest of + code. + +2006-04-12 Love Hörnquist Åstrand + + * lib/krb5/rd_priv.c: Fix argument to krb5_data_zero. + + * kdc/config.c: Added certificate revoke information from + configuration file. + + * kdc/pkinit.c: Added certificate revoke information. + + * kuser/kinit.c: Added certificate revoke information from + configuration file. + + * lib/krb5/pkinit.c (_krb5_pk_load_id): Added certificate revoke + information, ie CRL's + +2006-04-10 Love Hörnquist Åstrand + + * lib/krb5/replay.c (krb5_rc_resolve_full): make compile again. + + * lib/krb5/keytab_krb4.c (krb4_kt_start_seq_get_int): make compile + again. + + * lib/krb5/transited.c (make_path): make sure we return allocated + memory Coverity, NetBSD CID#1892 + + * lib/krb5/transited.c (make_path): make sure we return allocated + memory Coverity, NetBSD CID#1892 + + * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): on + protocol failure, avoid leaking memory Coverity, NetBSD CID#1900 + + * lib/krb5/principal.c (krb5_parse_name): remember to free realm + in case of error Coverity, NetBSD CID#1883 + + * lib/krb5/principal.c (krb5_425_conv_principal_ext2): remove + memory leak in case of weird formated dns replys. + Coverity, NetBSD CID#1885 + + * lib/krb5/replay.c (krb5_rc_resolve_full): don't return pointer + to a allocated krb5_rcache in case of error. + + * lib/krb5/log.c (krb5_addlog_dest): free fn in case of error + Coverity, NetBSD CID#1882 + + * lib/krb5/keytab_krb4.c: Fix deref before NULL check, fix error + handling. Coverity, NetBSD CID#2369 + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): + in_creds->client should always be set, assume so. + + * lib/krb5/keytab_any.c (any_next_entry): restructure to make it + easier to read Fixes Coverity, NetBSD CID#625 + + * lib/krb5/crypto.c (krb5_string_to_key_derived): deref after NULL + check. Coverity NetBSD CID#2367 + + * lib/krb5/build_auth.c (krb5_build_authenticator): use + calloc. removed check that was never really used. Coverity NetBSD + CID#2370 + +2006-04-09 Love Hörnquist Åstrand + + * lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket´ + points to NULL in case of error, add error handling, use calloc. + + * kpasswd/kpasswdd.c (doit): when done, close all fd in the + sockets array and free it. Coverity NetBSD CID#1916 + +2006-04-08 Love Hörnquist Åstrand + + * lib/krb5/store.c (krb5_ret_principal): fix memory leak Coverity, + NetBSD CID#1695 + + * kdc/524.c (_kdc_do_524): Handle memory allocation failure + Coverity, NetBSD CID#2752 + +2006-04-07 Love Hörnquist Åstrand + + * lib/krb5/keytab_file.c (krb5_kt_ret_principal): plug a memory + leak Coverity NetBSD CID#1890 + + * kdc/hprop.c (main): make sure type doesn't need to be set + + * kdc/mit_dump.c (mit_prop_dump): close fd when done processing + Coverity NetBSD CID#1955 + + * kdc/string2key.c (tokey): catch warnings, free memory after use. + Based on Coverity NetBSD CID#1894 + + * kdc/hprop.c (main): remove dead code. Coverity NetBSD CID#633 + +2006-04-04 Love Hörnquist Åstrand + + * kpasswd/kpasswd-generator.c (read_words): catch empty file case, + will cause PBE (division by zero) later. From Tobias Stoeckmann. + +2006-04-02 Love Hörnquist Åstrand + + * lib/hdb/keytab.c: Remove a delta from last revision that should + have gone in later. + + * lib/krb5/krbhst.c: fix spelling + + * lib/krb5/send_to_kdc.c (send_and_recv_http): don't expose freed + pointer, found by IBM checker. + + * lib/krb5/rd_cred.c (krb5_rd_cred): don't expose freed pointer, + found by IBM checker. + + * lib/krb5/addr_families.c (krb5_make_addrport): clear return + value on error, found by IBM checker. + + * kdc/kerberos5.c (check_addresses): treat netbios as no addresses + + * kdc/{kerberos4,kaserver}.c: _kdc_check_flags takes hdb_entry_ex + + * kdc/kerberos5.c (_kdc_check_flags): make it take hdb_entry_ex to + avoid ?:'s at callers + + * lib/krb5/v4_glue.c: Avoid using free memory, found by IBM + checker. + + * lib/krb5/transited.c (expand_realm): avoid passing NULL to + strlen, found by IBM checker. + + * lib/krb5/rd_cred.c (krb5_rd_cred): avoid a memory leak on malloc + failure, found by IBM checker. + + * lib/krb5/krbhst.c (_krb5_krbhost_info_move): replace a strcpy + with a memcpy + + * lib/krb5/keytab_keyfile.c (get_cell_and_realm): plug a memory + leak, found by IBM checker. + + * lib/krb5/keytab_file.c (fkt_next_entry_int): remove a + dereferencing NULL pointer, found by IBM checker. + + * lib/krb5/init_creds_pw.c (init_creds_init_as_req): in AS-REQ the + cname must always be given, don't avoid that fact and remove a + cname == NULL case. Plugs a memory leak found by IBM checker. + + * lib/krb5/init_creds_pw.c (default_s2k_func): avoid exposing + free-ed memory on error. Found by IBM checker. + + * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): use + calloc to avoid uninitialized memory problem. + + * lib/krb5/data.c (krb5_copy_data): avoid exposing free-ed memory + on error. Found by IBM checker. + + * lib/krb5/fcache.c (fcc_gen_new): fix a use after free, found by + IBM checker. + + * lib/krb5/config_file.c (krb5_config_vget_strings): IBM checker + thought it found a memory leak, it didn't, but there was another + error in the code, lets fix that instead. + + * lib/krb5/cache.c (_krb5_expand_default_cc_name): plug memory + leak. Found by IBM checker. + + * lib/krb5/cache.c (_krb5_expand_default_cc_name): avoid return + pointer to freed memory in the error case. Found by IBM checker. + + * lib/hdb/keytab.c (hdb_resolve): off by one, found by IBM + checker. + + * lib/hdb/keys.c (hdb_generate_key_set): set ret_key_set before + going into the error clause and freeing key_set. Found by IBM + checker. Make sure ret == 0 after of parse error, we catch the + "no entries parsed" case later. + + * lib/krb5/log.c (krb5_addlog_dest): make string length match + strings in strcasecmp. Found by IBM checker. + +2006-03-30 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c (LDAP_message2entry): in declaration set + variable_name as "hdb_entry_ex" + (hdb_ldap_common): change "arg" in condition (if) to "search_base" + (hdb_ldapi_create): change "serach_base" to "search_base" From + Alex V. Labuta. + + * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit); fix + prototype + + * kuser/kinit.c: Add pool of certificates to help certificate path + building for clients sending incomplete path in the signedData. + +2006-03-28 Love Hörnquist Åstrand + + * kdc/pkinit.c: Add pool of certificates to help certificate path + building for clients sending incomplete path in the signedData. + + * lib/krb5/pkinit.c: Add pool of certificates to help certificate + path building for clients sending incomplete path in the + signedData. + +2006-03-27 Love Hörnquist Åstrand + + * kdc/config.c: Allow passing in related certificates used to + build the chain. + + * kdc/pkinit.c: Allow passing in related certificates used to + build the chain. + + * kdc/kerberos5.c (log_patype): Add case for + KRB5_PADATA_PA_PK_OCSP_RESPONSE. + + * tools/Makefile.am: Spelling + + * tools/krb5-config.in: Add hx509 when using PK-INIT. + + * tools/Makefile.am: Add hx509 when using PK-INIT. + +2006-03-26 Love Hörnquist Åstrand + + * lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS + X Kerberos.app problems. + + * lib/krb5/krb5_ccapi.h: Add ticket flags definitions + + * lib/krb5/pkinit.c: Use less openssl, spell chelling. + + * kdc/pkinit.c (pk_mk_pa_reply_dh): encode the DH public key with + asn1 wrapping + + * configure.in (AC_CONFIG_FILES): add lib/hx509/Makefile + + * lib/Makefile.am: Add hx509. + + * lib/krb5/Makefile.am: Add libhx509.la when PKINIT is used. + + * configure.in: define automake PKINIT variable + + * kdc/pkinit.c: Switch to hx509. + + * lib/krb5/pkinit.c: Switch to hx509. + +2006-03-24 Love Hörnquist Åstrand + + * kdc/kerberos5.c (log_patypes): log the patypes requested by the + client + +2006-03-23 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the + req_buffer in the w2k case too. From Douglas E. Engert. + +2006-03-19 Love Hörnquist Åstrand + + * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto + error handling. Fixes Coverity NetBSD CID 2591 by catching a + failing krb5_copy_keyblock() + +2006-03-17 Love Hörnquist Åstrand + + * lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in + address when free-ing. Fixes Coverity NetBSD bug #2605 + (krb5_parse_address): reset val,len before possibly return errors + Fixes Coverity NetBSD bug #2605 + +2006-03-07 Love Hörnquist Åstrand + + * lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but + make sure nbytes > 0 + + * lib/krb5/get_for_creds.c (add_addrs): handle the case where + addr->len == 0 and n == 0, then realloc might return NULL. + + * lib/krb5/crypto.c (decrypt_*): handle the case where the + plaintext is 0 bytes long, realloc might then return NULL. + +2006-02-28 Love Hörnquist Åstrand + + * lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived. + + * lib/krb5/krb5.3: Remove krb5_string_to_key_derived. + + * lib/krb5/crypto.c (AES_string_to_key): drop _krb5_PKCS5_PBKDF2 + and use PKCS5_PBKDF2_HMAC_SHA1 instead. + + * lib/krb5/aes-test.c: reformat, avoid free-ing un-init'd memory + + * lib/krb5/aes-test.c: Only use PKCS5_PBKDF2_HMAC_SHA1. + +2006-02-27 Johan Danielsson + + * doc/setup.texi: remove cartouches - we don't use them anywhere + else, they should be around the example, not inside it, and + probably shouldn't be used in html at all + +2006-02-18 Love Hörnquist Åstrand + + * lib/krb5/krb5_warn.3: Document that applications want to use + krb5_get_error_message, add example. + +2006-02-16 Love Hörnquist Åstrand + + * lib/krb5/crypto.c (krb5_generate_random_block): check return + value from RAND_bytes + + * lib/krb5/error_string.c: Change indentation, update (c) + +2006-02-14 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when + compiling w/o pkinit. + +2006-02-13 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: update to new paChecksum definition, update + the dhgroup handling + + * kdc/pkinit.c: update to new paChecksum definition, use + hdb_entry_ex + +2006-02-09 Love Hörnquist Åstrand + + * lib/krb5/krb5_locl.h: Move Configurable options to last in the + file. + + * lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef + +2006-02-03 Love Hörnquist Åstrand + + * kpasswd/kpasswdd.c: Send back a better error-message to the + client in case the password change was rejected. + + * lib/krb5/krb5_warn.3: Document krb5_get_error_message. + + * lib/krb5/error_string.c (krb5_get_error_message): new function, + and combination of krb5_get_error_string and krb5_get_err_text + + * lib/krb5/krb5.3: sort, and krb5_get_error_message + + * lib/hdb/hdb-ldap.c: Log the filter string to the error message + when doing searches. + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): + Use KRB5_ADDRESSLESS_DEFAULT when + checking [appdefault]no-addresses. + + * lib/krb5/get_cred.c (get_cred_from_kdc_flags): Use + KRB5_ADDRESSLESS_DEFAULT when checking + [appdefault]no-addresses. + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): + Use [appdefault]no-addresses before checking if the krbtgt is + address-less, use KRB5_ADDRESSLESS_DEFAULT. + + * lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that + controlls all address-less behavior. Defaults to false. + +2006-02-01 Love Hörnquist Åstrand + + * lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION + + * lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE + failes to produce the matching lenghts. + +2006-01-27 Love Hörnquist Åstrand + + * kcm/protocol.c (kcm_op_retrieve): remove unused variable + +2006-01-15 Love Hörnquist Åstrand + + * tools/krb5-config.in: Move depenency on @LIB_dbopen@ to + kadm-server, kerberos library doesn't depend on db-library. + +2006-01-13 Love Hörnquist Åstrand + + * include/Makefile.am: Don't clean crypto headers, they now live + in hcrypto/. Add hcrypto to SUBDIRS. + + * include/hcrypto/Makefile.am: clean installed headers + + * include/make_crypto.c: include crypto headers from hcrypto/ + + * include/make_crypto.c: Include more crypto headerfiles. Remove + support for old hash names. + +2006-01-02 Love Hörnquist Åstrand + + * kdc/misc.c (_kdc_db_fetch): use calloc to allocate the entry, + from Andrew Bartlet. + + * Happy New Year. diff --git a/crypto/external/bsd/heimdal/dist/ChangeLog.2007 b/crypto/external/bsd/heimdal/dist/ChangeLog.2007 new file mode 100644 index 000000000..60c95459f --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/ChangeLog.2007 @@ -0,0 +1,1321 @@ +2007-12-28 Love Hörnquist Åstrand + + * kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the + type2 message. + +2007-12-14 Love Hörnquist Åstrand + + * lib/hdb/dbinfo.c: Add hdb_default_db(). + + * Makefile.am: Add some extra cf/*. + +2007-12-12 Love Hörnquist Åstrand + + * kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov. + +2007-12-09 Love Hörnquist Åstrand + + * kdc/log.c: Use hdb_db_dir(). + + * kpasswd/kpasswdd.c: Use hdb_db_dir(). + +2007-12-08 Love Hörnquist Åstrand + + * kdc/config.c: Use hdb_db_dir(). + + * kdc/kdc_locl.h: add KDC_LOG_FILE + + * kdc/hpropd.c: Use hdb_default_db(). + + * kdc/kstash.c: Use hdb_db_dir(). + + * kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir(). + + * lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check. + + * lib/krb5/verify_krb5_conf.c: Check check_pac. + + * lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac + field in the krb5_rd_req_in_ctx + + * lib/krb5/expand_hostname.c: Adapt to changing + dns_canonicalize_hostname into flags field. + + * lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname + into flags field, add check-pac as an libdefaults option. + + * lib/krb5/pkinit.c: Adapt to changes in hx509 interface. + + * doc: add doxygen documentation to hcrypto + + * doc/doxytmpl.dxy: generate links + +2007-12-07 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h + + * lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the + hdb database resides. + + * configure.in: Add --with-hdbdir to specify where the database is + stored. + + * lib/krb5/crypto.c: revert previous patch, the problem is located + in the RAND_file_name() function that will cause recursive nss + lookups, can't fix that here. + +2007-12-06 Love Hörnquist Åstrand + + * lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the + dead-lock in by not holding the lock while running + RAND_file_name. Prompted by Hai Zaar. + + * lib/krb5/n-fold.c: spelling + +2007-12-04 Love Hörnquist Åstrand + + * kuser/kdigest.c (digest-probe): implement command. + + * kuser/kdigest-commands.in (digest-probe): new command + + * kdc/digest.c: Implement supportedMechs request. + + * lib/krb5/error_string.c: Make krb5_get_error_string return an + allocated string to make the function indempotent. From + Zeqing (Fred) Xia. + +2007-12-03 Love Hörnquist Åstrand + + * lib/krb5/krb5_locl.h (krb5_context_data): Flag if + default_cc_name was set by the user. + + * lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate. + + * kcm/acquire.c: use krb5_free_cred_contents + + * kuser/kimpersonate.c: use krb5_free_cred_contents + + * kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the + cred cache. + + * lib/krb5/cache.c: Put back code that was needed, move gen_new + into new_unique. + + * lib/krb5/mcache.c (mcc_default_name): Remove const + + * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine + KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE + + * lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the + default name. + + * lib/krb5/kcm.c: Implement krb5_cc_ops->default_name. + + * lib/krb5/mcache.c: Implement krb5_cc_ops->default_name. + + * lib/krb5/fcache.c: Implement krb5_cc_ops->default_name. + + * lib/krb5/krb5.h: Add krb5_cc_ops->default_name. + + * lib/krb5/acache.c: Free context when done, implement + krb5_cc_ops->default_name. + + * lib/krb5/kcm.c: implement dummy kcm_move + + * lib/krb5/mcache.c: Implement the move operation. + + * lib/krb5/version-script.map: export krb5_cc_move + + * lib/krb5/cache.c: New function krb5_cc_move(). + + * lib/krb5/fcache.c: Implement the move operation. + + * lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major + version bump. + + * lib/krb5/acache.c: Implement the move operation. Avoid using + cc_set_principal() since it broken on Mac OS X 10.5.0. + +2007-12-02 Love Hörnquist Åstrand + + * lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow. + +2007-11-14 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: Should pass different key usage constants + depending on whether or not optional sub-session key was passed by + the client for the check of authorization data. The constant is + used to derive "specific key" and its values are specified in + 7.5.1 of RFC4120. + + Patch from Andy Polyakov. + + * kdc/krb5tgs.c: Don't send auth data in referrals, microsoft + clients have started to not like that. Thanks to Andy Polyakov for + excellent research. + +2007-11-11 Love Hörnquist Åstrand + + * lib/krb5/creds.c: use krb5_data_cmp + + * lib/krb5/acache.c: use krb5_free_cred_contents + + * lib/krb5/test_renew.c: use krb5_free_cred_contents + +2007-11-10 Love Hörnquist Åstrand + + * lib/krb5/acl.c: doxygen documentation + + * lib/krb5/addr_families.c: doxygen documentation + + * doc: add doxygen + + * lib/krb5/plugin.c: doxygen documentation + + * lib/krb5/kcm.c: doxygen documentation + + * lib/krb5/fcache.c: doxygen documentation + + * lib/krb5/cache.c: doxygen documentations + + * lib/krb5/doxygen.c: doxygen introduction + + * lib/krb5/error_string.c: Doxygen documentation. + +2007-11-03 Love Hörnquist Åstrand + + * lib/krb5/test_plugin.c: expose krb5_plugin_register + + * lib/krb5/plugin.c: expose krb5_plugin_register + + * lib/krb5/version-script.map: sort, expose krb5_plugin_register + +2007-10-24 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Adding same enctype is enough one time. From + Andy Polyakov and Bjorn Sandell. + +2007-10-18 Love + + * lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value + from krb5_cc_start_seq_get. From Zeqing (Fred) Xia + + * lib/krb5/fcache.c (init_fcc): provide better error codes + + * kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid + sending warning about pruned etypes. + + * kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour + based) "old", this to support windows 2000 clients (unjoined to a + domain). From Andy Polyakov. + +2007-10-07 Love Hörnquist Åstrand + + * doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell. + +2007-10-04 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA + Ken'ichi. + + * lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is + NULL on failure. + +2007-10-03 Love Hörnquist Åstrand + + * kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from + krb5_addr2sockaddr and igore thte test is that case. + +2007-09-29 Love Hörnquist Åstrand + + * lib/krb5/context.c (krb5_free_context): free + default_cc_name_env, from Gunther Deschner. + +2007-08-27 Love Hörnquist Åstrand + + * lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make + work with c++, reported by Hai Zaar + + * lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar + +2007-08-20 Love Hörnquist Åstrand + + * lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema + +2007-07-31 Love Hörnquist Åstrand + + * check return value of alloc functions, from Charles Longeau + + * lib/krb5/principal.c: spelling. + + * kadmin/kadmin.8: spelling + + * lib/krb5/crypto.c: Check return values from alloc + functions. Prompted by patch of Charles Longeau. + + * lib/krb5/n-fold.c: Make _krb5_n_fold return a error + code. Prompted by patch of Charles Longeau. + +2007-07-27 Love Hörnquist Åstrand + + * lib/krb5/init_creds.c: Always set the ticket options, use + KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset + tri-state not so useful. + +2007-07-24 Love Hörnquist Åstrand + + * tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of + libraries. + + * tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in + heimdal. + + * tools/Makefile.am: Add heimdal-gssapi.pc and install it into + $(libdir)/pkgconfig + +2007-07-23 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default. + +2007-07-22 Love Hörnquist Åstrand + + * lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as + key if the entry is a correct entry. + + * lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from + Gunther Deschner. + + * lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS. + + * lib/krb5/test_renew.c: Test for krb5_get_renewed_creds. + +2007-07-21 Love Hörnquist Åstrand + + * lib/hdb/keys.c: Make parse_key_set handle key set string "v5", + from Peter Meinecke. + + * kdc/kaserver.c: Don't ovewrite the error code, from Peter + Meinecke. + +2007-07-18 Love Hörnquist Åstrand + + * TODO-1.0: remove + + * Makefile.am: remove TODO-1.0 + +2007-07-17 Love Hörnquist Åstrand + + * Heimdal 1.0 release branch cut here + + * doc/hx509.texi: use version.texi + + * doc/heimdal.texi: use version.texi + + * doc/version.texi: version.texi + + * lib/hdb/db3.c: avoid type-punned pointer warning. + + * kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to + please OpenSSL and gcc. + + * kdc/digest.c: Use unsigned char * as argument to MD5_Update to + please OpenSSL and gcc. + +2007-07-16 Love Hörnquist Åstrand + + * include/Makefile.am: Add krb_err.h. + + * kdc/set_dbinfo.c: Print acl file too. + + * kdc/kerberos4.c: Error codes are just fine, remove XXX now. + + * lib/krb5/krb5-v4compat.h: Drop duplicate error codes. + + * kdc/kerberos4.c: switch to ET errors. + + * lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ. + + * lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the + et BASE. + +2007-07-15 Love Hörnquist Åstrand + + * lib/krb5/krb5-v4compat.h: Include "krb_err.h". + + * lib/krb5/v4_glue.c: return more interesting error codes. + + * lib/krb5/plugin.c: Prefix enum plugin_type. + + * lib/krb5/krb5_locl.h: Expose plugin structures. + + * lib/krb5/krb5.h: Add plugin structures. + + * lib/krb5/krb_err.et: V4 errors. + + * lib/krb5/version-script.map: First version of version script. + +2007-07-13 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Java 1.6 expects the name to be the same type, + lets allow that for uncomplicated name-types. + +2007-07-12 Love Hörnquist Åstrand + + * lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains + address 0, its ticket less and don't really care about + from_addr. return better error codes. + + * kpasswd/kpasswdd.c: Fix pointer vs strict alias rules. + +2007-07-11 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding + more then one enctype 23 to krb5EncryptionType. + + * lib/krb5/cache.c: Spelling. + + * kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO. + (get_pa_etype_info2): return the enctypes as sorted in the + database + +2007-07-10 Love Hörnquist Åstrand + + * kuser/kinit.c: krb5-v4compat.h defines prototypes for + v4 (semiprivate functions) in libkrb5, don't include + krb5-private.h any longer. + + * lib/krb5/krbhst.c: Set error string when there is no KDC for a + realm. + + * lib/krb5/Makefile.am: New library version. + + * kdc/Makefile.am: New library version. + + * lib/krb5/krb5_locl.h: Add default_cc_name_env. + + * lib/krb5/cache.c (enviroment_changed): return non-zero if + enviroment that will determine default krb5cc name has changed. + (krb5_cc_default_name): also check if cached value is uptodate. + + * lib/krb5/krb5_locl.h: Drop pkinit_flags. + +2007-07-05 Love Hörnquist Åstrand + + * configure.in: add tests/java/Makefile + + * lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file. + +2007-07-04 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Improve the default salt detection to avoid + returning v4 password salting to java that doesn't look at the + returning padata for salting. + + * kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett + +2007-07-02 Love Hörnquist Åstrand + + * kdc/digest.c: Try harder to provide better error message for + digest messages. + + * lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on + krb5-pr*.h, make -j finds this. + +2007-06-28 Love Hörnquist Åstrand + + * kdc/digest.c: On success, print username, not ip-adress. + +2007-06-26 Love Hörnquist Åstrand + + * lib/krb5/get_cred.c: Add krb5_get_renewed_creds. + + * lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds + + * lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo. + +2007-06-25 Love Hörnquist Åstrand + + * doc/setup.texi: Add example for pkinit_win2k_require_binding + in [kdc] section. + + * kdc/default_config.c: Rename require_binding to + win2k_require_binding to match client configuration. + + * kdc/default_config.c: Add [kdc]pkinit_require_binding option. + + * kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply + if its not required. + + * kdc/default_config.c: rename pkinit_princ_in_cert and add + pkinit_require_binding + + * kdc/kdc.h: rename pkinit_princ_in_cert and add + pkinit_require_binding + + * kdc/pkinit.c: rename pkinit_princ_in_cert + +2007-06-24 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change. + +2007-06-21 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: Drop unused variable. + + * kdc/krb5tgs.c: disable anonyous tgs requests + + * kdc/krb5tgs.c: Don't check PAC on cross realm for now. + + * kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse + nametypes. + + * lib/krb5/krb5_principal.3: Document krb5_parse_nametype. + + * lib/krb5/principal.c (krb5_parse_nametype): parse nametype and + return their integer values. + + * lib/krb5/krb5.h (krb5_get_creds): Add + KRB5_GC_CONSTRAINED_DELEGATION. + + * lib/krb5/get_cred.c (krb5_get_creds): if + KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous + and constrained_delegation. + +2007-06-20 Love Hörnquist Åstrand + + * kdc/digest.c: Return an error message instead of dropping the + packet for more failure cases. + + * lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY. + + * appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more + gracefully + +2007-06-18 Love Hörnquist Åstrand + + * lib/krb5/pac.c: make compile. + + * lib/krb5/pac.c (verify_checksum): memset cksum to avoid using + pointer from stack. + + * lib/krb5/plugin.c: Don't expose free pointer. + + * lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first + calloc. + + * lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory + + * lib/krb5/krbhst.c: Host is static memory, don't free. + + * lib/krb5/crypto.c (decrypt_internal_derived): make sure length + is longer then confounder + checksum. + + * kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from + users. This to allows libkdc users to to specify their own + databases + + * lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of + content data (and avoid leaking memory). + + * kdc/misc.c (_kdc_db_fetch): set error string for failures. + +2007-06-15 Love Hörnquist Åstrand + + * kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS. + +2007-06-13 Love Hörnquist Åstrand + + * kdc/pkinit.c: tell user when they got a pk-init request with + pkinit disabled. + +2007-06-12 Love Hörnquist Åstrand + + * lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to + UNPARSE_DISPLAY. + + * lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY. + + * lib/krb5/principal.c: Make no-quote mean replace strange chars + with space. + + * lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. + + * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. + + * lib/krb5/test_princ.c: Test quoteing. + + * lib/krb5/pkinit.c: update (c) + + * lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC. + + * lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole + process needs to restart or just skip this KDC. + + * lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to + KDC. + + * lib/krb5/krb5.h: Add sendto hooks and opaque structure. + + * lib/krb5/krb5_rd_error.3: Update prototype. + + * lib/krb5/send_to_kdc.c: Add hooks for processing the reply from + the server. + +2007-06-11 Love Hörnquist Åstrand + + * lib/krb5/krb5_err.et: Some new error codes from RFC 4120. + +2007-06-09 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: Constify. + + * kdc/kerberos5.c: Constify. + + * kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify. + +2007-06-08 Love Hörnquist Åstrand + + * include/Makefile.am: Make krb5-types.h nodist_include_HEADERS. + + * kdc/Makefile.am: EXTRA_DIST += version-script.map. + +2007-06-07 Love Hörnquist Åstrand + + * Makefile.am (print-distdir): print name of dist + + * kdc/pkinit.c: Break out loading of mappings file to a separate + function and remove warning that it can't open the mapping file, + there are now mappings in the db, maybe the users uses that + instead... + + * lib/krb5/crypto.c: Require the raw key have the correct size and + do away with the minsize. Minsize was a thing that originated + from RC2, but since RC2 is done in the x509/cms subsystem now + there is no need to keep that around. + + * lib/hdb/dbinfo.c: If there is no default dbname, also check for + unset mkey_file and set it default mkey name, make backward compat + stuff work. + + * kdc/version-script.map: add new symbols + + * kdc/kdc-replay.c: Also update krb5_context view of what the time + is. + + * configure.in: add tests/can/Makefile + + * kdc/kdc-replay.c: Add --[version|help]. + + * kdc/pkinit.c: Push down the kdc time into the x509 library. + + * kdc/connect.c: Move up krb5_kdc_save_request so we can catch the + reply data too. + + * kdc/kdc-replay.c: verify reply by checking asn1 class, type and + tag of the reply if there is one. + + * kdc/process.c: Save asn1 class, type and tag of the reply if + there is one. Used to verify the reply in kdc-replay. + +2007-06-06 Love Hörnquist Åstrand + + * kdc/kdc_locl.h: extern for request_log. + + * kdc/Makefile.am: Add kdc-replay. + + * kdc/kdc-replay.c: Replay kdc messages to the KDC library. + + * kdc/config.c: Pick up request_log from [kdc]kdc-request-log. + + * kdc/connect.c: Option to save the request to disk. + + * kdc/process.c (krb5_kdc_save_request): save request to file. + + * kdc/process.c (krb5_kdc_process*): dont update _kdc_time + automagicly. + (krb5_kdc_update_time): set or get current kdc-time. + + * kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and + pkauthdata as the signeddata oid + + * kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong. + +2007-06-05 Love Hörnquist Åstrand + + * kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to + match windows DC behavior better. + +2007-06-04 Love Hörnquist Åstrand + + * configure.in: use test for -framework Security + + * appl/test/uu_server.c: Print status to stdout. + + * kdc/digest.c (digest ntlm): provide log entires by setting ret + to an error. + +2007-06-03 Love Hörnquist Åstrand + + * doc/hx509.texi: Indent crl-sign. + + * doc/hx509.texi: One more crl-sign example. + + * lib/krb5/test_princ.c: plug memory leaks. + + * lib/krb5/pac.c: plug memory leaks. + + * lib/krb5/test_pac.c: plug memory leaks. + + * lib/krb5/test_prf.c: plug memory leak. + + * lib/krb5/test_cc.c: plug memory leaks. + + * doc/hx509.texi: Simple blob about publishing CRLs. + + * doc/win2k.texi: drop text about enctypes. + +2007-06-02 Love Hörnquist Åstrand + + * kdc/pkinit.c: In case of OCSP verification failure, referash + every 5 min. In case of success, refreash 2 min before expiring or + faster. + +2007-05-31 Love Hörnquist Åstrand + + * lib/krb5/krb5_err.et: add error 68, WRONG_REALM + + * kdc/pkinit.c: Handle the ms san in a propper way, still cheat + with the realm name. + + * kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out + directly and hand the error back to the client. + + * lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE + and fix error message for CLIENT_NAME_MISMATCH. + + * kdc/pkinit.c: More logging for pk-init client mismatch. + + * kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for + windows pk-init (-9) to make MIT clients happy. + +2007-05-30 Love Hörnquist Åstrand + + * kdc/pkinit.c: Force des3 for win2k. + + * kdc/pkinit.c: Add wrapping to ContentInfo wrapping to + COMPAT_WIN2K. + + * lib/krb5/keytab_keyfile.c: Spelling. + + * kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta + doesn't deal with case of realm. + +2007-05-16 Love Hörnquist Åstrand + + * lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead + of encryption. + +2007-05-10 Dave Love + + * doc/win2k.texi: Update some URLs. + +2007-05-13 Love Hörnquist Åstrand + + * kuser/kimpersonate.c: Fix version number of ticket, it should be + 5 not the kvno. + +2007-05-08 Love Hörnquist Åstrand + + * doc/setup.texi: Salting is really Encryption types and salting. + +2007-05-07 Love Hörnquist Åstrand + + * doc/setup.texi: spelling, from Ronny Blomme + + * doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny + Blomme + +2007-05-02 Love Hörnquist Åstrand + + * lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database + specified, create one and let it use the defaults. + +2007-04-27 Love Hörnquist Åstrand + + * lib/hdb/test_dbinfo.c: test acl file + + * lib/hdb/test_dbinfo.c: test acl file + + * lib/hdb/dbinfo.c: add acl file + + * etc: ignore Makefile.in + + * Makefile.am: SUBDIRS += etc + + * configure.in: Add etc/Makefile. + + * etc/Makefile.am: make sure services.append is distributed + +2007-04-24 Love Hörnquist Åstrand + + * kdc: rename windc_init to krb5_kdc_windc_init + + * kdc/version-script.map: version script for libkdc + + * kdc/Makefile.am: version script for libkdc + +2007-04-23 Love Hörnquist Åstrand + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): + correct the order of the arguments. + + * lib/hdb/Makefile.am: Add and test dbinfo. + + * lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo; + + * kdc/config.c: Use krb5_kdc_get_config and just fill in what the + users wanted differently. + + * kdc/default_config.c: Make the default configuration fetch info + from the krb5.conf. + +2007-04-22 Love Hörnquist Åstrand + + * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to + determine if to send the session-key, for the second place in the + function. + + * tools/krb5-config.in: rename des to hcrypto + + * kuser/Makefile.am: depend on libheimntlm + + * kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for + this domain if the Kerberos password auth worked. + + * kuser/klist.c: add new option --hidden that doesn't display + principal that starts with @ + + * tools/krb5-config.in: Add heimntlm when we use gssapi. + + * lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to + free 'cred' with. + + * lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free + 'cred' with. + +2007-04-21 Love Hörnquist Åstrand + + * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to + determine if to send the session-key. + + * kcm/client.c (kcm_ccache_new_client): make root be able to pass + the name constraints, not the opposite. From Bryan Jacobs. + +2007-04-20 Love Hörnquist Åstrand + + * kcm/acl.c: make compile again. + + * kcm/client.c: fix warning. + + * kcm: First, it allows root to ignore the naming conventions. + Second, it allows root to always perform any operation on any + ccache. Note that root could do this anyway with FILE ccaches. + From Bryan Jacobs. + + * Rename libdes to libhcrypto. + +2007-04-19 Love Hörnquist Åstrand + + * kinit: remove code that depend on kerberos 4 library + + * kdc: remove code that depend on kerberos 4 library + + * configure.in: Drop kerberos 4 support. + + * kdc/hpropd.c (main): free the message when done with it. + + * lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit): + remember to free memory too. + + * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when + done. + + * configure.in: test rk_VERSIONSCRIPT + +2007-04-18 Love Hörnquist Åstrand + + * fix-export: remove, all done by make dist now + +2007-04-15 Love Hörnquist Åstrand + + * lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre + +2007-04-11 Love Hörnquist Åstrand + + * kdc/kstash.8: Spelling, from raga + via Bjorn Sandell. + + * lib/krb5/store_mem.c: indent. + + * lib/krb5/recvauth.c: Set error string. + + * lib/krb5/rd_req.c: clear error strings. + + * lib/krb5/rd_cred.c: clear error string. + + * lib/krb5/pkinit.c: Set error strings. + + * lib/krb5/get_cred.c: Tell what principal we are not finding for + all KRB5_CC_NOTFOUND. + +2007-02-22 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Return the same error codes as a windows KDC. + + * kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password + failed. + + * kdc/kerberos5.c: Make handling of replying e_data more generic, + from metze. + + * kdc/kerberos5.c: Fix (string const and shadow) warnings, from + metze. + + * lib/krb5/pac.c: Create the PAC element in the same order as + w2k3, maybe there's some broken code in windows which relies on + this... From metze. + + * kdc/kerberos5.c: Select a session enctype from the list of the + crypto systems supported enctype, is supported by the client and + is one of the enctype of the enctype of the krbtgt. + + The later is used as a hint what enctype all KDC are supporting to + make sure a newer version of KDC wont generate a session enctype + that and older version of a KDC in the same realm can't decrypt. + + But if the KDC admin is paranoid and doesn't want to have "no the + best" enctypes on the krbtgt, lets save the best pick from the + client list and hope that that will work for any other KDCs. + + Reported by metze. + + * kdc/hprop.c (propagate_database): on any failure, drop the + connection to the peer and try next one. + +2007-02-18 Love Hörnquist Åstrand + + * lib/krb5/krb5_get_init_creds.3: document new options. + + * kdc/krb5tgs.c: Only check service key for cross realm PACs. + + * lib/krb5/init_creds.c: use the new merged flags field. + (krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k + compat flags. + + * lib/krb5/init_creds_pw.c: use the new merged flags field. + + * lib/krb5/krb5_locl.h: merge all flags into one entity + +2007-02-11 Dave Love + + * lib/krb5/krb5_aname_to_localname.3: Small fixes + + * lib/krb5/krb5_digest.3: Small fixes + + * kuser/kimpersonate.1: Small fixes + +2007-02-17 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c (find_pa_data): if there is no list, + there is no entry. + + * kdc/krb5tgs.c: Don't check PACs on cross realm requests. + + * lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES. + + * lib/krb5/init_creds_pw.c: Verify client referral data. + + * kdc/kerberos5.c: switch some "return ret" to "goto out". + + * kdc/kerberos5.c: Pass down canonicalize request to hdb layer, + sign client referrals. + + * lib/hdb/hdb.h: Add HDB_F_CANON. + + * lib/hdb: add simple alias support to the database backends + +2007-02-16 Love Hörnquist Åstrand + + * kuser/kinit.c: Add canonicalize flag. + + * lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support + canonicalize. + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize): + new function. + + * lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags. + + * lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags. + + * lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags. + +2007-02-15 Love Hörnquist Åstrand + + * lib/krb5/test_princ.c: test parsing enterprise-names. + + * lib/krb5/principal.c: Add support for parsing enterprise-names. + + * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE. + + * lib/hdb/hdb-ldap.c: Make work again. + +2007-02-11 Dave Love + + * kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value. + +2007-02-10 Love Hörnquist Åstrand + + * doc/setup.texi: prune trailing space + + * lib/hdb/db.c: Be better at setting and clearing error string. + + * lib/hdb/hdb.c: Be better at setting and clearing error string. + +2007-02-09 Love Hörnquist Åstrand + + * lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name + to print out the keytab name. + + * doc/setup.texi: Spelling, from Guido Guenther + +2007-02-08 Love Hörnquist Åstrand + + * lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen. + +2007-02-06 Love Hörnquist Åstrand + + * lib/krb5/test_store.c (test_uint16): unsigned ints can't be + negative + +2007-02-03 Love Hörnquist Åstrand + + * kdc/pkinit.c: pass extra flags for detached signatures. + + * lib/krb5/pkinit.c: pass extra flags for detached signatures. + + * kdc/digest.c: Remove debug output. + + * kuser/kdigest.c: Add support for ms-chap-v2 client. + +2007-02-02 Love Hörnquist Åstrand + + * kdc/digest.c: Fix ms-chap-v2 get_masterkey + + * kdc/digest.c: Fix ms-chap-v2 mutual response auth code. + + * kuser/kdigest.c: Print session key if there is one. + + * lib/krb5/digest.c: rename hash-a1 to session key + + * kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2 + + * kuser/kdigest.c: print rsp if there is one, from Klas. + + * kdc/digest.c: Use right size, from Klas Lindfors. + + * kuser/kdigest.c: Set client nonce if avaible, from Klas. + + * kdc/digest.c: First version from kllin. + + * kuser/kdigest.c: Don't restrict the type. + +2007-02-01 Love Hörnquist Åstrand + + * kuser/kdigest-commands.in: add --client-response + + * kuser/kdigest.c: Print status instead of response. + + * kdc/digest.c: Better logging and return status = FALSE when + checksum doesn't match. + + * kdc/digest.c: Check the digest response in the KDC. + + * lib/krb5/digest.c: New functions to send in requestResponse to + KDC and get status of the request. + + * kdc/digest.c: Add support for MS-CHAP v2. + + * lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap. + +2007-01-31 Love Hörnquist Åstrand + + * fix-export: Make hx509.info too + + * kdc/digest.c: don't verify identifier in CHAP, its the client + that chooses it. + +2007-01-23 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: Basic test of prf. + + * lib/krb5/test_prf.c: Basic test of prf. + + * lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF + functions. + + * lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions. + + * lib/krb5/krb5_data.3: Document krb5_data_cmp. + + * lib/krb5/data.c: Add krb5_data_cmp. + +2007-01-20 Love Hörnquist Åstrand + + * kdc/kx509.c: Don't use C99 syntax. + +2007-01-17 Love Hörnquist Åstrand + + * configure.in: its LIBADD_roken (and shouldn't really exist, our + libtool usage it broken) + + * configure.in: Add an extra variable for roken, LIBADD, that + should be used for library depencies. + + * lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer. + + * lib/krb5/krb5_init_context.3: fix mdoc errors + + * Heimdal 0.8 branch cut today + + * doc/hx509.texi: Spelling and more about proxy certificates. + + * configure.in: check for arc4random + +2007-01-16 Love Hörnquist Åstrand + + * lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data + before starting + + * tools/heimdal-build.sh: make cvs keep quiet + + * kuser/kverify.c: Use argument as principal if passed an + argument. Bug report from Douglas E. Engert + +2007-01-15 Love Hörnquist Åstrand + + * lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider + the enc_tkt_in_skey case, from Douglas E. Engert. + + * kdc/kx509.c: Issue certificates. + + * kdc/config.c: Parse kx509/kca configuration. + + * kdc/kdc.h: add kx509 config + +2007-01-14 Love Hörnquist Åstrand + + * kdc/kerberos5.c (_kdc_find_padata): if there is not padata, + there is nothing find. + + * doc/hx509.texi: Examples for pk-init. + + * doc/hx509.texi: About extending ca lifetime and sub cas. + +2007-01-13 Love Hörnquist Åstrand + + * doc/hx509.texi: More about certificates. + +2007-01-12 Love Hörnquist Åstrand + + * doc/hx509.texi: add Application requirements and write about + xmpp/jabber. + +2007-01-11 Love Hörnquist Åstrand + + * doc/hx509.texi: More about issuing certificates. + + * doc/hx509.texi: Start of a x.509 manual. + + * include/Makefile.am: remove install headerfiles + + * lib/krb5/test_pac.c: Use more interesting data to cause more + errors. + + * include/Makefile.am: remove install headerfiles + + * lib/krb5/mcache.c: MCC_CURSOR not used, remove. + + * lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used + + * lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to + allocate data + +2007-01-10 Love Hörnquist Åstrand + + * doc/setup.texi: Hint about hxtool validate. + + * appl/test/uu_server.c: print both "server" and "client" + + * kdc/krb5tgs.c: Rename keys to be more obvious what they do. + + * kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew + Bartlett + + * kdc/windc.c: ident, spelling. + + * kdc/windc_plugin.h: indent. + + * kdc/krb5tgs.c: Pass down server entry to verify_pac function. + from Andrew Bartlett + + * kdc/windc.c: pass down server entry to verify_pac function, from + Andrew Bartlett + + * kdc/windc_plugin.h: pass down server entry to verify_pac + function, from Andrew Bartlett + + * configure.in: Provide a automake symbol ENABLE_SHARED if shared + libraries are built. + + * lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock + when verifying the PAC. From Andrew Bartlett. + +2007-01-09 Love Hörnquist Åstrand + + * lib/krb5/test_pac.c: move around to code test on real PAC. + + * lib/krb5/pac.c: A tiny 2 char diffrence that make the code work + for real. + + * lib/krb5/test_pac.c: Test more PAC (note that the values used in + this test is wrong, they have to be fixed when the pac code is + fixed). + + * doc/setup.texi: Update to new hxtool issue-certificate usage + + * lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS + and PK-INIT pa data, no need to expose our password protecting our + PKCS12 key. + + * kuser/klist.c (print_cred_verbose): include ticket length in the + verbose output + +2007-01-08 Love Hörnquist Åstrand + + * lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without + it linux is unhappy. + + * lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without + it linux is unhappy. + + * lib/krb5/name-45-test.c: One of the hosts I sometimes uses is + named "bar.domain", this make one of the tests pass when it + shouldn't. + +2007-01-05 Love Hörnquist Åstrand + + * doc/setup.texi: Change --key argument to --out-key. + + * kuser/kimpersonate.1: mangle my name + +2007-01-04 Love Hörnquist Åstrand + + * doc/setup.texi: describe how to use hx509 to create + certificates. + + * tools/heimdal-build.sh: Add --distcheck. + + * kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check + if we should include the PAC in the krbtgt. + + * kdc/pkinit.c (_kdc_as_rep): check if + krb5_generate_random_keyblock failes. + + * kdc/kerberos5.c (_kdc_as_rep): check if + krb5_generate_random_keyblock failes. + + * kdc/krb5tgs.c (tgs_build_reply): check if + krb5_generate_random_keyblock failes. + + * kdc/krb5tgs.c: Scope etype. + + * lib/krb5/rd_req.c: Make it possible to turn off PAC check, its + default on. + + * lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify + its server signature. + + * kdc/kerberos5.c (_kdc_as_rep): call windc client access hook. + (_kdc_tkt_add_if_relevant_ad): constify in data argument. + + * kdc/windc_plugin.h: More comments add a client_access hook. + + * kdc/windc.c: Add _kdc_windc_client_access. + + * kdc/krb5tgs.c: rename functions after export some more pac + functions. + + * lib/krb5/test_pac.c: export some more pac functions. + + * lib/krb5/pac.c: export some more pac functions. + + * kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC. + + * configure.in: add tests/plugin/Makefile + +2007-01-03 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: Get right key for PAC krbtgt verification. + + * kdc/config.c: spelling + + * lib/krb5/krb5.h: typedef for krb5_pac. + + * kdc/headers.h: Include . + + * kdc/Makefile.am: Include windc.c and use windc_plugin.h + + * kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain + Controller. + + * kdc/kerberos5.c: Call callbacks for emulating a Windows Domain + Controller. Move the some of the log related stuff to its own + function. + + * kdc/config.c: Init callbacks for emulating a Windows Domain + Controller. + + * kdc/windc.c: Rename the init function to windc instead of pac. + + * kdc/windc.c: Callbacks specific to emulating a Windows Domain + Controller. + + * kdc/windc_plugin.h: Callbacks specific to emulating a Windows + Domain Controller. + + * lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ + + * lib/krb5/pac.c: Support all keyed checksum types. + +2007-01-02 Love Hörnquist Åstrand + + * lib/krb5/pac.c (krb5_pac_get_types): Return list of types. + + * lib/krb5/test_pac.c: test krb5_pac_get_types + + * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA. + + * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA. + + * lib/krb5/krb5.h: Add KRB5_KRBHST_KCA. + + * lib/krb5/test_pac.c: test Add/remove pac buffer functions. + + * lib/krb5/pac.c: Add/remove pac buffer functions. + + * lib/krb5/pac.c: sprinkle const + + * lib/krb5/pac.c: rename DCHECK to CHECK + + * Happy New Year. diff --git a/crypto/external/bsd/heimdal/dist/LICENSE b/crypto/external/bsd/heimdal/dist/LICENSE new file mode 100644 index 000000000..404347b4b --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/LICENSE @@ -0,0 +1,33 @@ +Copyright (c) 1995 - 2011 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + +Please see info documentation for the complete list of licenses. diff --git a/crypto/external/bsd/heimdal/dist/Makefile.am b/crypto/external/bsd/heimdal/dist/Makefile.am new file mode 100644 index 000000000..76ccb5556 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/Makefile.am @@ -0,0 +1,50 @@ +# Id + +include $(top_srcdir)/Makefile.am.common + +if KCM +kcm_dir = kcm +endif + +SUBDIRS= include base lib kuser kdc admin kadmin kpasswd +SUBDIRS+= $(kcm_dir) appl doc tools tests packages etc po + +## ACLOCAL = @ACLOCAL@ -I cf +ACLOCAL_AMFLAGS = -I cf + +EXTRA_DIST = \ + TODO \ + LICENSE \ + README \ + ChangeLog \ + ChangeLog.1998 \ + ChangeLog.1999 \ + ChangeLog.2000 \ + ChangeLog.2001 \ + ChangeLog.2002 \ + ChangeLog.2003 \ + ChangeLog.2004 \ + ChangeLog.2005 \ + ChangeLog.2006 \ + Makefile.am.common \ + autogen.sh \ + krb5.conf \ + cf/make-proto.pl \ + cf/install-catman.sh \ + cf/ChangeLog \ + cf/c-function.m4 \ + cf/ChangeLog \ + cf/have-pragma-weak.m4 \ + cf/have-types.m4 \ + cf/krb-func-getcwd-broken.m4 \ + cf/krb-prog-ranlib.m4 \ + cf/krb-prog-yacc.m4 \ + cf/krb-sys-aix.m4 \ + cf/krb-sys-nextstep.m4 \ + cf/krb-version.m4 \ + cf/roken.m4 \ + cf/valgrind-suppressions \ + cf/vararray.m4 + +print-distdir: + @echo $(distdir) diff --git a/crypto/external/bsd/heimdal/dist/Makefile.am.common b/crypto/external/bsd/heimdal/dist/Makefile.am.common new file mode 100644 index 000000000..06e50f1d9 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/Makefile.am.common @@ -0,0 +1,4 @@ +# Id + +include $(top_srcdir)/cf/Makefile.am.common + diff --git a/crypto/external/bsd/heimdal/dist/NEWS b/crypto/external/bsd/heimdal/dist/NEWS new file mode 100644 index 000000000..bb64ff724 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/NEWS @@ -0,0 +1,957 @@ +Release Notes - Heimdal - Version Heimdal 1.5 + +New features + + - SHA512 support + - No Kerberos 4 support + +Release Notes - Heimdal - Version Heimdal 1.4 + + New features + + - Support for reading MIT database file directly + - KCM is polished up and now used in production + - NTLM first class citizen, credentials stored in KCM + - Table driven ASN.1 compiler, smaller!, not enabled by default + - Native Windows client support + +Notes + + - Disabled write support NDBM hdb backend (read still in there) since + it can't handle large records, please migrate to a diffrent backend + (like BDB4) + +Release Notes - Heimdal - Version Heimdal 1.3.3 + + Bug fixes + - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] + - Check NULL pointers before dereference them [kdc] + +Release Notes - Heimdal - Version Heimdal 1.3.2 + + Bug fixes + + - Don't mix length when clearing hmac (could memset too much) + - More paranoid underrun checking when decrypting packets + - Check the password change requests and refuse to answer empty packets + - Build on OpenSolaris + - Renumber AD-SIGNED-TICKET since it was stolen from US + - Don't cache /dev/*random file descriptor, it doesn't get unloaded + - Make C++ safe + - Misc warnings + +Release Notes - Heimdal - Version Heimdal 1.3.1 + + Bug fixes + + - Store KDC offset in credentials + - Many many more bug fixes + +Release Notes - Heimdal - Version Heimdal 1.3.1 + + New features + + - Make work with OpenLDAPs krb5 overlay + +Release Notes - Heimdal - Version Heimdal 1.3 + + New features + + - Partial support for MIT kadmind rpc protocol in kadmind + - Better support for finding keytab entries when using SPN aliases in the KDC + - Support BER in ASN.1 library (needed for CMS) + - Support decryption in Keychain private keys + - Support for new sqlite based credential cache + - Try both KDC referals and the common DNS reverse lookup in GSS-API + - Fix the KCM to not leak resources on failure + - Add IPv6 support to iprop + - Support localization of error strings in + kinit/klist/kdestroy and Kerberos library + - Remove Kerberos 4 support in application (still in KDC) + - Deprecate DES + - Support i18n password in windows domains (using UTF-8) + - More complete API emulation of OpenSSL in hcrypto + - Support for ECDSA and ECDH when linking with OpenSSL + + API changes + + - Support for settin friendly name on credential caches + - Move to using doxygen to generate documentation. + - Sprinkling __attribute__((depricated)) for old function to be removed + - Support to export LAST-REQUST information in AS-REQ + - Support for client deferrals in in AS-REQ + - Add seek support for krb5_storage. + - Support for split AS-REQ, first step for IA-KERB + - Fix many memory leaks and bugs + - Improved regression test + - Support krb5_cccol + - Switch to krb5_set_error_message + - Support krb5_crypto_*_iov + - Switch to use EVP for most function + - Use SOCK_CLOEXEC and O_CLOEXEC (close on exec) + - Add support for GSS_C_DELEG_POLICY_FLAG + - Add krb5_cc_[gs]et_config to store data in the credential caches + - PTY testing application + +Bugfixes + - Make building on AIX6 possible. + - Bugfixes in LDAP KDC code to make it more stable + - Make ipropd-slave reconnect when master down gown + + +Release Notes - Heimdal - Version Heimdal 1.2.1 + +* Bug + + [HEIMDAL-147] - Heimdal 1.2 not compiling on Solaris + [HEIMDAL-151] - Make canned tests work again after cert expired + [HEIMDAL-152] - iprop test: use full hostname to avoid realm + resolving errors + [HEIMDAL-153] - ftp: Use the correct length for unmap, msync + +Release Notes - Heimdal - Version Heimdal 1.2 + +* Bug + + [HEIMDAL-10] - Follow-up on bug report for SEGFAULT in + gss_display_name/gss_export_name when using SPNEGO + [HEIMDAL-15] - Re: [Heimdal-bugs] potential bug in Heimdal 1.1 + [HEIMDAL-17] - Remove support for depricated [libdefaults]capath + [HEIMDAL-52] - hdb overwrite aliases for db databases + [HEIMDAL-54] - Two issues which affect credentials delegation + [HEIMDAL-58] - sockbuf.c calls setsockopt with bad args + [HEIMDAL-62] - Fix printing of sig_atomic_t + [HEIMDAL-87] - heimdal 1.1 not building under cygwin in hcrypto + [HEIMDAL-105] - rcp: sync rcp with upstream bsd rcp codebase + [HEIMDAL-117] - Use libtool to detect symbol versioning (Debian Bug#453241) + +* Improvement + [HEIMDAL-67] - Fix locking and store credential in atomic writes + in the FILE credential cache + [HEIMDAL-106] - make compile on cygwin again + [HEIMDAL-107] - Replace old random key generation in des module + and use it with RAND_ function instead + [HEIMDAL-115] - Better documentation and compatibility in hcrypto + in regards to OpenSSL + +* New Feature + [HEIMDAL-3] - pkinit alg agility PRF test vectors + [HEIMDAL-14] - Add libwind to Heimdal + [HEIMDAL-16] - Use libwind in hx509 + [HEIMDAL-55] - Add flag to krb5 to not add GSS-API INT|CONF to + the negotiation + [HEIMDAL-74] - Add support to report extended error message back + in AS-REQ to support windows clients + [HEIMDAL-116] - test pty based application (using rkpty) + [HEIMDAL-120] - Use new OpenLDAP API (older deprecated) + +* Task + [HEIMDAL-63] - Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ. + This drop compatibility with pre 0.3d KDCs. + [HEIMDAL-64] - kcm: first implementation of kcm-move-cache + [HEIMDAL-65] - Failed to compile with --disable-pk-init + [HEIMDAL-80] - verify that [VU#162289]: gcc silently discards some + wraparound checks doesn't apply to Heimdal + +Changes in release 1.1 + + * Read-only PKCS11 provider built-in to hx509. + + * Documentation for hx509, hcrypto and ntlm libraries improved. + + * Better compatibilty with Windows 2008 Server pre-releases and Vista. + + * Mac OS X 10.5 support for native credential cache. + + * Provide pkg-config file for Heimdal (heimdal-gssapi.pc). + + * Bug fixes. + +Changes in release 1.0.2 + +* Ubuntu packages. + +* Bug fixes. + +Changes in release 1.0.1 + + * Serveral bug fixes to iprop. + + * Make work on platforms without dlopen. + + * Add RFC3526 modp group14 as default. + + * Handle [kdc] database = { } entries without realm = stanzas. + + * Make krb5_get_renewed_creds work. + + * Make kaserver preauth work again. + + * Bug fixes. + +Changes in release 1.0 + + * Add gss_pseudo_random() for mechglue and krb5. + + * Make session key for the krbtgt be selected by the best encryption + type of the client. + + * Better interoperability with other PK-INIT implementations. + + * Inital support for Mac OS X Keychain for hx509. + + * Alias support for inital ticket requests. + + * Add symbol versioning to selected libraries on platforms that uses + GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc. + + * New version of imath included in hcrypto. + + * Fix memory leaks. + + * Bugs fixes. + +Changes in release 0.8.1 + + * Make ASN.1 library less paranoid to with regard to NUL in string to + make it inter-operate with MIT Kerberos again. + + * Make GSS-API library work again when using gss_acquire_cred + + * Add symbol versioning to libgssapi when using GNU ld. + + * Fix memory leaks + + * Bugs fixes + +Changes in release 0.8 + + * PK-INIT support. + + * HDB extensions support, used by PK-INIT. + + * New ASN.1 compiler. + + * GSS-API mechglue from FreeBSD. + + * Updated SPNEGO to support RFC4178. + + * Support for Cryptosystem Negotiation Extension (RFC 4537). + + * A new X.509 library (hx509) and related crypto functions. + + * A new ntlm library (heimntlm) and related crypto functions. + + * Updated the built-in crypto library with bignum support using + imath, support for RSA and DH and renamed it to libhcrypto. + + * Subsystem in the KDC, digest, that will perform the digest + operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL + DIGEST-MD5 NTLMv1 and NTLMv2. + + * KDC will return the "response too big" error to force TCP retries + for large (default 1400 bytes) UDP replies. This is common for + PK-INIT requests. + + * Libkafs defaults to use 2b tokens. + + * Default to use the API cache on Mac OS X. + + * krb5_kuserok() also checks ~/.k5login.d directory for acl files, + see manpage for krb5_kuserok for description. + + * Many, many, other updates to code and info manual and manual pages. + + * Bug fixes + +Changes in release 0.7.2 + +* Fix security problem in rshd that enable an attacker to overwrite + and change ownership of any file that root could write. + +* Fix a DOS in telnetd. The attacker could force the server to crash + in a NULL de-reference before the user logged in, resulting in inetd + turning telnetd off because it forked too fast. + +* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name + exists in the keytab before returning success. This allows servers + to check if its even possible to use GSSAPI. + +* Fix receiving end of token delegation for GSS-API. It still wrongly + uses subkey for sending for compatibility reasons, this will change + in 0.8. + +* telnetd, login and rshd are now more verbose in logging failed and + successful logins. + +* Bug fixes + +Changes in release 0.7.1 + +* Bug fixes + +Changes in release 0.7 + + * Support for KCM, a process based credential cache + + * Support CCAPI credential cache + + * SPNEGO support + + * AES (and the gssapi conterpart, CFX) support + + * Adding new and improve old documentation + + * Bug fixes + +Changes in release 0.6.6 + +* Fix security problem in rshd that enable an attacker to overwrite + and change ownership of any file that root could write. + +* Fix a DOS in telnetd. The attacker could force the server to crash + in a NULL de-reference before the user logged in, resulting in inetd + turning telnetd off because it forked too fast. + +Changes in release 0.6.5 + + * fix vulnerabilities in telnetd + + * unbreak Kerberos 4 and kaserver + +Changes in release 0.6.4 + + * fix vulnerabilities in telnet + + * rshd: encryption without a separate error socket should now work + + * telnet now uses appdefaults for the encrypt and forward/forwardable + settings + + * bug fixes + +Changes in release 0.6.3 + + * fix vulnerabilities in ftpd + + * support for linux AFS /proc "syscalls" + + * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in + kpasswdd + + * fix possible KDC denial of service + + * bug fixes + +Changes in release 0.6.2 + + * Fix possible buffer overrun in v4 kadmin (which now defaults to off) + +Changes in release 0.6.1 + + * Fixed ARCFOUR suppport + + * Cross realm vulnerability + + * kdc: fix denial of service attack + + * kdc: stop clients from renewing tickets into the future + + * bug fixes + +Changes in release 0.6 + +* The DES3 GSS-API mechanism has been changed to inter-operate with + other GSSAPI implementations. See man page for gssapi(3) how to turn + on generation of correct MIC messages. Next major release of heimdal + will generate correct MIC by default. + +* More complete GSS-API support + +* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS + support in applications no longer requires Kerberos 4 libs + +* Kerberos 4 support in kdc defaults to turned off (includes ka and 524) + +* other bug fixes + +Changes in release 0.5.2 + + * kdc: add option for disabling v4 cross-realm (defaults to off) + + * bug fixes + +Changes in release 0.5.1 + + * kadmind: fix remote exploit + + * kadmind: add option to disable kerberos 4 + + * kdc: make sure kaserver token life is positive + + * telnet: use the session key if there is no subkey + + * fix EPSV parsing in ftp + + * other bug fixes + +Changes in release 0.5 + + * add --detach option to kdc + + * allow setting forward and forwardable option in telnet from + .telnetrc, with override from command line + + * accept addresses with or without ports in krb5_rd_cred + + * make it work with modern openssl + + * use our own string2key function even with openssl (that handles weak + keys incorrectly) + + * more system-specific requirements in login + + * do not use getlogin() to determine root in su + + * telnet: abort if telnetd does not support encryption + + * update autoconf to 2.53 + + * update config.guess, config.sub + + * other bug fixes + +Changes in release 0.4e + + * improve libcrypto and database autoconf tests + + * do not care about salting of server principals when serving v4 requests + + * some improvements to gssapi library + + * test for existing compile_et/libcom_err + + * portability fixes + + * bug fixes + +Changes in release 0.4d + + * fix some problems when using libcrypto from openssl + + * handle /dev/ptmx `unix98' ptys on Linux + + * add some forgotten man pages + + * rsh: clean-up and add man page + + * fix -A and -a in builtin-ls in tpd + + * fix building problem on Irix + + * make `ktutil get' more efficient + + * bug fixes + +Changes in release 0.4c + + * fix buffer overrun in telnetd + + * repair some of the v4 fallback code in kinit + + * add more shared library dependencies + + * simplify and fix hprop handling of v4 databases + + * fix some building problems (osf's sia and osfc2 login) + + * bug fixes + +Changes in release 0.4b + + * update the shared library version numbers correctly + +Changes in release 0.4a + + * corrected key used for checksum in mk_safe, unfortunately this + makes it backwards incompatible + + * update to autoconf 2.50, libtool 1.4 + + * re-write dns/config lookups (krb5_krbhst API) + + * make order of using subkeys consistent + + * add man page links + + * add more man pages + + * remove rfc2052 support, now only rfc2782 is supported + + * always build with kaserver protocol support in the KDC (assuming + KRB4 is enabled) and support for reading kaserver databases in + hprop + +Changes in release 0.3f + + * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, + the new keytab type that tries both of these in order (SRVTAB is + also an alias for krb4:) + + * improve error reporting and error handling (error messages should + be more detailed and more useful) + + * improve building with openssl + + * add kadmin -K, rcp -F + + * fix two incorrect weak DES keys + + * fix building of kaserver compat in KDC + + * the API is closer to what MIT krb5 is using + + * more compatible with windows 2000 + + * removed some memory leaks + + * bug fixes + +Changes in release 0.3e + + * rcp program included + + * fix buffer overrun in ftpd + + * handle omitted sequence numbers as zeroes to handle MIT krb5 that + cannot generate zero sequence numbers + + * handle v4 /.k files better + + * configure/portability fixes + + * fixes in parsing of options to kadmin (sub-)commands + + * handle errors in kadmin load better + + * bug fixes + +Changes in release 0.3d + + * add krb5-config + + * fix a bug in 3des gss-api mechanism, making it compatible with the + specification and the MIT implementation + + * make telnetd only allow a specific list of environment variables to + stop it from setting `sensitive' variables + + * try to use an existing libdes + + * lib/krb5, kdc: use correct usage type for ap-req messages. This + should improve compatability with MIT krb5 when using 3DES + encryption types + + * kdc: fix memory allocation problem + + * update config.guess and config.sub + + * lib/roken: more stuff implemented + + * bug fixes and portability enhancements + +Changes in release 0.3c + + * lib/krb5: memory caches now support the resolve operation + + * appl/login: set PATH to some sane default + + * kadmind: handle several realms + + * bug fixes (including memory leaks) + +Changes in release 0.3b + + * kdc: prefer default-salted keys on v5 requests + + * kdc: lowercase hostnames in v4 mode + + * hprop: handle more types of MIT salts + + * lib/krb5: fix memory leak + + * bug fixes + +Changes in release 0.3a: + + * implement arcfour-hmac-md5 to interoperate with W2K + + * modularise the handling of the master key, and allow for other + encryption types. This makes it easier to import a database from + some other source without having to re-encrypt all keys. + + * allow for better control over which encryption types are created + + * make kinit fallback to v4 if given a v4 KDC + + * make klist work better with v4 and v5, and add some more MIT + compatibility options + + * make the kdc listen on the krb524 (4444) port for compatibility + with MIT krb5 clients + + * implement more DCE/DFS support, enabled with --enable-dce, see + lib/kdfs and appl/dceutils + + * make the sequence numbers work correctly + + * bug fixes + +Changes in release 0.2t: + + * bug fixes + +Changes in release 0.2s: + + * add OpenLDAP support in hdb + + * login will get v4 tickets when it receives forwarded tickets + + * xnlock supports both v5 and v4 + + * repair source routing for telnet + + * fix building problems with krb4 (krb_mk_req) + + * bug fixes + +Changes in release 0.2r: + + * fix realloc memory corruption bug in kdc + + * `add --key' and `cpw --key' in kadmin + + * klist supports listing v4 tickets + + * update config.guess and config.sub + + * make v4 -> v5 principal name conversion more robust + + * support for anonymous tickets + + * new man-pages + + * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. + + * use and set expiration and not password expiration when dumping + to/from ka server databases / krb4 databases + + * make the code happier with 64-bit time_t + + * follow RFC2782 and by default do not look for non-underscore SRV names + +Changes in release 0.2q: + + * bug fix in tcp-handling in kdc + + * bug fix in expand_hostname + +Changes in release 0.2p: + + * bug fix in `kadmin load/merge' + + * bug fix in krb5_parse_address + +Changes in release 0.2o: + + * gss_{import,export}_sec_context added to libgssapi + + * new option --addresses to kdc (for listening on an explicit set of + addresses) + + * bug fixes in the krb4 and kaserver emulation part of the kdc + + * other bug fixes + +Changes in release 0.2n: + + * more robust parsing of dump files in kadmin + * changed default timestamp format for log messages to extended ISO + 8601 format (Y-M-DTH:M:S) + * changed md4/md5/sha1 APIes to be de-facto `standard' + * always make hostname into lower-case before creating principal + * small bits of more MIT-compatability + * bug fixes + +Changes in release 0.2m: + + * handle glibc's getaddrinfo() that returns several ai_canonname + + * new endian test + + * man pages fixes + +Changes in release 0.2l: + + * bug fixes + +Changes in release 0.2k: + + * better IPv6 test + + * make struct sockaddr_storage in roken work better on alphas + + * some missing [hn]to[hn]s fixed. + + * allow users to change their own passwords with kadmin (with initial + tickets) + + * fix stupid bug in parsing KDC specification + + * add `ktutil change' and `ktutil purge' + +Changes in release 0.2j: + + * builds on Irix + + * ftpd works in passive mode + + * should build on cygwin + + * work around broken IPv6-code on OpenBSD 2.6, also add configure + option --disable-ipv6 + +Changes in release 0.2i: + + * use getaddrinfo in the missing places. + + * fix SRV lookup for admin server + + * use get{addr,name}info everywhere. and implement it in terms of + getipnodeby{name,addr} (which uses gethostbyname{,2} and + gethostbyaddr) + +Changes in release 0.2h: + + * fix typo in kx (now compiles) + +Changes in release 0.2g: + + * lots of bug fixes: + * push works + * repair appl/test programs + * sockaddr_storage works on solaris (alignment issues) + * works better with non-roken getaddrinfo + * rsh works + * some non standard C constructs removed + +Changes in release 0.2f: + + * support SRV records for kpasswd + * look for both _kerberos and krb5-realm when doing host -> realm mapping + +Changes in release 0.2e: + + * changed copyright notices to remove `advertising'-clause. + * get{addr,name}info added to roken and used in the other code + (this makes things work much better with hosts with both v4 and v6 + addresses, among other things) + * do pre-auth for both password and key-based get_in_tkt + * support for having several databases + * new command `del_enctype' in kadmin + * strptime (and new strftime) add to roken + * more paranoia about finding libdb + * bug fixes + +Changes in release 0.2d: + + * new configuration option [libdefaults]default_etypes_des + * internal ls in ftpd builds without KRB4 + * kx/rsh/push/pop_debug tries v5 and v4 consistenly + * build bug fixes + * other bug fixes + +Changes in release 0.2c: + + * bug fixes (see ChangeLog's for details) + +Changes in release 0.2b: + + * bug fixes + * actually bump shared library versions + +Changes in release 0.2a: + + * a new program verify_krb5_conf for checking your /etc/krb5.conf + * add 3DES keys when changing password + * support null keys in database + * support multiple local realms + * implement a keytab backend for AFS KeyFile's + * implement a keytab backend for v4 srvtabs + * implement `ktutil copy' + * support password quality control in v4 kadmind + * improvements in v4 compat kadmind + * handle the case of having the correct cred in the ccache but with + the wrong encryption type better + * v6-ify the remaining programs. + * internal ls in ftpd + * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat + * add `ank --random-password' and `cpw --random-password' in kadmin + * some programs and documentation for trying to talk to a W2K KDC + * bug fixes + +Changes in release 0.1m: + + * support for getting default from krb5.conf for kinit/kf/rsh/telnet. + From Miroslav Ruda + * v6-ify hprop and hpropd + * support numeric addresses in krb5_mk_req + * shadow support in login and su. From Miroslav Ruda + * make rsh/rshd IPv6-aware + * make the gssapi sample applications better at reporting errors + * lots of bug fixes + * handle systems with v6-aware libc and non-v6 kernels (like Linux + with glibc 2.1) better + * hide failure of ERPT in ftp + * lots of bug fixes + +Changes in release 0.1l: + + * make ftp and ftpd IPv6-aware + * add inet_pton to roken + * more IPv6-awareness + * make mini_inetd v6 aware + +Changes in release 0.1k: + + * bump shared libraries versions + * add roken version of inet_ntop + * merge more changes to rshd + +Changes in release 0.1j: + + * restore back to the `old' 3DES code. This was supposed to be done + in 0.1h and 0.1i but I did a CVS screw-up. + * make telnetd handle v6 connections + +Changes in release 0.1i: + + * start using `struct sockaddr_storage' which simplifies the code + (with a fallback definition if it's not defined) + * bug fixes (including in hprop and kf) + * don't use mawk which seems to mishandle roken.awk + * get_addrs should be able to handle v6 addresses on Linux (with the + required patch to the Linux kernel -- ask within) + * rshd builds with shadow passwords + +Changes in release 0.1h: + + * kf: new program for forwarding credentials + * portability fixes + * make forwarding credentials work with MIT code + * better conversion of ka database + * add etc/services.append + * correct `modified by' from kpasswdd + * lots of bug fixes + +Changes in release 0.1g: + + * kgetcred: new program for explicitly obtaining tickets + * configure fixes + * krb5-aware kx + * bug fixes + +Changes in release 0.1f; + + * experimental support for v4 kadmin protokoll in kadmind + * bug fixes + +Changes in release 0.1e: + + * try to handle old DCE and MIT kdcs + * support for older versions of credential cache files and keytabs + * postdated tickets work + * support for password quality checks in kpasswdd + * new flag --enable-kaserver for kdc + * renew fixes + * prototype su program + * updated (some) manpages + * support for KDC resource records + * should build with --without-krb4 + * bug fixes + +Changes in release 0.1d: + + * Support building with DB2 (uses 1.85-compat API) + * Support krb5-realm.DOMAIN in DNS + * new `ktutil srvcreate' + * v4/kafs support in klist/kdestroy + * bug fixes + +Changes in release 0.1c: + + * fix ASN.1 encoding of signed integers + * somewhat working `ktutil get' + * some documentation updates + * update to Autoconf 2.13 and Automake 1.4 + * the usual bug fixes + +Changes in release 0.1b: + + * some old -> new crypto conversion utils + * bug fixes + +Changes in release 0.1a: + + * new crypto code + * more bug fixes + * make sure we ask for DES keys in gssapi + * support signed ints in ASN1 + * IPv6-bug fixes + +Changes in release 0.0u: + + * lots of bug fixes + +Changes in release 0.0t: + + * more robust parsing of krb5.conf + * include net{read,write} in lib/roken + * bug fixes + +Changes in release 0.0s: + + * kludges for parsing options to rsh + * more robust parsing of krb5.conf + * removed some arbitrary limits + * bug fixes + +Changes in release 0.0r: + + * default options for some programs + * bug fixes + +Changes in release 0.0q: + + * support for building shared libraries with libtool + * bug fixes + +Changes in release 0.0p: + + * keytab moved to /etc/krb5.keytab + * avoid false detection of IPv6 on Linux + * Lots of more functionality in the gssapi-library + * hprop can now read ka-server databases + * bug fixes + +Changes in release 0.0o: + + * FTP with GSSAPI support. + * Bug fixes. + +Changes in release 0.0n: + + * Incremental database propagation. + * Somewhat improved kadmin ui; the stuff in admin is now removed. + * Some support for using enctypes instead of keytypes. + * Lots of other improvement and bug fixes, see ChangeLog for details. diff --git a/crypto/external/bsd/heimdal/dist/NTMakefile b/crypto/external/bsd/heimdal/dist/NTMakefile new file mode 100644 index 000000000..fcd60a3d3 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/NTMakefile @@ -0,0 +1,42 @@ +######################################################################## +# +# Copyright (c) 2009, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +!if exist(thirdparty/NTMakefile) +thirdparty=thirdparty +!endif + +SUBDIRS = include lib\roken base lib kuser kdc admin kadmin kpasswd appl doc \ + tools tests packages etc $(thirdparty) packages\windows\installer + +!include windows/NTMakefile.w32 + +all:: + @echo Build finished succesfully diff --git a/crypto/external/bsd/heimdal/dist/README b/crypto/external/bsd/heimdal/dist/README new file mode 100644 index 000000000..d2c4eba8c --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/README @@ -0,0 +1,18 @@ + +Heimdal is a Kerberos 5 implementation. + +For information how to install see . + +There are briefer man pages for most of the commands. + +Bug reports and bugs are appreciated, see more under Bug reports in +the manual on how we prefer them: . + +For more information see the web-page at + or the mailing lists: + +heimdal-announce@sics.se low-volume announcement +heimdal-discuss@sics.se high-volume discussion + +send a mail to heimdal-announce-request@sics.se and +heimdal-discuss-request@sics.se respectively to subscribe. diff --git a/crypto/external/bsd/heimdal/dist/TODO b/crypto/external/bsd/heimdal/dist/TODO new file mode 100644 index 000000000..87c50b82b --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/TODO @@ -0,0 +1,30 @@ +-*- indented-text -*- + +** lib/gssapi + +cache delegation credentials to avoid hitting the kdc ? require time +stampless tickets, and was supported in the recv'ing end with 0.6.1. + +make iov work for arcfour + +make iov work for ntlm + +interop test + +make TYPE_STREAM work + +** lib/kadm5 + +add policies? + +** lib/krb5 + +verify_user: handle non-secure verification failing because of +host->realm mapping + +* windows stuff + +-- drop all double negation #ifndef NO_ +-- got though windows specific ifdefs to minimized them +-- switch to use heim-ipc for services, like the kadmin change notification socket +-- Unify lib/krb5/expand_path_w32.c diff --git a/crypto/external/bsd/heimdal/dist/acinclude.m4 b/crypto/external/bsd/heimdal/dist/acinclude.m4 new file mode 100644 index 000000000..f277e4d2c --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/acinclude.m4 @@ -0,0 +1,9 @@ +dnl Id +dnl +dnl Only put things that for some reason can't live in the `cf' +dnl directory in this file. +dnl + +dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $ +dnl +m4_define([upcase],`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl diff --git a/crypto/external/bsd/heimdal/dist/admin/ChangeLog b/crypto/external/bsd/heimdal/dist/admin/ChangeLog new file mode 100644 index 000000000..1cdc1536b --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/ChangeLog @@ -0,0 +1,70 @@ +2006-10-07 Love Hörnquist Åstrand + + * Makefile.am: Add man_MANS to EXTRA_DIST + + * Makefile.am: split build files into dist_ and noinst_ SOURCES + +2005-07-07 Love Hörnquist Åstrand + + * ktutil.c: rename optind to optidx + + * list.c: make a copy of realm and admin_server to avoid + un-consting avoid shadowing + + * get.c: make a copy of realm and admin_server to avoid + un-consting avoid shadowing + + * change.c (change_entry): just use global context to avoid + shadowing; make a copy of realm and admin_server to avoid + un-consting. + +2005-05-19 Love Hörnquist Åstrand + + * change.c (kt_change): plug memory leak from + krb5_kt_remove_entry, print principal on error. + +2005-05-02 Dave Love + + * ktutil.c (help): Don't use non-constant initializer for `fake'. + +2005-04-15 Love Hörnquist Åstrand + + * ktutil_locl.h: include + +2005-04-14 Love Hörnquist Åstrand + + * add.c: add option -H --hex to the add command + + * ktutil-commands.in: add option -H --hex to the add command + + * ktutil.8: document option -H --hex to the add command + +2004-09-29 Love Hörnquist Åstrand + + * list.c: un c99'ify, from Anders.Magnusson@ltu.se + +2004-09-23 Johan Danielsson + + * purge.c: convert to slc; don't purge keys older that a certain + time, instead purge keys that have newer versions that are at + least a certain age + + * rename.c: convert to slc + + * remove.c: convert to slc + + * get.c: convert to slc; warn if resetting disallow-all-tix + + * copy.c: convert to slc + + * change.c: convert to slc + + * add.c: convert to slc + + * list.c: convert to slc + + * ktutil_locl.h: convert to slc + + * ktutil.c: convert to slc + + * ktutil-commands.in: slc source file diff --git a/crypto/external/bsd/heimdal/dist/admin/Makefile.am b/crypto/external/bsd/heimdal/dist/admin/Makefile.am new file mode 100644 index 000000000..ba1d7c8ab --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/Makefile.am @@ -0,0 +1,43 @@ +# Id + +include $(top_srcdir)/Makefile.am.common + +AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto) + +man_MANS = ktutil.8 + +sbin_PROGRAMS = ktutil + +dist_ktutil_SOURCES = \ + add.c \ + change.c \ + copy.c \ + destroy.c \ + get.c \ + ktutil.c \ + ktutil_locl.h \ + list.c \ + purge.c \ + remove.c \ + rename.c + +nodist_ktutil_SOURCES = \ + ktutil-commands.c + +$(ktutil_OBJECTS): ktutil-commands.h + +CLEANFILES = ktutil-commands.h ktutil-commands.c + +ktutil-commands.c ktutil-commands.h: ktutil-commands.in + $(SLC) $(srcdir)/ktutil-commands.in + +LDADD = \ + $(top_builddir)/lib/kadm5/libkadm5clnt.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(LIB_hcrypto) \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/sl/libsl.la \ + $(LIB_readline) \ + $(LIB_roken) + +EXTRA_DIST = $(man_MANS) ktutil-commands.in diff --git a/crypto/external/bsd/heimdal/dist/admin/NTMakefile b/crypto/external/bsd/heimdal/dist/admin/NTMakefile new file mode 100644 index 000000000..06f90c9fd --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/NTMakefile @@ -0,0 +1,74 @@ +######################################################################## +# +# Copyright (c) 2009, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +RELDIR=admin +cincdirs=$(cincdirs) -I$(OBJ) +!include ../windows/NTMakefile.w32 + +SBINPROGRAMS=$(SBINDIR)\ktutil.exe + +KTUTIL_OBJS= \ + $(OBJ)\add.obj \ + $(OBJ)\change.obj \ + $(OBJ)\copy.obj \ + $(OBJ)\destroy.obj \ + $(OBJ)\get.obj \ + $(OBJ)\ktutil.obj \ + $(OBJ)\ktutil-commands.obj \ + $(OBJ)\list.obj \ + $(OBJ)\purge.obj \ + $(OBJ)\remove.obj \ + $(OBJ)\rename.obj + +KTUTIL_LIBS= \ + $(LIBHEIMDAL) \ + $(LIBKADM5SRV) \ + $(LIBSL) \ + $(LIBROKEN) \ + $(LIBVERS) + +$(SBINDIR)\ktutil.exe: $(KTUTIL_OBJS) $(KTUTIL_LIBS) $(OBJ)\ktutil-version.res + $(EXECONLINK) + $(EXEPREP) + +$(OBJ)\ktutil-commands.c $(OBJ)\ktutil-commands.h: ktutil-commands.in + cd $(OBJ) + $(CP) $(SRCDIR)\ktutil-commands.in $(OBJ) + $(BINDIR)\slc.exe ktutil-commands.in + cd $(SRCDIR) + +INCFILES=\ + $(OBJ)\ktutil-commands.h + +all:: $(INCFILES) $(SBINPROGRAMS) + +clean:: + -$(RM) $(SBINPROGRAMS:.exe=.*) diff --git a/crypto/external/bsd/heimdal/dist/admin/add.c b/crypto/external/bsd/heimdal/dist/admin/add.c new file mode 100644 index 000000000..a3d477012 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/add.c @@ -0,0 +1,159 @@ +/* $NetBSD: add.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +__RCSID("$NetBSD: add.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $"); + +static char * +readstring(const char *prompt, char *buf, size_t len) +{ + printf("%s", prompt); + if (fgets(buf, len, stdin) == NULL) + return NULL; + buf[strcspn(buf, "\r\n")] = '\0'; + return buf; +} + +int +kt_add(struct add_options *opt, int argc, char **argv) +{ + krb5_error_code ret; + krb5_keytab keytab; + krb5_keytab_entry entry; + char buf[1024]; + krb5_enctype enctype; + + if((keytab = ktutil_open_keytab()) == NULL) + return 1; + + memset(&entry, 0, sizeof(entry)); + if(opt->principal_string == NULL) { + if(readstring("Principal: ", buf, sizeof(buf)) == NULL) + return 1; + opt->principal_string = buf; + } + ret = krb5_parse_name(context, opt->principal_string, &entry.principal); + if(ret) { + krb5_warn(context, ret, "%s", opt->principal_string); + goto out; + } + if(opt->enctype_string == NULL) { + if(readstring("Encryption type: ", buf, sizeof(buf)) == NULL) { + ret = 1; + goto out; + } + opt->enctype_string = buf; + } + ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype); + if(ret) { + int t; + if(sscanf(opt->enctype_string, "%d", &t) == 1) + enctype = t; + else { + krb5_warn(context, ret, "%s", opt->enctype_string); + goto out; + } + } + if(opt->kvno_integer == -1) { + if(readstring("Key version: ", buf, sizeof(buf)) == NULL) { + ret = 1; + goto out; + } + if(sscanf(buf, "%u", &opt->kvno_integer) != 1) + goto out; + } + if(opt->password_string == NULL && opt->random_flag == 0) { + if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 1)) { + ret = 1; + goto out; + } + opt->password_string = buf; + } + if(opt->password_string) { + if (opt->hex_flag) { + size_t len; + void *data; + + len = (strlen(opt->password_string) + 1) / 2; + + data = malloc(len); + if (data == NULL) { + krb5_warn(context, ENOMEM, "malloc"); + goto out; + } + + if (hex_decode(opt->password_string, data, len) != len) { + free(data); + krb5_warn(context, ENOMEM, "hex decode failed"); + goto out; + } + + ret = krb5_keyblock_init(context, enctype, + data, len, &entry.keyblock); + free(data); + } else if (!opt->salt_flag) { + krb5_salt salt; + krb5_data pw; + + salt.salttype = KRB5_PW_SALT; + salt.saltvalue.data = NULL; + salt.saltvalue.length = 0; + pw.data = (void*)opt->password_string; + pw.length = strlen(opt->password_string); + ret = krb5_string_to_key_data_salt(context, enctype, pw, salt, + &entry.keyblock); + } else { + ret = krb5_string_to_key(context, enctype, opt->password_string, + entry.principal, &entry.keyblock); + } + memset (opt->password_string, 0, strlen(opt->password_string)); + } else { + ret = krb5_generate_random_keyblock(context, enctype, &entry.keyblock); + } + if(ret) { + krb5_warn(context, ret, "add"); + goto out; + } + entry.vno = opt->kvno_integer; + entry.timestamp = time (NULL); + ret = krb5_kt_add_entry(context, keytab, &entry); + if(ret) + krb5_warn(context, ret, "add"); + out: + krb5_kt_free_entry(context, &entry); + krb5_kt_close(context, keytab); + return ret != 0; +} diff --git a/crypto/external/bsd/heimdal/dist/admin/change.c b/crypto/external/bsd/heimdal/dist/admin/change.c new file mode 100644 index 000000000..eafc035a0 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/change.c @@ -0,0 +1,254 @@ +/* $NetBSD: change.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +__RCSID("$NetBSD: change.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $"); + +static krb5_error_code +change_entry (krb5_keytab keytab, + krb5_principal principal, krb5_kvno kvno, + const char *realm, const char *admin_server, int server_port) +{ + krb5_error_code ret; + kadm5_config_params conf; + void *kadm_handle; + char *client_name; + krb5_keyblock *keys; + int num_keys; + int i; + + ret = krb5_unparse_name (context, principal, &client_name); + if (ret) { + krb5_warn (context, ret, "krb5_unparse_name"); + return ret; + } + + memset (&conf, 0, sizeof(conf)); + + if(realm == NULL) + realm = krb5_principal_get_realm(context, principal); + conf.realm = strdup(realm); + if (conf.realm == NULL) { + free (client_name); + krb5_set_error_message(context, ENOMEM, "malloc failed"); + return ENOMEM; + } + conf.mask |= KADM5_CONFIG_REALM; + + if (admin_server) { + conf.admin_server = strdup(admin_server); + if (conf.admin_server == NULL) { + free(client_name); + free(conf.realm); + krb5_set_error_message(context, ENOMEM, "malloc failed"); + return ENOMEM; + } + conf.mask |= KADM5_CONFIG_ADMIN_SERVER; + } + + if (server_port) { + conf.kadmind_port = htons(server_port); + conf.mask |= KADM5_CONFIG_KADMIND_PORT; + } + + ret = kadm5_init_with_skey_ctx (context, + client_name, + keytab_string, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + free(conf.admin_server); + free(conf.realm); + if (ret) { + krb5_warn (context, ret, + "kadm5_c_init_with_skey_ctx: %s:", client_name); + free (client_name); + return ret; + } + ret = kadm5_randkey_principal (kadm_handle, principal, &keys, &num_keys); + kadm5_destroy (kadm_handle); + if (ret) { + krb5_warn(context, ret, "kadm5_randkey_principal: %s:", client_name); + free (client_name); + return ret; + } + free (client_name); + for (i = 0; i < num_keys; ++i) { + krb5_keytab_entry new_entry; + + new_entry.principal = principal; + new_entry.timestamp = time (NULL); + new_entry.vno = kvno + 1; + new_entry.keyblock = keys[i]; + + ret = krb5_kt_add_entry (context, keytab, &new_entry); + if (ret) + krb5_warn (context, ret, "krb5_kt_add_entry"); + krb5_free_keyblock_contents (context, &keys[i]); + } + return ret; +} + +/* + * loop over all the entries in the keytab (or those given) and change + * their keys, writing the new keys + */ + +struct change_set { + krb5_principal principal; + krb5_kvno kvno; +}; + +int +kt_change (struct change_options *opt, int argc, char **argv) +{ + krb5_error_code ret; + krb5_keytab keytab; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + int i, j, max; + struct change_set *changeset; + int errors = 0; + + if((keytab = ktutil_open_keytab()) == NULL) + return 1; + + j = 0; + max = 0; + changeset = NULL; + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "%s", keytab_string); + goto out; + } + + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { + int add = 0; + + for (i = 0; i < j; ++i) { + if (krb5_principal_compare (context, changeset[i].principal, + entry.principal)) { + if (changeset[i].kvno < entry.vno) + changeset[i].kvno = entry.vno; + break; + } + } + if (i < j) { + krb5_kt_free_entry (context, &entry); + continue; + } + + if (argc == 0) { + add = 1; + } else { + for (i = 0; i < argc; ++i) { + krb5_principal princ; + + ret = krb5_parse_name (context, argv[i], &princ); + if (ret) { + krb5_warn (context, ret, "%s", argv[i]); + continue; + } + if (krb5_principal_compare (context, princ, entry.principal)) + add = 1; + + krb5_free_principal (context, princ); + } + } + + if (add) { + if (j >= max) { + void *tmp; + + max = max(max * 2, 1); + tmp = realloc (changeset, max * sizeof(*changeset)); + if (tmp == NULL) { + krb5_kt_free_entry (context, &entry); + krb5_warnx (context, "realloc: out of memory"); + ret = ENOMEM; + break; + } + changeset = tmp; + } + ret = krb5_copy_principal (context, entry.principal, + &changeset[j].principal); + if (ret) { + krb5_warn (context, ret, "krb5_copy_principal"); + krb5_kt_free_entry (context, &entry); + break; + } + changeset[j].kvno = entry.vno; + ++j; + } + krb5_kt_free_entry (context, &entry); + } + krb5_kt_end_seq_get(context, keytab, &cursor); + + if (ret == KRB5_KT_END) { + ret = 0; + for (i = 0; i < j; i++) { + if (verbose_flag) { + char *client_name; + + ret = krb5_unparse_name (context, changeset[i].principal, + &client_name); + if (ret) { + krb5_warn (context, ret, "krb5_unparse_name"); + } else { + printf("Changing %s kvno %d\n", + client_name, changeset[i].kvno); + free(client_name); + } + } + ret = change_entry (keytab, + changeset[i].principal, changeset[i].kvno, + opt->realm_string, + opt->admin_server_string, + opt->server_port_integer); + if (ret != 0) + errors = 1; + } + } else + errors = 1; + for (i = 0; i < j; i++) + krb5_free_principal (context, changeset[i].principal); + free (changeset); + + out: + krb5_kt_close(context, keytab); + return errors; +} diff --git a/crypto/external/bsd/heimdal/dist/admin/copy.c b/crypto/external/bsd/heimdal/dist/admin/copy.c new file mode 100644 index 000000000..e4c789c80 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/copy.c @@ -0,0 +1,145 @@ +/* $NetBSD: copy.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +__RCSID("$NetBSD: copy.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $"); + + +static krb5_boolean +compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b) +{ + if(a->keytype != b->keytype || + a->keyvalue.length != b->keyvalue.length || + memcmp(a->keyvalue.data, b->keyvalue.data, a->keyvalue.length) != 0) + return FALSE; + return TRUE; +} + +int +kt_copy (void *opt, int argc, char **argv) +{ + krb5_error_code ret; + krb5_keytab src_keytab, dst_keytab; + krb5_kt_cursor cursor; + krb5_keytab_entry entry, dummy; + const char *from = argv[0]; + const char *to = argv[1]; + + ret = krb5_kt_resolve (context, from, &src_keytab); + if (ret) { + krb5_warn (context, ret, "resolving src keytab `%s'", from); + return 1; + } + + ret = krb5_kt_resolve (context, to, &dst_keytab); + if (ret) { + krb5_kt_close (context, src_keytab); + krb5_warn (context, ret, "resolving dst keytab `%s'", to); + return 1; + } + + ret = krb5_kt_start_seq_get (context, src_keytab, &cursor); + if (ret) { + krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string); + goto out; + } + + if (verbose_flag) + fprintf(stderr, "copying %s to %s\n", from, to); + + while((ret = krb5_kt_next_entry(context, src_keytab, + &entry, &cursor)) == 0) { + char *name_str; + char *etype_str; + ret = krb5_unparse_name (context, entry.principal, &name_str); + if(ret) { + krb5_warn(context, ret, "krb5_unparse_name"); + name_str = NULL; /* XXX */ + } + ret = krb5_enctype_to_string(context, entry.keyblock.keytype, &etype_str); + if(ret) { + krb5_warn(context, ret, "krb5_enctype_to_string"); + etype_str = NULL; /* XXX */ + } + ret = krb5_kt_get_entry(context, dst_keytab, + entry.principal, + entry.vno, + entry.keyblock.keytype, + &dummy); + if(ret == 0) { + /* this entry is already in the new keytab, so no need to + copy it; if the keyblocks are not the same, something + is weird, so complain about that */ + if(!compare_keyblock(&entry.keyblock, &dummy.keyblock)) { + krb5_warnx(context, "entry with different keyvalue " + "already exists for %s, keytype %s, kvno %d", + name_str, etype_str, entry.vno); + } + krb5_kt_free_entry(context, &dummy); + krb5_kt_free_entry (context, &entry); + free(name_str); + free(etype_str); + continue; + } else if(ret != KRB5_KT_NOTFOUND) { + krb5_warn (context, ret, "%s: fetching %s/%s/%u", + to, name_str, etype_str, entry.vno); + krb5_kt_free_entry (context, &entry); + free(name_str); + free(etype_str); + break; + } + if (verbose_flag) + fprintf (stderr, "copying %s, keytype %s, kvno %d\n", name_str, + etype_str, entry.vno); + ret = krb5_kt_add_entry (context, dst_keytab, &entry); + krb5_kt_free_entry (context, &entry); + if (ret) { + krb5_warn (context, ret, "%s: adding %s/%s/%u", + to, name_str, etype_str, entry.vno); + free(name_str); + free(etype_str); + break; + } + free(name_str); + free(etype_str); + } + krb5_kt_end_seq_get (context, src_keytab, &cursor); + + out: + krb5_kt_close (context, src_keytab); + krb5_kt_close (context, dst_keytab); + return ret != 0; +} diff --git a/crypto/external/bsd/heimdal/dist/admin/destroy.c b/crypto/external/bsd/heimdal/dist/admin/destroy.c new file mode 100644 index 000000000..8ea14d771 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/destroy.c @@ -0,0 +1,54 @@ +/* $NetBSD: destroy.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +int +kt_destroy (void *opt, int argc, char **argv) +{ + krb5_error_code ret; + krb5_keytab keytab; + + if((keytab = ktutil_open_keytab()) == NULL) + return 1; + + ret = krb5_kt_destroy (context, keytab); + if (ret) { + krb5_warn (context, ret, "destroy keytab failed"); + return 1; + } + + return 0; +} diff --git a/crypto/external/bsd/heimdal/dist/admin/get.c b/crypto/external/bsd/heimdal/dist/admin/get.c new file mode 100644 index 000000000..e343b4b76 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/get.c @@ -0,0 +1,240 @@ +/* $NetBSD: get.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +__RCSID("$NetBSD: get.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $"); + +static void* +open_kadmin_connection(char *principal, + const char *realm, + char *admin_server, + int server_port) +{ + static kadm5_config_params conf; + krb5_error_code ret; + void *kadm_handle; + memset(&conf, 0, sizeof(conf)); + + if(realm) { + conf.realm = strdup(realm); + if (conf.realm == NULL) { + krb5_set_error_message(context, 0, "malloc: out of memory"); + return NULL; + } + conf.mask |= KADM5_CONFIG_REALM; + } + + if (admin_server) { + conf.admin_server = admin_server; + conf.mask |= KADM5_CONFIG_ADMIN_SERVER; + } + + if (server_port) { + conf.kadmind_port = htons(server_port); + conf.mask |= KADM5_CONFIG_KADMIND_PORT; + } + + /* should get realm from each principal, instead of doing + everything with the same (local) realm */ + + ret = kadm5_init_with_password_ctx(context, + principal, + NULL, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + free(conf.realm); + if(ret) { + krb5_warn(context, ret, "kadm5_init_with_password"); + return NULL; + } + return kadm_handle; +} + +int +kt_get(struct get_options *opt, int argc, char **argv) +{ + krb5_error_code ret = 0; + krb5_keytab keytab; + void *kadm_handle = NULL; + krb5_enctype *etypes = NULL; + size_t netypes = 0; + int i, j; + unsigned int failed = 0; + + if((keytab = ktutil_open_keytab()) == NULL) + return 1; + + if(opt->realm_string) + krb5_set_default_realm(context, opt->realm_string); + + if (opt->enctypes_strings.num_strings != 0) { + + etypes = malloc (opt->enctypes_strings.num_strings * sizeof(*etypes)); + if (etypes == NULL) { + krb5_warnx(context, "malloc failed"); + goto out; + } + netypes = opt->enctypes_strings.num_strings; + for(i = 0; i < netypes; i++) { + ret = krb5_string_to_enctype(context, + opt->enctypes_strings.strings[i], + &etypes[i]); + if(ret) { + krb5_warnx(context, "unrecognized enctype: %s", + opt->enctypes_strings.strings[i]); + goto out; + } + } + } + + + for(i = 0; i < argc; i++){ + krb5_principal princ_ent; + kadm5_principal_ent_rec princ; + int mask = 0; + krb5_keyblock *keys; + int n_keys; + int created = 0; + krb5_keytab_entry entry; + + ret = krb5_parse_name(context, argv[i], &princ_ent); + if (ret) { + krb5_warn(context, ret, "can't parse principal %s", argv[i]); + failed++; + continue; + } + memset(&princ, 0, sizeof(princ)); + princ.principal = princ_ent; + mask |= KADM5_PRINCIPAL; + princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; + mask |= KADM5_ATTRIBUTES; + princ.princ_expire_time = 0; + mask |= KADM5_PRINC_EXPIRE_TIME; + + if(kadm_handle == NULL) { + const char *r; + if(opt->realm_string != NULL) + r = opt->realm_string; + else + r = krb5_principal_get_realm(context, princ_ent); + kadm_handle = open_kadmin_connection(opt->principal_string, + r, + opt->admin_server_string, + opt->server_port_integer); + if(kadm_handle == NULL) + break; + } + + ret = kadm5_create_principal(kadm_handle, &princ, mask, "x"); + if(ret == 0) + created = 1; + else if(ret != KADM5_DUP) { + krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]); + krb5_free_principal(context, princ_ent); + failed++; + continue; + } + ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys); + if (ret) { + krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]); + krb5_free_principal(context, princ_ent); + failed++; + continue; + } + + ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, + KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES); + if (ret) { + krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]); + for (j = 0; j < n_keys; j++) + krb5_free_keyblock_contents(context, &keys[j]); + krb5_free_principal(context, princ_ent); + failed++; + continue; + } + if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX)) + krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]); + princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); + mask = KADM5_ATTRIBUTES; + if(created) { + princ.kvno = 1; + mask |= KADM5_KVNO; + } + ret = kadm5_modify_principal(kadm_handle, &princ, mask); + if (ret) { + krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]); + for (j = 0; j < n_keys; j++) + krb5_free_keyblock_contents(context, &keys[j]); + krb5_free_principal(context, princ_ent); + failed++; + continue; + } + for(j = 0; j < n_keys; j++) { + int do_add = TRUE; + + if (netypes) { + int k; + + do_add = FALSE; + for (k = 0; k < netypes; ++k) + if (keys[j].keytype == etypes[k]) { + do_add = TRUE; + break; + } + } + if (do_add) { + entry.principal = princ_ent; + entry.vno = princ.kvno; + entry.keyblock = keys[j]; + entry.timestamp = time (NULL); + ret = krb5_kt_add_entry(context, keytab, &entry); + if (ret) + krb5_warn(context, ret, "krb5_kt_add_entry"); + } + krb5_free_keyblock_contents(context, &keys[j]); + } + + kadm5_free_principal_ent(kadm_handle, &princ); + krb5_free_principal(context, princ_ent); + } + out: + free(etypes); + if (kadm_handle) + kadm5_destroy(kadm_handle); + krb5_kt_close(context, keytab); + return ret != 0 || failed > 0; +} diff --git a/crypto/external/bsd/heimdal/dist/admin/ktutil-commands.in b/crypto/external/bsd/heimdal/dist/admin/ktutil-commands.in new file mode 100644 index 000000000..ce3a8a0c0 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/ktutil-commands.in @@ -0,0 +1,247 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* Id */ + +command = { + name = "add" + option = { + long = "principal" + short = "p" + type = "string" + help = "principal to add" + argument = "principal" + default = "" + } + option = { + long = "kvno" + short = "V" + type = "integer" + help = "key version number" + default = "-1" + } + option = { + long = "enctype" + short = "e" + type = "string" + argument = "enctype" + help = "encryption type" + } + option = { + long = "password" + short = "w" + type = "string" + help = "password for key" + } + option = { + long = "salt" + short = "s" + type = "-flag" + help = "use unsalted keys" + default = "1" + } + option = { + long = "random" + short = "r" + type = "flag" + help = "generate random key" + } + option = { + long = "hex" + short = "H" + type = "flag" + help = "password is a hexadecimal string" + } + function = "kt_add" + help = "Adds a key to a keytab." + max_args = "0" +} +command = { + name = "change" + option = { + long = "realm" + short = "r" + type = "string" + argument = "realm" + help = "realm to use" + } + option = { + long = "admin-server" + short = "a" + type = "string" + argument = "host" + help = "server to contact" + } + option = { + long = "server-port" + short = "s" + type = "integer" + argument = "port number" + help = "port number on server" + } + function = "kt_change" + argument = "[principal...]" + help = "Change keys for specified principals (default all)." +} +command = { + name = "copy" + function = "kt_copy" + argument = "source destination" + min_args = "2" + max_args = "2" + help = "Copies one keytab to another." +} +command = { + name = "get" + option = { + long = "principal" + short = "p" + type = "string" + help = "admin principal" + argument = "principal" + } + option = { + long = "enctypes" + short = "e" + type = "strings" + help = "encryption types to use" + argument = "enctype" + } + option = { + long = "realm" + short = "r" + type = "string" + argument = "realm" + help = "realm to use" + } + option = { + long = "admin-server" + short = "a" + type = "string" + argument = "host" + help = "server to contact" + } + option = { + long = "server-port" + short = "s" + type = "integer" + argument = "port number" + help = "port number on server" + } + function = "kt_get" + min_args = "1" + argument = "principal..." + help = "Change keys for specified principals, and add them to the keytab." +} +command = { + name = "list" + option = { + long = "keys" + type = "flag" + help = "show key values" + } + option = { + long = "timestamp" + type = "flag" + help = "show timestamps" + } + max_args = "0" + function = "kt_list" + help = "Show contents of keytab." +} +command = { + name = "purge" + option = { + long = "age" + type = "string" + help = "age to retiere" + default = "1 week"; + argument = "time" + } + max_args = "0" + function = "kt_purge" + help = "Remove superceded keys from keytab." +} +command = { + name = "remove" + name = "delete" + option = { + long = "principal" + short = "p" + type = "string" + help = "principal to remove" + argument = "principal" + } + option = { + long = "kvno" + short = "V" + type = "integer" + help = "key version to remove" + argument = "enctype" + default = "0" + } + option = { + long = "enctype" + short = "e" + type = "string" + help = "enctype to remove" + argument = "enctype" + } + max_args = "0" + function = "kt_remove" + help = "Remove keys from keytab." +} +command = { + name = "rename" + function = "kt_rename" + argument = "from to" + min_args = "2" + max_args = "2" + help = "Renames an entry in the keytab." + option = { + long = "delete" + type = "-flag" + help = "don't delete orignal entry" + } +} +command = { + name = "destroy" + function = "kt_destroy" + max_args = "0" + help = "Destroy (remove) the keytab." +} +command = { + name = "help" + argument = "command" + max_args = "1" + function = "help" +} diff --git a/crypto/external/bsd/heimdal/dist/admin/ktutil-version.rc b/crypto/external/bsd/heimdal/dist/admin/ktutil-version.rc new file mode 100644 index 000000000..e0e91c5ce --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/ktutil-version.rc @@ -0,0 +1,36 @@ +/*********************************************************************** + * Copyright (c) 2010, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + **********************************************************************/ + +#define RC_FILE_TYPE VFT_APP +#define RC_FILE_DESC_0409 "Kerberos Keytab Tool" +#define RC_FILE_ORIG_0409 "ktutil.exe" + +#include "../windows/version.rc" diff --git a/crypto/external/bsd/heimdal/dist/admin/ktutil.8 b/crypto/external/bsd/heimdal/dist/admin/ktutil.8 new file mode 100644 index 000000000..1cf464b98 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/ktutil.8 @@ -0,0 +1,126 @@ +.\" $NetBSD: ktutil.8,v 1.2 2011/04/14 19:19:19 elric Exp $ +.\" +.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" Id +.\" +.Dd April 14, 2005 +.Dt KTUTIL 8 +.Os +.Sh NAME +.Nm ktutil +.Nd manage Kerberos keytabs +.Sh SYNOPSIS +.Nm +.Oo Fl k Ar keytab \*(Ba Xo +.Fl -keytab= Ns Ar keytab +.Xc +.Oc +.Op Fl v | Fl -verbose +.Op Fl -version +.Op Fl h | Fl -help +.Ar command +.Op Ar args +.Sh DESCRIPTION +.Nm +is a program for managing keytabs. +Supported options: +.Bl -tag -width Ds +.It Fl v , Fl -verbose +Verbose output. +.El +.Pp +.Ar command +can be one of the following: +.Bl -tag -width srvconvert +.It add Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \ +Oo Fl V Ar kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ +Oo Fl -enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ +Oo Fl -password= Ns Ar password Oc Oo Fl r Oc Oo Fl -random Oc \ +Oo Fl s Oc Oo Fl -no-salt Oc Oo Fl H Oc Op Fl -hex +Adds a key to the keytab. Options that are not specified will be +prompted for. This requires that you know the password or the hex key of the +principal to add; if what you really want is to add a new principal to +the keytab, you should consider the +.Ar get +command, which talks to the kadmin server. +.It change Oo Fl r Ar realm Oc Oo Fl -realm= Ns Ar realm Oc \ +Oo Fl -a Ar host Oc Oo Fl -admin-server= Ns Ar host Oc \ +Oo Fl -s Ar port Oc Op Fl -server-port= Ns Ar port +Update one or several keys to new versions. By default, use the admin +server for the realm of a keytab entry. Otherwise it will use the +values specified by the options. +.Pp +If no principals are given, all the ones in the keytab are updated. +.It copy Ar keytab-src Ar keytab-dest +Copies all the entries from +.Ar keytab-src +to +.Ar keytab-dest . +.It get Oo Fl p Ar admin principal Oc \ +Oo Fl -principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ +Oo Fl -enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ +Oo Fl -realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ +Oo Fl -admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ +Oo Fl -server-port= Ns Ar server port Oc Ar principal ... +For each +.Ar principal , +generate a new key for it (creating it if it doesn't already exist), +and put that key in the keytab. +.Pp +If no +.Ar realm +is specified, the realm to operate on is taken from the first +principal. +.It list Oo Fl -keys Oc Op Fl -timestamp +List the keys stored in the keytab. +.It remove Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \ +Oo Fl V kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ +Oo Fl -enctype= Ns Ar enctype Oc +Removes the specified key or keys. Not specifying a +.Ar kvno +removes keys with any version number. Not specifying an +.Ar enctype +removes keys of any type. +.It rename Ar from-principal Ar to-principal +Renames all entries in the keytab that match the +.Ar from-principal +to +.Ar to-principal . +.It purge Op Fl -age= Ns Ar age +Removes all old versions of a key for which there is a newer version +that is at least +.Ar age +(default one week) old. +.El +.Sh SEE ALSO +.Xr kadmin 8 diff --git a/crypto/external/bsd/heimdal/dist/admin/ktutil.c b/crypto/external/bsd/heimdal/dist/admin/ktutil.c new file mode 100644 index 000000000..3adb268d2 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/ktutil.c @@ -0,0 +1,176 @@ +/* $NetBSD: ktutil.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" +#include + +__RCSID("$NetBSD: ktutil.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $"); + +static int help_flag; +static int version_flag; +int verbose_flag; +char *keytab_string; +static char keytab_buf[256]; + +static struct getargs args[] = { + { + "version", + 0, + arg_flag, + &version_flag, + NULL, + NULL + }, + { + "help", + 'h', + arg_flag, + &help_flag, + NULL, + NULL + }, + { + "keytab", + 'k', + arg_string, + &keytab_string, + "keytab", + "keytab to operate on" + }, + { + "verbose", + 'v', + arg_flag, + &verbose_flag, + "verbose", + "run verbosely" + } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +krb5_context context; + +krb5_keytab +ktutil_open_keytab(void) +{ + krb5_error_code ret; + krb5_keytab keytab; + if (keytab_string == NULL) { + ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf)); + if (ret) { + krb5_warn(context, ret, "krb5_kt_default_name"); + return NULL; + } + keytab_string = keytab_buf; + } + ret = krb5_kt_resolve(context, keytab_string, &keytab); + if (ret) { + krb5_warn(context, ret, "resolving keytab %s", keytab_string); + return NULL; + } + if (verbose_flag) + fprintf (stderr, "Using keytab %s\n", keytab_string); + + return keytab; +} + +int +help(void *opt, int argc, char **argv) +{ + if(argc == 0) { + sl_help(commands, 1, argv - 1 /* XXX */); + } else { + SL_cmd *c = sl_match (commands, argv[0], 0); + if(c == NULL) { + fprintf (stderr, "No such command: %s. " + "Try \"help\" for a list of commands\n", + argv[0]); + } else { + if(c->func) { + char *fake[] = { NULL, "--help", NULL }; + fake[0] = argv[0]; + (*c->func)(2, fake); + fprintf(stderr, "\n"); + } + if(c->help && *c->help) + fprintf (stderr, "%s\n", c->help); + if((++c)->name && c->func == NULL) { + int f = 0; + fprintf (stderr, "Synonyms:"); + while (c->name && c->func == NULL) { + fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name); + f = 1; + } + fprintf (stderr, "\n"); + } + } + } + return 0; +} + +static void +usage(int status) +{ + arg_printusage(args, num_args, NULL, "command"); + exit(status); +} + +int +main(int argc, char **argv) +{ + int optidx = 0; + krb5_error_code ret; + setprogname(argv[0]); + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + if(getarg(args, num_args, argc, argv, &optidx)) + usage(1); + if(help_flag) + usage(0); + if(version_flag) { + print_version(NULL); + exit(0); + } + argc -= optidx; + argv += optidx; + if(argc == 0) + usage(1); + ret = sl_command(commands, argc, argv); + if(ret == -1) + krb5_warnx (context, "unrecognized command: %s", argv[0]); + return ret; +} diff --git a/crypto/external/bsd/heimdal/dist/admin/ktutil_locl.h b/crypto/external/bsd/heimdal/dist/admin/ktutil_locl.h new file mode 100644 index 000000000..0e2d37e53 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/ktutil_locl.h @@ -0,0 +1,76 @@ +/* $NetBSD: ktutil_locl.h,v 1.1.1.2 2011/04/14 14:08:06 elric Exp $ */ + +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Id + */ + +#ifndef __KTUTIL_LOCL_H__ +#define __KTUTIL_LOCL_H__ + +#include + +#include +#include +#include +#include +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#include +#include + +#include "crypto-headers.h" +#include +#include +#include + +#include +#include +#include + +extern krb5_context context; + +extern int verbose_flag; +extern char *keytab_string; + +krb5_keytab ktutil_open_keytab(void); + +#include "ktutil-commands.h" + +#endif /* __KTUTIL_LOCL_H__ */ diff --git a/crypto/external/bsd/heimdal/dist/admin/list.c b/crypto/external/bsd/heimdal/dist/admin/list.c new file mode 100644 index 000000000..3681607da --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/list.c @@ -0,0 +1,173 @@ +/* $NetBSD: list.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" +#include + +__RCSID("$NetBSD: list.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $"); + +static int +do_list(struct list_options *opt, const char *keytab_str) +{ + krb5_error_code ret; + krb5_keytab keytab; + krb5_keytab_entry entry; + krb5_kt_cursor cursor; + rtbl_t table; + + /* XXX specialcase the ANY type */ + if(strncasecmp(keytab_str, "ANY:", 4) == 0) { + int flag = 0; + char buf[1024]; + keytab_str += 4; + ret = 0; + while (strsep_copy((const char**)&keytab_str, ",", + buf, sizeof(buf)) != -1) { + if(flag) + printf("\n"); + if(do_list(opt, buf)) + ret = 1; + flag = 1; + } + return ret; + } + + ret = krb5_kt_resolve(context, keytab_str, &keytab); + if (ret) { + krb5_warn(context, ret, "resolving keytab %s", keytab_str); + return ret; + } + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret) { + krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_str); + krb5_kt_close(context, keytab); + return ret; + } + + printf ("%s:\n\n", keytab_str); + + table = rtbl_create(); + rtbl_add_column_by_id(table, 0, "Vno", RTBL_ALIGN_RIGHT); + rtbl_add_column_by_id(table, 1, "Type", 0); + rtbl_add_column_by_id(table, 2, "Principal", 0); + if (opt->timestamp_flag) + rtbl_add_column_by_id(table, 3, "Date", 0); + if(opt->keys_flag) + rtbl_add_column_by_id(table, 4, "Key", 0); + rtbl_add_column_by_id(table, 5, "Aliases", 0); + rtbl_set_separator(table, " "); + + while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0){ + char buf[1024], *s; + + snprintf(buf, sizeof(buf), "%d", entry.vno); + rtbl_add_column_entry_by_id(table, 0, buf); + + ret = krb5_enctype_to_string(context, + entry.keyblock.keytype, &s); + if (ret != 0) { + snprintf(buf, sizeof(buf), "unknown (%d)", entry.keyblock.keytype); + rtbl_add_column_entry_by_id(table, 1, buf); + } else { + rtbl_add_column_entry_by_id(table, 1, s); + free(s); + } + + krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf)); + rtbl_add_column_entry_by_id(table, 2, buf); + + if (opt->timestamp_flag) { + krb5_format_time(context, entry.timestamp, buf, + sizeof(buf), FALSE); + rtbl_add_column_entry_by_id(table, 3, buf); + } + if(opt->keys_flag) { + int i; + s = malloc(2 * entry.keyblock.keyvalue.length + 1); + if (s == NULL) { + krb5_warnx(context, "malloc failed"); + ret = ENOMEM; + goto out; + } + for(i = 0; i < entry.keyblock.keyvalue.length; i++) + snprintf(s + 2 * i, 3, "%02x", + ((unsigned char*)entry.keyblock.keyvalue.data)[i]); + rtbl_add_column_entry_by_id(table, 4, s); + free(s); + } + if (entry.aliases) { + unsigned int i; + struct rk_strpool *p = NULL; + + for (i = 0; i< entry.aliases->len; i++) { + krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf)); + rk_strpoolprintf(p, "%s%s", buf, + i + 1 < entry.aliases->len ? ", " : ""); + + } + rtbl_add_column_entry_by_id(table, 5, rk_strpoolcollect(p)); + } + + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + rtbl_format(table, stdout); + +out: + rtbl_destroy(table); + + krb5_kt_close(context, keytab); + return ret; +} + +int +kt_list(struct list_options *opt, int argc, char **argv) +{ + krb5_error_code ret; + char kt[1024]; + + if(verbose_flag) + opt->timestamp_flag = 1; + + if (keytab_string == NULL) { + if((ret = krb5_kt_default_name(context, kt, sizeof(kt))) != 0) { + krb5_warn(context, ret, "getting default keytab name"); + return 1; + } + keytab_string = kt; + } + return do_list(opt, keytab_string) != 0; +} diff --git a/crypto/external/bsd/heimdal/dist/admin/purge.c b/crypto/external/bsd/heimdal/dist/admin/purge.c new file mode 100644 index 000000000..bd8fcda7a --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/purge.c @@ -0,0 +1,174 @@ +/* $NetBSD: purge.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +__RCSID("$NetBSD: purge.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $"); + +/* + * keep track of the highest version for every principal. + */ + +struct e { + krb5_principal principal; + int max_vno; + time_t timestamp; + struct e *next; +}; + +static struct e * +get_entry (krb5_principal princ, struct e *head) +{ + struct e *e; + + for (e = head; e != NULL; e = e->next) + if (krb5_principal_compare (context, princ, e->principal)) + return e; + return NULL; +} + +static void +add_entry (krb5_principal princ, int vno, time_t timestamp, struct e **head) +{ + krb5_error_code ret; + struct e *e; + + e = get_entry (princ, *head); + if (e != NULL) { + if(e->max_vno < vno) { + e->max_vno = vno; + e->timestamp = timestamp; + } + return; + } + e = malloc (sizeof (*e)); + if (e == NULL) + krb5_errx (context, 1, "malloc: out of memory"); + ret = krb5_copy_principal (context, princ, &e->principal); + if (ret) + krb5_err (context, 1, ret, "krb5_copy_principal"); + e->max_vno = vno; + e->timestamp = timestamp; + e->next = *head; + *head = e; +} + +static void +delete_list (struct e *head) +{ + while (head != NULL) { + struct e *next = head->next; + krb5_free_principal (context, head->principal); + free (head); + head = next; + } +} + +/* + * Remove all entries that have newer versions and that are older + * than `age' + */ + +int +kt_purge(struct purge_options *opt, int argc, char **argv) +{ + krb5_error_code ret = 0; + krb5_kt_cursor cursor; + krb5_keytab keytab; + krb5_keytab_entry entry; + int age; + struct e *head = NULL; + time_t judgement_day; + + age = parse_time(opt->age_string, "s"); + if(age < 0) { + krb5_warnx(context, "unparasable time `%s'", opt->age_string); + return 1; + } + + if((keytab = ktutil_open_keytab()) == NULL) + return 1; + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "%s", keytab_string); + goto out; + } + + while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0) { + add_entry (entry.principal, entry.vno, entry.timestamp, &head); + krb5_kt_free_entry(context, &entry); + } + krb5_kt_end_seq_get(context, keytab, &cursor); + + judgement_day = time (NULL); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "%s", keytab_string); + goto out; + } + + while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0) { + struct e *e = get_entry (entry.principal, head); + + if (e == NULL) { + krb5_warnx (context, "ignoring extra entry"); + continue; + } + + if (entry.vno < e->max_vno + && judgement_day - e->timestamp > age) { + if (verbose_flag) { + char *name_str; + + krb5_unparse_name (context, entry.principal, &name_str); + printf ("removing %s vno %d\n", name_str, entry.vno); + free (name_str); + } + ret = krb5_kt_remove_entry (context, keytab, &entry); + if (ret) + krb5_warn (context, ret, "remove"); + } + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + + delete_list (head); + + out: + krb5_kt_close (context, keytab); + return ret != 0; +} diff --git a/crypto/external/bsd/heimdal/dist/admin/remove.c b/crypto/external/bsd/heimdal/dist/admin/remove.c new file mode 100644 index 000000000..ca0958dc7 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/remove.c @@ -0,0 +1,95 @@ +/* $NetBSD: remove.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +__RCSID("$NetBSD: remove.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $"); + +int +kt_remove(struct remove_options *opt, int argc, char **argv) +{ + krb5_error_code ret = 0; + krb5_keytab_entry entry; + krb5_keytab keytab; + krb5_principal principal = NULL; + krb5_enctype enctype = 0; + + if(opt->principal_string) { + ret = krb5_parse_name(context, opt->principal_string, &principal); + if(ret) { + krb5_warn(context, ret, "%s", opt->principal_string); + return 1; + } + } + if(opt->enctype_string) { + ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype); + if(ret) { + int t; + if(sscanf(opt->enctype_string, "%d", &t) == 1) + enctype = t; + else { + krb5_warn(context, ret, "%s", opt->enctype_string); + if(principal) + krb5_free_principal(context, principal); + return 1; + } + } + } + if (!principal && !enctype && !opt->kvno_integer) { + krb5_warnx(context, + "You must give at least one of " + "principal, enctype or kvno."); + ret = EINVAL; + goto out; + } + + if((keytab = ktutil_open_keytab()) == NULL) { + ret = 1; + goto out; + } + + entry.principal = principal; + entry.keyblock.keytype = enctype; + entry.vno = opt->kvno_integer; + ret = krb5_kt_remove_entry(context, keytab, &entry); + krb5_kt_close(context, keytab); + if(ret) + krb5_warn(context, ret, "remove"); + out: + if(principal) + krb5_free_principal(context, principal); + return ret != 0; +} + diff --git a/crypto/external/bsd/heimdal/dist/admin/rename.c b/crypto/external/bsd/heimdal/dist/admin/rename.c new file mode 100644 index 000000000..ae09a03b5 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/admin/rename.c @@ -0,0 +1,115 @@ +/* $NetBSD: rename.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2001-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +__RCSID("$NetBSD: rename.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $"); + +int +kt_rename(struct rename_options *opt, int argc, char **argv) +{ + krb5_error_code ret = 0; + krb5_keytab_entry entry; + krb5_keytab keytab; + krb5_kt_cursor cursor; + krb5_principal from_princ, to_princ; + + ret = krb5_parse_name(context, argv[0], &from_princ); + if(ret != 0) { + krb5_warn(context, ret, "%s", argv[0]); + return 1; + } + + ret = krb5_parse_name(context, argv[1], &to_princ); + if(ret != 0) { + krb5_free_principal(context, from_princ); + krb5_warn(context, ret, "%s", argv[1]); + return 1; + } + + if((keytab = ktutil_open_keytab()) == NULL) { + krb5_free_principal(context, from_princ); + krb5_free_principal(context, to_princ); + return 1; + } + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret) { + krb5_kt_close(context, keytab); + krb5_free_principal(context, from_princ); + krb5_free_principal(context, to_princ); + return 1; + } + while(1) { + ret = krb5_kt_next_entry(context, keytab, &entry, &cursor); + if(ret != 0) { + if(ret != KRB5_CC_END && ret != KRB5_KT_END) + krb5_warn(context, ret, "getting entry from keytab"); + else + ret = 0; + break; + } + if(krb5_principal_compare(context, entry.principal, from_princ)) { + krb5_free_principal(context, entry.principal); + entry.principal = to_princ; + ret = krb5_kt_add_entry(context, keytab, &entry); + if(ret) { + entry.principal = NULL; + krb5_kt_free_entry(context, &entry); + krb5_warn(context, ret, "adding entry"); + break; + } + if (opt->delete_flag) { + entry.principal = from_princ; + ret = krb5_kt_remove_entry(context, keytab, &entry); + if(ret) { + entry.principal = NULL; + krb5_kt_free_entry(context, &entry); + krb5_warn(context, ret, "removing entry"); + break; + } + } + entry.principal = NULL; + } + krb5_kt_free_entry(context, &entry); + } + krb5_kt_end_seq_get(context, keytab, &cursor); + + krb5_free_principal(context, from_princ); + krb5_free_principal(context, to_princ); + + return ret != 0; +} + diff --git a/crypto/external/bsd/heimdal/dist/autogen.sh b/crypto/external/bsd/heimdal/dist/autogen.sh new file mode 100755 index 000000000..c3facbf5c --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/autogen.sh @@ -0,0 +1,5 @@ +#!/bin/sh +# to really generate all files you need to run "make distcheck" in a +# object tree, but this will do if you have all parts of the required +# tool-chain installed +autoreconf -f -i || { echo "autoreconf failed: $?"; exit 1; } diff --git a/crypto/external/bsd/heimdal/dist/base/Makefile.am b/crypto/external/bsd/heimdal/dist/base/Makefile.am new file mode 100644 index 000000000..6876c4b39 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/Makefile.am @@ -0,0 +1,27 @@ + +include $(top_srcdir)/Makefile.am.common + +lib_LTLIBRARIES = libheimbase.la +check_PROGRAMS = test_base + +libheimbase_la_LDFLAGS = -version-info 1:0:0 + +if versionscript +libheimbase_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +endif + +include_HEADERS = heimbase.h + +dist_libheimbase_la_SOURCES = \ + array.c \ + baselocl.h \ + bool.c \ + dict.c \ + heimbase.c \ + heimbasepriv.h \ + heimqueue.h \ + null.c \ + number.c \ + string.c + +test_base_LDADD = $(LIB_heimbase) diff --git a/crypto/external/bsd/heimdal/dist/base/NTMakefile b/crypto/external/bsd/heimdal/dist/base/NTMakefile new file mode 100644 index 000000000..0668cd699 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/NTMakefile @@ -0,0 +1,53 @@ +######################################################################## +# +# Copyright (c) 2010, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +RELDIR=base + +!include ../windows/NTMakefile.w32 + +INCFILES=$(INCDIR)\heimbase.h + +libheimbase_OBJS = \ + $(OBJ)\array.obj \ + $(OBJ)\bool.obj \ + $(OBJ)\dict.obj \ + $(OBJ)\heimbase.obj \ + $(OBJ)\null.obj \ + $(OBJ)\number.obj \ + $(OBJ)\string.obj + +$(LIBHEIMBASE): $(libheimbase_OBJS) + $(LIBCON) + +all:: $(INCFILES) $(LIBHEIMBASE) + +clean:: + -$(RM) $(INCFILES) diff --git a/crypto/external/bsd/heimdal/dist/base/array.c b/crypto/external/bsd/heimdal/dist/base/array.c new file mode 100644 index 000000000..6d2ade683 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/array.c @@ -0,0 +1,236 @@ +/* $NetBSD: array.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" + +/* + * + */ + +struct heim_array_data { + size_t len; + heim_object_t *val; +}; + +static void +array_dealloc(heim_object_t ptr) +{ + heim_array_t array = ptr; + size_t n; + for (n = 0; n < array->len; n++) + heim_release(array->val[n]); + free(array->val); +} + +struct heim_type_data array_object = { + HEIM_TID_ARRAY, + "dict-object", + NULL, + array_dealloc, + NULL, + NULL, + NULL +}; + +/** + * Allocate an array + * + * @return A new allocated array, free with heim_release() + */ + +heim_array_t +heim_array_create(void) +{ + heim_array_t array; + + array = _heim_alloc_object(&array_object, sizeof(*array)); + if (array == NULL) + return NULL; + + array->val = NULL; + array->len = 0; + + return array; +} + +/** + * Get type id of an dict + * + * @return the type id + */ + +heim_tid_t +heim_array_get_type_id(void) +{ + return HEIM_TID_ARRAY; +} + +/** + * Append object to array + * + * @param array array to add too + * @param object the object to add + * + * @return zero if added, errno otherwise + */ + +int +heim_array_append_value(heim_array_t array, heim_object_t object) +{ + heim_object_t *ptr; + + ptr = realloc(array->val, (array->len + 1) * sizeof(array->val[0])); + if (ptr == NULL) + return ENOMEM; + array->val = ptr; + array->val[array->len++] = heim_retain(object); + + return 0; +} + +/** + * Iterate over all objects in array + * + * @param array array to iterate over + * @param fn function to call on each object + * @param ctx context passed to fn + */ + +void +heim_array_iterate_f(heim_array_t array, heim_array_iterator_f_t fn, void *ctx) +{ + size_t n; + for (n = 0; n < array->len; n++) + fn(array->val[n], ctx); +} + +#ifdef __BLOCKS__ +/** + * Iterate over all objects in array + * + * @param array array to iterate over + * @param fn block to call on each object + */ + +void +heim_array_iterate(heim_array_t array, void (^fn)(heim_object_t)) +{ + size_t n; + for (n = 0; n < array->len; n++) + fn(array->val[n]); +} +#endif + +/** + * Get length of array + * + * @param array array to get length of + * + * @return length of array + */ + +size_t +heim_array_get_length(heim_array_t array) +{ + return array->len; +} + +/** + * Copy value of array + * + * @param array array copy object from + * @param idx index of object, 0 based, must be smaller then + * heim_array_get_length() + * + * @return a retained copy of the object + */ + +heim_object_t +heim_array_copy_value(heim_array_t array, size_t idx) +{ + if (idx >= array->len) + heim_abort("index too large"); + return heim_retain(array->val[idx]); +} + +/** + * Delete value at idx + * + * @param array the array to modify + * @param idx the key to delete + */ + +void +heim_array_delete_value(heim_array_t array, size_t idx) +{ + heim_object_t obj; + if (idx >= array->len) + heim_abort("index too large"); + obj = array->val[idx]; + + array->len--; + + if (idx < array->len) + memmove(&array->val[idx], &array->val[idx + 1], + (array->len - idx) * sizeof(array->val[0])); + + heim_release(obj); +} + +#ifdef __BLOCKS__ +/** + * Get value at idx + * + * @param array the array to modify + * @param idx the key to delete + */ + +void +heim_array_filter(heim_array_t array, bool (^block)(heim_object_t)) +{ + size_t n = 0; + + while (n < array->len) { + if (block(array->val[n])) { + heim_array_delete_value(array, n); + } else { + n++; + } + } +} + +#endif /* __BLOCKS__ */ diff --git a/crypto/external/bsd/heimdal/dist/base/baselocl.h b/crypto/external/bsd/heimdal/dist/base/baselocl.h new file mode 100644 index 000000000..de2af529d --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/baselocl.h @@ -0,0 +1,134 @@ +/* $NetBSD: baselocl.h,v 1.2 2011/04/16 17:45:44 martin Exp $ */ + +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include + +#ifdef HAVE_UNISTD_H +#include +#endif + +#include "heimqueue.h" +#include "heim_threads.h" +#include +#include "heimbasepriv.h" + +#ifdef HAVE_DISPATCH_DISPATCH_H +#include +#endif + +#if defined(USE_ATOMIC_INCDEC) + +#include +#define heim_base_atomic_inc(x) atomic_inc_32_nv((x)) +#define heim_base_atomic_dec(x) atomic_dec_32_nv((x)) +#define heim_base_atomic_type uint32_t +#define heim_base_atomic_max UINT32_MAX + +#define heim_base_exchange_pointer(t,v) atomic_swap_ptr((t), (v)) + +#elif defined(__GNUC__) && defined(HAVE___SYNC_ADD_AND_FETCH) + +#define heim_base_atomic_inc(x) __sync_add_and_fetch((x), 1) +#define heim_base_atomic_dec(x) __sync_sub_and_fetch((x), 1) +#define heim_base_atomic_type unsigned int +#define heim_base_atomic_max UINT_MAX + +#define heim_base_exchange_pointer(t,v) __sync_lock_test_and_set((t), (v)) + +#elif defined(_WIN32) + +#define heim_base_atomic_inc(x) InterlockedIncrement(x) +#define heim_base_atomic_dec(x) InterlockedDecrement(x) +#define heim_base_atomic_type LONG +#define heim_base_atomic_max MAXLONG + +#define heim_base_exchange_pointer(t,v) InterlockedExchangePointer((t),(v)) + +#else + +#define HEIM_BASE_NEED_ATOMIC_MUTEX 1 +extern HEIMDAL_MUTEX _heim_base_mutex; + +#define heim_base_atomic_type unsigned int + +static inline heim_base_atomic_type +heim_base_atomic_inc(heim_base_atomic_type *x) +{ + heim_base_atomic_type t; + HEIMDAL_MUTEX_lock(&_heim_base_mutex); + t = ++(*x); + HEIMDAL_MUTEX_unlock(&_heim_base_mutex); + return t; +} + +static inline heim_base_atomic_type +heim_base_atomic_dec(heim_base_atomic_type *x) +{ + heim_base_atomic_type t; + HEIMDAL_MUTEX_lock(&_heim_base_mutex); + t = --(*x); + HEIMDAL_MUTEX_unlock(&_heim_base_mutex); + return t; +} + +#define heim_base_atomic_max UINT_MAX + +#endif + +/* tagged strings/object/XXX */ +#define heim_base_is_tagged(x) (((uintptr_t)(x)) & 0x3) + +#define heim_base_is_tagged_object(x) ((((uintptr_t)(x)) & 0x3) == 1) +#define heim_base_make_tagged_object(x, tid) \ + ((heim_object_t)((((uintptr_t)(x)) << 5) | ((tid) << 2) | 0x1)) +#define heim_base_tagged_object_tid(x) ((((uintptr_t)(x)) & 0x1f) >> 2) +#define heim_base_tagged_object_value(x) (((uintptr_t)(x)) >> 5) + +/* + * + */ + +#undef HEIMDAL_NORETURN_ATTRIBUTE +#define HEIMDAL_NORETURN_ATTRIBUTE +#undef HEIMDAL_PRINTF_ATTRIBUTE +#define HEIMDAL_PRINTF_ATTRIBUTE(x) diff --git a/crypto/external/bsd/heimdal/dist/base/bool.c b/crypto/external/bsd/heimdal/dist/base/bool.c new file mode 100644 index 000000000..fd4cab043 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/bool.c @@ -0,0 +1,60 @@ +/* $NetBSD: bool.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" + +struct heim_type_data _heim_bool_object = { + HEIM_TID_BOOL, + "bool-object", + NULL, + NULL, + NULL, + NULL, + NULL +}; + +heim_bool_t +heim_bool_create(int val) +{ + return heim_base_make_tagged_object(!!val, HEIM_TID_BOOL); +} + +int +heim_bool_val(heim_bool_t ptr) +{ + return heim_base_tagged_object_value(ptr); +} diff --git a/crypto/external/bsd/heimdal/dist/base/dict.c b/crypto/external/bsd/heimdal/dist/base/dict.c new file mode 100644 index 000000000..f21c47955 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/dict.c @@ -0,0 +1,284 @@ +/* $NetBSD: dict.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2002, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" + +struct hashentry { + struct hashentry **prev; + struct hashentry *next; + heim_object_t key; + heim_object_t value; +}; + +struct heim_dict_data { + size_t size; + struct hashentry **tab; +}; + +static void +dict_dealloc(void *ptr) +{ + heim_dict_t dict = ptr; + struct hashentry **h, *g, *i; + + for (h = dict->tab; h < &dict->tab[dict->size]; ++h) { + for (g = h[0]; g; g = i) { + i = g->next; + heim_release(g->key); + heim_release(g->value); + free(g); + } + } + free(dict->tab); +} + +struct heim_type_data dict_object = { + HEIM_TID_DICT, + "dict-object", + NULL, + dict_dealloc, + NULL, + NULL, + NULL +}; + +static size_t +isprime(size_t p) +{ + int q, i; + + for(i = 2 ; i < p; i++) { + q = p / i; + + if (i * q == p) + return 0; + if (i * i > p) + return 1; + } + return 1; +} + +static size_t +findprime(size_t p) +{ + if (p % 2 == 0) + p++; + + while (isprime(p) == 0) + p += 2; + + return p; +} + +/** + * Allocate an array + * + * @return A new allocated array, free with heim_release() + */ + +heim_dict_t +heim_dict_create(size_t size) +{ + heim_dict_t dict; + + dict = _heim_alloc_object(&dict_object, sizeof(*dict)); + + dict->size = findprime(size); + if (dict->size == 0) { + heim_release(dict); + return NULL; + } + + dict->tab = calloc(dict->size, sizeof(dict->tab[0])); + if (dict->tab == NULL) { + dict->size = 0; + heim_release(dict); + return NULL; + } + + return dict; +} + +/** + * Get type id of an dict + * + * @return the type id + */ + +heim_tid_t +heim_dict_get_type_id(void) +{ + return HEIM_TID_DICT; +} + +/* Intern search function */ + +static struct hashentry * +_search(heim_dict_t dict, heim_object_t ptr) +{ + unsigned long v = heim_get_hash(ptr); + struct hashentry *p; + + for (p = dict->tab[v % dict->size]; p != NULL; p = p->next) + if (heim_cmp(ptr, p->key) == 0) + return p; + + return NULL; +} + +/** + * Search for element in hash table + * + * @value dict the dict to search in + * @value key the key to search for + * + * @return a retained copy of the value for key or NULL if not found + */ + +heim_object_t +heim_dict_copy_value(heim_dict_t dict, heim_object_t key) +{ + struct hashentry *p; + p = _search(dict, key); + if (p == NULL) + return NULL; + + return heim_retain(p->value); +} + +/** + * Add key and value to dict + * + * @value dict the dict to add too + * @value key the key to add + * @value value the value to add + * + * @return 0 if added, errno if not + */ + +int +heim_dict_add_value(heim_dict_t dict, heim_object_t key, heim_object_t value) +{ + struct hashentry **tabptr, *h; + + h = _search(dict, key); + if (h) { + heim_release(h->value); + h->value = heim_retain(value); + } else { + unsigned long v; + + h = malloc(sizeof(*h)); + if (h == NULL) + return ENOMEM; + + h->key = heim_retain(key); + h->value = heim_retain(value); + + v = heim_get_hash(key); + + tabptr = &dict->tab[v % dict->size]; + h->next = *tabptr; + *tabptr = h; + h->prev = tabptr; + if (h->next) + h->next->prev = &h->next; + } + + return 0; +} + +/** + * Delete element with key key + * + * @value dict the dict to delete from + * @value key the key to delete + */ + +void +heim_dict_delete_key(heim_dict_t dict, heim_object_t key) +{ + struct hashentry *h = _search(dict, key); + + if (h == NULL) + return; + + heim_release(h->key); + heim_release(h->value); + + if ((*(h->prev) = h->next) != NULL) + h->next->prev = h->prev; + + free(h); +} + +/** + * Do something for each element + * + * @value dict the dict to interate over + * @value func the function to search for + * @value arg argument to func + */ + +void +heim_dict_iterate_f(heim_dict_t dict, heim_dict_iterator_f_t func, void *arg) +{ + struct hashentry **h, *g; + + for (h = dict->tab; h < &dict->tab[dict->size]; ++h) + for (g = *h; g; g = g->next) + func(g->key, g->value, arg); +} + +#ifdef __BLOCKS__ +/** + * Do something for each element + * + * @value dict the dict to interate over + * @value func the function to search for + */ + +void +heim_dict_iterate(heim_dict_t dict, void (^func)(heim_object_t, heim_object_t)) +{ + struct hashentry **h, *g; + + for (h = dict->tab; h < &dict->tab[dict->size]; ++h) + for (g = *h; g; g = g->next) + func(g->key, g->value); +} +#endif diff --git a/crypto/external/bsd/heimdal/dist/base/heimbase.c b/crypto/external/bsd/heimdal/dist/base/heimbase.c new file mode 100644 index 000000000..ba049acc1 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/heimbase.c @@ -0,0 +1,561 @@ +/* $NetBSD: heimbase.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" +#include + +static heim_base_atomic_type tidglobal = HEIM_TID_USER; + +struct heim_base { + heim_type_t isa; + heim_base_atomic_type ref_cnt; + HEIM_TAILQ_ENTRY(heim_base) autorel; + heim_auto_release_t autorelpool; + uintptr_t isaextra[3]; +}; + +/* specialized version of base */ +struct heim_base_mem { + heim_type_t isa; + heim_base_atomic_type ref_cnt; + HEIM_TAILQ_ENTRY(heim_base) autorel; + heim_auto_release_t autorelpool; + const char *name; + void (*dealloc)(void *); + uintptr_t isaextra[1]; +}; + +#define PTR2BASE(ptr) (((struct heim_base *)ptr) - 1) +#define BASE2PTR(ptr) ((void *)(((struct heim_base *)ptr) + 1)) + +#ifdef HEIM_BASE_NEED_ATOMIC_MUTEX +HEIMDAL_MUTEX _heim_base_mutex = HEIMDAL_MUTEX_INITIALIZER; +#endif + +/* + * Auto release structure + */ + +struct heim_auto_release { + HEIM_TAILQ_HEAD(, heim_base) pool; + HEIMDAL_MUTEX pool_mutex; + struct heim_auto_release *parent; +}; + + +/** + * Retain object + * + * @param object to be released, NULL is ok + * + * @return the same object as passed in + */ + +void * +heim_retain(void *ptr) +{ + struct heim_base *p = PTR2BASE(ptr); + + if (ptr == NULL || heim_base_is_tagged(ptr)) + return ptr; + + if (p->ref_cnt == heim_base_atomic_max) + return ptr; + + if ((heim_base_atomic_inc(&p->ref_cnt) - 1) == 0) + heim_abort("resurection"); + return ptr; +} + +/** + * Release object, free is reference count reaches zero + * + * @param object to be released + */ + +void +heim_release(void *ptr) +{ + heim_base_atomic_type old; + struct heim_base *p = PTR2BASE(ptr); + + if (ptr == NULL || heim_base_is_tagged(ptr)) + return; + + if (p->ref_cnt == heim_base_atomic_max) + return; + + old = heim_base_atomic_dec(&p->ref_cnt) + 1; + + if (old > 1) + return; + + if (old == 1) { + heim_auto_release_t ar = p->autorelpool; + /* remove from autorel pool list */ + if (ar) { + p->autorelpool = NULL; + HEIMDAL_MUTEX_lock(&ar->pool_mutex); + HEIM_TAILQ_REMOVE(&ar->pool, p, autorel); + HEIMDAL_MUTEX_unlock(&ar->pool_mutex); + } + if (p->isa->dealloc) + p->isa->dealloc(ptr); + free(p); + } else + heim_abort("over release"); +} + +static heim_type_t tagged_isa[9] = { + &_heim_number_object, + &_heim_null_object, + &_heim_bool_object, + + NULL, + NULL, + NULL, + + NULL, + NULL, + NULL +}; + +heim_type_t +_heim_get_isa(heim_object_t ptr) +{ + struct heim_base *p; + if (heim_base_is_tagged(ptr)) { + if (heim_base_is_tagged_object(ptr)) + return tagged_isa[heim_base_tagged_object_tid(ptr)]; + heim_abort("not a supported tagged type"); + } + p = PTR2BASE(ptr); + return p->isa; +} + +/** + * Get type ID of object + * + * @param object object to get type id of + * + * @return type id of object + */ + +heim_tid_t +heim_get_tid(heim_object_t ptr) +{ + heim_type_t isa = _heim_get_isa(ptr); + return isa->tid; +} + +/** + * Get hash value of object + * + * @param object object to get hash value for + * + * @return a hash value + */ + +unsigned long +heim_get_hash(heim_object_t ptr) +{ + heim_type_t isa = _heim_get_isa(ptr); + if (isa->hash) + return isa->hash(ptr); + return (unsigned long)ptr; +} + +/** + * Compare two objects, returns 0 if equal, can use used for qsort() + * and friends. + * + * @param a first object to compare + * @param b first object to compare + * + * @return 0 if objects are equal + */ + +int +heim_cmp(heim_object_t a, heim_object_t b) +{ + heim_tid_t ta, tb; + heim_type_t isa; + + ta = heim_get_tid(a); + tb = heim_get_tid(b); + + if (ta != tb) + return ta - tb; + + isa = _heim_get_isa(a); + + if (isa->cmp) + return isa->cmp(a, b); + + return (uintptr_t)a - (uintptr_t)b; +} + +/* + * Private - allocates an memory object + */ + +static void +memory_dealloc(void *ptr) +{ + struct heim_base_mem *p = (struct heim_base_mem *)PTR2BASE(ptr); + if (p->dealloc) + p->dealloc(ptr); +} + +struct heim_type_data memory_object = { + HEIM_TID_MEMORY, + "memory-object", + NULL, + memory_dealloc, + NULL, + NULL, + NULL +}; + +void * +heim_alloc(size_t size, const char *name, heim_type_dealloc dealloc) +{ + /* XXX use posix_memalign */ + + struct heim_base_mem *p = calloc(1, size + sizeof(*p)); + if (p == NULL) + return NULL; + p->isa = &memory_object; + p->ref_cnt = 1; + p->name = name; + p->dealloc = dealloc; + return BASE2PTR(p); +} + +heim_type_t +_heim_create_type(const char *name, + heim_type_init init, + heim_type_dealloc dealloc, + heim_type_copy copy, + heim_type_cmp cmp, + heim_type_hash hash) +{ + heim_type_t type; + + type = calloc(1, sizeof(*type)); + if (type == NULL) + return NULL; + + type->tid = heim_base_atomic_inc(&tidglobal); + type->name = name; + type->init = init; + type->dealloc = dealloc; + type->copy = copy; + type->cmp = cmp; + type->hash = hash; + + return type; +} + +heim_object_t +_heim_alloc_object(heim_type_t type, size_t size) +{ + /* XXX should use posix_memalign */ + struct heim_base *p = calloc(1, size + sizeof(*p)); + if (p == NULL) + return NULL; + p->isa = type; + p->ref_cnt = 1; + + return BASE2PTR(p); +} + +heim_tid_t +_heim_type_get_tid(heim_type_t type) +{ + return type->tid; +} + +/** + * Call func once and only once + * + * @param once pointer to a heim_base_once_t + * @param ctx context passed to func + * @param func function to be called + */ + +void +heim_base_once_f(heim_base_once_t *once, void *ctx, void (*func)(void *)) +{ +#ifdef HAVE_DISPATCH_DISPATCH_H + dispatch_once_f(once, ctx, func); +#else + static HEIMDAL_MUTEX mutex = HEIMDAL_MUTEX_INITIALIZER; + HEIMDAL_MUTEX_lock(&mutex); + if (*once == 0) { + *once = 1; + HEIMDAL_MUTEX_unlock(&mutex); + func(ctx); + HEIMDAL_MUTEX_lock(&mutex); + *once = 2; + HEIMDAL_MUTEX_unlock(&mutex); + } else if (*once == 2) { + HEIMDAL_MUTEX_unlock(&mutex); + } else { + HEIMDAL_MUTEX_unlock(&mutex); + while (1) { + struct timeval tv = { 0, 1000 }; + select(0, NULL, NULL, NULL, &tv); + HEIMDAL_MUTEX_lock(&mutex); + if (*once == 2) + break; + HEIMDAL_MUTEX_unlock(&mutex); + } + HEIMDAL_MUTEX_unlock(&mutex); + } +#endif +} + +/** + * Abort and log the failure (using syslog) + */ + +void +heim_abort(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + heim_abortv(fmt, ap); + va_end(ap); +} + +/** + * Abort and log the failure (using syslog) + */ + +void +heim_abortv(const char *fmt, va_list ap) +{ + static char str[1024]; + + vsnprintf(str, sizeof(str), fmt, ap); + syslog(LOG_ERR, "heim_abort: %s", str); + abort(); +} + +/* + * + */ + +static int ar_created = 0; +static HEIMDAL_thread_key ar_key; + +struct ar_tls { + struct heim_auto_release *head; + struct heim_auto_release *current; + HEIMDAL_MUTEX tls_mutex; +}; + +static void +ar_tls_delete(void *ptr) +{ + struct ar_tls *tls = ptr; + if (tls->head) + heim_release(tls->head); + free(tls); +} + +static void +init_ar_tls(void *ptr) +{ + int ret; + HEIMDAL_key_create(&ar_key, ar_tls_delete, ret); + if (ret == 0) + ar_created = 1; +} + +static struct ar_tls * +autorel_tls(void) +{ + static heim_base_once_t once = HEIM_BASE_ONCE_INIT; + struct ar_tls *arp; + int ret; + + heim_base_once_f(&once, NULL, init_ar_tls); + if (!ar_created) + return NULL; + + arp = HEIMDAL_getspecific(ar_key); + if (arp == NULL) { + + arp = calloc(1, sizeof(*arp)); + if (arp == NULL) + return NULL; + HEIMDAL_setspecific(ar_key, arp, ret); + if (ret) { + free(arp); + return NULL; + } + } + return arp; + +} + +static void +autorel_dealloc(void *ptr) +{ + heim_auto_release_t ar = ptr; + struct ar_tls *tls; + + tls = autorel_tls(); + if (tls == NULL) + heim_abort("autorelease pool released on thread w/o autorelease inited"); + + heim_auto_release_drain(ar); + + if (!HEIM_TAILQ_EMPTY(&ar->pool)) + heim_abort("pool not empty after draining"); + + HEIMDAL_MUTEX_lock(&tls->tls_mutex); + if (tls->current != ptr) + heim_abort("autorelease not releaseing top pool"); + + if (tls->current != tls->head) + tls->current = ar->parent; + HEIMDAL_MUTEX_unlock(&tls->tls_mutex); +} + +static int +autorel_cmp(void *a, void *b) +{ + return (a == b); +} + +static unsigned long +autorel_hash(void *ptr) +{ + return (unsigned long)ptr; +} + + +static struct heim_type_data _heim_autorel_object = { + HEIM_TID_AUTORELEASE, + "autorelease-pool", + NULL, + autorel_dealloc, + NULL, + autorel_cmp, + autorel_hash +}; + +/** + * + */ + +heim_auto_release_t +heim_auto_release_create(void) +{ + struct ar_tls *tls = autorel_tls(); + heim_auto_release_t ar; + + if (tls == NULL) + heim_abort("Failed to create/get autorelease head"); + + ar = _heim_alloc_object(&_heim_autorel_object, sizeof(struct heim_auto_release)); + if (ar) { + HEIMDAL_MUTEX_lock(&tls->tls_mutex); + if (tls->head == NULL) + tls->head = ar; + ar->parent = tls->current; + tls->current = ar; + HEIMDAL_MUTEX_unlock(&tls->tls_mutex); + } + + return ar; +} + +/** + * Mark the current object as a + */ + +void +heim_auto_release(heim_object_t ptr) +{ + struct heim_base *p = PTR2BASE(ptr); + struct ar_tls *tls = autorel_tls(); + heim_auto_release_t ar; + + if (ptr == NULL || heim_base_is_tagged(ptr)) + return; + + /* drop from old pool */ + if ((ar = p->autorelpool) != NULL) { + HEIMDAL_MUTEX_lock(&ar->pool_mutex); + HEIM_TAILQ_REMOVE(&ar->pool, p, autorel); + p->autorelpool = NULL; + HEIMDAL_MUTEX_unlock(&ar->pool_mutex); + } + + if (tls == NULL || (ar = tls->current) == NULL) + heim_abort("no auto relase pool in place, would leak"); + + HEIMDAL_MUTEX_lock(&ar->pool_mutex); + HEIM_TAILQ_INSERT_HEAD(&ar->pool, p, autorel); + p->autorelpool = ar; + HEIMDAL_MUTEX_unlock(&ar->pool_mutex); +} + +/** + * + */ + +void +heim_auto_release_drain(heim_auto_release_t autorel) +{ + heim_object_t obj; + + /* release all elements on the tail queue */ + + HEIMDAL_MUTEX_lock(&autorel->pool_mutex); + while(!HEIM_TAILQ_EMPTY(&autorel->pool)) { + obj = HEIM_TAILQ_FIRST(&autorel->pool); + HEIMDAL_MUTEX_unlock(&autorel->pool_mutex); + heim_release(BASE2PTR(obj)); + HEIMDAL_MUTEX_lock(&autorel->pool_mutex); + } + HEIMDAL_MUTEX_unlock(&autorel->pool_mutex); +} diff --git a/crypto/external/bsd/heimdal/dist/base/heimbase.h b/crypto/external/bsd/heimdal/dist/base/heimbase.h new file mode 100644 index 000000000..dd185eebd --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/heimbase.h @@ -0,0 +1,174 @@ +/* $NetBSD: heimbase.h,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HEIM_BASE_H +#define HEIM_BASE_H 1 + +#include +#include +#include +#include + +typedef void * heim_object_t; +typedef unsigned int heim_tid_t; +typedef heim_object_t heim_bool_t; +typedef heim_object_t heim_null_t; +#define HEIM_BASE_ONCE_INIT 0 +typedef long heim_base_once_t; /* XXX arch dependant */ + +void * heim_retain(heim_object_t); +void heim_release(heim_object_t); + +typedef void (*heim_type_dealloc)(void *); + +void * +heim_alloc(size_t size, const char *name, heim_type_dealloc dealloc); + +heim_tid_t +heim_get_tid(heim_object_t object); + +int +heim_cmp(heim_object_t a, heim_object_t b); + +unsigned long +heim_get_hash(heim_object_t ptr); + +void +heim_base_once_f(heim_base_once_t *, void *, void (*)(void *)); + +void +heim_abort(const char *fmt, ...) + HEIMDAL_NORETURN_ATTRIBUTE + HEIMDAL_PRINTF_ATTRIBUTE((printf, 1, 2)); + +void +heim_abortv(const char *fmt, va_list ap) + HEIMDAL_NORETURN_ATTRIBUTE + HEIMDAL_PRINTF_ATTRIBUTE((printf, 1, 0)); + +#define heim_assert(e,t) \ + (__builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0) + +/* + * + */ + +heim_null_t +heim_null_create(void); + +heim_bool_t +heim_bool_create(int); + +int +heim_bool_val(heim_bool_t); + +/* + * Array + */ + +typedef struct heim_array_data *heim_array_t; + +heim_array_t heim_array_create(void); +heim_tid_t heim_array_get_type_id(void); + +typedef void (*heim_array_iterator_f_t)(heim_object_t, void *); + +int heim_array_append_value(heim_array_t, heim_object_t); +void heim_array_iterate_f(heim_array_t, heim_array_iterator_f_t, void *); +#ifdef __BLOCKS__ +void heim_array_iterate(heim_array_t, void (^)(heim_object_t)); +#endif +size_t heim_array_get_length(heim_array_t); +heim_object_t + heim_array_copy_value(heim_array_t, size_t); +void heim_array_delete_value(heim_array_t, size_t); +#ifdef __BLOCKS__ +void heim_array_filter(heim_array_t, bool (^)(heim_object_t)); +#endif + +/* + * Dict + */ + +typedef struct heim_dict_data *heim_dict_t; + +heim_dict_t heim_dict_create(size_t size); +heim_tid_t heim_dict_get_type_id(void); + +typedef void (*heim_dict_iterator_f_t)(heim_object_t, heim_object_t, void *); + +int heim_dict_add_value(heim_dict_t, heim_object_t, heim_object_t); +void heim_dict_iterate_f(heim_dict_t, heim_dict_iterator_f_t, void *); +#ifdef __BLOCKS__ +void heim_dict_iterate(heim_dict_t, void (^)(heim_object_t, heim_object_t)); +#endif + +heim_object_t + heim_dict_copy_value(heim_dict_t, heim_object_t); +void heim_dict_delete_key(heim_dict_t, heim_object_t); + +/* + * String + */ + +typedef struct heim_string_data *heim_string_t; + +heim_string_t heim_string_create(const char *); +heim_tid_t heim_string_get_type_id(void); +const char * heim_string_get_utf8(heim_string_t); + +/* + * Number + */ + +typedef struct heim_number_data *heim_number_t; + +heim_number_t heim_number_create(int); +heim_tid_t heim_number_get_type_id(void); +int heim_number_get_int(heim_number_t); + +/* + * + */ + +typedef struct heim_auto_release * heim_auto_release_t; + +heim_auto_release_t heim_auto_release_create(void); +void heim_auto_release_drain(heim_auto_release_t); +void heim_auto_release(heim_object_t); + +#endif /* HEIM_BASE_H */ diff --git a/crypto/external/bsd/heimdal/dist/base/heimbasepriv.h b/crypto/external/bsd/heimdal/dist/base/heimbasepriv.h new file mode 100644 index 000000000..be771eeb4 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/heimbasepriv.h @@ -0,0 +1,93 @@ +/* $NetBSD: heimbasepriv.h,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +typedef void (*heim_type_init)(void *); +typedef heim_object_t (*heim_type_copy)(void *); +typedef int (*heim_type_cmp)(void *, void *); +typedef unsigned long (*heim_type_hash)(void *); + +typedef struct heim_type_data *heim_type_t; + +enum { + HEIM_TID_NUMBER = 0, + HEIM_TID_NULL = 1, + HEIM_TID_BOOL = 2, + HEIM_TID_TAGGED_UNUSED2 = 3, + HEIM_TID_TAGGED_UNUSED3 = 4, + HEIM_TID_TAGGED_UNUSED4 = 5, + HEIM_TID_TAGGED_UNUSED5 = 6, + HEIM_TID_TAGGED_UNUSED6 = 7, + HEIM_TID_MEMORY = 128, + HEIM_TID_ARRAY = 129, + HEIM_TID_DICT = 130, + HEIM_TID_STRING = 131, + HEIM_TID_AUTORELEASE = 132, + HEIM_TID_USER = 255 + +}; + +struct heim_type_data { + heim_tid_t tid; + const char *name; + heim_type_init init; + heim_type_dealloc dealloc; + heim_type_copy copy; + heim_type_cmp cmp; + heim_type_hash hash; +}; + +heim_type_t _heim_get_isa(heim_object_t); + +heim_type_t +_heim_create_type(const char *name, + heim_type_init init, + heim_type_dealloc dealloc, + heim_type_copy copy, + heim_type_cmp cmp, + heim_type_hash hash); + +heim_object_t +_heim_alloc_object(heim_type_t type, size_t size); + +heim_tid_t +_heim_type_get_tid(heim_type_t type); + +/* tagged tid */ +extern struct heim_type_data _heim_null_object; +extern struct heim_type_data _heim_bool_object; +extern struct heim_type_data _heim_number_object; +extern struct heim_type_data _heim_string_object; diff --git a/crypto/external/bsd/heimdal/dist/base/heimqueue.h b/crypto/external/bsd/heimdal/dist/base/heimqueue.h new file mode 100644 index 000000000..281eb388a --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/heimqueue.h @@ -0,0 +1,169 @@ +/* $NetBSD: heimqueue.h,v 1.1.1.2 2011/04/14 14:08:07 elric Exp $ */ + +/* NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp */ +/* Id */ + +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)queue.h 8.5 (Berkeley) 8/20/94 + */ + +#ifndef _HEIM_QUEUE_H_ +#define _HEIM_QUEUE_H_ + +/* + * Tail queue definitions. + */ +#define HEIM_TAILQ_HEAD(name, type) \ +struct name { \ + struct type *tqh_first; /* first element */ \ + struct type **tqh_last; /* addr of last next element */ \ +} + +#define HEIM_TAILQ_HEAD_INITIALIZER(head) \ + { NULL, &(head).tqh_first } +#define HEIM_TAILQ_ENTRY(type) \ +struct { \ + struct type *tqe_next; /* next element */ \ + struct type **tqe_prev; /* address of previous next element */ \ +} + +/* + * Tail queue functions. + */ +#if defined(_KERNEL) && defined(QUEUEDEBUG) +#define QUEUEDEBUG_HEIM_TAILQ_INSERT_HEAD(head, elm, field) \ + if ((head)->tqh_first && \ + (head)->tqh_first->field.tqe_prev != &(head)->tqh_first) \ + panic("HEIM_TAILQ_INSERT_HEAD %p %s:%d", (head), __FILE__, __LINE__); +#define QUEUEDEBUG_HEIM_TAILQ_INSERT_TAIL(head, elm, field) \ + if (*(head)->tqh_last != NULL) \ + panic("HEIM_TAILQ_INSERT_TAIL %p %s:%d", (head), __FILE__, __LINE__); +#define QUEUEDEBUG_HEIM_TAILQ_OP(elm, field) \ + if ((elm)->field.tqe_next && \ + (elm)->field.tqe_next->field.tqe_prev != \ + &(elm)->field.tqe_next) \ + panic("HEIM_TAILQ_* forw %p %s:%d", (elm), __FILE__, __LINE__);\ + if (*(elm)->field.tqe_prev != (elm)) \ + panic("HEIM_TAILQ_* back %p %s:%d", (elm), __FILE__, __LINE__); +#define QUEUEDEBUG_HEIM_TAILQ_PREREMOVE(head, elm, field) \ + if ((elm)->field.tqe_next == NULL && \ + (head)->tqh_last != &(elm)->field.tqe_next) \ + panic("HEIM_TAILQ_PREREMOVE head %p elm %p %s:%d", \ + (head), (elm), __FILE__, __LINE__); +#define QUEUEDEBUG_HEIM_TAILQ_POSTREMOVE(elm, field) \ + (elm)->field.tqe_next = (void *)1L; \ + (elm)->field.tqe_prev = (void *)1L; +#else +#define QUEUEDEBUG_HEIM_TAILQ_INSERT_HEAD(head, elm, field) +#define QUEUEDEBUG_HEIM_TAILQ_INSERT_TAIL(head, elm, field) +#define QUEUEDEBUG_HEIM_TAILQ_OP(elm, field) +#define QUEUEDEBUG_HEIM_TAILQ_PREREMOVE(head, elm, field) +#define QUEUEDEBUG_HEIM_TAILQ_POSTREMOVE(elm, field) +#endif + +#define HEIM_TAILQ_INIT(head) do { \ + (head)->tqh_first = NULL; \ + (head)->tqh_last = &(head)->tqh_first; \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_INSERT_HEAD(head, elm, field) do { \ + QUEUEDEBUG_HEIM_TAILQ_INSERT_HEAD((head), (elm), field) \ + if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ + (head)->tqh_first->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (head)->tqh_first = (elm); \ + (elm)->field.tqe_prev = &(head)->tqh_first; \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_INSERT_TAIL(head, elm, field) do { \ + QUEUEDEBUG_HEIM_TAILQ_INSERT_TAIL((head), (elm), field) \ + (elm)->field.tqe_next = NULL; \ + (elm)->field.tqe_prev = (head)->tqh_last; \ + *(head)->tqh_last = (elm); \ + (head)->tqh_last = &(elm)->field.tqe_next; \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ + QUEUEDEBUG_HEIM_TAILQ_OP((listelm), field) \ + if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ + (elm)->field.tqe_next->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (listelm)->field.tqe_next = (elm); \ + (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ + QUEUEDEBUG_HEIM_TAILQ_OP((listelm), field) \ + (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ + (elm)->field.tqe_next = (listelm); \ + *(listelm)->field.tqe_prev = (elm); \ + (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_REMOVE(head, elm, field) do { \ + QUEUEDEBUG_HEIM_TAILQ_PREREMOVE((head), (elm), field) \ + QUEUEDEBUG_HEIM_TAILQ_OP((elm), field) \ + if (((elm)->field.tqe_next) != NULL) \ + (elm)->field.tqe_next->field.tqe_prev = \ + (elm)->field.tqe_prev; \ + else \ + (head)->tqh_last = (elm)->field.tqe_prev; \ + *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ + QUEUEDEBUG_HEIM_TAILQ_POSTREMOVE((elm), field); \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_FOREACH(var, head, field) \ + for ((var) = ((head)->tqh_first); \ + (var); \ + (var) = ((var)->field.tqe_next)) + +#define HEIM_TAILQ_FOREACH_REVERSE(var, head, headname, field) \ + for ((var) = (*(((struct headname *)((head)->tqh_last))->tqh_last)); \ + (var); \ + (var) = (*(((struct headname *)((var)->field.tqe_prev))->tqh_last))) + +/* + * Tail queue access methods. + */ +#define HEIM_TAILQ_EMPTY(head) ((head)->tqh_first == NULL) +#define HEIM_TAILQ_FIRST(head) ((head)->tqh_first) +#define HEIM_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) + +#define HEIM_TAILQ_LAST(head, headname) \ + (*(((struct headname *)((head)->tqh_last))->tqh_last)) +#define HEIM_TAILQ_PREV(elm, headname, field) \ + (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) + + +#endif /* !_HEIM_QUEUE_H_ */ diff --git a/crypto/external/bsd/heimdal/dist/base/json.c b/crypto/external/bsd/heimdal/dist/base/json.c new file mode 100644 index 000000000..b37d4cd41 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/json.c @@ -0,0 +1,149 @@ +/* $NetBSD: json.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" + + +int +heim_base2json(heim_object_t obj, + void (*out)(char *, void *), void *ctx) +{ + heim_tid_t type = heim_get_tid(obj); + __block int fail = 0, needcomma = 0; + + switch (type) { + case HEIM_TID_ARRAY: + out("[ ", ctx); + heim_array_iterate(obj, ^(heim_object_t sub) { + if (needcomma) + out(", ", ctx); + fail |= heim_base2json(sub, out, ctx); + needcomma = 1; + }); + out("]", ctx); + break; + + case HEIM_TID_DICT: + out("{ ", ctx); + heim_dict_iterate(obj, ^(heim_object_t key, heim_object_t value) { + if (needcomma) + out(", ", ctx); + fail |= heim_base2json(key, out, ctx); + out(" = ", ctx); + fail |= heim_base2json(value, out, ctx); + needcomma = 1; + }); + out("}", ctx); + break; + + case HEIM_TID_STRING: + out("\"", ctx); + out(heim_string_get_utf8(obj), ctx); + out("\"", ctx); + break; + + case HEIM_TID_NUMBER: { + char num[16]; + snprintf(num, sizeof(num), "%d", heim_number_get_int(obj)); + out(num, ctx); + break; + } + case HEIM_TID_NULL: + out("null", ctx); + break; + case HEIM_TID_BOOL: + out(heim_bool_val(obj) ? "true" : "false", ctx); + break; + default: + return 1; + } + return fail; +} + +static int +parse_dict(heim_dict_t dict, char * const *pp, size_t *len) +{ + const char *p = *pp; + while (*len) { + (*len)--; + + if (*p == '\n') { + p += 1; + } else if (isspace(*p)) { + p += 1; + } else if (*p == '}') { + *pp = p + 1; + return 0; + } else { + } + } + return ENOENT; +} + + +heim_object_t +heim_json2base(const void *data, size_t length) +{ + heim_array_t stack; + heim_object_t o = NULL; + const char *p = data; + unsigned long lineno = 1; + + while (length) { + length--; + + if (*p == '\n') { + lineno++; + } else if (isspace((int)*p)) { + ; + } else if (*p == '{') { + o = heim_dict_create(); + + if ((ret = parse_dict(&p, &length)) != 0) + goto out; + } else + abort(); + } + + out: + if (ret && o) { + heim_release(o); + o = NULL; + } + + return o; +} diff --git a/crypto/external/bsd/heimdal/dist/base/null.c b/crypto/external/bsd/heimdal/dist/base/null.c new file mode 100644 index 000000000..b602bf665 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/null.c @@ -0,0 +1,54 @@ +/* $NetBSD: null.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" + +struct heim_type_data _heim_null_object = { + HEIM_TID_NULL, + "null-object", + NULL, + NULL, + NULL, + NULL, + NULL +}; + +heim_null_t +heim_null_create(void) +{ + return heim_base_make_tagged_object(0, HEIM_TID_NULL); +} diff --git a/crypto/external/bsd/heimdal/dist/base/number.c b/crypto/external/bsd/heimdal/dist/base/number.c new file mode 100644 index 000000000..3c3aa3d27 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/number.c @@ -0,0 +1,129 @@ +/* $NetBSD: number.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" + +static void +number_dealloc(void *ptr) +{ +} + +static int +number_cmp(void *a, void *b) +{ + int na, nb; + + if (heim_base_is_tagged_object(a)) + na = heim_base_tagged_object_value(a); + else + na = *(int *)a; + + if (heim_base_is_tagged_object(b)) + nb = heim_base_tagged_object_value(b); + else + nb = *(int *)b; + + return na - nb; +} + +static unsigned long +number_hash(void *ptr) +{ + if (heim_base_is_tagged_object(ptr)) + return heim_base_tagged_object_value(ptr); + return (unsigned long)*(int *)ptr; +} + +struct heim_type_data _heim_number_object = { + HEIM_TID_NUMBER, + "number-object", + NULL, + number_dealloc, + NULL, + number_cmp, + number_hash +}; + +/** + * Create a number object + * + * @param the number to contain in the object + * + * @return a number object + */ + +heim_number_t +heim_number_create(int number) +{ + heim_number_t n; + + if (number < 0xffffff && number >= 0) + return heim_base_make_tagged_object(number, HEIM_TID_NUMBER); + + n = _heim_alloc_object(&_heim_number_object, sizeof(int)); + if (n) + *((int *)n) = number; + return n; +} + +/** + * Return the type ID of number objects + * + * @return type id of number objects + */ + +heim_tid_t +heim_number_get_type_id(void) +{ + return HEIM_TID_NUMBER; +} + +/** + * Get the int value of the content + * + * @param number the number object to get the value from + * + * @return an int + */ + +int +heim_number_get_int(heim_number_t number) +{ + if (heim_base_is_tagged_object(number)) + return heim_base_tagged_object_value(number); + return *(int *)number; +} diff --git a/crypto/external/bsd/heimdal/dist/base/roken_rename.h b/crypto/external/bsd/heimdal/dist/base/roken_rename.h new file mode 100644 index 000000000..79b76f21e --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/roken_rename.h @@ -0,0 +1,60 @@ +/* $NetBSD: roken_rename.h,v 1.1.1.2 2011/04/14 14:08:07 elric Exp $ */ + +/* + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* Id */ + +#ifndef __heimbase_roken_rename_h__ +#define __heimbase_roken_rename_h__ + +#ifndef HAVE_SNPRINTF +#define rk_snprintf heimbase_snprintf +#endif +#ifndef HAVE_VSNPRINTF +#define rk_vsnprintf heimbase_vsnprintf +#endif +#ifndef HAVE_ASPRINTF +#define rk_asprintf heimbase_asprintf +#endif +#ifndef HAVE_ASNPRINTF +#define rk_asnprintf heimbase_asnprintf +#endif +#ifndef HAVE_VASPRINTF +#define rk_vasprintf heimbase_vasprintf +#endif +#ifndef HAVE_VASNPRINTF +#define rk_vasnprintf heimbase_vasnprintf +#endif + +#endif /* __heimbase_roken_rename_h__ */ diff --git a/crypto/external/bsd/heimdal/dist/base/string.c b/crypto/external/bsd/heimdal/dist/base/string.c new file mode 100644 index 000000000..59d7d9f41 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/string.c @@ -0,0 +1,117 @@ +/* $NetBSD: string.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" +#include + +static void +string_dealloc(void *ptr) +{ +} + +static int +string_cmp(void *a, void *b) +{ + return strcmp(a, b); +} + +static unsigned long +string_hash(void *ptr) +{ + const char *s = ptr; + unsigned long n; + + for (n = 0; *s; ++s) + n += *s; + return n; +} + +struct heim_type_data _heim_string_object = { + HEIM_TID_STRING, + "string-object", + NULL, + string_dealloc, + NULL, + string_cmp, + string_hash +}; + +/** + * Create a string object + * + * @param string the string to create, must be an utf8 string + * + * @return string object + */ + +heim_string_t +heim_string_create(const char *string) +{ + size_t len = strlen(string); + heim_string_t s; + + s = _heim_alloc_object(&_heim_string_object, len + 1); + if (s) + memcpy(s, string, len + 1); + return s; +} + +/** + * Return the type ID of string objects + * + * @return type id of string objects + */ + +heim_tid_t +heim_string_get_type_id(void) +{ + return HEIM_TID_STRING; +} + +/** + * Get the string value of the content. + * + * @param string the string object to get the value from + * + * @return a utf8 string + */ + +const char * +heim_string_get_utf8(heim_string_t string) +{ + return (const char *)string; +} diff --git a/crypto/external/bsd/heimdal/dist/base/test_base.c b/crypto/external/bsd/heimdal/dist/base/test_base.c new file mode 100644 index 000000000..a79a34497 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/test_base.c @@ -0,0 +1,153 @@ +/* $NetBSD: test_base.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $ */ + +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include + +#include +#include "heimbasepriv.h" + +static void +memory_free(heim_object_t obj) +{ +} + +static int +test_memory(void) +{ + void *ptr; + + ptr = heim_alloc(10, "memory", memory_free); + + heim_retain(ptr); + heim_release(ptr); + + heim_retain(ptr); + heim_release(ptr); + + heim_release(ptr); + + ptr = heim_alloc(10, "memory", NULL); + heim_release(ptr); + + return 0; +} + +static int +test_dict(void) +{ + heim_dict_t dict; + heim_number_t a1 = heim_number_create(1); + heim_string_t a2 = heim_string_create("hejsan"); + heim_number_t a3 = heim_number_create(3); + heim_string_t a4 = heim_string_create("foosan"); + + dict = heim_dict_create(10); + + heim_dict_add_value(dict, a1, a2); + heim_dict_add_value(dict, a3, a4); + + heim_dict_delete_key(dict, a3); + heim_dict_delete_key(dict, a1); + + heim_release(a1); + heim_release(a2); + heim_release(a3); + heim_release(a4); + + heim_release(dict); + + return 0; +} + +static int +test_auto_release(void) +{ + heim_auto_release_t ar1, ar2; + heim_number_t n1; + heim_string_t s1; + + ar1 = heim_auto_release_create(); + + s1 = heim_string_create("hejsan"); + heim_auto_release(s1); + + n1 = heim_number_create(1); + heim_auto_release(n1); + + ar2 = heim_auto_release_create(); + + n1 = heim_number_create(1); + heim_auto_release(n1); + + heim_release(ar2); + heim_release(ar1); + + return 0; +} + +static int +test_string(void) +{ + heim_string_t s1, s2; + const char *string = "hejsan"; + + s1 = heim_string_create(string); + s2 = heim_string_create(string); + + if (heim_cmp(s1, s2) != 0) + errx(1, "the same string is not the same"); + + + heim_release(s1); + heim_release(s2); + + return 0; +} + +int +main(int argc, char **argv) +{ + int res = 0; + + res |= test_memory(); + res |= test_dict(); + res |= test_auto_release(); + res |= test_string(); + + return res; +} diff --git a/crypto/external/bsd/heimdal/dist/base/version-script.map b/crypto/external/bsd/heimdal/dist/base/version-script.map new file mode 100644 index 000000000..007052bae --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/base/version-script.map @@ -0,0 +1,28 @@ +HEIMDAL_BASE_1.0 { + global: + heim_abort; + heim_alloc; + heim_array_append_value; + heim_array_copy_value; + heim_array_create; + heim_array_delete_value; + heim_array_get_length; + heim_array_iterate_f; + heim_auto_release; + heim_auto_release_create; + heim_auto_release_drain; + heim_base_once_f; + heim_cmp; + heim_dict_add_value; + heim_dict_copy_value; + heim_dict_create; + heim_dict_delete_key; + heim_dict_iterate_f; + heim_release; + heim_retain; + heim_string_create; + heim_string_get_utf8; + heim_number_create; + local: + *; +}; diff --git a/crypto/external/bsd/heimdal/dist/cf/ChangeLog b/crypto/external/bsd/heimdal/dist/cf/ChangeLog new file mode 100644 index 000000000..8bd0b3e2f --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/ChangeLog @@ -0,0 +1,1295 @@ +2008-07-26 Love Hörnquist Åstrand + + * krb-ipv6.m4: Patch from Björn Schlögl to enable disable-ness of + ipv6. + +2008-05-20 Love Hörnquist Åstrand + + * sunos.m4: Detect solaris2.11 and later and assume its sunos=58. + Bug report from Klas Heggemann. + +2008-05-05 Love Hörnquist Åstrand + + * version-script.m4: Add -rpath to avoid building a convince + library, also sprinkle some other options to make the link line + more like automake's. + +2008-04-29 Love Hörnquist Åstrand + + * version-script.m4: use libtool to probe for version script to + make it work on amd64/ia64 where -fpic in needed to build shared + objects. + +2008-04-24 Björn Sandell + + * pthreads.m4: macros for OpenBSD + +2008-04-17 Love Hörnquist Åstrand + + * make-proto.pl: Define both export variables. + + * win32.m4: Export _FUNCTION and _VARIABLE for _win32 magic + + * krb-ipv6.m4: Rename cache variable to AC_CACHE_CHECK to make the + cached. + + * win32.m4: replace _export with __declspec(dllexport) + + * make-proto.pl: Add __declspec(dllimport) to the exported + functions. + +2008-04-07 Love Hörnquist Åstrand + + * wflags.m4: Add -Wstrict-overflow=5 as an example. + +2008-03-25 Love Hörnquist Åstrand + + * install-catman.sh: Match man_MANS = files with directories in + them. + +2008-02-23 Love Hörnquist Åstrand + + * make-proto.pl: Handle c-comments. + + * Makefile.am.common: Make DEFAULT_INCLUDES work better, avoid + picking up the wrong headerfiles. $(top_builddir)/include vs + ${builddir}. + +2008-01-21 Love Hörnquist Åstrand + + * Makefile.am.common: remove the check-symbols check + + * check-symbols.sh: removed, use version script instead + +2007-10-01 Love Hörnquist Åstrand + + * crypto.m4: openssl might require -ldl too, so lets check that. + +2007-07-31 Love Hörnquist Åstrand + + * Makefile.am.common (check-local::): exit on failure to perform + test. + +2007-07-28 Love Hörnquist Åstrand + + * Makefile.am.common (check-local): also check that --help works. + +2007-07-17 Love Hörnquist Åstrand + + * crypto.m4: depend on EVP_CIPHER_iv_length + +2007-06-27 Love Hörnquist Åstrand + + * Makefile.am.common: Need absolute reference to the top source + directory and top build directory. + +2007-06-20 Love Hörnquist Åstrand + + * wflags.m4: Add --enable-developer and make it cause -Werror to + be included. + +2007-06-18 Love Hörnquist Åstrand + + * Makefile.am.common: Merge from samba config. + + * Makefile.am.common (makedir-in-tree): depend on INFO_DEPS. + + * valgrind-suppressions: Unknown suppression in runtime link + editor + +2007-06-08 Love Hörnquist Åstrand + + * Makefile.am.common: Add heimdal-lorikeet target distdir-in-tree + +2007-06-04 Love Hörnquist Åstrand + + * framework-security.m4: test for -framework Security + +2007-05-10 Love Hörnquist Åstrand + + * roken-frag.m4: we have a fnmatch.h only if there is a working + implementation and a header file. If we do use roken, lets use our + own headerfile that does symbol renaming. + +2007-04-19 Love Hörnquist Åstrand + + * version-script.m4: check if ld supports --version-script + +2007-04-11 Love Hörnquist Åstrand + + * roken-frag.m4: drop broken-getnameinfo.m4 + + * roken-frag.m4: drop test for broken getnameinfo, that old aix is + no longer relevant. + +2007-02-16 Love Hörnquist Åstrand + + * install-catman.sh: Stop overwriting cmd. + +2007-01-15 Love Hörnquist Åstrand + + * install-catman.sh: Use test instead of [. + + * install-catman.sh: Use = instead of ==, make solaris more happy. + +2007-01-08 Love Hörnquist Åstrand + + * roken-frag.m4: More headerfiles for iruserok prototype check. + + * check-symbols.sh: Add fc_softc for AIX as ignore syms. + +2007-01-04 Love Hörnquist Åstrand + + * roken-frag.m4: Check if iruserok needs a prototype. + +2006-12-06 Love Hörnquist Åstrand + + * check-compile-et.m4: set automake symbol COM_ERR when we build + local com_err + +2006-11-16 Love Hörnquist Åstrand + + * valgrind-suppressions: We shouldn't be running /bin/ls under + valgrind, but for now, at least make it easier to see any other + warnings. From Andrew Bartlett. + +2006-10-22 Love Hörnquist Åstrand + + * Makefile.am.common: Add target for valgrind debugging + + * valgrind-suppressions: valgrind suppressions + +2006-10-21 Love Hörnquist Åstrand + + * check-lex.m4: Borrow test for autoconf cvs to help hpux hosts + +2006-10-20 Love Hörnquist Åstrand + + * Makefile.am.common: provide uninstall hook for cat/manpages. + + * install-catman.sh: provide uninstall command + +2006-10-19 Love Hörnquist Åstrand + + * roken-frag.m4: Add check for timegm. + + * roken-frag.m4: Include sys/types.h for sys/socket.h and netdb.h. + +2006-10-07 Love Hörnquist Åstrand + + * Makefile.am.common (install-build-headers): make this function + convoluted and deal with dist_, nodist, nobase and all its + friends. + + * have-struct-field.m4: memset the structure to make sure that we + don't get compiler warnings. + + * crypto.m4: OpenSSL_add_all_algorithms is not a openssl specific + requirement, hcrypto need to have to too. + + * crypto.m4: Require openssl have OpenSSL_add_all_algorithms + +2006-10-04 Love Hörnquist Åstrand + + * autobuild.m4: Add autobuild, GPLed, but free to use in projects + not avaible under GPL or LGPL (just like autoconf). + +2006-09-16 Love Hörnquist Åstrand + + * roken-frag.m4: Add samba_SOCKET_WRAPPER fragment + +2006-09-12 Love Hörnquist Åstrand + + * socket-wrapper.m4: Add socket-wrapper test + +2006-05-06 Love Hörnquist Åstrand + + * crypto.m4: Move up evp.h to please OpenSSL, from Douglas + E. Engert. + +2006-04-22 Love Hörnquist Åstrand + + * roken-frag.m4: Add check for fnmatch.h, its needed to be done + for the automake conditional below. + +2006-04-15 Love Hörnquist Åstrand + + * crypto.m4: Require SHA256 + +2006-01-18 Love Hörnquist Åstrand + + * crypto.m4 Check for if we are to consider + using OpenSSL, also check for headers since + make_crypto.c assumes that the name of the files. + +2006-01-13 Love Hörnquist Åstrand + + * crypto.m4: libdes is renamed to hcrypto + + * crypto.m4: Remove support for old hash names. + +2005-10-26 Love Hörnquist Åstrand + + * install-catman.sh: Add variable INSTALL_CATPAGES that controls + if cat pages are installed, defaults to true. From Johnny Lam + . + +2005-09-28 Love Hörnquist Åstrand + + * roken-frag.m4: Check for and uintptr_t + +2005-09-02 Love Hörnquist Åstrand + + * roken-frag.m4: Resolver check moved to rk_RESOLV, from Andrew + Bartlet + + * resolv.m4: Resolver checks, broken out so samba can use it From + Andrew Bartlet + +2005-08-22 Love Hörnquist Åstrand + + * roken-frag.m4: Check for res_ndestroy. + +2005-08-03 Love Hörnquist Åstrand + + * crypto.m4: Add , OpenSSL 0.9.8 needs it for size_t. + From: Quanah Gibson-Mount + +2005-07-12 Love Hörnquist Åstrand + + * check-compile-et.m4: check that initialize_conf_error_table_r + have the right argument + +2005-07-07 Love Hörnquist Åstrand + + * check-symbols.sh: allow symbols to start with ., aix uses this + +2005-06-16 Love Hörnquist Åstrand + + * krb-bigendian.m4: use ansi c prototypes + + * krb-func-getcwd-broken.m4: use ansi c prototypes + + * broken-snprintf.m4: use ansi c prototypes + + * have-pragma-weak.m4: use ansi c declarations + + * check-getpwnam_r-posix.m4: use ansi c declarations + + * broken-realloc.m4: use ansi c declarations + + * check-compile-et.m4: use ansi c declarations + + * dlopen.m4: add headers and argument to dlopen + + * c-function.m4: use ansi c declarations + + * check-var.m4: use ansi c declarations + + * pthreads.m4: disable threads on aix because of utmp/utmpx + problems + + * broken-getaddrinfo.m4: check for brokenness in getaddrinfo on + AIX that can't handle "0" as port number. + +2005-06-11 Love Hörnquist Åstrand + + * db.m4: Add an option to disable ndbm, from Stefan Metzmacher + + +2005-06-03 Love Hörnquist Åstrand + + * pthreads.m4: rework how pthreads support to turned on/off, + always run though the switch to figure out what the + linker/compiler flag are + +2005-06-01 Love Hörnquist Åstrand + + * pthreads.m4: s/else if/elif/ + + * check-symbols.sh: AIX have a diffrent nm, use -B to get bsd like + output + + * pthreads.m4: aix case: assume gcc handles -pthread, in the + non-gcc case, use the compiler as hint (xlc vs xlc_r) if this + environment handles threads or not + +2005-05-22 Love Hörnquist Åstrand + + * check-symbols.sh: ignore weak symbols too + +2005-05-19 David Love + + * check-getpwnam_r-posix.m4: define _POSIX_PTHREAD_SEMANTICS to + make solaris provide the right getpwname_r + +2005-05-17 Johan Danielsson + + * roken-frag.m4: am_conditional have_cgetent + +2005-05-10 David Love + + * roken-frag.m4: Get daemon declared on Solaris (it's in unistd.h + but masked by a feature test), just to avoid a warning, since it + has int args. + +2005-05-11 Love Hörnquist Åstrand + + * check-var.m4: AC_CHECK_DECL and AC_CHECK_DECLS have a subtile + diffrence, the later defines HAVE_ cpp symbols, the first doesn't. + +2005-05-05 Love Hörnquist Åstrand + + * check-symbols.sh: ignore N symbols too + +2005-04-30 Love Hörnquist Åstrand + + * broken-snprintf.m4: include checking if snprintf(NULL, 0, "") + works + + * check-compile-et.m4: require compile_et to generate a + initialize_FOO_error_table_r (they are used in libkrb5), and + always check for initialize_error_table_r + +2005-04-29 Love Hörnquist Åstrand + + * Makefile.am.common: add LIB_com_err + +2005-04-29 David Love + + * roken-frag.m4: Check for correct vis.h. + +2005-04-28 David Love + + * pthreads.m4: Set PTHREADS_LIBS on Irix. + +2005-04-27 Love Hörnquist Åstrand + + * broken-realloc.m4: use rk_realloc if realloc is broken, this + makes "host-tools" not beeing able to use realloc + + * pthreads.m4: Add support for Solaris, Irix, and modern + Linux. From David Love + +2005-04-25 Love Hörnquist Åstrand + + * check-symbols.sh: limit the units functions to + asn1_[A-Za-z0-9]*_units$ + +2005-04-20 Love Hörnquist Åstrand + + * check-symbols.sh: this lib include com_err, add -com_err to + CHECK_SYMBOLS + + * check-symbols.sh: print the type so I don't need to ask for it + +2005-04-18 Love Hörnquist Åstrand + + * check-symbols.sh: ignore filename symbols + +2005-04-04 Love Hörnquist Åstrand + + * check-symbols.sh: assume symbols prefixed with _ is a sideeffekt + of the local linker and also just fine + +2005-03-16 Love Hörnquist Åstrand + + * roken-frag.m4: include for + +2005-03-01 Love Hörnquist Åstrand + + * sunos.m4: Match solaris 10. From: Joakim Fallsjo + + +2004-12-29 Love + + * check-symbols.sh: add -asn1compile symbols + +2004-12-29 Love Hörnquist Åstrand + + * check-symbols.sh: add exported symbols test + + * Makefile.am.common: add CHECK_SYMBOLS tests, so that we don't + export to much stuff + +2004-09-03 Love Hörnquist Åstrand + + * make-proto.pl: add cpluscplus extern "C" support + +2004-07-09 Love Hörnquist Åstrand + + * pthreads.m4: add -pthread to LIBS since libtool doesn't preserve + it for us when adding is as a dependency on libs + +2004-04-24 Johan Danielsson + + * largefile.m4: like AC_SYS_LARGEFILE, but also add to CPPFLAGS + +2004-04-14 Love Hörnquist Åstrand + + * check-compile-et.m4: even more evil stuff for cross-compiling + + * check-x.m4: use AC_RUN_IFELSE so we can handle cross compiling + + * check-compile-et.m4: use AC_RUN_IFELSE so we can handle cross + compiling + +2004-04-13 Love Hörnquist Åstrand + + * make-proto.pl: if -E, add windows standard calling conv to + headerfile if needed + + * win32.m4: add rk_WIN32_EXPORT + +2004-02-12 Love Hörnquist Åstrand + + * configure.in: rename AC_WFLAGS to rk_WFLAGS + + * *.m4: overquote to pacify automake1.8 + +2004-02-11 Love Hörnquist Åstrand + + * roken-frag.m4: resolv.h is even more special + + * roken-frag.m4: AC_CHECK_HEADERS(net/if.h netinet6/in6_var.h + sys/sysctl.h sys/proc.h, resolv.h) are all special and need extra + help + + * test-package.m4: If there is a --with-PACKAGE=path but no + --with-PACKAGE-config, go seach for path/PACKEGE-config and use it + if it exists. Inspired by Harald Barth + +2003-09-03 Love Hörnquist Åstrand + + * crypto.m4: check for DES_, AES_, and if openssl UI_ + +2003-08-27 Johan Danielsson + + * vararray.m4: test for variable-length arrays + + * roken-frag.m4: test for poll and poll.h + +2003-08-16 Love Hörnquist Åstrand + + * Makefile.am.common: don't try doing local checks if CHECK_LOCAL + is set to no-check-local + +2003-08-01 Love Hörnquist Åstrand + + * check-compile-et.m4: check if compile_et support ``error_table N + M'' also, don't be overly aggressivly reset CFLAGS + +2003-07-22 Love Hörnquist Åstrand + + * pthreads.m4: pthread test + +2003-05-08 Johan Danielsson + + * Makefile.am.common: change install-data-local to + install-data-hook + +2003-05-05 Assar Westerlund + + * crypto.m4: define OPENSSL_DES_LIBDES_COMPATIBILITY + +2003-04-03 Love Hörnquist Åstrand + + * crypto.m4: check if libcrypto needs -lnsl or -lsocket + +2003-04-02 Love Hörnquist Åstrand + + * crypto.m4: in the case where se don't link with kerberos 4, use + ${with_openssl_include} if its are set (not + ${with_openssl}/include) same for with_openssl_lib + +2003-03-18 Love Hörnquist Åstrand + + * Makefile.am.common: always define LIB_kafs + +2003-03-12 Love Hörnquist Åstrand + + * check-compile-et.m4: check if the output of compile_et needs + initialize_error_table_r + +2003-02-17 Love Hörnquist Åstrand + + * check-var.m4: add a check if the variable is avaible when we + include the headerfiles + +2002-12-18 Johan Danielsson + + * roken-frag.m4: res_nsearch takes 6 parameters; spotted by Howard + Chu + +2002-10-25 Johan Danielsson + + * crypto.m4: do a better job at matching headers to libraries + +2002-10-16 Johan Danielsson + + * sunos.m4: more quoting + +2002-09-19 Johan Danielsson + + * make-proto.pl: check the processed string for closing ), not the + source + +2002-09-10 Johan Danielsson + + * crypto.m4: use m4 macros for test cases, also test for older + hash names + + * test-package.m4: include dep libraries in LIB_* + + * crypto.m4: move krb4 test before test for openssl, and bail out + if krb4 is requested, but the crypto library is not the same as + krb4 + + * db.m4: filter contents of LDFLAGS + +2002-09-09 Johan Danielsson + + * auth-modules.m4: rename to rk_AUTH_MODULES + + * auth-modules.m4: only include modules explicitly asked for + +2002-09-04 Johan Danielsson + + * roken-frag.m4: test for res_nsearch + +2002-09-03 Assar Westerlund + + * roken-frag.m4: check for sys/mman.h and mmap (used by + parse_reply-test) + +2002-08-28 Assar Westerlund + + * krb-readline.m4: also add LIB_tgetent in the case of editline + + * crypto.m4: define HAVE_OPENSSL even if we got to hear about it + by krb4 + +2002-08-28 Johan Danielsson + + * krb-readline.m4: add LIB_tgetent to LIB_readline if we have to + + * sunos.m4: various sunos tests + + * crypto.m4: try to extract the crypto compiler flags from + {INCLUDE,LIB}_krb4 + (XXX this is really horrible) + + * krb-readline.m4: don't add -rpath to LIB_readline (libtool + should to this for us), also don't append LIB_tgetent to + LIB_readline (TEST_PACKAGE should do this) + + * test-package.m4: add the possibility to use a *-config program + to get flags; rename to rk_TEST_PACKAGE while here + + * krb-bigendian.m4: move ENDIANESS_IN_SYS_PARAM_H tests here + + * aix.m4: rename to rk_AIX + + * telnet.m4: move telnet tests here + + * aix.m4: restructure this somewhat + + * dlopen.m4: test for dlopen suitable for AC_REQUIRE + + * irix.m4: move some stuff here and rename to irix.m4 + + * krb-sys-nextstep.m4: move SGTTY stuff to read_pwd.c + +2002-08-28 Jacques Vidrine + + * auth-modules.m4: do not build pam_krb4 on freebsd + +2002-08-26 Assar Westerlund + + * roken-frag.m4: test for the vis, strvis functions requiring + prototypes + +2002-08-23 Johan Danielsson + + * need-proto.m4: missing comma + +2002-08-22 Johan Danielsson + + * roken-frag.m4: some rototilling + + * need-proto.m4: use AS_TR_CPP + +2002-08-20 Johan Danielsson + + * roken-frag.m4: HAVE_TYPE instead of CHECK_TYPE ssize_t + + * krb-version.m4: use PACKAGE_TARNAME and PACKAGE_STRING + + * broken-getaddrinfo.m4: can't test for EAI_SERVICE here since AIX + is even more fsck:ed + + * roken-frag.m4: test for altzone + +2002-08-19 Johan Danielsson + + * Makefile.am.common: only define ROKEN_RENAME if do_roken_rename + +2002-08-13 Johan Danielsson + + * Makefile.am.common: add ROKEN_RENAME variable + +2002-08-12 Johan Danielsson + + * make-proto.pl: include to get va_list + + * destdirs.m4: also define localstatedir and sysconfdir + +2002-08-01 Johan Danielsson + + * crypto.m4: newer openssl seems to take the address of the + schedule parameter to des_cbc_encrypt, so we need to feed it a + variable, not just NULL (from Magnus Holmberg) + +2002-05-24 Johan Danielsson + + * misc.m4: change \100 back to @; some m4's (probably some regex) + doesn't like this as a replacement regexp; the reason it was once + changed to \100 was probably because of some autoconf bug at the + time + +2002-05-20 Johan Danielsson + + * broken2.m4 []-less is apparently the way to go + +2002-05-19 Johan Danielsson + + * otp.m4: check db_type instead of precence of dbm_firstkey + + * roken-frag.m4: don't AC_LIBOBJ more than one function at a time + + * find-if-not-broken.m4: s/AC_LIBOBJ/rk_LIBOBJ/ + + * broken2.m4: s/AC_LIBOBJ/rk_LIBOBJ/ + + * broken.m4: s/AC_LIBOBJ/rk_LIBOBJ/ + + * misc.m4: automake can't handle macros passed to AC_LIBOBJ, so + add an alias to it called rk_LIBOBJ; this requires that the + relevant source are manually included in roken/Makefile.am + + * aix.m4: ac_enable --diable-dynamic-afs + + * roken-frag.m4: use AC_LIBOBJ + + * krb-func-getcwd-broken.m4: use AC_LIBOBJ + + * find-if-not-broken.m4: use AC_LIBOBJ + + * broken2.m4: use AC_LIBOBJ + + * broken.m4: use AC_LIBOBJ + + * aix.m4: recognise aix5 + +2002-05-17 Johan Danielsson + + * crypto.m4: am-conditionalise HAVE_OPENSSL + + * db.m4: make it possible to run this twice + + * Makefile.am.common: also install nodist_include_HEADERS + +2002-05-16 Johan Danielsson + + * make-proto.pl: make it possible to redefine the "private" regexp + +2002-05-02 Johan Danielsson + + * db.m4: am_cond HAVE_* + +2002-04-30 Johan Danielsson + + * krb-ipv6.m4: use AC_HELP_STRING; fix logic bug in AC_MSG_RESULT + call + + * test-package.m4: use AC_HELP_STRING + + * roken.m4: use AC_HELP_STRING + + * osfc2.m4: use AC_HELP_STRING + + * mips-abi.m4: use AC_HELP_STRING + + * krb-bigendian.m4: use AC_HELP_STRING + + * db.m4: rework this somewhat; check for db3/4 in subdirs, change + --with to --enable; it should really be possible to point it to + some directory --with-berkeley-db=/foo + + * otp.m4: OTP test + +2002-04-25 Johan Danielsson + + * destdirs.m4: define BINDIR et al + +2002-04-18 Johan Danielsson + + * misc.m4: remove some stuff that is defined elsewhere + + * make-proto.pl: optionally remove __P and parameter names + +2001-11-30 Assar Westerlund + + * roken-frag.m4: move ipv6 tests after -lsocket (to handle Solaris + 8) + +2001-09-29 Assar Westerlund + + * install-catman.sh: handle man pages without SYNOPSIS but looking + for both SYNOPSIS and DESCRIPTION + +2001-09-18 Johan Danielsson + + * roken-frag.m4: include freeaddrinfo if using getaddrinfo + +2001-09-13 Assar Westerlund + + * db.m4: test for the ndbm database really being a .db one + and use it when moving/removing database files + +2001-09-03 Assar Westerlund + + * db.m4: prefer ndbm.h to dbm.h + * roken-frag.m4: check for atexit and on_exit + +2001-09-02 Assar Westerlund + + * check-compile-et.m4: only add /usr/include/et to CPPFLAGS if + it's actually used + +2001-09-01 Assar Westerlund + + * Makefile.am.common (AUTOMAKE_OPTIONS): set 1.4b here so that + users are warned if using earlier automake versions + + * find-func-no-libs2.m4: ignore "no" as a library - another + special case to make it easy to send the result from this macro + into another invocation + +2001-08-30 Assar Westerlund + + * db.m4: check for ndbm functions in db3 library too + +2001-08-29 Jacques Vidrine + + * check-compile-et.m4: Check for already-installed com_err. + * Makefile.am.common: Use the compile_et discovered at + configuration time. + +2001-08-29 Assar Westerlund + + * crypto.m4: use AC_WITH_ALL to allow separate specification of + include and lib + * with-all.m4: new macro for doing --with-foo, --with-foo-include, + and --with-foo-lib in a sensible way + + * find-func-no-libs2.m4: handle both -llib and lib in the second + argument also yes -> "" as a library, to ease callers that send in + results from this macro (this might be a little bit unclean) + +2001-08-28 Assar Westerlund + + * roken-frag.m4: test for issetugid + +2001-08-24 Assar Westerlund + + * Makefile.am.common: change one += to = to AM_CFLAGS to avoid an + error with recent automake + +2001-08-22 Assar Westerlund + + * crypto.m4: SHA1_CTX should be SHA_CTX + +2001-08-21 Assar Westerlund + + * roken-frag.m4: remove all winsock.h + for now, it does more harm than good under cygwin and if it should be + used, the correct conditional needs to be found + from + +2001-08-21 Johan Danielsson + + * check-var.m4: AC_TR_CPP -> AS_TR_CPP to make autoconf 2.52 happy + +2001-08-17 Johan Danielsson + + * krb-ipv6.m4: add test for non-existant in6addr_loopback in AIX + +2001-08-15 Johan Danielsson + + * roken-frag.m4: test for getaddrinfo's that doesn't like numeric + services + + * broken-getaddrinfo.m4: test for getaddrinfo's that doesn't like + numeric services + +2001-08-08 Assar Westerlund + + * db.m4: do a separate test for gdbm/ndbm.h and -lgdbm + +2001-08-05 Assar Westerlund + + * db.m4: ac_cv_funclib_\func can be yes + * db.m4: use AC_FIND_FUNC_NO_LIBS to test in libc + anset cache variables after first attempt at finding dbm_firstkey (how + should this be done?) + * db.m4: do not test for ndbm library when ndbm-db was found in libc + * db.m4: test for ndbm-compatability with db + * db.m4: add forgotten AC_SUBST + * db.m4: first steps towards a new db test + + * roken-frag.m4: remove header files checked by rk_db + +2001-08-05 Assar Westerlund + + * roken-frag.m4: remove header files checked by rk_db + +2001-06-24 Assar Westerlund + + * roken-frag.m4: make sure of building getaddrinfo et al if + missing + +2001-06-20 Johan Danielsson + + * install-catman.sh: try to install links to manpages + +2001-06-19 Assar Westerlund + + * broken-glob.m4: try to handle FreeBSD's GLOB_MAXPATH + +2001-06-18 Johan Danielsson + + * roken-frag.m4: test for getaddrinfo needs netdb.h on Tru64 + +2001-06-17 Assar Westerlund + + * roken-frag.m4 (AC_CHECK_HEADERS): test for random + * roken-frag.m4 (AC_CHECK_HEADERS): test for initstate and + setstate + + * roken-frag.m4 (AC_BROKEN): test for + emalloc,ecalloc,erealloc,estrdup + +2001-05-11 Johan Danielsson + + * roken-frag.m4: bswap{16,32} + +2001-03-26 Assar Westerlund + + * broken-glob.m4: also test for GLOB_LIMIT + * krb-ipv6.m4: restore CFLAGS if v6 is not detected + +2001-02-20 Assar Westerlund + + * roken-frag.m4: check for getprogname, setprogname + +2001-02-07 Assar Westerlund + + * Makefile.am.common (LIB_kdfs): set. use it. from Ake Sandgren + + +2000-12-26 Assar Westerlund + + * krb-ipv6.m4: remove some dnl that weren't the correct with + modern autoconf + +2000-12-15 Assar Westerlund + + * roken-frag.m4 (inet_ntoa, inet_ntop, inet_pton): add necessary + includes when testing + * broken2.m4: new variant of broken, with includes and arguments + + * test-package.m4: s/ifval/m4_ifval/ to keep in sync with + autoconf. from Ake Sandgren + * check-var.m4: s/ifval/m4_ifval/ to keep in sync with autoconf. + from Ake Sandgren + +2000-12-13 Assar Westerlund + + * krb-irix.m4: need to set irix to no first. From Ake Sandgren + + +2000-12-12 Johan Danielsson + + * roken-frag.m4: move sa_len test to before test for broken + getnameinfo + +2000-12-12 Assar Westerlund + + * roken-frag.m4: only test for broken getnameinfo if it exists + +2000-12-10 Johan Danielsson + + * roken-frag.m4: ifaddrs.h + +2000-12-06 Johan Danielsson + + * roken-frag.m4: test for unvis, and vis.h + + * roken-frag.m4: test for strvis* + +2000-12-05 Johan Danielsson + + * Makefile.am.common: just warn if we fail to setuid a program + + * broken-getnameinfo.m4: add more quotes + + * roken-frag.m4: test for getifaddrs + + * roken-frag.m4: test for broken AIX getnameinfo + + * broken-getnameinfo.m4: test for broken getnameinfo + +2000-12-01 Assar Westerlund + + * Makefile.am.common: add kludge for LIBS + +2000-11-30 Johan Danielsson + + * check-man.m4: update this after recent changes + + * Makefile.am.common: use install-catman.sh + + * install-catman.sh: script to install preformatted manual pages + + * Makefile.am.common: change cat handling + +2000-11-29 Johan Danielsson + + * roken-frag.m4: don't use AC_CONFIG_FILES here, since it doesn't + work with automake + +2000-11-15 Assar Westerlund + + * krb-readline.m4: link against the libtool-versions of + libeditline and libel_compat + + * Makefile.am.common (INCLUDES): add $(INCLUDES_roken) + * roken-frag.m4 (CPPFLAGS_roken): rename to INCLUDES_roken + +2000-11-05 Johan Danielsson + + * aix.m4: set aix + +2000-08-19 Assar Westerlund + + * krb-bigendian.m4: merge from arla: make it work better + +2000-08-07 Johan Danielsson + + * roken-frag.m4: check getsockname for proto compat + +2000-08-04 Johan Danielsson + + * Makefile.am.common: add library for pidfile + + * roken-frag.m4: tests for util.h and pidfile + +2000-07-19 Johan Danielsson + + * check-var.m4: rename to rk_CHECK_VAR, transposing the arguments, + and making the second optional, AU_DEFINE AC_CHECK_VAR to + rk_CHECK_VAR + + * roken-frag.m4: other roken tests + + * db.m4: db tests + +2000-07-18 Johan Danielsson + + * mips-abi.m4: AC_ERROR -> AC_MSG_ERROR + + * check-netinet-ip-and-tcp.m4: use cache_check, and make this work + with new autoconf + + * aix.m4: don't subst AFS_EXTRA_LD + +2000-07-15 Johan Danielsson + + * check-var.m4: workaround feature of newer autoconf + + * find-func-no-libs2.m4: use cleaner autoheader trick + + * have-type.m4: use cleaner autoheader trick + + * have-types.m4: use cleaner autoheader trick + + * test-package.m4: add 6th parameter for now + + * broken.m4: use cleaner autoheader trick + + * retsigtype.m4: test for signal handler return type + + * broken-realloc.m4: test for broken realloc + +2000-07-08 Assar Westerlund + + * roken.m4: set CPPFLAGS_roken and call AC_CONFIG_SUBDIRS + +2000-07-02 Assar Westerlund + + * Makefile.am.common (CP): set and use + +2000-04-05 Assar Westerlund + + * Makefile.am.common (INCLUDE_openldap, LIB_openldap): add + +2000-03-28 Assar Westerlund + + * krb-prog-yacc.m4: AC_MSG_WARNING should be AC_MSG_WARN + + * shared-libs.m4: try to update to freebsd5 (and elf) + +2000-03-16 Assar Westerlund + + * krb-prog-yacc.m4: warn we do not find any yacc + +2000-01-08 Assar Westerlund + + * krb-bigendian.m4: new file, replacement for ac_c_bigendian + +2000-01-01 Assar Westerlund + + * krb-ipv6.m4: re-organize: test for type of stack first so that + we can find the libraries that we might have to link the test + program against. not linking the test program means we don't know + if the right stuff is in the libraries. also cosmetic changes to + make sure we print the checking for... nicely + +1999-12-21 Assar Westerlund + + * krb-ipv6.m4: try linking, not only compiling + * krb-ipv6.m4: add --without-ipv6 make sure we have `in6addr_any' + which we use in the code. This test avoids false positives on + OpenBSD + +1999-11-29 Johan Danielsson + + * grok-type.m4: inttypes.h + +1999-11-05 Assar Westerlund + + * check-x.m4: include X_PRE_LIBS and X_EXTRA_LIBS when testing + +1999-11-01 Assar Westerlund + + * Makefile.am.common (install-build-headers): use `cp' instead of + INSTALL_DATA for copying header files inside the build tree. The + user might have redefined INSTALL_DATA to specify owners and other + information. + +1999-10-30 Assar Westerlund + + * find-func-no-libs2.m4: add yet another argument to allow specify + linker flags that will be added _before_ the library when trying + to link + + * find-func-no-libs.m4: add yet another argument to allow specify + linker flags that will be added _before_ the library when trying + to link + +1999-10-12 Assar Westerlund + + * find-func-no-libs2.m4 (AC_FIND_FUNC_NO_LIBS2): new argument + `extra libs' + + * find-func-no-libs.m4 (AC_FIND_FUNC_NO_LIBS): new argument `extra + libs' + +1999-09-01 Johan Danielsson + + * capabilities.m4: sgi capabilities + +1999-07-29 Assar Westerlund + + * have-struct-field.m4: quote macros when undefining + +1999-07-28 Assar Westerlund + + * Makefile.am.common (install-build-headers): add dependencies + +1999-07-24 Assar Westerlund + + * have-type.m4: try to get autoheader to co-operate + + * have-type.m4: stolen from Arla + + * krb-struct-sockaddr-sa-len.m4: not used any longer. removed. + +1999-06-13 Assar Westerlund + + * krb-struct-spwd.m4: consequent name of cache variables + + * krb-func-getlogin.m4: new file for testing for posix (broken) + getlogin + + * shared-libs.m4 (freebsd[34]): don't use ld -Bshareable + +1999-06-02 Johan Danielsson + + * check-x.m4: extended test for X + +1999-05-14 Assar Westerlund + + * check-netinet-ip-and-tcp.m4: proper autoheader tricks + + * check-netinet-ip-and-tcp.m4: new file for checking for + netinet/{ip,tcp}.h. These are special as they on Irix 6.5.3 + require to be included in advance. + + * check-xau.m4: we also need to check for XauFilename since it's + used by appl/kx. And on Irix 6.5 that function requires linking + with -lX11. + +1999-05-08 Assar Westerlund + + * krb-find-db.m4: try with more header files than ndbm.h + +1999-04-19 Assar Westerlund + + * test-package.m4: try to handle the case of --without-package + correctly + +1999-04-17 Assar Westerlund + + * make-aclocal: removed. Not used anymore, being replaced by + aclocal from automake. + +Thu Apr 15 14:17:26 1999 Johan Danielsson + + * make-proto.pl: handle __attribute__ + +Fri Apr 9 20:37:18 1999 Assar Westerlund + + * shared-libs.m4: quote $@ + (freebsd3): add install_symlink_command2 + +Wed Apr 7 20:40:22 1999 Assar Westerlund + + * shared-libs.m4 (hpux): no library dependencies + +Mon Apr 5 16:13:08 1999 Johan Danielsson + + * test-package.m4: compile and link, rather than looking for + files; also export more information, so it's possible to add rpath + information + +Tue Mar 30 13:49:54 1999 Johan Danielsson + + * Makefile.am.common: CFLAGS -> AM_CFLAGS + +Mon Mar 29 16:51:12 1999 Johan Danielsson + + * check-xau.m4: check for XauWriteAuth before checking for + XauReadAuth to catch -lX11:s not containing XauWriteAuth, and IRIX + 6.5 that doesn't work with -lXau + +Sat Mar 27 18:03:58 1999 Johan Danielsson + + * osfc2.m4: --enable-osfc2 + +Fri Mar 19 15:34:52 1999 Johan Danielsson + + * shared-libs.m4: move shared lib stuff here + +Wed Mar 24 23:24:51 1999 Assar Westerlund + + * Makefile.am.common (install-build-headers): simplify loop + +Tue Mar 23 17:31:23 1999 Johan Danielsson + + * check-getpwnam_r-posix.m4: check for getpwnam_r, and if it's + posix or not + +Tue Mar 23 00:00:13 1999 Assar Westerlund + + * Makefile.am.common (install_build_headers): try to make it work + better when list of headers is empty. handle make rewriting the + filenames. + + * Makefile.am.common: hesoid -> hesiod + +Sun Mar 21 14:48:03 1999 Johan Danielsson + + * grok-type.m4: + + * Makefile.am.common: fix for automake bug/feature; add more LIB_* + + * test-package.m4: fix typo + + * check-man.m4: fix some typos + + * auth-modules.m4: tests for authentication modules + +Thu Mar 18 11:02:55 1999 Johan Danielsson + + * Makefile.am.common: make install-build-headers a multi + dependency target + + * Makefile.am.common: remove include_dir hack + + * Makefile.am.common: define LIB_kafs and LIB_gssapi + + * krb-find-db.m4: subst DBLIB also + + * check-xau.m4: test for Xau{Read,Write}Auth + +Wed Mar 10 19:29:20 1999 Johan Danielsson + + * wflags.m4: AC_WFLAGS + +Mon Mar 1 11:23:41 1999 Johan Danielsson + + * have-struct-field.m4: remove extra AC_MSG_RESULT + + * proto-compat.m4: typo + + * krb-func-getcwd-broken.m4: update to autoconf 2.13 + + * krb-find-db.m4: update to autoconf 2.13 + + * check-declaration.m4: typo + + * have-pragma-weak.m4: update to autoconf 2.13 + + * have-struct-field.m4: better handling of types with spaces + +Mon Feb 22 20:05:06 1999 Johan Danielsson + + * broken-glob.m4: check for broken glob + +Sun Jan 31 06:50:33 1999 Assar Westerlund + + * krb-ipv6.m4: more magic for different v6 implementations. From + Jun-ichiro itojun Hagino + +Sun Nov 22 12:16:06 1998 Assar Westerlund + + * krb-struct-spwd.m4: new file + +Thu Jun 4 04:07:41 1998 Assar Westerlund + + * find-func-no-libs2.m4: new file + +Fri May 1 23:31:28 1998 Assar Westerlund + + * c-attribute.m4, c-function.m4: new files (from arla) + +Wed Mar 18 23:11:29 1998 Assar Westerlund + + * krb-ipv6.m4: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6 + +Thu Feb 26 02:37:49 1998 Assar Westerlund + + * make-proto.pl: should work with perl4 + diff --git a/crypto/external/bsd/heimdal/dist/cf/Makefile.am.common b/crypto/external/bsd/heimdal/dist/cf/Makefile.am.common new file mode 100644 index 000000000..88e3c49f8 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/Makefile.am.common @@ -0,0 +1,257 @@ +# Id + +SUFFIXES = .et .h + +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include + +AM_CPPFLAGS = $(INCLUDES_roken) + +if do_roken_rename +ROKEN_RENAME = -DROKEN_RENAME +endif + +AM_CFLAGS = $(WFLAGS) + +CP = cp + +## set build_HEADERZ to headers that should just be installed in build tree + +buildinclude = $(top_builddir)/include + +## these aren't detected by automake +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_crypt = @LIB_crypt@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_el_init = @LIB_el_init@ +LIB_getattr = @LIB_getattr@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_openpty = @LIB_openpty@ +LIB_pidfile = @LIB_pidfile@ +LIB_res_search = @LIB_res_search@ +LIB_setpcred = @LIB_setpcred@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ +LIB_com_err = @LIB_com_err@ +LIB_door_create = @LIB_door_create@ + +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +LIB_hesiod = @LIB_hesiod@ + +INCLUDE_krb4 = @INCLUDE_krb4@ +LIB_krb4 = @LIB_krb4@ + +INCLUDE_openldap = @INCLUDE_openldap@ +LIB_openldap = @LIB_openldap@ + +INCLUDE_readline = @INCLUDE_readline@ +LIB_readline = @LIB_readline@ + +LEXLIB = @LEXLIB@ + +libexec_heimdaldir = $(libexecdir)/heimdal + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) + @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done ; \ + foo='$(nobase_include_HEADERS)'; \ + for f in $$foo; do \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers + +check-local:: + @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ + foo=''; elif test '$(CHECK_LOCAL)'; then \ + foo='$(CHECK_LOCAL)'; else \ + foo='$(PROGRAMS)'; fi; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0 || exit 1; \ + fi + +SUFFIXES += .x .z .hx + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +SUFFIXES += .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 + +NROFF_MAN = groff -mandoc -Tascii +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +## MAINTAINERCLEANFILES += + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +uninstall-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-hook: install-cat-mans +uninstall-hook: uninstall-cat-mans + + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) + +if KRB5 +LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la +endif + +LIB_heimbase = $(top_builddir)/base/libheimbase.la + +if DCE +LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la +endif + +# +# Useful target for debugging +# + +check-valgrind: + tobjdir=`cd $(top_builddir) && pwd` ; \ + tsrcdir=`cd $(top_srcdir) && pwd` ; \ + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check + +# +# Target to please samba build farm, builds distfiles in-tree. +# Will break when automake changes... +# + +distdir-in-tree: $(DISTFILES) $(INFO_DEPS) + list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" != .; then \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ + fi ; \ + done diff --git a/crypto/external/bsd/heimdal/dist/cf/aix.m4 b/crypto/external/bsd/heimdal/dist/cf/aix.m4 new file mode 100644 index 000000000..cc909264b --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/aix.m4 @@ -0,0 +1,62 @@ +dnl +dnl Id +dnl + +AC_DEFUN([rk_AIX],[ + +aix=no +case "$host" in +*-*-aix3*) + aix=3 + ;; +*-*-aix[[4-9]]*) + aix=4 + ;; +esac + +AM_CONDITIONAL(AIX, test "$aix" != no)dnl +AM_CONDITIONAL(AIX4, test "$aix" = 4)dnl + +AC_ARG_ENABLE(dynamic-afs, + AS_HELP_STRING([--disable-dynamic-afs], + [do not use loaded AFS library with AIX])) + +if test "$aix" != no; then + + AC_DEFINE(NEED_QSORT, 1, [if your qsort is not a stable sort]) + + if test "$enable_dynamic_afs" != no; then + AC_REQUIRE([rk_DLOPEN]) + if test "$ac_cv_func_dlopen" = no; then + AC_FIND_FUNC_NO_LIBS(loadquery, ld) + fi + if test "$ac_cv_func_dlopen" != no; then + AIX_EXTRA_KAFS='$(LIB_dlopen)' + elif test "$ac_cv_func_loadquery" != no; then + AIX_EXTRA_KAFS='$(LIB_loadquery)' + else + AC_MSG_NOTICE([not using dynloaded AFS library]) + AIX_EXTRA_KAFS= + enable_dynamic_afs=no + fi + else + AIX_EXTRA_KAFS= + fi +fi + +AM_CONDITIONAL(AIX_DYNAMIC_AFS, test "$enable_dynamic_afs" != no)dnl +AC_SUBST(AIX_EXTRA_KAFS)dnl + +if test "$aix" != no; then + AC_DEFINE([_ALL_SOURCE],1,[Required for functional/sane headers on AIX]) +fi + +AH_BOTTOM([#if _AIX +/* XXX this is gross, but kills about a gazillion warnings */ +struct ether_addr; +struct sockaddr; +struct sockaddr_dl; +struct sockaddr_in; +#endif]) + +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/auth-modules.m4 b/crypto/external/bsd/heimdal/dist/cf/auth-modules.m4 new file mode 100644 index 000000000..dcfaa92ee --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/auth-modules.m4 @@ -0,0 +1,45 @@ +dnl Id +dnl +dnl Figure what authentication modules should be built +dnl +dnl rk_AUTH_MODULES(module-list) + +AC_DEFUN([rk_AUTH_MODULES],[ +AC_MSG_CHECKING([which authentication modules should be built]) + +z='m4_ifval([$1], $1, [sia pam afskauthlib])' +LIB_AUTH_SUBDIRS= +for i in $z; do +case $i in +sia) +if test "$ac_cv_header_siad_h" = yes; then + LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" +fi +;; +pam) +case "${host}" in +*-*-freebsd*) ac_cv_want_pam_krb4=no ;; +*) ac_cv_want_pam_krb4=yes ;; +esac + +if test "$ac_cv_want_pam_krb4" = yes -a \ + "$ac_cv_header_security_pam_modules_h" = yes -a \ + "$enable_shared" = yes; then + LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" +fi +;; +afskauthlib) +case "${host}" in +*-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; +esac +;; +esac +done +if test "$LIB_AUTH_SUBDIRS"; then + AC_MSG_RESULT($LIB_AUTH_SUBDIRS) +else + AC_MSG_RESULT(none) +fi + +AC_SUBST(LIB_AUTH_SUBDIRS)dnl +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/broken-getaddrinfo.m4 b/crypto/external/bsd/heimdal/dist/cf/broken-getaddrinfo.m4 new file mode 100644 index 000000000..54dfaa0d1 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/broken-getaddrinfo.m4 @@ -0,0 +1,26 @@ +dnl Id +dnl +dnl test if getaddrinfo can handle numeric services + +AC_DEFUN([rk_BROKEN_GETADDRINFO],[ +AC_CACHE_CHECK([if getaddrinfo handles numeric services], ac_cv_func_getaddrinfo_numserv, +AC_RUN_IFELSE([AC_LANG_SOURCE([[#include +#include +#include +#include + +int +main(int argc, char **argv) +{ + struct addrinfo hints, *ai; + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_PASSIVE; + hints.ai_socktype = SOCK_STREAM; + hints.ai_family = PF_UNSPEC; + if(getaddrinfo(NULL, "17", &hints, &ai) != 0) + return 1; + if(getaddrinfo(NULL, "0", &hints, &ai) != 0) + return 1; + return 0; +} +]])],[ac_cv_func_getaddrinfo_numserv=yes],[ac_cv_func_getaddrinfo_numserv=no],[ac_cv_func_getaddrinfo_numserv=yes]))]) diff --git a/crypto/external/bsd/heimdal/dist/cf/broken-glob.m4 b/crypto/external/bsd/heimdal/dist/cf/broken-glob.m4 new file mode 100644 index 000000000..5fc3fd0c8 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/broken-glob.m4 @@ -0,0 +1,29 @@ +dnl Id +dnl +dnl check for glob(3) +dnl +AC_DEFUN([AC_BROKEN_GLOB],[ +AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working, +ac_cv_func_glob_working=yes +AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include +#include ]],[[ +glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE| +#ifdef GLOB_MAXPATH +GLOB_MAXPATH +#else +GLOB_LIMIT +#endif +, +NULL, NULL); +]])],[:],[ac_cv_func_glob_working=no])) + +if test "$ac_cv_func_glob_working" = yes; then + AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks + GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT]) +fi +if test "$ac_cv_func_glob_working" = yes; then +AC_NEED_PROTO([#include +#include ],glob) +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/broken-realloc.m4 b/crypto/external/bsd/heimdal/dist/cf/broken-realloc.m4 new file mode 100644 index 000000000..93fd81cad --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/broken-realloc.m4 @@ -0,0 +1,25 @@ +dnl +dnl Id +dnl +dnl Test for realloc that doesn't handle NULL as first parameter +dnl +AC_DEFUN([rk_BROKEN_REALLOC], [ +AC_CACHE_CHECK(if realloc if broken, ac_cv_func_realloc_broken, [ +ac_cv_func_realloc_broken=no +AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#include +#include + +int main(int argc, char **argv) +{ + return realloc(NULL, 17) == NULL; +} +]])],[:], [ac_cv_func_realloc_broken=yes],[:]) +]) +if test "$ac_cv_func_realloc_broken" = yes ; then + AC_DEFINE(BROKEN_REALLOC, 1, [Define if realloc(NULL) doesn't work.]) +fi +AH_BOTTOM([#ifdef BROKEN_REALLOC +#define realloc(X, Y) rk_realloc((X), (Y)) +#endif]) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/broken-snprintf.m4 b/crypto/external/bsd/heimdal/dist/cf/broken-snprintf.m4 new file mode 100644 index 000000000..47299feb9 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/broken-snprintf.m4 @@ -0,0 +1,63 @@ +dnl Id +dnl +AC_DEFUN([AC_BROKEN_SNPRINTF], [ +AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working, +ac_cv_func_snprintf_working=yes +AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#include +#include +int main(int argc, char **argv) +{ + char foo[[3]]; + snprintf(foo, 2, "12"); + return strcmp(foo, "1") || snprintf(NULL, 0, "%d", 12) != 2; +}]])],[:],[ac_cv_func_snprintf_working=no],[:])) + +if test "$ac_cv_func_snprintf_working" = yes; then + AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf]) +fi +if test "$ac_cv_func_snprintf_working" = yes; then +AC_NEED_PROTO([#include ],snprintf) +fi +]) + +AC_DEFUN([AC_BROKEN_VSNPRINTF],[ +AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working, +ac_cv_func_vsnprintf_working=yes +AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#include +#include +#include + +int foo(int num, ...) +{ + char bar[[3]]; + va_list arg; + va_start(arg, num); + vsnprintf(bar, 2, "%s", arg); + va_end(arg); + return strcmp(bar, "1"); +} + +int bar(int num, int len, ...) +{ + int r; + va_list arg; + va_start(arg, len); + r = vsnprintf(NULL, 0, "%s", arg); + va_end(arg); + return r != len; +} + +int main(int argc, char **argv) +{ + return foo(0, "12") || bar(0, 2, "12"); +}]])],[:],[ac_cv_func_vsnprintf_working=no],[:])) + +if test "$ac_cv_func_vsnprintf_working" = yes; then + AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf]) +fi +if test "$ac_cv_func_vsnprintf_working" = yes; then +AC_NEED_PROTO([#include ],vsnprintf) +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/broken.m4 b/crypto/external/bsd/heimdal/dist/cf/broken.m4 new file mode 100644 index 000000000..1927f7103 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/broken.m4 @@ -0,0 +1,12 @@ +dnl Id +dnl +dnl +dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal +dnl libraries + +AC_DEFUN([AC_BROKEN], +[AC_FOREACH([rk_func], [$1], + [AC_CHECK_FUNC(rk_func, + [AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]rk_func), 1, + [Define if you have the function `]rk_func['.])], + [rk_LIBOBJ(rk_func)])])]) diff --git a/crypto/external/bsd/heimdal/dist/cf/broken2.m4 b/crypto/external/bsd/heimdal/dist/cf/broken2.m4 new file mode 100644 index 000000000..5cf2f7088 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/broken2.m4 @@ -0,0 +1,25 @@ +dnl Id +dnl +dnl AC_BROKEN but with more arguments + +dnl AC_BROKEN2(func, includes, arguments) +AC_DEFUN([AC_BROKEN2], +[AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(ac_cv_func_[]$1, +[AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$1) || defined (__stub___$1) +choke me +#else +$1($3); +#endif +]])], [eval "ac_cv_func_[]$1=yes"], [eval "ac_cv_func_[]$1=no"])]) +if eval "test \"\${ac_cv_func_[]$1}\" = yes"; then + AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, define) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) + rk_LIBOBJ($1) +fi]) diff --git a/crypto/external/bsd/heimdal/dist/cf/c-attribute.m4 b/crypto/external/bsd/heimdal/dist/cf/c-attribute.m4 new file mode 100644 index 000000000..58a38e01e --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/c-attribute.m4 @@ -0,0 +1,28 @@ +dnl +dnl Id +dnl + +dnl +dnl Test for __attribute__ +dnl + +AC_DEFUN([AC_C___ATTRIBUTE__], [ +AC_MSG_CHECKING(for __attribute__) +AC_CACHE_VAL(ac_cv___attribute__, [ +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include +static void foo(void) __attribute__ ((noreturn)); + +static void +foo(void) +{ + exit(1); +} +]])], +[ac_cv___attribute__=yes], +[ac_cv___attribute__=no])]) +if test "$ac_cv___attribute__" = "yes"; then + AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__]) +fi +AC_MSG_RESULT($ac_cv___attribute__) +]) + diff --git a/crypto/external/bsd/heimdal/dist/cf/c-function.m4 b/crypto/external/bsd/heimdal/dist/cf/c-function.m4 new file mode 100644 index 000000000..0eaa80c6e --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/c-function.m4 @@ -0,0 +1,33 @@ +dnl +dnl Id +dnl + +dnl +dnl Test for __FUNCTION__ +dnl + +AC_DEFUN([AC_C___FUNCTION__], [ +AC_MSG_CHECKING(for __FUNCTION__) +AC_CACHE_VAL(ac_cv___function__, [ +AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#include + +static char *foo(void) +{ + return __FUNCTION__; +} + +int main(int argc, char **argc) +{ + return strcmp(foo(), "foo") != 0; +} +]])], +[ac_cv___function__=yes], +[ac_cv___function__=no], +[ac_cv___function__=no])]) +if test "$ac_cv___function__" = "yes"; then + AC_DEFINE(HAVE___FUNCTION__, 1, [define if your compiler has __FUNCTION__]) +fi +AC_MSG_RESULT($ac_cv___function__) +]) + diff --git a/crypto/external/bsd/heimdal/dist/cf/capabilities.m4 b/crypto/external/bsd/heimdal/dist/cf/capabilities.m4 new file mode 100644 index 000000000..f55c5085f --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/capabilities.m4 @@ -0,0 +1,14 @@ +dnl +dnl Id +dnl + +dnl +dnl Test SGI capabilities +dnl + +AC_DEFUN([KRB_CAPABILITIES],[ + +AC_CHECK_HEADERS(capability.h sys/capability.h) + +AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/check-compile-et.m4 b/crypto/external/bsd/heimdal/dist/cf/check-compile-et.m4 new file mode 100644 index 000000000..a5e529351 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/check-compile-et.m4 @@ -0,0 +1,110 @@ +dnl Id +dnl +dnl CHECK_COMPILE_ET +AC_DEFUN([CHECK_COMPILE_ET], [ + +AC_CHECK_PROG(COMPILE_ET, compile_et, [compile_et]) + +krb_cv_compile_et="no" +krb_cv_com_err_need_r="" +krb_cv_compile_et_cross=no +if test "${COMPILE_ET}" = "compile_et"; then + +dnl We have compile_et. Now let's see if it supports `prefix' and `index'. +AC_MSG_CHECKING(whether compile_et has the features we need) +cat > conftest_et.et <<'EOF' +error_table test conf +prefix CONFTEST +index 1 +error_code CODE1, "CODE1" +index 128 +error_code CODE2, "CODE2" +end +EOF +if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then + dnl XXX Some systems have . + save_CPPFLAGS="${CPPFLAGS}" + if test -d "/usr/include/et"; then + CPPFLAGS="-I/usr/include/et ${CPPFLAGS}" + fi + dnl Check that the `prefix' and `index' directives were honored. + AC_RUN_IFELSE([ +#include +#include +#include "conftest_et.h" +int main(int argc, char **argv){ +#ifndef ERROR_TABLE_BASE_conf +#error compile_et does not handle error_table N M +#endif +return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;} + ], [krb_cv_compile_et="yes"],[CPPFLAGS="${save_CPPFLAGS}"], + [krb_cv_compile_et="yes" krb_cv_compile_et_cross=yes] ) +fi +AC_MSG_RESULT(${krb_cv_compile_et}) +if test "${krb_cv_compile_et}" = "yes" -a "${krb_cv_compile_et_cross}" = no; then + AC_MSG_CHECKING([for if com_err generates a initialize_conf_error_table_r]) + AC_EGREP_CPP([initialize_conf_error_table_r.*struct et_list], + [#include "conftest_et.h"], + [krb_cv_com_err_need_r="ok"]) + if test X"$krb_cv_com_err_need_r" = X ; then + AC_MSG_RESULT(no) + krb_cv_compile_et=no + else + AC_MSG_RESULT(yes) + fi +fi +rm -fr conftest* +fi + +if test "${krb_cv_compile_et_cross}" = yes ; then + krb_cv_com_err="cross" +elif test "${krb_cv_compile_et}" = "yes"; then + dnl Since compile_et seems to work, let's check libcom_err + krb_cv_save_LIBS="${LIBS}" + LIBS="${LIBS} -lcom_err" + AC_MSG_CHECKING(for com_err) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]],[[ + const char *p; + p = error_message(0); + initialize_error_table_r(0,0,0,0); + com_right_r(0, 0, 0, 0); + ]])],[krb_cv_com_err="yes"],[krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"]) + AC_MSG_RESULT(${krb_cv_com_err}) + LIBS="${krb_cv_save_LIBS}" +else + dnl Since compile_et doesn't work, forget about libcom_err + krb_cv_com_err="no" +fi + +dnl Only use the system's com_err if we found compile_et, libcom_err, and +dnl com_err.h. +if test "${krb_cv_com_err}" = "yes"; then + DIR_com_err="" + LIB_com_err="-lcom_err" + LIB_com_err_a="" + LIB_com_err_so="" + AC_MSG_NOTICE(Using the already-installed com_err) + localcomerr=no +elif test "${krb_cv_com_err}" = "cross"; then + DIR_com_err="com_err" + LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la" + LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a" + LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so" + AC_MSG_NOTICE(Using our own com_err with toolchain compile_et) + localcomerr=yes +else + COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et" + DIR_com_err="com_err" + LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la" + LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a" + LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so" + AC_MSG_NOTICE(Using our own com_err) + localcomerr=yes +fi +AM_CONDITIONAL(COM_ERR, test "$localcomerr" = yes)dnl +AC_SUBST(DIR_com_err) +AC_SUBST(LIB_com_err) +AC_SUBST(LIB_com_err_a) +AC_SUBST(LIB_com_err_so) + +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/check-getpwnam_r-posix.m4 b/crypto/external/bsd/heimdal/dist/cf/check-getpwnam_r-posix.m4 new file mode 100644 index 000000000..980f428e4 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/check-getpwnam_r-posix.m4 @@ -0,0 +1,25 @@ +dnl Id +dnl +dnl check for getpwnam_r, and if it's posix or not + +AC_DEFUN([AC_CHECK_GETPWNAM_R_POSIX],[ +AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r) +if test "$ac_cv_func_getpwnam_r" = yes; then + AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix, + ac_libs="$LIBS" + LIBS="$LIBS $LIB_getpwnam_r" + AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#define _POSIX_PTHREAD_SEMANTICS +#include +int main(int argc, char **argv) +{ + struct passwd pw, *pwd; + return getpwnam_r("", &pw, NULL, 0, &pwd) < 0; +} +]])],[ac_cv_func_getpwnam_r_posix=yes],[ac_cv_func_getpwnam_r_posix=no],[:]) +LIBS="$ac_libs") +if test "$ac_cv_func_getpwnam_r_posix" = yes; then + AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.]) +fi +fi +]) \ No newline at end of file diff --git a/crypto/external/bsd/heimdal/dist/cf/check-man.m4 b/crypto/external/bsd/heimdal/dist/cf/check-man.m4 new file mode 100644 index 000000000..2555b5fd4 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/check-man.m4 @@ -0,0 +1,58 @@ +dnl Id +dnl check how to format manual pages +dnl + +AC_DEFUN([rk_CHECK_MAN], +[AC_PATH_PROG(NROFF, nroff) +AC_PATH_PROG(GROFF, groff) +AC_CACHE_CHECK(how to format man pages,ac_cv_sys_man_format, +[cat > conftest.1 << END +.Dd January 1, 1970 +.Dt CONFTEST 1 +.Sh NAME +.Nm conftest +.Nd +foobar +END + +if test "$NROFF" ; then + for i in "-mdoc" "-mandoc"; do + if "$NROFF" $i conftest.1 2> /dev/null | \ + grep Jan > /dev/null 2>&1 ; then + ac_cv_sys_man_format="$NROFF $i" + break + fi + done +fi +if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then + for i in "-mdoc" "-mandoc"; do + if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \ + grep Jan > /dev/null 2>&1 ; then + ac_cv_sys_man_format="$GROFF -Tascii $i" + break + fi + done +fi +if test "$ac_cv_sys_man_format"; then + ac_cv_sys_man_format="$ac_cv_sys_man_format \[$]< > \[$]@" +fi +]) +if test "$ac_cv_sys_man_format"; then + CATMAN="$ac_cv_sys_man_format" + AC_SUBST(CATMAN) +fi +AM_CONDITIONAL(CATMAN, test "$CATMAN") +AC_CACHE_CHECK(extension of pre-formatted manual pages,ac_cv_sys_catman_ext, +[if grep _suffix /etc/man.conf > /dev/null 2>&1; then + ac_cv_sys_catman_ext=0 +else + ac_cv_sys_catman_ext=number +fi +]) +if test "$ac_cv_sys_catman_ext" = number; then + CATMANEXT='$$section' +else + CATMANEXT=0 +fi +AC_SUBST(CATMANEXT) +]) \ No newline at end of file diff --git a/crypto/external/bsd/heimdal/dist/cf/check-netinet-ip-and-tcp.m4 b/crypto/external/bsd/heimdal/dist/cf/check-netinet-ip-and-tcp.m4 new file mode 100644 index 000000000..103d6ef22 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/check-netinet-ip-and-tcp.m4 @@ -0,0 +1,33 @@ +dnl +dnl Id +dnl + +dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3 +dnl you have to include standards.h before including these files + +AC_DEFUN([CHECK_NETINET_IP_AND_TCP], +[ +AC_CHECK_HEADERS(standards.h) +for i in netinet/ip.h netinet/tcp.h; do + +cv=`echo "$i" | sed 'y%./+-%__p_%'` + +AC_CACHE_CHECK([for $i],ac_cv_header_$cv, +[AC_PREPROC_IFELSE([AC_LANG_SOURCE([[ +#ifdef HAVE_STANDARDS_H +#include +#endif +#include <$i> +]])], +[eval "ac_cv_header_$cv=yes"], +[eval "ac_cv_header_$cv=no"])]) +ac_res=`eval echo \\$ac_cv_header_$cv` +if test "$ac_res" = yes; then + ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + AC_DEFINE_UNQUOTED($ac_tr_hdr, 1) +fi +done +if false;then + AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h) +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/check-type-extra.m4 b/crypto/external/bsd/heimdal/dist/cf/check-type-extra.m4 new file mode 100644 index 000000000..600bd16b1 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/check-type-extra.m4 @@ -0,0 +1,23 @@ +dnl Id +dnl +dnl ac_check_type + extra headers + +dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS) +AC_DEFUN([AC_CHECK_TYPE_EXTRA], +[AC_REQUIRE([AC_HEADER_STDC])dnl +AC_MSG_CHECKING(for $1) +AC_CACHE_VAL(ac_cv_type_$1, +[AC_EGREP_CPP(dnl +changequote(<<,>>)dnl +<<$1[^a-zA-Z_0-9]>>dnl +changequote([,]), [#include +#if STDC_HEADERS +#include +#include +#endif +$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl +AC_MSG_RESULT($ac_cv_type_$1) +if test $ac_cv_type_$1 = no; then + AC_DEFINE($1, $2, [Define this to what the type $1 should be.]) +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/check-var.m4 b/crypto/external/bsd/heimdal/dist/cf/check-var.m4 new file mode 100644 index 000000000..eed3796ef --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/check-var.m4 @@ -0,0 +1,28 @@ +dnl Id +dnl +dnl rk_CHECK_VAR(variable, includes) +AC_DEFUN([rk_CHECK_VAR], [ +AC_MSG_CHECKING(for $1) +AC_CACHE_VAL(ac_cv_var_$1, [ +m4_ifval([$2],[ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2 + void * foo(void) { return &$1; }]],[[foo()]])], + [ac_cv_var_$1=yes],[ac_cv_var_$1=no])]) +if test "$ac_cv_var_$1" != yes ; then +AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2 +extern int $1; +int foo(void) { return $1; }]],[[foo()]])], + [ac_cv_var_$1=yes],[ac_cv_var_$1=no]) +fi +]) +ac_foo=`eval echo \\$ac_cv_var_$1` +AC_MSG_RESULT($ac_foo) +if test "$ac_foo" = yes; then + AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, + [Define if you have the `]$1[' variable.]) + m4_ifval([$2], AC_CHECK_DECLS([$1],[],[],[$2])) +fi +]) + +AC_WARNING_ENABLE([obsolete]) +AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo]) diff --git a/crypto/external/bsd/heimdal/dist/cf/check-x.m4 b/crypto/external/bsd/heimdal/dist/cf/check-x.m4 new file mode 100644 index 000000000..c10e45714 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/check-x.m4 @@ -0,0 +1,53 @@ +dnl +dnl See if there is any X11 present +dnl +dnl Id + +AC_DEFUN([KRB_CHECK_X],[ +AC_PATH_XTRA + +# try to figure out if we need any additional ld flags, like -R +# and yes, the autoconf X test is utterly broken +if test "$no_x" != yes; then + AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[ + ac_save_libs="$LIBS" + ac_save_cflags="$CFLAGS" + CFLAGS="$CFLAGS $X_CFLAGS" + krb_cv_sys_x_libs_rpath="" + krb_cv_sys_x_libs="" + for rflag in "" "-R" "-R " "-rpath "; do + if test "$rflag" = ""; then + foo="$X_LIBS" + else + foo="" + for flag in $X_LIBS; do + case $flag in + -L*) + foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`" + ;; + *) + foo="$foo $flag" + ;; + esac + done + fi + LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS" + AC_RUN_IFELSE([ + #include + foo(void) + { + XOpenDisplay(NULL); + } + main(int argc, char **argv) + { + return 0; + } + ],krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:, + krb_cv_sys_x_libs_rpath="" ; krb_cv_sys_x_libs="" ; break) + done + LIBS="$ac_save_libs" + CFLAGS="$ac_save_cflags" + ]) + X_LIBS="$krb_cv_sys_x_libs" +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/check-xau.m4 b/crypto/external/bsd/heimdal/dist/cf/check-xau.m4 new file mode 100644 index 000000000..82f91175b --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/check-xau.m4 @@ -0,0 +1,64 @@ +dnl Id +dnl +dnl check for Xau{Read,Write}Auth and XauFileName +dnl +AC_DEFUN([AC_CHECK_XAU],[ +save_CFLAGS="$CFLAGS" +CFLAGS="$X_CFLAGS $CFLAGS" +save_LIBS="$LIBS" +dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS" +LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS" +save_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS $X_LIBS" + +## check for XauWriteAuth first, so we detect the case where +## XauReadAuth is in -lX11, but XauWriteAuth is only in -lXau this +## could be done by checking for XauReadAuth in -lXau first, but this +## breaks in IRIX 6.5 + +AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau,[#include ],[0,0]) +ac_xxx="$LIBS" +LIBS="$LIB_XauWriteAuth $LIBS" +AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau,[#include ],[0]) +LIBS="$LIB_XauReadAauth $LIBS" +AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau,[#include ]) +LIBS="$ac_xxx" + +## set LIB_XauReadAuth to union of these tests, since this is what the +## Makefiles are using +case "$ac_cv_funclib_XauWriteAuth" in +yes) ;; +no) ;; +*) if test "$ac_cv_funclib_XauReadAuth" = yes; then + if test "$ac_cv_funclib_XauFileName" = yes; then + LIB_XauReadAuth="$LIB_XauWriteAuth" + else + LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName" + fi + else + if test "$ac_cv_funclib_XauFileName" = yes; then + LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth" + else + LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName" + fi + fi + ;; +esac + +if test "$AUTOMAKE" != ""; then + AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes") +else + AC_SUBST(NEED_WRITEAUTH_TRUE) + AC_SUBST(NEED_WRITEAUTH_FALSE) + if test "$ac_cv_func_XauWriteAuth" != "yes"; then + NEED_WRITEAUTH_TRUE= + NEED_WRITEAUTH_FALSE='#' + else + NEED_WRITEAUTH_TRUE='#' + NEED_WRITEAUTH_FALSE= + fi +fi +CFLAGS=$save_CFLAGS +LIBS=$save_LIBS +LDFLAGS=$save_LDFLAGS +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/crypto.m4 b/crypto/external/bsd/heimdal/dist/cf/crypto.m4 new file mode 100644 index 000000000..a64a09ff6 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/crypto.m4 @@ -0,0 +1,179 @@ +dnl Id +dnl +dnl test for crypto libraries: +dnl - libcrypto (from openssl) +dnl - own-built libhcrypto + +m4_define([test_headers], [ + #undef KRB5 /* makes md4.h et al unhappy */ + #ifdef HAVE_OPENSSL + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #else + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #endif + ]) +m4_define([test_body], [ + void *schedule = 0; + EVP_MD_CTX mdctx; + + EVP_md4(); + EVP_md5(); + EVP_sha1(); + EVP_sha256(); + + EVP_MD_CTX_init(&mdctx); + EVP_DigestInit_ex(&mdctx, EVP_sha1(), (ENGINE *)0); + EVP_CIPHER_iv_length(((EVP_CIPHER*)0)); + UI_UTIL_read_pw_string(0,0,0,0); + RAND_status(); + #ifdef HAVE_OPENSSL + EC_KEY_new(); + #endif + + OpenSSL_add_all_algorithms(); + AES_encrypt(0,0,0); + DES_cbc_encrypt(0, 0, 0, schedule, 0, 0); + RC4(0, 0, 0, 0);]) + + +AC_DEFUN([KRB_CRYPTO],[ +crypto_lib=unknown +AC_WITH_ALL([openssl]) + +DIR_hcrypto= + +AC_MSG_CHECKING([for crypto library]) + +openssl=no + +if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then + save_CPPFLAGS="$CPPFLAGS" + save_LIBS="$LIBS" + + cdirs= clibs= + for i in $LIB_krb4; do + case "$i" in + -L*) cdirs="$cdirs $i";; + -l*) clibs="$clibs $i";; + esac + done + + ires= + for i in $INCLUDE_krb4; do + CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS" + for j in $cdirs; do + for k in $clibs; do + LIBS="$j $k $save_LIBS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers], + [test_body])], + [openssl=yes ires="$i" lres="$j $k"; break 3]) + done + done + CFLAGS="$i $save_CFLAGS" + for j in $cdirs; do + for k in $clibs; do + LIBS="$j $k $save_LIBS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],[test_body])], + [openssl=no ires="$i" lres="$j $k"; break 3]) + done + done + done + + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" + if test "$ires" -a "$lres"; then + INCLUDE_hcrypto="$ires" + LIB_hcrypto="$lres" + crypto_lib=krb4 + AC_MSG_RESULT([same as krb4]) + LIB_hcrypto_a='$(LIB_hcrypto)' + LIB_hcrypto_so='$(LIB_hcrypto)' + LIB_hcrypto_appl='$(LIB_hcrypto)' + fi +fi + +if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + INCLUDE_hcrypto= + LIB_hcrypto= + if test "$with_openssl_include" != ""; then + INCLUDE_hcrypto="-I${with_openssl_include}" + fi + if test "$with_openssl_lib" != ""; then + LIB_hcrypto="-L${with_openssl_lib}" + fi + CFLAGS="-DHAVE_OPENSSL ${INCLUDE_hcrypto} ${CFLAGS}" + saved_LIB_hcrypto="$LIB_hcrypto" + for lres in "" "-ldl" "-lnsl -lsocket" "-lnsl -lsocket -ldl"; do + LIB_hcrypto="${saved_LIB_hcrypto} -lcrypto $lres" + LIB_hcrypto_a="$LIB_hcrypto" + LIB_hcrypto_so="$LIB_hcrypto" + LIB_hcrypto_appl="$LIB_hcrypto" + LIBS="${LIBS} ${LIB_hcrypto}" + AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],[test_body])], [ + crypto_lib=libcrypto openssl=yes + AC_MSG_RESULT([libcrypto]) + ]) + if test "$crypto_lib" = libcrypto ; then + break; + fi + done + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" +fi + +if test "$crypto_lib" = "unknown"; then + + DIR_hcrypto='hcrypto' + LIB_hcrypto='$(top_builddir)/lib/hcrypto/libhcrypto.la' + LIB_hcrypto_a='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.a' + LIB_hcrypto_so='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.so' + LIB_hcrypto_appl="-lhcrypto" + + AC_MSG_RESULT([included libhcrypto]) + +fi + +if test "$with_krb4" != no -a "$crypto_lib" != krb4; then + AC_MSG_ERROR([the crypto library used by krb4 lacks features +required by Kerberos 5; to continue, you need to install a newer +Kerberos 4 or configure --without-krb4]) +fi + +if test "$openssl" = "yes"; then + AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto]) +fi +AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl + +AC_SUBST(DIR_hcrypto) +AC_SUBST(INCLUDE_hcrypto) +AC_SUBST(LIB_hcrypto) +AC_SUBST(LIB_hcrypto_a) +AC_SUBST(LIB_hcrypto_so) +AC_SUBST(LIB_hcrypto_appl) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/db.m4 b/crypto/external/bsd/heimdal/dist/cf/db.m4 new file mode 100644 index 000000000..dba847719 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/db.m4 @@ -0,0 +1,232 @@ +dnl Id +dnl +dnl tests for various db libraries +dnl + +AC_DEFUN([rk_DB],[ +AC_ARG_WITH(berkeley-db, + AS_HELP_STRING([--with-berkeley-db], + [enable support for berkeley db @<:@default=check@:>@]), + [], + [with_berkeley_db=check]) + +dbheader="" +AC_ARG_WITH(berkeley-db-include, + AS_HELP_STRING([--with-berkeley-db-include=dir], + [use berkeley-db headers in dir]), + [dbheader=$withval], + [with_berkeley_db_include=check]) + +AC_ARG_ENABLE(ndbm-db, + AS_HELP_STRING([--disable-ndbm-db], + [if you don't want ndbm db]),[ +]) + +have_ndbm=no +db_type=unknown + +AS_IF([test "x$with_berkeley_db" != xno], + [AS_IF([test "x$with_berkeley_db_include" != xcheck], + [AC_CHECK_HEADERS(["$dbheader/db.h"], + [AC_SUBST([DBHEADER], [$dbheader]) + AC_DEFINE([HAVE_DBHEADER], [1], + [Define if you have user supplied header location]) + ], + [if test "x$with_berkeley_db_include" != xcheck; then + AC_MSG_FAILURE( + [--with-berkeley-db-include was given but include test failed]) + fi + ])], + [AC_CHECK_HEADERS([ \ + db5/db.h \ + db4/db.h \ + db3/db.h \ + db.h \ + ])]) + +dnl db_create is used by db3 and db4 and db5 + + AC_FIND_FUNC_NO_LIBS(db_create, [$dbheader] db5 db4 db3 db, [ + #include + #ifdef HAVE_DBHEADER + #include <$dbheader/db.h> + #elif HAVE_DB5_DB_H + #include + #elif HAVE_DB4_DB_H + #include + #elif defined(HAVE_DB3_DB_H) + #include + #else + #include + #endif + ],[NULL, NULL, 0]) + + if test "$ac_cv_func_db_create" = "yes"; then + db_type=db3 + if test "$ac_cv_funclib_db_create" != "yes"; then + DBLIB="$ac_cv_funclib_db_create" + else + DBLIB="" + fi + AC_DEFINE(HAVE_DB3, 1, [define if you have a berkeley db3/4/5 library]) + fi + +dnl dbopen is used by db1/db2 + + AC_FIND_FUNC_NO_LIBS(dbopen, db2 db, [ + #include + #if defined(HAVE_DB2_DB_H) + #include + #elif defined(HAVE_DB_H) + #include + #else + #error no db.h + #endif + ],[NULL, 0, 0, 0, NULL]) + + if test "$ac_cv_func_dbopen" = "yes"; then + db_type=db1 + if test "$ac_cv_funclib_dbopen" != "yes"; then + DBLIB="$ac_cv_funclib_dbopen" + else + DBLIB="" + fi + AC_DEFINE(HAVE_DB1, 1, [define if you have a berkeley db1/2 library]) + fi + +dnl test for ndbm compatability + + if test "$ac_cv_func_dbm_firstkey" != yes; then + AC_FIND_FUNC_NO_LIBS2(dbm_firstkey, $ac_cv_funclib_dbopen $ac_cv_funclib_db_create, [ + #include + #define DB_DBM_HSEARCH 1 + #include + DBM *dbm; + ],[NULL]) + + if test "$ac_cv_func_dbm_firstkey" = "yes"; then + if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then + LIB_NDBM="$ac_cv_funclib_dbm_firstkey" + else + LIB_NDBM="" + fi + AC_DEFINE(HAVE_DB_NDBM, 1, [define if you have ndbm compat in db]) + AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)]) + else + $as_unset ac_cv_func_dbm_firstkey + $as_unset ac_cv_funclib_dbm_firstkey + fi + fi + +]) # fi berkeley db + +if test "$enable_ndbm_db" != "no"; then + + if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then + + AC_CHECK_HEADERS([ \ + dbm.h \ + ndbm.h \ + ]) + + AC_FIND_FUNC_NO_LIBS(dbm_firstkey, ndbm, [ + #include + #if defined(HAVE_NDBM_H) + #include + #elif defined(HAVE_DBM_H) + #include + #endif + DBM *dbm; + ],[NULL]) + + if test "$ac_cv_func_dbm_firstkey" = "yes"; then + if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then + LIB_NDBM="$ac_cv_funclib_dbm_firstkey" + else + LIB_NDBM="" + fi + AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl + have_ndbm=yes + if test "$db_type" = "unknown"; then + db_type=ndbm + DBLIB="$LIB_NDBM" + fi + else + + $as_unset ac_cv_func_dbm_firstkey + $as_unset ac_cv_funclib_dbm_firstkey + + AC_CHECK_HEADERS([ \ + gdbm/ndbm.h \ + ]) + + AC_FIND_FUNC_NO_LIBS(dbm_firstkey, gdbm, [ + #include + #include + DBM *dbm; + ],[NULL]) + + if test "$ac_cv_func_dbm_firstkey" = "yes"; then + if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then + LIB_NDBM="$ac_cv_funclib_dbm_firstkey" + else + LIB_NDBM="" + fi + AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl + have_ndbm=yes + if test "$db_type" = "unknown"; then + db_type=ndbm + DBLIB="$LIB_NDBM" + fi + fi + fi + fi #enable_ndbm_db +fi # unknown + +if test "$have_ndbm" = "yes"; then + AC_MSG_CHECKING([if ndbm is implemented with db]) + AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#include +#include +#if defined(HAVE_GDBM_NDBM_H) +#include +#elif defined(HAVE_NDBM_H) +#include +#elif defined(HAVE_DBM_H) +#include +#endif +int main(int argc, char **argv) +{ + DBM *d; + + d = dbm_open("conftest", O_RDWR | O_CREAT, 0666); + if (d == NULL) + return 1; + dbm_close(d); + return 0; +}]])],[ + if test -f conftest.db; then + AC_MSG_RESULT([yes]) + AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)]) + else + AC_MSG_RESULT([no]) + fi],[AC_MSG_RESULT([no])],[AC_MSG_RESULT([no-cross])]) +fi + +AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl +AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl +AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl +AM_CONDITIONAL(HAVE_DBHEADER, test "$dbheader" != "")dnl + +## it's probably not correct to include LDFLAGS here, but we might +## need it, for now just add any possible -L +z="" +for i in $LDFLAGS; do + case "$i" in + -L*) z="$z $i";; + esac +done +DBLIB="$z $DBLIB" +AC_SUBST(DBLIB)dnl +AC_SUBST(LIB_NDBM)dnl +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/destdirs.m4 b/crypto/external/bsd/heimdal/dist/cf/destdirs.m4 new file mode 100644 index 000000000..a640beca7 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/destdirs.m4 @@ -0,0 +1,18 @@ +dnl +dnl Id +dnl + +AC_DEFUN([rk_DESTDIRS], [ +# This is done by AC_OUTPUT but we need the result here. +test "x$prefix" = xNONE && prefix=$ac_default_prefix +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +AC_FOREACH([rk_dir], [bin lib libexec localstate sbin sysconf], [ + x="${rk_dir[]dir}" + eval y="$x" + while test "x$y" != "x$x"; do + x="$y" + eval y="$x" + done + AC_DEFINE_UNQUOTED(AS_TR_CPP(rk_dir[]dir), "$x", [path to ]rk_dir[])]) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/dispatch.m4 b/crypto/external/bsd/heimdal/dist/cf/dispatch.m4 new file mode 100644 index 000000000..68b39fd48 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/dispatch.m4 @@ -0,0 +1,20 @@ + +AC_DEFUN([rk_LIBDISPATCH],[ + +AC_CHECK_HEADERS([dispatch/dispatch.h]) + +AC_FIND_FUNC_NO_LIBS(dispatch_async_f, dispatch, +[#ifdef HAVE_DISPATCH_DISPATCH_H +#include +#endif],[0,0,0]) + +if test "$ac_cv_func_dispatch_async_f" = yes ; then + AC_DEFINE([HAVE_GCD], 1, [Define if os support gcd.]) + libdispatch=yes +else + libdispatch=no +fi + +AM_CONDITIONAL(have_gcd, test "$libdispatch" = yes) + +]) \ No newline at end of file diff --git a/crypto/external/bsd/heimdal/dist/cf/dlopen.m4 b/crypto/external/bsd/heimdal/dist/cf/dlopen.m4 new file mode 100644 index 000000000..5215093ba --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/dlopen.m4 @@ -0,0 +1,11 @@ +dnl +dnl Id +dnl + +AC_DEFUN([rk_DLOPEN], [ + AC_FIND_FUNC_NO_LIBS(dlopen, dl,[ +#ifdef HAVE_DLFCN_H +#include +#endif],[0,0]) + AM_CONDITIONAL(HAVE_DLOPEN, test "$ac_cv_funclib_dlopen" != no) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/find-func-no-libs.m4 b/crypto/external/bsd/heimdal/dist/cf/find-func-no-libs.m4 new file mode 100644 index 000000000..d5bc9a48c --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/find-func-no-libs.m4 @@ -0,0 +1,9 @@ +dnl Id +dnl +dnl +dnl Look for function in any of the specified libraries +dnl + +dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args) +AC_DEFUN([AC_FIND_FUNC_NO_LIBS], [ +AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])]) diff --git a/crypto/external/bsd/heimdal/dist/cf/find-func-no-libs2.m4 b/crypto/external/bsd/heimdal/dist/cf/find-func-no-libs2.m4 new file mode 100644 index 000000000..8a236d467 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/find-func-no-libs2.m4 @@ -0,0 +1,63 @@ +dnl Id +dnl +dnl +dnl Look for function in any of the specified libraries +dnl + +dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args) +AC_DEFUN([AC_FIND_FUNC_NO_LIBS2], [ + +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(ac_cv_funclib_$1, +[ +if eval "test \"\$ac_cv_func_$1\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in $2; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS="$6 $ac_lib $5 $ac_save_LIBS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[$3]],[[$1($4)]])],[eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break]) + done + eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}" + LIBS="$ac_save_LIBS" +fi +]) + +eval "ac_res=\$ac_cv_funclib_$1" + +if false; then + AC_CHECK_FUNCS($1) +dnl AC_CHECK_LIBS($2, foo) +fi +# $1 +eval "ac_tr_func=HAVE_[]upcase($1)" +eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')" +eval "LIB_$1=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_$1=yes" + eval "LIB_$1=" + AC_DEFINE_UNQUOTED($ac_tr_func) + AC_MSG_RESULT([yes]) + ;; + no) + eval "ac_cv_func_$1=no" + eval "LIB_$1=" + AC_MSG_RESULT([no]) + ;; + *) + eval "ac_cv_func_$1=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + AC_DEFINE_UNQUOTED($ac_tr_func) + AC_DEFINE_UNQUOTED($ac_tr_lib) + AC_MSG_RESULT([yes, in $ac_res]) + ;; +esac +AC_SUBST(LIB_$1) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/find-func.m4 b/crypto/external/bsd/heimdal/dist/cf/find-func.m4 new file mode 100644 index 000000000..dd232995c --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/find-func.m4 @@ -0,0 +1,9 @@ +dnl Id +dnl +dnl AC_FIND_FUNC(func, libraries, includes, arguments) +AC_DEFUN([AC_FIND_FUNC], [ +AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4]) +if test -n "$LIB_$1"; then + LIBS="$LIB_$1 $LIBS" +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/find-if-not-broken.m4 b/crypto/external/bsd/heimdal/dist/cf/find-if-not-broken.m4 new file mode 100644 index 000000000..8fb416413 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/find-if-not-broken.m4 @@ -0,0 +1,12 @@ +dnl Id +dnl +dnl +dnl Mix between AC_FIND_FUNC and AC_BROKEN +dnl + +AC_DEFUN([AC_FIND_IF_NOT_BROKEN], +[AC_FIND_FUNC([$1], [$2], [$3], [$4]) +if eval "test \"$ac_cv_func_$1\" != yes"; then + rk_LIBOBJ([$1]) +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/framework-security.m4 b/crypto/external/bsd/heimdal/dist/cf/framework-security.m4 new file mode 100644 index 000000000..3358292f4 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/framework-security.m4 @@ -0,0 +1,31 @@ +AC_DEFUN([rk_FRAMEWORK_SECURITY], [ + +AC_MSG_CHECKING([for framework security]) +AC_CACHE_VAL(rk_cv_framework_security, +[ +if test "$rk_cv_framework_security" != yes; then + ac_save_LIBS="$LIBS" + LIBS="$ac_save_LIBS -framework Security -framework CoreFoundation" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include +]], +[[SecKeychainSearchRef searchRef; +SecKeychainSearchCreateFromAttributes(NULL,kSecCertificateItemClass,NULL, &searchRef); +CFRelease(&searchRef); +]])],[rk_cv_framework_security=yes]) + LIBS="$ac_save_LIBS" +fi +]) + +if test "$rk_cv_framework_security" = yes; then + AC_DEFINE(HAVE_FRAMEWORK_SECURITY, 1, [Have -framework Security]) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi +AM_CONDITIONAL(FRAMEWORK_SECURITY, test "$rk_cv_framework_security" = yes) + +if test "$rk_cv_framework_security" = yes; then + AC_NEED_PROTO([#include ],SecKeyGetCSPHandle) +fi + +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/have-pragma-weak.m4 b/crypto/external/bsd/heimdal/dist/cf/have-pragma-weak.m4 new file mode 100644 index 000000000..aa8bf4dcb --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/have-pragma-weak.m4 @@ -0,0 +1,37 @@ +dnl Id +dnl +AC_DEFUN([AC_HAVE_PRAGMA_WEAK], [ +if test "${enable_shared}" = "yes"; then +AC_MSG_CHECKING(for pragma weak) +AC_CACHE_VAL(ac_have_pragma_weak, [ +ac_have_pragma_weak=no +cat > conftest_foo.$ac_ext <<'EOF' +[#]line __oline__ "configure" +#include "confdefs.h" +#pragma weak foo = _foo +int _foo = 17; +EOF +cat > conftest_bar.$ac_ext <<'EOF' +[#]line __oline__ "configure" +#include "confdefs.h" +extern int foo; + +int t(void) { + return foo; +} + +int main(int argc, char **argv) { + return t(); +} +EOF +if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then +ac_have_pragma_weak=yes +fi +rm -rf conftest* +]) +if test "$ac_have_pragma_weak" = "yes"; then + AC_DEFINE(HAVE_PRAGMA_WEAK, 1, [Define this if your compiler supports \`#pragma weak.'])dnl +fi +AC_MSG_RESULT($ac_have_pragma_weak) +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/have-struct-field.m4 b/crypto/external/bsd/heimdal/dist/cf/have-struct-field.m4 new file mode 100644 index 000000000..391752a17 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/have-struct-field.m4 @@ -0,0 +1,21 @@ +dnl Id +dnl +dnl check for fields in a structure +dnl +dnl AC_HAVE_STRUCT_FIELD(struct, field, headers) + +AC_DEFUN([AC_HAVE_STRUCT_FIELD], [ +define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_])) +AC_CACHE_CHECK([for $2 in $1], cache_val,[ +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$3]], + [[$1 x; memset(&x, 0, sizeof(x)); x.$2]])], + [cache_val=yes], + [cache_val=no]) +]) +if test "$cache_val" = yes; then + define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_])) + AC_DEFINE(foo, 1, [Define if $1 has field $2.]) + undefine([foo]) +fi +undefine([cache_val]) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/have-type.m4 b/crypto/external/bsd/heimdal/dist/cf/have-type.m4 new file mode 100644 index 000000000..13850f69e --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/have-type.m4 @@ -0,0 +1,30 @@ +dnl Id +dnl +dnl check for existance of a type + +dnl AC_HAVE_TYPE(TYPE,INCLUDES) +AC_DEFUN([AC_HAVE_TYPE], [ +AC_REQUIRE([AC_HEADER_STDC]) +cv=`echo "$1" | sed 'y%./+- %__p__%'` +AC_MSG_CHECKING(for $1) +AC_CACHE_VAL([ac_cv_type_$cv], +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#if STDC_HEADERS +#include +#include +#endif +$2]], +[[$1 foo;]])], +[eval "ac_cv_type_$cv=yes"], +[eval "ac_cv_type_$cv=no"]))dnl +ac_foo=`eval echo \\$ac_cv_type_$cv` +AC_MSG_RESULT($ac_foo) +if test "$ac_foo" = yes; then + ac_tr_hdr=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` +if false; then + AC_CHECK_TYPES($1) +fi + AC_DEFINE_UNQUOTED($ac_tr_hdr, 1, [Define if you have type `$1']) +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/have-types.m4 b/crypto/external/bsd/heimdal/dist/cf/have-types.m4 new file mode 100644 index 000000000..9f13b32dc --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/have-types.m4 @@ -0,0 +1,12 @@ +dnl +dnl Id +dnl + +AC_DEFUN([AC_HAVE_TYPES], [ +for i in $1; do + AC_HAVE_TYPE($i) +done +if false;then + AC_CHECK_FUNCS($1) +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/install-catman.sh b/crypto/external/bsd/heimdal/dist/cf/install-catman.sh new file mode 100644 index 000000000..8efc7df2e --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/install-catman.sh @@ -0,0 +1,73 @@ +#!/bin/sh +# +# Id +# +# install preformatted manual pages + +cmd="$1"; shift +INSTALL_DATA="$1"; shift +mkinstalldirs="$1"; shift +srcdir="$1"; shift +manbase="$1"; shift +suffix="$1"; shift +catinstall="${INSTALL_CATPAGES-yes}" + +for f in "$@"; do + echo $f + base=`echo "$f" | sed 's/\([^/]*\/\)*\(.*\)\.\([^.]*\)$/\2/'` + section=`echo "$f" | sed 's/\([^/]*\/\)*\(.*\)\.\([^.]*\)$/\3/'` + mandir="$manbase/man$section" + catdir="$manbase/cat$section" + c="$base.cat$section" + + if test "$catinstall" = yes -a -f "$srcdir/$c"; then + if test "$cmd" = install ; then + if test \! -d "$catdir"; then + eval "$mkinstalldirs $catdir" + fi + eval "echo $INSTALL_DATA $srcdir/$c $catdir/$base.$suffix" + eval "$INSTALL_DATA $srcdir/$c $catdir/$base.$suffix" + elif test "$cmd" = uninstall ; then + eval "echo rm -f $catdir/$base.$suffix" + eval "rm -f $catdir/$base.$suffix" + fi + fi + for link in `sed -n -e '/SYNOPSIS/q;/DESCRIPTION/q;s/^\.Nm \([^ ]*\).*/\1/p' $srcdir/$f`; do + if test "$link" = "$base" ; then + continue + fi + if test "$cmd" = install ; then + target="$mandir/$link.$section" + for lncmd in "ln -f $mandir/$base.$section $target" \ + "ln -s $base.$section $target" \ + "cp -f $mandir/$base.$section $target" + do + if eval "$lncmd"; then + eval echo "$lncmd" + break + fi + done + if test "$catinstall" = yes -a -f "$srcdir/$c"; then + target="$catdir/$link.$suffix" + for lncmd in "ln -f $catdir/$base.$suffix $target" \ + "ln -fs $base.$suffix $target" \ + "cp -f $catdir/$base.$suffix $target" + do + if eval "$lncmd"; then + eval echo "$lncmd" + break + fi + done + fi + elif test "$cmd" = uninstall ; then + target="$mandir/$link.$section" + eval "echo rm -f $target" + eval "rm -f $target" + if test "$catinstall" = yes; then + target="$catdir/$link.$suffix" + eval "echo rm -f $target" + eval "rm -f $target" + fi + fi + done +done diff --git a/crypto/external/bsd/heimdal/dist/cf/irix.m4 b/crypto/external/bsd/heimdal/dist/cf/irix.m4 new file mode 100644 index 000000000..f1728e2a5 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/irix.m4 @@ -0,0 +1,15 @@ +dnl +dnl Id +dnl + +AC_DEFUN([rk_IRIX], +[ +irix=no +case "$host" in +*-*-irix*) + irix=yes + ;; +esac +AM_CONDITIONAL(IRIX, test "$irix" != no)dnl + +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-bigendian.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-bigendian.m4 new file mode 100644 index 000000000..d76410e96 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-bigendian.m4 @@ -0,0 +1,62 @@ +dnl +dnl Id +dnl + +dnl check if this computer is little or big-endian +dnl if we can figure it out at compile-time then don't define the cpp symbol +dnl otherwise test for it and define it. also allow options for overriding +dnl it when cross-compiling + +AC_DEFUN([KRB_C_BIGENDIAN], [ +AC_ARG_ENABLE(bigendian, + AS_HELP_STRING([--enable-bigendian],[the target is big endian]), +krb_cv_c_bigendian=yes) +AC_ARG_ENABLE(littleendian, + AS_HELP_STRING([--enable-littleendian],[the target is little endian]), +krb_cv_c_bigendian=no) +AC_CACHE_CHECK([whether byte order is known at compile time], +krb_cv_c_bigendian_compile, +[AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ +#include +#include +#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN + bogus endian macros +#endif]])],[krb_cv_c_bigendian_compile=yes],[krb_cv_c_bigendian_compile=no])]) +AC_CACHE_CHECK(whether byte ordering is bigendian, krb_cv_c_bigendian,[ + if test "$krb_cv_c_bigendian_compile" = "yes"; then + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ +#include +#include +#if BYTE_ORDER != BIG_ENDIAN + not big endian +#endif]])],[krb_cv_c_bigendian=yes],[krb_cv_c_bigendian=no]) + else + AC_RUN_IFELSE([AC_LANG_SOURCE([[main (int argc, char **argv) { + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long l; + char c[sizeof (long)]; + } u; + u.l = 1; + exit (u.c[sizeof (long) - 1] == 1); + }]])],[krb_cv_c_bigendian=no],[krb_cv_c_bigendian=yes], + [AC_MSG_ERROR([specify either --enable-bigendian or --enable-littleendian])]) + fi +]) +if test "$krb_cv_c_bigendian" = "yes"; then + AC_DEFINE(WORDS_BIGENDIAN, 1, [define if target is big endian])dnl +fi +if test "$krb_cv_c_bigendian_compile" = "yes"; then + AC_DEFINE(ENDIANESS_IN_SYS_PARAM_H, 1, [define if sys/param.h defines the endiness])dnl +fi +AH_BOTTOM([ +#ifdef ENDIANESS_IN_SYS_PARAM_H +# include +# include +# if BYTE_ORDER == BIG_ENDIAN +# define WORDS_BIGENDIAN 1 +# endif +#endif +]) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-func-getcwd-broken.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-func-getcwd-broken.m4 new file mode 100644 index 000000000..56d2cd9ae --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-func-getcwd-broken.m4 @@ -0,0 +1,41 @@ +dnl Id +dnl +dnl +dnl test for broken getcwd in (SunOS braindamage) +dnl + +AC_DEFUN([AC_KRB_FUNC_GETCWD_BROKEN], [ +if test "$ac_cv_func_getcwd" = yes; then +AC_MSG_CHECKING(if getcwd is broken) +AC_CACHE_VAL(ac_cv_func_getcwd_broken, [ +ac_cv_func_getcwd_broken=no + +AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#include +char *getcwd(char*, int); + +void *popen(char *cmd, char *mode) +{ + errno = ENOTTY; + return 0; +} + +int main(int argc, char **argv) +{ + char *ret; + ret = getcwd(0, 1024); + if(ret == 0 && errno == ENOTTY) + return 0; + return 1; +} +]])], [ac_cv_func_getcwd_broken=yes],[:],[:]) +]) +if test "$ac_cv_func_getcwd_broken" = yes; then + AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl + AC_LIBOBJ(getcwd) + AC_MSG_RESULT($ac_cv_func_getcwd_broken) +else + AC_MSG_RESULT([seems ok]) +fi +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-func-getlogin.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-func-getlogin.m4 new file mode 100644 index 000000000..a7df75543 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-func-getlogin.m4 @@ -0,0 +1,22 @@ +dnl +dnl Id +dnl +dnl test for POSIX (broken) getlogin +dnl + + +AC_DEFUN([AC_FUNC_GETLOGIN], [ +AC_CHECK_FUNCS(getlogin setlogin) +if test "$ac_cv_func_getlogin" = yes; then +AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [ +if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then + ac_cv_func_getlogin_posix=no +else + ac_cv_func_getlogin_posix=yes +fi +]) +if test "$ac_cv_func_getlogin_posix" = yes; then + AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).]) +fi +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-ipv6.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-ipv6.m4 new file mode 100644 index 000000000..81ff57cba --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-ipv6.m4 @@ -0,0 +1,154 @@ +dnl Id +dnl +dnl test for IPv6 +dnl +ac_cv_lib_ipv6=check + +AC_DEFUN([AC_KRB_IPV6], [ +AC_ARG_WITH(ipv6, + AS_HELP_STRING([--without-ipv6],[do not enable IPv6 support]),[ + ac_cv_lib_ipv6="$withval" +]) +save_CFLAGS="${CFLAGS}" + +if test "X$ac_cv_lib_ipv6" != "Xno"; then + + AC_CACHE_CHECK([for IPv6 stack type], rk_cv_v6type, + [dnl check for different v6 implementations (by itojun) + v6type=unknown + v6lib=none + + for i in v6d toshiba kame inria zeta linux; do + case $i in + v6d) + AC_EGREP_CPP(yes, [ +#include +#ifdef __V6D__ +yes +#endif], + [v6type=$i; v6lib=v6; + v6libdir=/usr/local/v6/lib; + CFLAGS="-I/usr/local/v6/include $CFLAGS"]) + ;; + toshiba) + AC_EGREP_CPP(yes, [ +#include +#ifdef _TOSHIBA_INET6 +yes +#endif], + [v6type=$i; v6lib=inet6; + v6libdir=/usr/local/v6/lib; + CFLAGS="-DINET6 $CFLAGS"]) + ;; + kame) + AC_EGREP_CPP(yes, [ +#include +#ifdef __KAME__ +yes +#endif], + [v6type=$i; v6lib=inet6; + v6libdir=/usr/local/v6/lib; + CFLAGS="-DINET6 $CFLAGS"]) + ;; + inria) + AC_EGREP_CPP(yes, [ +#include +#ifdef IPV6_INRIA_VERSION +yes +#endif], + [v6type=$i; CFLAGS="-DINET6 $CFLAGS"]) + ;; + zeta) + AC_EGREP_CPP(yes, [ +#include +#ifdef _ZETA_MINAMI_INET6 +yes +#endif], + [v6type=$i; v6lib=inet6; + v6libdir=/usr/local/v6/lib; + CFLAGS="-DINET6 $CFLAGS"]) + ;; + linux) + if test -d /usr/inet6; then + v6type=$i + v6lib=inet6 + v6libdir=/usr/inet6 + CFLAGS="-DINET6 $CFLAGS" + fi + ;; + esac + if test "$v6type" != "unknown"; then + break + fi + done + + if test "$v6lib" != "none"; then + for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do + if test -d $dir -a -f $dir/lib$v6lib.a; then + LIBS="-L$dir -l$v6lib $LIBS" + break + fi + done + fi]) + + AC_CACHE_CHECK([for IPv6], rk_cv_lib_ipv6, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +]], + [[ + struct sockaddr_in6 sin6; + int s; + + s = socket(AF_INET6, SOCK_DGRAM, 0); + + sin6.sin6_family = AF_INET6; + sin6.sin6_port = htons(17); + sin6.sin6_addr = in6addr_any; + bind(s, (struct sockaddr *)&sin6, sizeof(sin6)); +]])], + [ac_cv_lib_ipv6=yes], + [ac_cv_lib_ipv6=no])]) +fi + +if test "$ac_cv_lib_ipv6" = yes; then + AC_DEFINE(HAVE_IPV6, 1, [Define if you have IPv6.]) +else + CFLAGS="${save_CFLAGS}" +fi + +## test for AIX missing in6addr_loopback +if test "$ac_cv_lib_ipv6" = yes; then + AC_CACHE_CHECK([for in6addr_loopback],[rk_cv_var_in6addr_loopback],[ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif]],[[ +struct sockaddr_in6 sin6; +sin6.sin6_addr = in6addr_loopback; +]])],[ac_cv_var_in6addr_loopback=yes],[ac_cv_var_in6addr_loopback=no])]) + if test "$ac_cv_var_in6addr_loopback" = yes; then + AC_DEFINE(HAVE_IN6ADDR_LOOPBACK, 1, + [Define if you have the in6addr_loopback variable]) + fi +fi +]) \ No newline at end of file diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-prog-ln-s.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-prog-ln-s.m4 new file mode 100644 index 000000000..94e3074ad --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-prog-ln-s.m4 @@ -0,0 +1,28 @@ +dnl Id +dnl +dnl +dnl Better test for ln -s, ln or cp +dnl + +AC_DEFUN([AC_KRB_PROG_LN_S], +[AC_MSG_CHECKING(for ln -s or something else) +AC_CACHE_VAL(ac_cv_prog_LN_S, +[rm -f conftestdata +if ln -s X conftestdata 2>/dev/null +then + rm -f conftestdata + ac_cv_prog_LN_S="ln -s" +else + touch conftestdata1 + if ln conftestdata1 conftestdata2; then + rm -f conftestdata* + ac_cv_prog_LN_S=ln + else + ac_cv_prog_LN_S=cp + fi +fi])dnl +LN_S="$ac_cv_prog_LN_S" +AC_MSG_RESULT($ac_cv_prog_LN_S) +AC_SUBST(LN_S)dnl +]) + diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-prog-ranlib.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-prog-ranlib.m4 new file mode 100644 index 000000000..19b95f103 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-prog-ranlib.m4 @@ -0,0 +1,8 @@ +dnl Id +dnl +dnl +dnl Also look for EMXOMF for OS/2 +dnl + +AC_DEFUN([AC_KRB_PROG_RANLIB], +[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)]) diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-prog-yacc.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-prog-yacc.m4 new file mode 100644 index 000000000..07b1fa6cc --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-prog-yacc.m4 @@ -0,0 +1,12 @@ +dnl Id +dnl +dnl +dnl We prefer byacc or yacc because they do not use `alloca' +dnl + +AC_DEFUN([AC_KRB_PROG_YACC], +[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y') +if test "$YACC" = ""; then + AC_MSG_WARN([yacc not found - some stuff will not build]) +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-readline.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-readline.m4 new file mode 100644 index 000000000..9ca7d217e --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-readline.m4 @@ -0,0 +1,28 @@ +dnl Id +dnl +dnl Tests for readline functions +dnl + +dnl el_init + +AC_DEFUN([KRB_READLINE],[ + +dnl readline + +ac_foo=no +build_editline=no +if test "$with_readline" = yes; then + : +elif test "$with_libedit" = yes; then + LIB_readline="${LIB_libedit}" +elif test "$ac_cv_func_readline" = yes; then + : +else + build_libedit=yes + LIB_readline="\$(top_builddir)/lib/libedit/src/libheimedit.la \$(LIB_tgetent)" +fi +AM_CONDITIONAL(LIBEDIT, test "$build_libedit" = yes) +AC_DEFINE(HAVE_READLINE, 1, + [Define if you have a readline compatible library.])dnl + +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-struct-spwd.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-struct-spwd.m4 new file mode 100644 index 000000000..f93ba0198 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-struct-spwd.m4 @@ -0,0 +1,21 @@ +dnl Id +dnl +dnl Test for `struct spwd' + +AC_DEFUN([AC_KRB_STRUCT_SPWD], [ +AC_MSG_CHECKING(for struct spwd) +AC_CACHE_VAL(ac_cv_struct_spwd, [ +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#ifdef HAVE_SHADOW_H +#include +#endif]],[[struct spwd foo;]])], +[ac_cv_struct_spwd=yes], +[ac_cv_struct_spwd=no]) +]) +AC_MSG_RESULT($ac_cv_struct_spwd) + +if test "$ac_cv_struct_spwd" = "yes"; then + AC_DEFINE(HAVE_STRUCT_SPWD, 1, [define if you have struct spwd]) +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-struct-winsize.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-struct-winsize.m4 new file mode 100644 index 000000000..d282effc7 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-struct-winsize.m4 @@ -0,0 +1,25 @@ +dnl Id +dnl +dnl +dnl Search for struct winsize +dnl + +AC_DEFUN([AC_KRB_STRUCT_WINSIZE], [ +AC_MSG_CHECKING(for struct winsize) +AC_CACHE_VAL(ac_cv_struct_winsize, [ +ac_cv_struct_winsize=no +for i in sys/termios.h sys/ioctl.h; do +AC_EGREP_HEADER( +struct[[ ]]*winsize,dnl +$i, ac_cv_struct_winsize=yes; break)dnl +done +]) +if test "$ac_cv_struct_winsize" = "yes"; then + AC_DEFINE(HAVE_STRUCT_WINSIZE, 1, [define if struct winsize is declared in sys/termios.h]) +fi +AC_MSG_RESULT($ac_cv_struct_winsize) +AC_EGREP_HEADER(ws_xpixel, termios.h, + AC_DEFINE(HAVE_WS_XPIXEL, 1, [define if struct winsize has ws_xpixel])) +AC_EGREP_HEADER(ws_ypixel, termios.h, + AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel])) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-sys-aix.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-sys-aix.m4 new file mode 100644 index 000000000..00032da19 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-sys-aix.m4 @@ -0,0 +1,15 @@ +dnl Id +dnl +dnl +dnl AIX have a very different syscall convention +dnl +AC_DEFUN([AC_KRB_SYS_AIX], [ +AC_MSG_CHECKING(for AIX) +AC_CACHE_VAL(krb_cv_sys_aix, +AC_EGREP_CPP(yes, +[#ifdef _AIX + yes +#endif +], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) ) +AC_MSG_RESULT($krb_cv_sys_aix) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-sys-nextstep.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-sys-nextstep.m4 new file mode 100644 index 000000000..6c999bf99 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-sys-nextstep.m4 @@ -0,0 +1,18 @@ +dnl Id +dnl +dnl NEXTSTEP is not posix compliant by default, +dnl you need a switch -posix to the compiler +dnl + +AC_DEFUN([rk_SYS_NEXTSTEP], [ +AC_CACHE_CHECK(for NeXTSTEP, rk_cv_sys_nextstep, [ +AC_EGREP_CPP(yes, +[#if defined(NeXT) && !defined(__APPLE__) + yes +#endif +], rk_cv_sys_nextstep=yes, rk_cv_sys_nextstep=no)]) +if test "$rk_cv_sys_nextstep" = "yes"; then + CFLAGS="$CFLAGS -posix" + LIBS="$LIBS -posix" +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/krb-version.m4 b/crypto/external/bsd/heimdal/dist/cf/krb-version.m4 new file mode 100644 index 000000000..415f01b1a --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/krb-version.m4 @@ -0,0 +1,24 @@ +dnl Id +dnl +dnl +dnl output a C header-file with some version strings +dnl + +AC_DEFUN([AC_KRB_VERSION],[ +cat > include/newversion.h.in </dev/null | sed 1q` + Date=`date` + mv -f include/newversion.h.in include/version.h.in + sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/largefile.m4 b/crypto/external/bsd/heimdal/dist/cf/largefile.m4 new file mode 100644 index 000000000..f4c2c92f2 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/largefile.m4 @@ -0,0 +1,16 @@ +dnl Id +dnl +dnl Figure out what flags we need for 64-bit file access, and also set +dnl them on the command line. +dnl +AC_DEFUN([rk_SYS_LARGEFILE],[ +AC_REQUIRE([AC_SYS_LARGEFILE])dnl +dnl need to set this on the command line, since it might otherwise break +dnl with generated code, such as lex +if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then + CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files" +fi +if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no; then + CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits" +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/make-proto.pl b/crypto/external/bsd/heimdal/dist/cf/make-proto.pl new file mode 100644 index 000000000..a9836d9dc --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/make-proto.pl @@ -0,0 +1,368 @@ +# Make prototypes from .c files +# Id + +##use Getopt::Std; +require 'getopts.pl'; + +my $comment = 0; +my $if_0 = 0; +my $brace = 0; +my $line = ""; +my $debug = 0; +my $oproto = 1; +my $private_func_re = "^_"; + +Getopts('x:m:o:p:dqE:R:P:') || die "foo"; + +if($opt_d) { + $debug = 1; +} + +if($opt_q) { + $oproto = 0; +} + +if($opt_R) { + $private_func_re = $opt_R; +} +%flags = ( + 'multiline-proto' => 1, + 'header' => 1, + 'function-blocking' => 0, + 'gnuc-attribute' => 1, + 'cxx' => 1 + ); +if($opt_m) { + foreach $i (split(/,/, $opt_m)) { + if($i eq "roken") { + $flags{"multiline-proto"} = 0; + $flags{"header"} = 0; + $flags{"function-blocking"} = 0; + $flags{"gnuc-attribute"} = 0; + $flags{"cxx"} = 0; + } else { + if(substr($i, 0, 3) eq "no-") { + $flags{substr($i, 3)} = 0; + } else { + $flags{$i} = 1; + } + } + } +} + +if($opt_x) { + open(EXP, $opt_x); + while() { + chomp; + s/\#.*//g; + s/\s+/ /g; + if(/^([a-zA-Z0-9_]+)\s?(.*)$/) { + $exported{$1} = $2; + } else { + print $_, "\n"; + } + } + close EXP; +} + +while(<>) { + print $brace, " ", $_ if($debug); + + # Handle C comments + s@/\*.*\*/@@; + s@//.*/@@; + if ( s@/\*.*@@) { $comment = 1; + } elsif ($comment && s@.*\*/@@) { $comment = 0; + } elsif ($comment) { next; } + + if(/^\#if 0/) { + $if_0 = 1; + } + if($if_0 && /^\#endif/) { + $if_0 = 0; + } + if($if_0) { next } + if(/^\s*\#/) { + next; + } + if(/^\s*$/) { + $line = ""; + next; + } + if(/\{/){ + if (!/\}/) { + $brace++; + } + $_ = $line; + while(s/\*\//\ca/){ + s/\/\*(.|\n)*\ca//; + } + s/^\s*//; + s/\s*$//; + s/\s+/ /g; + if($_ =~ /\)$/ or $_ =~ /DEPRECATED$/){ + if(!/^static/ && !/^PRIVATE/){ + $attr = ""; + if(m/(.*)(__attribute__\s?\(.*\))/) { + $attr .= " $2"; + $_ = $1; + } + if(m/(.*)\s(\w+DEPRECATED)/) { + $attr .= " $2"; + $_ = $1; + } + # remove outer () + s/\s*\(//; + # remove , within () + while(s/\(([^()]*),(.*)\)/($1\$$2)/g){} + s/\<\s*void\s*\>/<>/; + # remove parameter names + if($opt_P eq "remove") { + s/(\s*)([a-zA-Z0-9_]+)([,>])/$3/g; + s/\s+\*/*/g; + s/\(\*(\s*)([a-zA-Z0-9_]+)\)/(*)/g; + } elsif($opt_P eq "comment") { + s/([a-zA-Z0-9_]+)([,>])/\/\*$1\*\/$2/g; + s/\(\*([a-zA-Z0-9_]+)\)/(*\/\*$1\*\/)/g; + } + s/\<\>//; + # add newlines before parameters + if($flags{"multiline-proto"}) { + s/,\s*/,\n\t/g; + } else { + s/,\s*/, /g; + } + # fix removed , + s/\$/,/g; + # match function name + /([a-zA-Z0-9_]+)\s*\/$RP/; + # insert newline before function name + if($flags{"multiline-proto"}) { + s/(.*)\s([a-zA-Z0-9_]+ \Q$LP\E)/$1\n$2/; + } + if($attr ne "") { + $_ .= "\n $attr"; + } + $_ = $_ . ";"; + $funcs{$f} = $_; + } + } + $line = ""; + } + if(/\}/){ + $brace--; + } + if(/^\}/){ + $brace = 0; + } + if($brace == 0) { + $line = $line . " " . $_; + } +} + +sub foo { + local ($arg) = @_; + $_ = $arg; + s/.*\/([^\/]*)/$1/; + s/.*\\([^\\]*)/$1/; + s/[^a-zA-Z0-9]/_/g; + "__" . $_ . "__"; +} + +if($opt_o) { + open(OUT, ">$opt_o"); + $block = &foo($opt_o); +} else { + $block = "__public_h__"; +} + +if($opt_p) { + open(PRIV, ">$opt_p"); + $private = &foo($opt_p); +} else { + $private = "__private_h__"; +} + +$public_h = ""; +$private_h = ""; + +$public_h_header .= "/* This is a generated file */ +#ifndef $block +#define $block + +"; +if ($oproto) { + $public_h_header .= "#ifdef __STDC__ +#include +#ifndef __P +#define __P(x) x +#endif +#else +#ifndef __P +#define __P(x) () +#endif +#endif + +"; +} else { + $public_h_header .= "#include + +"; +} +$public_h_trailer = ""; + +$private_h_header = "/* This is a generated file */ +#ifndef $private +#define $private + +"; +if($oproto) { + $private_h_header .= "#ifdef __STDC__ +#include +#ifndef __P +#define __P(x) x +#endif +#else +#ifndef __P +#define __P(x) () +#endif +#endif + +"; +} else { + $private_h_header .= "#include + +"; +} +$private_h_trailer = ""; + +foreach(sort keys %funcs){ + if(/^(main)$/) { next } + if ($funcs{$_} =~ /\^/) { + $beginblock = "#ifdef __BLOCKS__\n"; + $endblock = "#endif /* __BLOCKS__ */\n"; + } else { + $beginblock = $endblock = ""; + } + if(!defined($exported{$_}) && /$private_func_re/) { + $private_h .= $beginblock . $funcs{$_} . "\n" . $endblock . "\n"; + if($funcs{$_} =~ /__attribute__/) { + $private_attribute_seen = 1; + } + } else { + if($flags{"function-blocking"}) { + $fupper = uc $_; + if($exported{$_} =~ /proto/) { + $public_h .= "#if !defined(HAVE_$fupper) || defined(NEED_${fupper}_PROTO)\n"; + } else { + $public_h .= "#ifndef HAVE_$fupper\n"; + } + } + $public_h .= $beginblock . $funcs{$_} . "\n" . $endblock; + if($funcs{$_} =~ /__attribute__/) { + $public_attribute_seen = 1; + } + if($flags{"function-blocking"}) { + $public_h .= "#endif\n"; + } + $public_h .= "\n"; + } +} + +if($flags{"gnuc-attribute"}) { + if ($public_attribute_seen) { + $public_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +"; + } + + if ($private_attribute_seen) { + $private_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +"; + } +} +if($flags{"cxx"}) { + $public_h_header .= "#ifdef __cplusplus +extern \"C\" { +#endif + +"; + $public_h_trailer .= "#ifdef __cplusplus +} +#endif + +"; + +} +if ($opt_E) { + $public_h_header .= "#ifndef $opt_E +#ifndef ${opt_E}_FUNCTION +#if defined(_WIN32) +#define ${opt_E}_FUNCTION __declspec(dllimport) +#define ${opt_E}_CALL __stdcall +#define ${opt_E}_VARIABLE __declspec(dllimport) +#else +#define ${opt_E}_FUNCTION +#define ${opt_E}_CALL +#define ${opt_E}_VARIABLE +#endif +#endif +#endif +"; + + $private_h_header .= "#ifndef $opt_E +#ifndef ${opt_E}_FUNCTION +#if defined(_WIN32) +#define ${opt_E}_FUNCTION __declspec(dllimport) +#define ${opt_E}_CALL __stdcall +#define ${opt_E}_VARIABLE __declspec(dllimport) +#else +#define ${opt_E}_FUNCTION +#define ${opt_E}_CALL +#define ${opt_E}_VARIABLE +#endif +#endif +#endif + +"; +} + +if ($public_h ne "" && $flags{"header"}) { + $public_h = $public_h_header . $public_h . + $public_h_trailer . "#endif /* $block */\n"; +} +if ($private_h ne "" && $flags{"header"}) { + $private_h = $private_h_header . $private_h . + $private_h_trailer . "#endif /* $private */\n"; +} + +if($opt_o) { + print OUT $public_h; +} +if($opt_p) { + print PRIV $private_h; +} + +close OUT; +close PRIV; diff --git a/crypto/external/bsd/heimdal/dist/cf/maybe-valgrind.sh b/crypto/external/bsd/heimdal/dist/cf/maybe-valgrind.sh new file mode 100755 index 000000000..0ffa7ed98 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/maybe-valgrind.sh @@ -0,0 +1,68 @@ +#!/bin/sh +# +# Copyright (c) 2006 - 2007 Kungliga Tekniska Hgskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + + +while true +do + case $1 in + -s) tsrcdir="$2"; shift 2;; + -o) tobjdir="$2"; shift 2;; + -*) echo "$0: Bad option $1"; echo $usage; exit 1;; + *) break;; + esac +done + +if [ X"${tobjdir}" = "X" -o X"${tsrcdir}" = X ] ; then + echo "tobjdir or tsrcdir not defined" + exit 1 +fi + +if [ ! -f "${tobjdir}/libtool" ]; then + echo "libtool missing from \"${tobjdir}\"" + exit 1 +fi + +doit=1 + +libtool="${tobjdir}/libtool --mode=execute" + +valgrind="valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=${tsrcdir}/cf/valgrind-suppressions" + +if head -10 "$1" | grep 'Generated by ltmain.sh' > /dev/null ; then + uselibtool=1 +elif head -10 "$1" | grep 'bin/sh' > /dev/null ; then + libtool= + valgrind= +fi + +exec $libtool $valgrind "$@" diff --git a/crypto/external/bsd/heimdal/dist/cf/mips-abi.m4 b/crypto/external/bsd/heimdal/dist/cf/mips-abi.m4 new file mode 100644 index 000000000..9142452d3 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/mips-abi.m4 @@ -0,0 +1,87 @@ +dnl Id +dnl +dnl +dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some +dnl value. + +AC_DEFUN([AC_MIPS_ABI], [ +AC_ARG_WITH(mips_abi, + AS_HELP_STRING([--with-mips-abi=abi],[ABI to use for IRIX (32, n32, or 64)])) + +case "$host_os" in +irix*) +with_mips_abi="${with_mips_abi:-yes}" +if test -n "$GCC"; then + +# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select +# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs. +# +# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old +# GCC and revert back to O32. The same goes if O32 is asked for - old +# GCCs doesn't like the -mabi option, and new GCCs can't output O32. +# +# Don't you just love *all* the different SGI ABIs? + +case "${with_mips_abi}" in + 32|o32) abi='-mabi=32'; abilibdirext='' ;; + n32|yes) abi='-mabi=n32'; abilibdirext='32' ;; + 64) abi='-mabi=64'; abilibdirext='64' ;; + no) abi=''; abilibdirext='';; + *) AC_MSG_ERROR("Invalid ABI specified") ;; +esac +if test -n "$abi" ; then +ac_foo=krb_cv_gcc_`echo $abi | tr =- __` +dnl +dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to +dnl AC_MSG_RESULT +dnl +AC_MSG_CHECKING([if $CC supports the $abi option]) +AC_CACHE_VAL($ac_foo, [ +save_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS $abi" +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x;]])],[eval $ac_foo=yes], [eval $ac_foo=no])dnl +CFLAGS="$save_CFLAGS" +]) +ac_res=`eval echo \\\$$ac_foo` +AC_MSG_RESULT($ac_res) +if test $ac_res = no; then +# Try to figure out why that failed... +case $abi in + -mabi=32) + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -mabi=n32" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x;]])],[ac_res=yes],[ac_res=no])dnl + CLAGS="$save_CFLAGS" + if test $ac_res = yes; then + # New GCC + AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI]) + fi + # Old GCC + abi='' + abilibdirext='' + ;; + -mabi=n32|-mabi=64) + if test $with_mips_abi = yes; then + # Old GCC, default to O32 + abi='' + abilibdirext='' + else + # Some broken GCC + AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI]) + fi + ;; +esac +fi #if test $ac_res = no; then +fi #if test -n "$abi" ; then +else +case "${with_mips_abi}" in + 32|o32) abi='-32'; abilibdirext='' ;; + n32|yes) abi='-n32'; abilibdirext='32' ;; + 64) abi='-64'; abilibdirext='64' ;; + no) abi=''; abilibdirext='';; + *) AC_MSG_ERROR("Invalid ABI specified") ;; +esac +fi #if test -n "$GCC"; then +;; +esac +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/misc.m4 b/crypto/external/bsd/heimdal/dist/cf/misc.m4 new file mode 100644 index 000000000..3c6186ce6 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/misc.m4 @@ -0,0 +1,15 @@ + +dnl Id +dnl +AC_DEFUN([upcase],[`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`])dnl +AC_DEFUN([rk_LIBOBJ],[AC_LIBOBJ([$1])])dnl +AC_DEFUN([rk_CONFIG_HEADER],[AH_TOP([#ifndef RCSID +#define RCSID(msg) \ +static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } +#endif + +/* Maximum values on all known systems */ +#define MaxHostNameLen (64+4) +#define MaxPathLen (1024+4) + +])]) \ No newline at end of file diff --git a/crypto/external/bsd/heimdal/dist/cf/need-proto.m4 b/crypto/external/bsd/heimdal/dist/cf/need-proto.m4 new file mode 100644 index 000000000..40cd0a05c --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/need-proto.m4 @@ -0,0 +1,22 @@ +dnl Id +dnl +dnl +dnl Check if we need the prototype for a function +dnl + +dnl AC_NEED_PROTO(includes, function) + +AC_DEFUN([AC_NEED_PROTO], [ +if test "$ac_cv_func_$2+set" != set -o "$ac_cv_func_$2" = yes; then +AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto, +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$1 +struct foo { int foo; } xx; +extern int $2 (struct foo*);]],[[$2(&xx)]])], +[eval "ac_cv_func_$2_noproto=yes"], +[eval "ac_cv_func_$2_noproto=no"])) +if test "$ac_cv_func_$2_noproto" = yes; then + AC_DEFINE(AS_TR_CPP(NEED_[]$2[]_PROTO), 1, + [define if the system is missing a prototype for $2()]) +fi +fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/osfc2.m4 b/crypto/external/bsd/heimdal/dist/cf/osfc2.m4 new file mode 100644 index 000000000..3c7344bea --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/osfc2.m4 @@ -0,0 +1,14 @@ +dnl Id +dnl +dnl enable OSF C2 stuff + +AC_DEFUN([AC_CHECK_OSFC2],[ +AC_ARG_ENABLE(osfc2, + AS_HELP_STRING([--enable-osfc2],[enable some OSF C2 support])) +LIB_security= +if test "$enable_osfc2" = yes; then + AC_DEFINE(HAVE_OSFC2, 1, [Define to enable basic OSF C2 support.]) + LIB_security=-lsecurity +fi +AC_SUBST(LIB_security) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/otp.m4 b/crypto/external/bsd/heimdal/dist/cf/otp.m4 new file mode 100644 index 000000000..f936a44c0 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/otp.m4 @@ -0,0 +1,27 @@ +dnl Id +dnl +dnl check requirements for OTP library +dnl +AC_DEFUN([rk_OTP],[ +AC_REQUIRE([rk_DB])dnl +AC_ARG_ENABLE(otp, + AS_HELP_STRING([--disable-otp],[if you don't want OTP support])) +if test "$enable_otp" = yes -a "$db_type" = unknown; then + AC_MSG_ERROR([OTP requires a NDBM/DB compatible library]) +fi +if test "$enable_otp" != no; then + if test "$db_type" != unknown; then + enable_otp=yes + else + enable_otp=no + fi +fi +if test "$enable_otp" = yes; then + AC_DEFINE(OTP, 1, [Define if you want OTP support in applications.]) + LIB_otp='$(top_builddir)/lib/otp/libotp.la' + AC_SUBST(LIB_otp) +fi +AC_MSG_CHECKING([whether to enable OTP library]) +AC_MSG_RESULT($enable_otp) +AM_CONDITIONAL(OTP, test "$enable_otp" = yes)dnl +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/pkg.m4 b/crypto/external/bsd/heimdal/dist/cf/pkg.m4 new file mode 100644 index 000000000..8cdc5e416 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/pkg.m4 @@ -0,0 +1,157 @@ +# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +# +# Copyright 2004 Scott James Remnant . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# PKG_PROG_PKG_CONFIG([MIN-VERSION]) +# ---------------------------------- +AC_DEFUN([PKG_PROG_PKG_CONFIG], +[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) +m4_pattern_allow([^PKG_CONFIG(_PATH)?$]) +AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=m4_default([$1], [0.9.0]) + AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + PKG_CONFIG="" + fi + +fi[]dnl +])# PKG_PROG_PKG_CONFIG + +# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# +# Check to see whether a particular set of modules exists. Similar +# to PKG_CHECK_MODULES(), but does not set variables or print errors. +# +# +# Similar to PKG_CHECK_MODULES, make sure that the first instance of +# this or PKG_CHECK_MODULES is called, or make sure to call +# PKG_CHECK_EXISTS manually +# -------------------------------------------------------------- +AC_DEFUN([PKG_CHECK_EXISTS], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +if test -n "$PKG_CONFIG" && \ + AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then + m4_ifval([$2], [$2], [:]) +m4_ifvaln([$3], [else + $3])dnl +fi]) + + +# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) +# --------------------------------------------- +m4_define([_PKG_CONFIG], +[if test -n "$PKG_CONFIG"; then + if test -n "$$1"; then + pkg_cv_[]$1="$$1" + else + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], + [pkg_failed=yes]) + fi +else + pkg_failed=untried +fi[]dnl +])# _PKG_CONFIG + +# _PKG_SHORT_ERRORS_SUPPORTED +# ----------------------------- +AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi[]dnl +])# _PKG_SHORT_ERRORS_SUPPORTED + + +# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +# [ACTION-IF-NOT-FOUND]) +# +# +# Note that if there is a possibility the first call to +# PKG_CHECK_MODULES might not happen, you should be sure to include an +# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac +# +# +# -------------------------------------------------------------- +AC_DEFUN([PKG_CHECK_MODULES], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl +AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl + +pkg_failed=no +AC_MSG_CHECKING([for $1]) + +_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) +_PKG_CONFIG([$1][_LIBS], [libs], [$2]) + +m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS +and $1[]_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details.]) + +if test $pkg_failed = yes; then + _PKG_SHORT_ERRORS_SUPPORTED + if test $_pkg_short_errors_supported = yes; then + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"` + else + $1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"` + fi + # Put the nasty error message in config.log where it belongs + echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD + + ifelse([$4], , [AC_MSG_ERROR(dnl +[Package requirements ($2) were not met: + +$$1_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +_PKG_TEXT +])], + [AC_MSG_RESULT([no]) + $4]) +elif test $pkg_failed = untried; then + ifelse([$4], , [AC_MSG_FAILURE(dnl +[The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +_PKG_TEXT + +To get pkg-config, see .])], + [$4]) +else + $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS + $1[]_LIBS=$pkg_cv_[]$1[]_LIBS + AC_MSG_RESULT([yes]) + ifelse([$3], , :, [$3]) +fi[]dnl +])# PKG_CHECK_MODULES diff --git a/crypto/external/bsd/heimdal/dist/cf/proto-compat.m4 b/crypto/external/bsd/heimdal/dist/cf/proto-compat.m4 new file mode 100644 index 000000000..221a76902 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/proto-compat.m4 @@ -0,0 +1,21 @@ +dnl Id +dnl +dnl +dnl Check if the prototype of a function is compatible with another one +dnl + +dnl AC_PROTO_COMPAT(includes, function, prototype) + +AC_DEFUN([AC_PROTO_COMPAT], [ +AC_CACHE_CHECK([if $2 is compatible with system prototype], +ac_cv_func_$2_proto_compat, +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$1]],[[$3]])], +[eval "ac_cv_func_$2_proto_compat=yes"], +[eval "ac_cv_func_$2_proto_compat=no"])) +define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE]) +if test "$ac_cv_func_$2_proto_compat" = yes; then + AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with + $3]) +fi +undefine([foo]) +]) \ No newline at end of file diff --git a/crypto/external/bsd/heimdal/dist/cf/pthreads.m4 b/crypto/external/bsd/heimdal/dist/cf/pthreads.m4 new file mode 100644 index 000000000..f8dfe0744 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/pthreads.m4 @@ -0,0 +1,93 @@ +Dnl Id + +AC_DEFUN([KRB_PTHREADS], [ +AC_MSG_CHECKING(if compiling threadsafe libraries) + +AC_ARG_ENABLE(pthread-support, + AS_HELP_STRING([--enable-pthread-support], + [if you want thread safe libraries]), + [],[enable_pthread_support=maybe]) + +case "$host" in +*-*-solaris2*) + native_pthread_support=yes + if test "$GCC" = yes; then + PTHREAD_CFLAGS=-pthreads + PTHREAD_LIBADD=-pthreads + else + PTHREAD_CFLAGS=-mt + PTHREAD_LDADD=-mt + PTHREAD_LIBADD=-mt + fi + ;; +*-*-netbsd[[12]]*) + native_pthread_support="if running netbsd 1.6T or newer" + dnl heim_threads.h knows this + PTHREAD_LIBADD="-lpthread" + ;; +*-*-netbsd[[3456789]]*) + native_pthread_support="netbsd 3 uses explict pthread" + dnl heim_threads.h knows this + PTHREAD_LIBADD="-lpthread" + ;; +*-*-freebsd[[56789]]*) + native_pthread_support=yes + PTHREAD_LIBADD="-pthread" + ;; +*-*-openbsd*) + native_pthread_support=yes + PTHREAD_CFLAGS=-pthread + PTHREAD_LIBADD=-pthread + ;; +*-*-linux* | *-*-linux-gnu) + case `uname -r` in + 2.*) + native_pthread_support=yes + PTHREAD_CFLAGS=-pthread + PTHREAD_LIBADD=-pthread + ;; + esac + ;; +*-*-kfreebsd*-gnu*) + native_pthread_support=yes + PTHREAD_CFLAGS=-pthread + PTHREAD_LIBADD=-pthread + ;; +*-*-aix*) + dnl AIX is disabled since we don't handle the utmp/utmpx + dnl problems that aix causes when compiling with pthread support + native_pthread_support=no + ;; +mips-sgi-irix6.[[5-9]]) # maybe works for earlier versions too + native_pthread_support=yes + PTHREAD_LIBADD="-lpthread" + ;; +*-*-darwin*) + native_pthread_support=yes + ;; +*) + native_pthread_support=no + ;; +esac + +if test "$enable_pthread_support" = maybe ; then + enable_pthread_support="$native_pthread_support" +fi + +if test "$enable_pthread_support" != no; then + AC_DEFINE(ENABLE_PTHREAD_SUPPORT, 1, + [Define if you want have a thread safe libraries]) + dnl This sucks, but libtool doesn't save the depenecy on -pthread + dnl for libraries. + LIBS="$PTHREAD_LIBADD $LIBS" +else + PTHREAD_CFLAGS="" + PTHREAD_LIBADD="" +fi + +AC_SUBST(PTHREAD_CFLAGS) +AC_SUBST(PTHREAD_LDADD) +AC_SUBST(PTHREAD_LIBADD) + +AC_MSG_RESULT($enable_pthread_support) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/resolv.m4 b/crypto/external/bsd/heimdal/dist/cf/resolv.m4 new file mode 100644 index 000000000..9bbe0e960 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/resolv.m4 @@ -0,0 +1,118 @@ +dnl stuff used by DNS resolv code in roken +dnl +dnl Id +dnl + +AC_DEFUN([rk_RESOLV],[ + +AC_CHECK_HEADERS([arpa/nameser.h dns.h]) + +AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +]) + +AC_FIND_FUNC(res_search, resolv, +[ +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +], +[0,0,0,0,0]) + +AC_FIND_FUNC(res_nsearch, resolv, +[ +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +], +[0,0,0,0,0,0]) + +AC_FIND_FUNC(res_ndestroy, resolv, +[ +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +], +[0]) + +AC_FIND_FUNC_NO_LIBS(dns_search,, +[ +#ifdef HAVE_DNS_H +#include +#endif +], +[0,0,0,0,0,0,0,0]) + + +AC_FIND_FUNC(dn_expand, resolv, +[ +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +], +[0,0,0,0,0]) + +rk_CHECK_VAR(_res, +[#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif]) + +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/retsigtype.m4 b/crypto/external/bsd/heimdal/dist/cf/retsigtype.m4 new file mode 100644 index 000000000..01b6b1c35 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/retsigtype.m4 @@ -0,0 +1,18 @@ +dnl +dnl Id +dnl +dnl Figure out return type of signal handlers, and define SIGRETURN macro +dnl that can be used to return from one +dnl +AC_DEFUN([rk_RETSIGTYPE],[ +AC_TYPE_SIGNAL +if test "$ac_cv_type_signal" = "void" ; then + AC_DEFINE(VOID_RETSIGTYPE, 1, [Define if signal handlers return void.]) +fi + +AH_BOTTOM([#ifdef VOID_RETSIGTYPE +#define SIGRETURN(x) return +#else +#define SIGRETURN(x) return (RETSIGTYPE)(x) +#endif]) +]) \ No newline at end of file diff --git a/crypto/external/bsd/heimdal/dist/cf/roken-frag.m4 b/crypto/external/bsd/heimdal/dist/cf/roken-frag.m4 new file mode 100644 index 000000000..87b699570 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/roken-frag.m4 @@ -0,0 +1,765 @@ +dnl Id +dnl +dnl some code to get roken working +dnl +dnl rk_ROKEN(subdir) +dnl +AC_DEFUN([rk_ROKEN], [ + +AC_REQUIRE([rk_CONFIG_HEADER]) + +DIR_roken=roken +LIB_roken='$(top_builddir)/$1/libroken.la' +INCLUDES_roken='-I$(top_builddir)/$1 -I$(top_srcdir)/$1' + +dnl Checks for programs +AC_REQUIRE([AC_PROG_CC]) +AC_REQUIRE([AC_PROG_AWK]) +AC_REQUIRE([AC_OBJEXT]) +AC_REQUIRE([AC_EXEEXT]) +AC_REQUIRE([AC_PROG_LIBTOOL]) + +AC_REQUIRE([AC_MIPS_ABI]) + +AC_DEFINE(rk_PATH_DELIM, '/', [Path name delimiter]) + +dnl C characteristics + +AC_REQUIRE([AC_C___ATTRIBUTE__]) +AC_REQUIRE([AC_C_INLINE]) +AC_REQUIRE([AC_C_CONST]) +rk_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs) + +AC_REQUIRE([rk_DB]) + +dnl C types + +AC_REQUIRE([AC_TYPE_SIZE_T]) +AC_HAVE_TYPE([ssize_t],[#include ]) +AC_REQUIRE([AC_TYPE_PID_T]) +AC_REQUIRE([AC_TYPE_UID_T]) +AC_HAVE_TYPE([long long]) + +AC_REQUIRE([rk_RETSIGTYPE]) + +dnl Checks for header files. +AC_REQUIRE([AC_HEADER_STDC]) +AC_REQUIRE([AC_HEADER_TIME]) + +AC_CHECK_HEADERS([\ + arpa/inet.h \ + config.h \ + crypt.h \ + dirent.h \ + errno.h \ + err.h \ + fcntl.h \ + fnmatch.h \ + grp.h \ + ifaddrs.h \ + netinet/in.h \ + netinet/in6.h \ + netinet/in_systm.h \ + netinet6/in6.h \ + paths.h \ + poll.h \ + pwd.h \ + rpcsvc/ypclnt.h \ + search.h \ + shadow.h \ + stdint.h \ + sys/bswap.h \ + sys/ioctl.h \ + sys/mman.h \ + sys/param.h \ + sys/resource.h \ + sys/sockio.h \ + sys/stat.h \ + sys/time.h \ + sys/tty.h \ + sys/types.h \ + sys/uio.h \ + sys/utsname.h \ + sys/wait.h \ + syslog.h \ + termios.h \ + winsock2.h \ + ws2tcpip.h \ + unistd.h \ + userconf.h \ + usersec.h \ + util.h \ +]) + +AC_HAVE_TYPE([uintptr_t],[#ifdef HAVE_STDINT_H +#include +#endif]) + +dnl Sunpro 5.2 has a vis.h which is something different. +AC_CHECK_HEADERS(vis.h, , , [ +#include +#ifndef VIS_SP +#error invis +#endif]) + +AC_CHECK_HEADERS(netdb.h, , , [AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_TYPES_H +#include +#endif +]) + +AC_CHECK_HEADERS(sys/socket.h, , , [AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_TYPES_H +#include +#endif +]) + +AC_CHECK_HEADERS(net/if.h, , , [AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_SOCKET_H +#include +#endif]) + +AC_CHECK_HEADERS(netinet6/in6_var.h, , , [AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET6_IN6_H +#include +#endif +]) + +AC_CHECK_HEADERS(sys/sysctl.h, , , [AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_PARAM_H +#include +#endif +]) + +AC_CHECK_HEADERS(sys/proc.h, , , [AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_PARAM_H +#include +#endif +]) + +AC_REQUIRE([CHECK_NETINET_IP_AND_TCP]) + +AM_CONDITIONAL(have_err_h, test "$ac_cv_header_err_h" = yes) +AM_CONDITIONAL(have_ifaddrs_h, test "$ac_cv_header_ifaddrs_h" = yes) +AM_CONDITIONAL(have_search_h, test "$ac_cv_header_search_h" = yes) +AM_CONDITIONAL(have_vis_h, test "$ac_cv_header_vis_h" = yes) + +dnl Check for functions and libraries + +AC_FIND_FUNC(socket, socket) +AC_FIND_FUNC(gethostbyname, nsl) +AC_FIND_FUNC(syslog, syslog) + +AC_KRB_IPV6 + +AC_FIND_FUNC(gethostbyname2, inet6 ip6) + +rk_RESOLV + +AC_BROKEN_SNPRINTF +AC_BROKEN_VSNPRINTF + +AC_BROKEN_GLOB +if test "$ac_cv_func_glob_working" != yes; then + AC_LIBOBJ(glob) +fi +AM_CONDITIONAL(have_glob_h, test "$ac_cv_func_glob_working" = yes) + + +AC_CHECK_FUNCS([ \ + asnprintf \ + asprintf \ + atexit \ + cgetent \ + getconfattr \ + getprogname \ + getrlimit \ + getspnam \ + initstate \ + issetugid \ + on_exit \ + poll \ + random \ + setprogname \ + setstate \ + strsvis \ + strsvisx \ + strunvis \ + strvis \ + strvisx \ + svis \ + sysconf \ + sysctl \ + tdelete \ + tfind \ + tsearch \ + twalk \ + uname \ + unvis \ + vasnprintf \ + vasprintf \ + vis \ +]) + +if test "$ac_cv_func_cgetent" = no; then + AC_LIBOBJ(getcap) +fi +AM_CONDITIONAL(have_cgetent, test "$ac_cv_func_cgetent" = yes) + +AC_REQUIRE([AC_FUNC_GETLOGIN]) + +AC_REQUIRE([AC_FUNC_MMAP]) + +AC_FIND_FUNC_NO_LIBS(getsockopt,, +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif], +[0,0,0,0,0]) +AC_FIND_FUNC_NO_LIBS(setsockopt,, +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif], +[0,0,0,0,0]) + +AC_FIND_IF_NOT_BROKEN(hstrerror, resolv, +[#ifdef HAVE_NETDB_H +#include +#endif], +17) +AC_NEED_PROTO([ +#ifdef HAVE_NETDB_H +#include +#endif], +hstrerror) + +AC_FOREACH([rk_func], [asprintf vasprintf asnprintf vasnprintf], + [AC_NEED_PROTO([ + #include + #include ], + rk_func)]) + +AC_FIND_FUNC_NO_LIBS(bswap16,, +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_BSWAP_H +#include +#endif],0) + +AC_FIND_FUNC_NO_LIBS(bswap32,, +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_BSWAP_H +#include +#endif],0) + +AC_FIND_FUNC_NO_LIBS(pidfile,util, +[#ifdef HAVE_UTIL_H +#include +#endif],0) + +AC_FIND_IF_NOT_BROKEN(getaddrinfo,, +[#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif],[0,0,0,0]) + +AC_FIND_IF_NOT_BROKEN(getnameinfo,, +[#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif],[0,0,0,0,0,0,0]) + +AC_FIND_IF_NOT_BROKEN(freeaddrinfo,, +[#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif],[0]) + +AC_FIND_IF_NOT_BROKEN(gai_strerror,, +[#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif],[0]) + +dnl Darwin is weird, and in some senses not unix, launchd doesn't want +dnl servers to use daemon(), so its deprecated. +case "$host_os" in + darwin*) + ;; + *) + AC_DEFINE([SUPPORT_DETACH], 1, + [Define if os support want to detach is daemonens.]) + AC_BROKEN([daemon]) ;; +esac + +AC_BROKEN([ \ + chown \ + copyhostent \ + closefrom \ + ecalloc \ + emalloc \ + erealloc \ + estrdup \ + err \ + errx \ + fchown \ + flock \ + fnmatch \ + freehostent \ + getcwd \ + getdtablesize \ + getegid \ + geteuid \ + getgid \ + gethostname \ + getifaddrs \ + getipnodebyaddr \ + getipnodebyname \ + getopt \ + gettimeofday \ + getuid \ + getusershell \ + initgroups \ + innetgr \ + iruserok \ + localtime_r \ + lstat \ + memmove \ + mkstemp \ + putenv \ + rcmd \ + readv \ + recvmsg \ + sendmsg \ + setegid \ + setenv \ + seteuid \ + strcasecmp \ + strdup \ + strerror \ + strftime \ + strlcat \ + strlcpy \ + strlwr \ + strncasecmp \ + strndup \ + strnlen \ + strptime \ + strsep \ + strsep_copy \ + strtok_r \ + strupr \ + swab \ + timegm \ + unsetenv \ + verr \ + verrx \ + vsyslog \ + vwarn \ + vwarnx \ + warn \ + warnx \ + writev \ +]) + +AM_CONDITIONAL(have_fnmatch_h, + test "$ac_cv_header_fnmatch_h" = yes -a "$ac_cv_func_fnmatch" = yes) + +AC_FOREACH([rk_func], [strndup strsep strtok_r], + [AC_NEED_PROTO([#include ], rk_func)]) + +AC_FOREACH([rk_func], [strsvis strsvisx strunvis strvis strvisx svis unvis vis], +[AC_NEED_PROTO([#ifdef HAVE_VIS_H +#include +#endif], rk_func)]) + +AC_MSG_CHECKING([checking for dirfd]) +AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include +#ifdef HAVE_DIRENT_H +#include +#endif +]], + [[DIR *d = 0; dirfd(d);]])], + [ac_rk_have_dirfd=yes], [ac_rk_have_dirfd=no]) +if test "$ac_rk_have_dirfd" = "yes" ; then + AC_DEFINE_UNQUOTED(HAVE_DIRFD, 1, [have a dirfd function/macro]) +fi +AC_MSG_RESULT($ac_rk_have_dirfd) + +AC_HAVE_STRUCT_FIELD(DIR, dd_fd, [#include +#ifdef HAVE_DIRENT_H +#include +#endif]) + + +AC_BROKEN2(inet_aton, +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif], +[0,0]) + +AC_BROKEN2(inet_ntop, +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif], +[0, 0, 0, 0]) + +AC_BROKEN2(inet_pton, +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif], +[0,0,0]) + +dnl +dnl Check for sa_len in struct sockaddr, +dnl needs to come before the getnameinfo test +dnl +AC_HAVE_STRUCT_FIELD(struct sockaddr, sa_len, [#include +#include ]) + +if test "$ac_cv_func_getaddrinfo" = "yes"; then + rk_BROKEN_GETADDRINFO + if test "$ac_cv_func_getaddrinfo_numserv" = no; then + AC_LIBOBJ(getaddrinfo) + AC_LIBOBJ(freeaddrinfo) + fi +fi + +AC_NEED_PROTO([#include ], setenv) +AC_NEED_PROTO([#include ], unsetenv) +AC_NEED_PROTO([#include ], gethostname) +AC_NEED_PROTO([#include ], mkstemp) +AC_NEED_PROTO([#include ], getusershell) +AC_NEED_PROTO([#include ], daemon) +AC_NEED_PROTO([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif], +iruserok) + +AC_NEED_PROTO([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif], +inet_aton) + +AC_FIND_FUNC_NO_LIBS(crypt, crypt)dnl + +AC_REQUIRE([rk_BROKEN_REALLOC])dnl + +dnl AC_KRB_FUNC_GETCWD_BROKEN + +dnl strerror_r is great fun, on linux it exists before sus catched up, +dnl so the return type is diffrent, lets check for both + +AC_PROTO_COMPAT([ +#include +#include +], +strerror_r, int strerror_r(int, char *, size_t)) + +AC_CHECK_FUNC([strerror_r], + [AC_DEFINE_UNQUOTED(HAVE_STRERROR_R, 1, + [Define if you have the function strerror_r.])]) + +dnl +dnl Checks for prototypes and declarations +dnl + +AC_PROTO_COMPAT([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +], +gethostbyname, struct hostent *gethostbyname(const char *)) + +AC_PROTO_COMPAT([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +], +gethostbyaddr, struct hostent *gethostbyaddr(const void *, size_t, int)) + +AC_PROTO_COMPAT([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +], +getservbyname, struct servent *getservbyname(const char *, const char *)) + +AC_PROTO_COMPAT([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +], +getsockname, int getsockname(int, struct sockaddr*, socklen_t*)) + +AC_PROTO_COMPAT([ +#ifdef HAVE_SYSLOG_H +#include +#endif +], +openlog, void openlog(const char *, int, int)) + +AC_NEED_PROTO([ +#ifdef HAVE_CRYPT_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +], +crypt) + +dnl variables + +rk_CHECK_VAR(h_errno, +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif +]) + +rk_CHECK_VAR(h_errlist, +[#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif]) + +rk_CHECK_VAR(h_nerr, +[#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif]) + +rk_CHECK_VAR([__progname], +[#ifdef HAVE_ERR_H +#include +#endif]) + +AC_CHECK_DECLS([optarg, optind, opterr, optopt, environ],[],[],[ +#include +#ifdef HAVE_UNISTD_H +#include +#endif]) + +dnl +dnl Check for fields in struct tm +dnl + +AC_HAVE_STRUCT_FIELD(struct tm, tm_gmtoff, [#include ]) +AC_HAVE_STRUCT_FIELD(struct tm, tm_zone, [#include ]) + +dnl +dnl or do we have a variable `timezone' ? +dnl + +rk_CHECK_VAR(timezone,[#include ]) +rk_CHECK_VAR(altzone,[#include ]) + +AC_HAVE_TYPE([sa_family_t],[ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif]) +AC_HAVE_TYPE([socklen_t],[ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif]) +AC_HAVE_TYPE([struct sockaddr], [ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif]) +AC_HAVE_TYPE([struct sockaddr_storage], [ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif]) +AC_HAVE_TYPE([struct addrinfo], [ +#include +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif]) +AC_HAVE_TYPE([struct ifaddrs], [#include ]) +AC_HAVE_TYPE([struct iovec],[ +#include +#include +]) +AC_HAVE_TYPE([struct msghdr],[ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif]) + +dnl +dnl Check for struct winsize +dnl + +AC_KRB_STRUCT_WINSIZE + +dnl +dnl Check for struct spwd +dnl + +AC_KRB_STRUCT_SPWD + +# +# Check if we want samba's socket wrapper +# + +samba_SOCKET_WRAPPER + +dnl won't work with automake +dnl moved to AC_OUTPUT in configure.in +dnl AC_CONFIG_FILES($1/Makefile) + +LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)" + +AC_SUBST(DIR_roken)dnl +AC_SUBST(LIB_roken)dnl +AC_SUBST(INCLUDES_roken)dnl +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/roken-h-process.pl b/crypto/external/bsd/heimdal/dist/cf/roken-h-process.pl new file mode 100644 index 000000000..a54c9216d --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/roken-h-process.pl @@ -0,0 +1,181 @@ +#!/usr/bin/perl + +require 'getopts.pl'; + +my $debug = 0; + +Getopts('dc:p:o:') || die "foo"; + +if ($opt_d) { + $debug = 1; +} + +die "missing arg" if (!defined $opt_c || !defined $opt_p || !defined $opt_o); + +my %defines; +my $IN; +my $OUT; + +print "parse config.h\n" if ($debug); + +open IN, $opt_c || die "failed open ${opt_c}"; + +my @nesting; + +push @nesting, 1; + +while () { + if (m/\s*#ifdef\s+(.*)/) { + my $var = $1; + if (defined $defines{$var}) { + push @nesting, 1; + } else { + push @nesting, 0; + } + next; + } elsif (m/\s*#ifndef\s+(.*)/) { + my $var = $1; + if (defined $defines{$var}) { + push @nesting, 0; + } else { + push @nesting, 1; + } + next; + } elsif (m/\s*#else/) { + my $var = pop @nesting; + $var = !$var; + push @nesting, $var; + next; + } elsif ($nesting[$#nesting] and m/\s*#define\s+(\w+)\s+(\S+)/) { + my $res = $2; + $res = 1 if (!defined $res); + $defines{$1} = $res; + } +} + +close IN; + +if ($debug) { + foreach my $i (keys %defines) { + print "k: $i v: $defines{$i}\n"; + } +} + +open IN, "$opt_p" || die "failed open ${opt_p}"; +open OUT, ">$opt_o" || die "failed open ${opt_o}"; + +print "parse roken.h.in\n" if ($debug); + +print OUT "/* This is an OS dependent, generated file */\n"; +print OUT "\n"; +print OUT "\n"; +print OUT "#ifndef __ROKEN_H__\n"; +print OUT "#define __ROKEN_H__\n"; +print OUT "\n"; + +@nesting = (1); + +while () { + if (m/\s*#ifdef\s+(.*)/) { + my $var = $1; + if (defined $defines{$var}) { + push @nesting, 1; + } else { + push @nesting, 0; + } + next; + } elsif (m/\s*#ifndef\s+(.*)/) { + my $var = $1; + if (defined $defines{$var}) { + push @nesting, 0; + } else { + push @nesting, 1; + } + next; + } elsif (m/\s*#if\s+(.*)/) { + my $res = parse_if($1); + print "line = $res: $1\n" if ($debug); + push @nesting, $res; + next; + } elsif (m/\s*#elif\s+(.*)/) { + my $res = pop @nesting; + if ($res gt 0) { + $res = -1; + } else { + my $res = parse_if($1); + } + push @nesting, $res; + next; + } elsif (m/\s*#else/) { + my $var = pop @nesting; + $var = !$var; + push @nesting, $var; + next; + } elsif (m/\s*#endif/) { + pop @nesting; + next; + } + print "line: $_\n" if ($debug); + print "nesting dep $#{nesting}\n" if ($debug); + my $i = 0, $t = 1; + while ($i le $#nesting) { + $t = 0 if ($nesting[$i] le 0); + print "nesting $i val $nesting[$i] -> $t\n" if ($debug); + $i++; + } + if ($t) { + print OUT; + } +} + +print OUT "\n"; +print OUT "#endif /* __ROKEN_H__ */\n"; + + +close IN; + +exit 0; + +sub parse_if +{ + my ($neg, $var); + + $_ = shift; + + if (m/^\s*$/) { + print "end $_\n" if ($debug); + return 1; + } elsif (m/^([^&]+)\&\&(.*)$/) { + print "$1 and $2\n" if ($debug); + return parse_if($1) and parse_if($2); + } elsif (m/^([^\|]+)\|\|(.*)$/) { + print "$1 or $2\n" if ($debug); + return parse_if($1) or parse_if($2); + } elsif (m/^\s*(\!)?\s*defined\((\w+)\)/) { + ($neg, $var) = ($1, $2); + print "def: ${neg}-defined(${var})\n" if ($debug); + my $res = defined $defines{$var}; + if ($neg eq "!") { + if ($res) { + $res = 0; + } else { + $res = 1; + } + } + print "res: $res\n" if ($debug); + return $res; + } elsif (m/^\s*(\!)?(\w+)/) { + ($neg, $var) = ($1, $2); + print "var: $neg $var\n" if ($debug); + my $res; + if (defined $defines{$var}) { + $res = $defines{$var}; + } else { + $res = 0; + } + $res = ! $res if ($neg =~ m/!/); + print "res: $res\n" if ($debug); + return $res; + } + die "failed parse: $_\n"; +} diff --git a/crypto/external/bsd/heimdal/dist/cf/roken.m4 b/crypto/external/bsd/heimdal/dist/cf/roken.m4 new file mode 100644 index 000000000..53df57869 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/roken.m4 @@ -0,0 +1,64 @@ +dnl Id +dnl +dnl try to look for an installed roken library with sufficient stuff +dnl +dnl set LIB_roken to the what we should link with +dnl set DIR_roken to if the directory should be built +dnl set CPPFLAGS_roken to stuff to add to CPPFLAGS + +dnl AC_ROKEN(version,directory-to-try,roken-dir,fallback-library,fallback-cppflags) +AC_DEFUN([AC_ROKEN], [ + +AC_ARG_WITH(roken, + AS_HELP_STRING([--with-roken=dir],[use the roken library in dir]), +[if test "$withval" = "no"; then + AC_MSG_ERROR(roken is required) +fi]) + +save_CPPFLAGS="${CPPFLAGS}" + +case $with_roken in +yes|"") + dirs="$2" ;; +*) + dirs="$with_roken" ;; +esac + +roken_installed=no + +for i in $dirs; do + +AC_MSG_CHECKING(for roken in $i) + +CPPFLAGS="-I$i/include ${CPPFLAGS}" + +AC_PREPROC_IFELSE([AC_LANG_SOURCE([[ +#include +#if ROKEN_VERSION < $1 +#error old roken version, should be $1 +fail +#endif +]])],[roken_installed=yes; break]) + +AC_MSG_RESULT($roken_installed) + +done + +CPPFLAGS="$save_CPPFLAGS" + +if test "$roken_installed" != "yes"; then + DIR_roken="roken" + LIB_roken='$4' + CPPFLAGS_roken='$5' + AC_CONFIG_SUBDIRS(lib/roken) +else + LIB_roken="$i/lib/libroken.la" + CPPFLAGS_roken="-I$i/include" +fi + +LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)" + +AC_SUBST(LIB_roken)dnl +AC_SUBST(DIR_roken)dnl +AC_SUBST(CPPFLAGS_roken)dnl +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/socket-wrapper.m4 b/crypto/external/bsd/heimdal/dist/cf/socket-wrapper.m4 new file mode 100644 index 000000000..d4a5bd734 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/socket-wrapper.m4 @@ -0,0 +1,16 @@ +dnl Id +dnl +AC_DEFUN([samba_SOCKET_WRAPPER], [ + +AC_ARG_ENABLE(socket-wrapper, + AS_HELP_STRING([--enable-socket-wrapper], + [use sambas socket-wrapper for testing])) + +AM_CONDITIONAL(have_socket_wrapper, test "x$enable_socket_wrapper" = xyes)dnl + +if test "x$enable_socket_wrapper" = xyes ; then + AC_DEFINE(SOCKET_WRAPPER_REPLACE, 1, + [Define if you want to use samba socket wrappers.]) +fi + +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/sunos.m4 b/crypto/external/bsd/heimdal/dist/cf/sunos.m4 new file mode 100644 index 000000000..0af0a3afa --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/sunos.m4 @@ -0,0 +1,22 @@ +dnl +dnl Id +dnl + +AC_DEFUN([rk_SUNOS],[ +sunos=no +case "$host" in +*-*-solaris2.7) + sunos=57 + ;; +*-*-solaris2.[[89]] | *-*-solaris2.1[[0-9]]) + sunos=58 + ;; +*-*-solaris2*) + sunos=50 + ;; +esac +if test "$sunos" != no; then + AC_DEFINE_UNQUOTED(SunOS, $sunos, + [Define to what version of SunOS you are running.]) +fi +]) \ No newline at end of file diff --git a/crypto/external/bsd/heimdal/dist/cf/symbol-version.py b/crypto/external/bsd/heimdal/dist/cf/symbol-version.py new file mode 100644 index 000000000..414f06f8f --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/symbol-version.py @@ -0,0 +1,85 @@ +# +# Copyright (c) 2008 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + + +import sys + +tokens = [ 'SYMBOL' ] +literals = ['{','}',';', ':'] + +t_SYMBOL = r'[a-zA-Z_][a-zA-Z0-9_\.]*' +t_ignore = " \t\n" + +def t_error(t): + print "Illegal character '%s'" % t.value[0] + t.lexer.skip(1) + +import ply.lex as lex +lex.lex() + +namespace = "global" +symbols = [] + +def p_syms(p): + 'syms : SYMBOL "{" elements "}"' + print "# %s" % p[1] + +def p_elements(p): + '''elements : element + | element elements''' + +def p_element(p): + '''element : SYMBOL ":" + | SYMBOL ";"''' + global namespace + if p[2] == ':': + namespace = p[1] + else: + symbols.append([namespace, p[1]]) + +def p_error(p): + if p: + print "Syntax error at '%s'" % p.value + else: + print "Syntax error at EOF" + +import ply.yacc as yacc +yacc.yacc() + +lines = sys.stdin.readlines() + +for line in lines: + yacc.parse(line) + +for symbol in symbols: + if symbol[0] == "global": + print "%s" % symbol[1] diff --git a/crypto/external/bsd/heimdal/dist/cf/telnet.m4 b/crypto/external/bsd/heimdal/dist/cf/telnet.m4 new file mode 100644 index 000000000..37aade8e5 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/telnet.m4 @@ -0,0 +1,75 @@ +dnl +dnl Id +dnl +dnl stuff used by telnet + +AC_DEFUN([rk_TELNET],[ +AC_DEFINE(AUTHENTICATION, 1, + [Define if you want authentication support in telnet.])dnl +AC_DEFINE(ENCRYPTION, 1, + [Define if you want encryption support in telnet.])dnl +AC_DEFINE(DES_ENCRYPTION, 1, + [Define if you want to use DES encryption in telnet.])dnl +AC_DEFINE(DIAGNOSTICS, 1, + [Define this to enable diagnostics in telnet.])dnl +AC_DEFINE(OLD_ENVIRON, 1, + [Define this to enable old environment option in telnet.])dnl +if false; then + AC_DEFINE(ENV_HACK, 1, + [Define this if you want support for broken ENV_{VAR,VAL} telnets.]) +fi + +# Simple test for streamspty, based on the existance of getmsg(), alas +# this breaks on SunOS4 which have streams but BSD-like ptys +# +# And also something wierd has happend with dec-osf1, fallback to bsd-ptys + +case "$host" in +*-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[[01]]*) + ;; +*) + AC_CHECK_FUNC(getmsg) + if test "$ac_cv_func_getmsg" = "yes"; then + AC_CACHE_CHECK([if getmsg works], ac_cv_func_getmsg_works, + AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include + #include + + int main(int argc, char **argv) + { + int ret; + ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL); + if(ret < 0 && errno == ENOSYS) + return 1; + return 0; + } + ]])], [ac_cv_func_getmsg_works=yes], + [ac_cv_func_getmsg_works=no], + [ac_cv_func_getmsg_works=no])) + if test "$ac_cv_func_getmsg_works" = "yes"; then + AC_DEFINE(HAVE_GETMSG, 1, + [Define if you have a working getmsg.]) + AC_DEFINE(STREAMSPTY, 1, + [Define if you have streams ptys.]) + fi + fi + ;; +esac + +AH_BOTTOM([ + +/* Set this to the default system lead string for telnetd + * can contain %-escapes: %s=sysname, %m=machine, %r=os-release + * %v=os-version, %t=tty, %h=hostname, %d=date and time + */ +#undef USE_IM + +/* Used with login -p */ +#undef LOGIN_ARGS + +/* set this to a sensible login */ +#ifndef LOGIN_PATH +#define LOGIN_PATH BINDIR "/login" +#endif +]) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/test-package.m4 b/crypto/external/bsd/heimdal/dist/cf/test-package.m4 new file mode 100644 index 000000000..a5c5304a6 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/test-package.m4 @@ -0,0 +1,135 @@ +dnl Id +dnl +dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs, +dnl default locations, conditional, config-program, headers) + +AC_DEFUN([rk_TEST_PACKAGE],[ +AC_ARG_WITH($1, + AS_HELP_STRING([--with-$1=dir],[use $1 in dir])) +AC_ARG_WITH($1-lib, + AS_HELP_STRING([--with-$1-lib=dir],[use $1 libraries in dir]), +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-lib]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi]) +AC_ARG_WITH($1-include, + AS_HELP_STRING([--with-$1-include=dir],[use $1 headers in dir]), +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-include]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi]) +AC_ARG_WITH($1-config, + AS_HELP_STRING([--with-$1-config=path],[config program for $1])) + +m4_ifval([$6], + m4_define([rk_pkgname], $6), + m4_define([rk_pkgname], AS_TR_CPP($1))) + +AC_MSG_CHECKING(for $1) + +case "$with_$1" in +yes|"") d='$5' ;; +no) d= ;; +*) d="$with_$1" ;; +esac + +header_dirs= +lib_dirs= +for i in $d; do + if test "$with_$1_include" = ""; then + if test -d "$i/include/$1"; then + header_dirs="$header_dirs $i/include/$1" + fi + if test -d "$i/include"; then + header_dirs="$header_dirs $i/include" + fi + fi + if test "$with_$1_lib" = ""; then + if test -d "$i/lib$abilibdirext"; then + lib_dirs="$lib_dirs $i/lib$abilibdirext" + fi + fi +done + +if test "$with_$1_include"; then + header_dirs="$with_$1_include $header_dirs" +fi +if test "$with_$1_lib"; then + lib_dirs="$with_$1_lib $lib_dirs" +fi + +if test "$with_$1_config" = ""; then + with_$1_config='$7' +fi + +$1_cflags= +$1_libs= + +case "$with_$1_config" in +yes|no|""|"$7") + if test -f $with_$1/bin/$7 ; then + with_$1_config=$with_$1/bin/$7 + fi + ;; +esac + +case "$with_$1_config" in +yes|no|"") + ;; +*) + $1_cflags="`$with_$1_config --cflags 2>&1`" + $1_libs="`$with_$1_config --libs 2>&1`" + ;; +esac + +found=no +if test "$with_$1" != no; then + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + if test "$[]$1_cflags" -a "$[]$1_libs"; then + CFLAGS="$[]$1_cflags $save_CFLAGS" + LIBS="$[]$1_libs $save_LIBS" + m4_ifval([$8],[AC_CHECK_HEADERS([[$8]])]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[ + INCLUDE_$1="$[]$1_cflags" + LIB_$1="$[]$1_libs" + AC_MSG_RESULT([from $with_$1_config]) + found=yes]) + fi + if test "$found" = no; then + ires= lres= + for i in $header_dirs; do + CFLAGS="-I$i $save_CFLAGS" + m4_ifval([$8],[AC_CHECK_HEADERS([[$8]])]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[ires=$i;break]) + done + for i in $lib_dirs; do + LIBS="-L$i $3 $4 $save_LIBS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[lres=$i;break]) + done + if test "$ires" -a "$lres" -a "$with_$1" != "no"; then + INCLUDE_$1="-I$ires" + LIB_$1="-L$lres $3 $4" + found=yes + AC_MSG_RESULT([headers $ires, libraries $lres]) + fi + fi + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" +fi + +if test "$found" = yes; then + AC_DEFINE_UNQUOTED(rk_pkgname, 1, [Define if you have the $1 package.]) + with_$1=yes +else + with_$1=no + INCLUDE_$1= + LIB_$1= + AC_MSG_RESULT(no) +fi + +AC_SUBST(INCLUDE_$1) +AC_SUBST(LIB_$1) +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/valgrind-suppressions b/crypto/external/bsd/heimdal/dist/cf/valgrind-suppressions new file mode 100644 index 000000000..d1e7c6ea5 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/valgrind-suppressions @@ -0,0 +1,84 @@ +# Id +{ + linux db init brokenness + Memcheck:Param + pwrite64(buf) + fun:do_pwrite64 + fun:__os_io + fun:__memp_pgwrite + fun:__memp_fsync + fun:__bam_read_root + fun:__bam_open + fun:__db_dbopen + fun:__db_open + fun:DB_open +} +{ + linux strerror + Memcheck:Leak + fun:_vgrZU_libcZdsoZa_malloc + fun:rwlock_add_to_list + fun:rwlock_have_already + fun:pthread_rwlock_rdlock + fun:__dcigettext + fun:dcgettext + fun:strerror_r + fun:strerror +} +{ + linux db close brokenness + Memcheck:Param + pwrite64(buf) + fun:do_pwrite64 + fun:__os_io + fun:__memp_pgwrite + fun:__memp_fsync + fun:__db_sync + fun:__db_close + fun:DB_close +} +{ + GLIBC 2.1.2 getservbyname defect + Memcheck:Leak + fun:_vgrZU_libcZdsoZa_malloc + fun:strdup + obj:* + obj:* + fun:getservbyname_r@@GLIBC_2.1.2 + fun:getservbyname +} +{ + glibc getaddrinfo defect + Memcheck:Leak + fun:_vgrZU_libcZdsoZa_malloc + fun:__libc_res_nsend + fun:__libc_res_nquery + fun:__libc_res_nquerydomain + fun:__libc_res_nsearch + obj:* + fun:gaih_inet + fun:getaddrinfo +} +{ + glibc dlopen failure called from /bin/ls + Memcheck:Addr4 + obj:/lib/ld-2.3.6.so + obj:/lib/ld-2.3.6.so + obj:/lib/ld-2.3.6.so +} +{ + Unknown suppression in runtime link editor + Memcheck:Cond + obj:/lib/ld-2.5.so + obj:/lib/ld-2.5.so + obj:/lib/ld-2.5.so + obj:/lib/ld-2.5.so +} +{ + Unknown suppression in runtime link editor + Memcheck:Addr4 + obj:/lib/ld-2.5.so + obj:/lib/ld-2.5.so + obj:/lib/ld-2.5.so + obj:/lib/ld-2.5.so +} diff --git a/crypto/external/bsd/heimdal/dist/cf/vararray.m4 b/crypto/external/bsd/heimdal/dist/cf/vararray.m4 new file mode 100644 index 000000000..70a3e602c --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/vararray.m4 @@ -0,0 +1,16 @@ +dnl +dnl Id +dnl +dnl Test for variable size arrays. +dnl + +AC_DEFUN([rk_C_VARARRAY], [ + AC_CACHE_CHECK([if the compiler supports variable-length arrays],[rk_cv_c_vararray],[ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x = 0; { int y[x]; }]])], + [rk_cv_c_vararray=yes], + [rk_cv_c_vararray=no])]) + if test "$rk_cv_c_vararray" = yes; then + AC_DEFINE([HAVE_VARIABLE_LENGTH_ARRAY], [1], + [Define if your compiler supports variable-length arrays.]) + fi +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/version-script.m4 b/crypto/external/bsd/heimdal/dist/cf/version-script.m4 new file mode 100644 index 000000000..f08e01344 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/version-script.m4 @@ -0,0 +1,39 @@ +dnl check if ld supports --version-script +dnl +AC_DEFUN([rk_VERSIONSCRIPT],[ +AC_CACHE_CHECK(for ld --version-script, rk_cv_version_script,[ + rk_cv_version_script=no + + cat > conftest.map < conftest.c < \$def_name, + "vs=s" => \$vs_name, + "help|?" => \$show_help) or pod2usage( -exitval => 2, + -verbose => 3 ); +pod2usage( -exitval => 1, + -verbose => 3 ) if $show_help or !$def_name or !$vs_name; + +open (my $def, '<', $def_name) or die $!; +open (my $vs, '<', $vs_name) or die $!; + +# First go through the version-script + +my $global = 0; + +while(<$vs>) +{ + next unless m/^([^#]+)/; + + @a = split(/\s+|({|})/,$1); + + for $f (@a) { + given ($f) { + when (/global\:/) { $global = 1; } + when (/{|}|.*\:/) { $global = 0; } + when (/(.*)\;/ and $global == 1) { + $syms{$1} = 1; + } + } + } +} + +while(<$def>) +{ + next if m/^#/; + next unless m/^;!([^;]+)/ or m/^([^;]+);?(!?)/; + + @a = split(/\s+/, $1); + + for $f (@a) { + next if $f =~ /EXPORTS/ or $f =~ /DATA/ or not $f; + + if (not exists $syms{$f} and not $2) { + print "$f: Only in DEF\n"; + ++$def_only; + } + delete $syms{$f}; + } +} + +#while (($k,$v) = each %syms) { +for $k (sort keys %syms) { + print "$k: Only in VS\n"; + ++$vs_only; +} + +close($def); +close($vs); + +if ($def_only or $vs_only) { + print "\nMismatches found.\n"; + exit(1); +} + +__END__ + +=head1 NAME + +w32-sync-exported-symbols.pl - Synchronize Windows .def with version-script + +=head1 SYNOPSIS + +w32-sync-exported-symbols.pl {options} + + Options: + --def Name of .def file + --vs Name of version-script file + +=head1 DESCRIPTION + +Verifies that all the symbols exported by the version-script is also +accounted for in the .def file. Also checks that no extra symbols are +exported by the .def file unless they are marked as safe. + +=cut + diff --git a/crypto/external/bsd/heimdal/dist/cf/w32-def-from-dll.pl b/crypto/external/bsd/heimdal/dist/cf/w32-def-from-dll.pl new file mode 100644 index 000000000..77fb4d9a7 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/w32-def-from-dll.pl @@ -0,0 +1,212 @@ +######################################################################## +# +# Copyright (c) 2010, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +my $show_module_name = 1; +my $use_indent = 1; +my $strip_leading_underscore = 0; +my $always_export = 0; +my $module_name = ""; +my $local_prefix = "SHIM_"; +my %forward_exports = (); +my %local_exports = (); + +sub build_forwarder_target_list($) +{ + $fn = shift; + + print STDERR "Processing defs from file [$fn]\n"; + + open(SP, '-|', "dumpbin /exports \"".$fn."\"") or die "Can't open pipe for $fn"; + + LINE: + while () { +# 112 6F 00071CDC krb5_encrypt_size + + /^ +([[:digit:]]+)\s+[[:xdigit:]]+\s[[:xdigit:]]{8,}\s+(\S+)(?:| = (\S*))$/ && do { + my ($ordinal, $symbol, $in) = ($1, $2, $3); + + if ($in eq "") { $in = $symbol }; + $forward_exports{$symbol} = $in; + }; + } + + close SP; +} + +# Dump all symbols for the given dll file that are defined and have +# external scope. + +sub build_def_file($) +{ + $fn = shift; + + print STDERR "Opening dump of DLL [$fn]\n"; + + open(SP, '-|', "dumpbin /exports \"".$fn."\"") or die "Can't open pipe for $fn"; + + LINE: + while () { +# 112 6F 00071CDC krb5_encrypt_size + + /^ +([[:digit:]]+)\s+[[:xdigit:]]+\s[[:xdigit:]]{8,}\s+(\S+)(?:| = (\S*))$/ && do { + my ($ordinal, $symbol, $in) = ($1, $2, $3); + + if ($strip_leading_underscore && $symbol =~ /_(.*)/) { + $symbol = $1; + } + if (exists $local_exports{$symbol}) { + print "\t".$symbol; + print " = ".$local_exports{$symbol}; + if ($in ne $local_exports{$symbol} and $in ne "") { + print STDERR "Incorrect calling convention for local $symbol\n"; + print STDERR " ".$in." != ".$local_exports{$symbol}."\n"; + } + print "\t@".$ordinal."\n"; + } elsif (exists $local_exports{$local_prefix.$symbol}) { + print "\t".$symbol; + print " = ".$local_exports{$local_prefix.$symbol}; + print "\t@".$ordinal."\n"; + } elsif (exists $forward_exports{$symbol}) { + print "\t".$symbol; + print " = ".$module_name; + if ($in ne $forward_exports{$symbol} and $in ne "") { + print STDERR "Incorrect calling convention for $symbol\n"; + print STDERR " ".$in." != ".$forward_exports{$symbol}."\n"; + } + my $texp = $forward_exports{$symbol}; + if ($texp =~ /^_([^@]+)$/) { $texp = $1; } + print $texp."\t@".$ordinal."\n"; + } elsif ($always_export) { + print "\t".$symbol." = ".$local_prefix.$symbol; + print "\t@".$ordinal."\n"; + } else { + print STDERR "Symbol not found: $symbol\n"; + } + }; + } + + close SP; +} + +sub build_local_exports_list($) +{ + $fn = shift; + + print STDERR "Opening dump of object [$fn]\n"; + + open(SP, '-|', "dumpbin /symbols \"".$fn."\"") or die "Can't open pipe for $fn"; + + LINE: + while () { + # 009 00000010 SECT3 notype () External | _remove_error_table@4 + m/^[[:xdigit:]]{3,}\s[[:xdigit:]]{8,}\s(\w+)\s+\w*\s+(?:\(\)| )\s+(\w+)\s+\|\s+(\S+)$/ && do { + my ($section, $visibility, $symbol) = ($1, $2, $3); + + if ($section ne "UNDEF" && $visibility eq "External") { + + my $exp_name = $symbol; + + if ($symbol =~ m/^_(\w+)(?:@.*|)$/) { + $exp_name = $1; + } + + if ($symbol =~ m/^_([^@]+)$/) { + $symbol = $1; + } + + $local_exports{$exp_name} = $symbol; + } + }; + } + + close SP; +} + +sub process_file($) +{ + $fn = shift; + + if ($fn =~ m/\.dll$/i) { + build_def_file($fn); + } elsif ($fn =~ m/\.obj$/i) { + build_local_exports_list($fn); + } else { + die "File type not recognized for $fn."; + } +} + +sub use_response_file($) +{ + $fn = shift; + + open (RF, '<', $fn) or die "Can't open response file $fn"; + + while () { + /^(\S+)$/ && do { + process_file($1); + } + } + close RF; +} + +print "; This is a generated file. Do not modify directly.\n"; +print "EXPORTS\n"; + +for (@ARGV) { + ARG: { + /^-m(.*)$/ && do { + $module_name = $1."."; + last ARG; + }; + + /^-l(.*)$/ && do { + $local_prefix = $1."_"; + last ARG; + }; + + /^-a$/ && do { + $always_export = 1; + last ARG; + }; + + /^-e(.*)$/ && do { + build_forwarder_target_list($1); + last ARG; + }; + + /^@(.*)$/ && do { + use_response_file($1); + last ARG; + }; + + process_file($_); + } +} diff --git a/crypto/external/bsd/heimdal/dist/cf/w32-detect-vc-version.pl b/crypto/external/bsd/heimdal/dist/cf/w32-detect-vc-version.pl new file mode 100644 index 000000000..213ca29c8 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/w32-detect-vc-version.pl @@ -0,0 +1,49 @@ +######################################################################## +# +# Copyright (c) 2010, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +# Try to detect the version of Visual C++ in use by parsing the output +# of cl.exe. + +$cl_cmd = shift; + +die "C compiler command should be specified" if ($cl_cmd eq ''); + +open(CL, '-|', $cl_cmd." 2>&1") or die "Can't run C compiler command [$cl_cmd]"; + +$verline = ; + +if ($verline =~ /(\d+).(\d+).(\d+).(\d+)/) { + print "Found Version: $1.$2.$3.$4\n"; + exit $1 + 0; +} else { + print "Mismatch"; + exit 1; +} diff --git a/crypto/external/bsd/heimdal/dist/cf/w32-hh-toc-from-info.pl b/crypto/external/bsd/heimdal/dist/cf/w32-hh-toc-from-info.pl new file mode 100644 index 000000000..2207c5cf4 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/w32-hh-toc-from-info.pl @@ -0,0 +1,120 @@ +######################################################################## +# +# Copyright (c) 2010, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +use HTML::TreeBuilder; + + +my $input_file = "index.html"; +my $toc_file = "toc.hhc"; + +for (@ARGV) { + ARG: { + /-o(.*)/ && do { + $toc_file = $1; + last ARG; + }; + + $input_file = $_; + } +} + +print "Processing TOC in $input_file\n"; +print "Writing to $toc_file\n"; + +open(TOC, '>', $toc_file) or die "Can't open $toc_file\n"; + +my $tree = HTML::TreeBuilder->new(); + +$tree->parse_file($input_file); + +my $contents = $tree->look_down('class', 'contents'); +my $clist = $contents->find_by_tag_name('ul'); + +print TOC ' + + + + + +'; + +process_ul_element($clist, 0); + +print TOC ' + + +'; + + +sub process_ul_element +{ + my $e = shift; + my $level = shift; + + if ($e->tag() eq "ul") { + + print TOC ' 'x$level; + print TOC "
    \n"; + + my @items = $e->content_list(); + + for (@items) { + process_li_element($_, $level + 1); + } + + print TOC ' 'x$level; + print TOC "
\n"; + } +} + +sub process_li_element +{ + my $e = shift; + my $level = shift; + + if ($e->tag() eq "li") { + my $a = $e->find_by_tag_name('a'); + + my $href = $a->attr('href'); + my @ac = $a->content_list(); + my $title = $ac[0]; + + print TOC " "x$level; + print TOC "
  • \n"; + + my @items = $e->content_list(); + + for (@items) { + process_ul_element($_, $level + 1); + } + } +} + diff --git a/crypto/external/bsd/heimdal/dist/cf/w32-list-externs-from-objs.pl b/crypto/external/bsd/heimdal/dist/cf/w32-list-externs-from-objs.pl new file mode 100644 index 000000000..9712120e9 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/w32-list-externs-from-objs.pl @@ -0,0 +1,114 @@ +######################################################################## +# +# Copyright (c) 2010, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +my $show_module_name = 1; +my $use_indent = 1; +my $strip_leading_underscore = 0; + +# Dump all symbols for the given object file that are defined and have +# external scope. + +sub dump_symbols_for_file($) +{ + $fn = shift; + + print STDERR "Opening dump of object [$fn]\n"; + + open(SP, '-|', "dumpbin /symbols \"".$fn."\"") or die "Can't open pipe for $fn"; + + LINE: + while () { + # 008 00000000 SECT3 notype () External | _encode_AccessDescription + + /^[[:xdigit:]]{3,}\s[[:xdigit:]]{8,}\s(\w+)\s+\w*\s+(\(\)| )\s+(\w+)\s+\|\s+([0-9a-zA-Z\@\_]+)$/ && do { + my ($section, $type, $visibility, $symbol) = ($1, $2, $3, $4); + + if ($section ne "UNDEF" && $visibility eq "External") { + print $fn if $show_module_name; + print "\t" if $use_indent || $show_module_name; + + if ($strip_leading_underscore && $symbol =~ /_(.*)/) { + $symbol = $1; + } + if ($strip_leading_underscore && $symbol =~ /(.*)\@.*$/) { + $symbol = $1; + } + print $symbol; + if ($type ne "()") { + print "\tDATA"; + } + print "\n"; + } + }; + } + + close SP; +} + +sub use_response_file($) +{ + $fn = shift; + + open (RF, '<', $fn) or die "Can't open response file $fn"; + + while () { + /(\S+)/ && do { + dump_symbols_for_file($1); + } + } + close RF; +} + +for (@ARGV) { + ARG: { + /^-q$/ && do { + $show_module_name = 0; + last ARG; + }; + + /^-1$/ && do { + $use_indent = 0; + last ARG; + }; + + /^-u$/ && do { + $strip_leading_underscore = 1; + last ARG; + }; + + /^@(.*)$/ && do { + use_response_file($1); + last ARG; + }; + + dump_symbols_for_file($_); + } +} diff --git a/crypto/external/bsd/heimdal/dist/cf/wflags.m4 b/crypto/external/bsd/heimdal/dist/cf/wflags.m4 new file mode 100644 index 000000000..386e37be6 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/wflags.m4 @@ -0,0 +1,29 @@ +dnl Id +dnl +dnl set WFLAGS + +AC_DEFUN([rk_WFLAGS],[ + +AC_ARG_ENABLE(developer, + AS_HELP_STRING([--enable-developer], [enable developer warnings])) +if test "X$enable_developer" = Xyes; then + dwflags="-Werror" +fi + +WFLAGS_NOUNUSED="" +WFLAGS_NOIMPLICITINT="" +if test -z "$WFLAGS" -a "$GCC" = "yes"; then + # -Wno-implicit-int for broken X11 headers + # leave these out for now: + # -Wcast-align doesn't work well on alpha osf/1 + # -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast + # -Wmissing-declarations -Wnested-externs + # -Wstrict-overflow=5 + WFLAGS="ifelse($#, 0,-Wall, $1) $dwflags" + WFLAGS_NOUNUSED="-Wno-unused" + WFLAGS_NOIMPLICITINT="-Wno-implicit-int" +fi +AC_SUBST(WFLAGS)dnl +AC_SUBST(WFLAGS_NOUNUSED)dnl +AC_SUBST(WFLAGS_NOIMPLICITINT)dnl +]) diff --git a/crypto/external/bsd/heimdal/dist/cf/win32.m4 b/crypto/external/bsd/heimdal/dist/cf/win32.m4 new file mode 100644 index 000000000..223d4547e --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/win32.m4 @@ -0,0 +1,16 @@ +dnl Id +dnl rk_WIN32_EXPORT buildsymbol symbol-that-export +AC_DEFUN([rk_WIN32_EXPORT],[AH_TOP([#ifdef $1 +#ifndef $2 +#ifdef _WIN32_ +#define $2_FUNCTION __declspec(dllexport) +#define $2_CALL __stdcall +#define $2_VARIABLE __declspec(dllexport) +#else +#define $2_FUNCTION +#define $2_CALL +#define $2_VARIABLE +#endif +#endif +#endif +])]) diff --git a/crypto/external/bsd/heimdal/dist/cf/with-all.m4 b/crypto/external/bsd/heimdal/dist/cf/with-all.m4 new file mode 100644 index 000000000..0f0e2a568 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/cf/with-all.m4 @@ -0,0 +1,42 @@ +dnl +dnl Id +dnl + +dnl AC_WITH_ALL(name) + +AC_DEFUN([AC_WITH_ALL], [ +AC_ARG_WITH($1, + AS_HELP_STRING([--with-$1=dir], + [use $1 in dir])) + +AC_ARG_WITH($1-lib, + AS_HELP_STRING([--with-$1-lib=dir], + [use $1 libraries in dir]), +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-lib]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi]) + +AC_ARG_WITH($1-include, + AS_HELP_STRING([--with-$1-include=dir], + [use $1 headers in dir]), +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-include]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi]) + +case "$with_$1" in +yes) ;; +no) ;; +"") ;; +*) if test "$with_$1_include" = ""; then + with_$1_include="$with_$1/include" + fi + if test "$with_$1_lib" = ""; then + with_$1_lib="$with_$1/lib$abilibdirext" + fi + ;; +esac +]) \ No newline at end of file diff --git a/crypto/external/bsd/heimdal/dist/configure.ac b/crypto/external/bsd/heimdal/dist/configure.ac new file mode 100644 index 000000000..b84ac37f1 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/configure.ac @@ -0,0 +1,692 @@ +dnl Process this file with autoconf to produce a configure script. +AC_REVISION($Revision: 1.1.1.1 $) +AC_PREREQ(2.62) +test -z "$CFLAGS" && CFLAGS="-g" +AC_INIT([Heimdal],[1.5pre1],[heimdal-bugs@h5l.org]) +AC_CONFIG_SRCDIR([kuser/kinit.c]) +AC_CONFIG_HEADERS(include/config.h) +AC_CONFIG_MACRO_DIR([cf]) + +AM_INIT_AUTOMAKE([foreign 1.10.3]) +AM_MAINTAINER_MODE + +dnl Checks for programs. +AC_PROG_CC +AM_PROG_CC_C_O +AC_PROG_CPP +AC_PROG_LIBTOOL + +AC_PREFIX_DEFAULT(/usr/heimdal) + +test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' +test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal' + +AC_CANONICAL_HOST +CANONICAL_HOST=$host +AC_SUBST(CANONICAL_HOST) + +rk_SYS_LARGEFILE + +rk_AIX +rk_IRIX +rk_SUNOS + +dnl +dnl this is needed to run the configure tests against glibc +dnl +AC_DEFINE([_GNU_SOURCE], 1, + [Define to enable extensions on glibc-based systems such as Linux.]) + +AC_OBJEXT +AC_EXEEXT + +dnl AC_KRB_PROG_YACC +AC_PROG_YACC +AM_PROG_LEX +dnl AC_PROG_RANLIB +AC_PROG_AWK +AC_KRB_PROG_LN_S + +AC_MIPS_ABI +CC="$CC $abi" +libdir="$libdir$abilibdirext" + +AC_C___ATTRIBUTE__ + +LT_PREREQ([2.2]) +LT_INIT([shared static win32-dll]) + +AM_CONDITIONAL(ENABLE_SHARED, test "$enable_shared" = "yes") +rk_VERSIONSCRIPT + +dnl +dnl Helper bits for cross compiling +dnl + + + +AM_CONDITIONAL(CROSS_COMPILE, test "${cross_compiling}" = yes) + +AC_ARG_WITH(cross-tools, + AS_HELP_STRING([--with-cross-tools=dir], [use cross tools in dir]), + [if test "$withval" = "yes"; then + AC_MSG_ERROR([Need path to cross tools]) + fi + with_cross_tools="${with_cross_tools}/" + ]) + +if test "${cross_compiling}" != yes ; then + + ASN1_COMPILE="\$(top_builddir)/lib/asn1/asn1_compile\$(EXEEXT)" + SLC="\$(top_builddir)/lib/sl/slc" + + ASN1_COMPILE_DEP="\$(ASN1_COMPILE)" + SLC_DEP="\$(SLC)" +else + ASN1_COMPILE="${with_cross_tools}asn1_compile" + SLC="${with_cross_tools}slc" + + ASN1_COMPILE_DEP= + SLC_DEP= +fi + +AC_SUBST([ASN1_COMPILE]) +AC_SUBST([ASN1_COMPILE_DEP]) +AC_SUBST([SLC]) +AC_SUBST([SLC_DEP]) + + +dnl --- + +AC_DEFINE(HEIM_WEAK_CRYPTO, 1, [Define if you want support for weak crypto]) + +rk_TEST_PACKAGE(openldap, +[#include +#include ], +[-lldap -llber],,,OPENLDAP) + +AC_ARG_ENABLE(hdb-openldap-module, + AS_HELP_STRING([--enable-hdb-openldap-module], + [if you want support to build openldap hdb as shared object])) +if test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes; then + AC_DEFINE(OPENLDAP_MODULE, 1, [Define if you want support for hdb ldap module]) +fi +AM_CONDITIONAL(OPENLDAP_MODULE, test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes) + +dnl +dnl Optional modules, pk-init, digest, kx509 +dnl + +AC_ARG_ENABLE(pk-init, + AS_HELP_STRING([--disable-pk-init], + [if you want disable to PK-INIT support])) +if test "$enable_pk_init" != no ;then + AC_DEFINE([PKINIT], 1, [Define to enable PKINIT.]) +fi +AM_CONDITIONAL(PKINIT, test "$enable_pk_init" != no) + +AC_ARG_ENABLE(digest, + AS_HELP_STRING([--disable-digest], + [if you want disable to DIGEST support])) +if test "$enable_digest" != no ;then + AC_DEFINE([DIGEST], 1, [Define to enable DIGEST.]) +fi + +AC_ARG_ENABLE(kx509, + AS_HELP_STRING([--disable-kx509], + [if you want disable to kx509 support])) +if test "$enable_kx509" != no ;then + AC_DEFINE([KX509], 1, [Define to enable kx509.]) +fi + +dnl Need to test if pkg-config exists +PKG_PROG_PKG_CONFIG + +dnl libcap-ng +AC_ARG_WITH([capng], + AC_HELP_STRING([--with-capng], [use libcap-ng to drop KDC privileges @<:@default=check@:>@]), + [], + [with_capng=check]) +if test "$with_capng" != "no"; then + PKG_CHECK_MODULES([CAPNG], [libcap-ng >= 0.4.0], + [with_capng=yes],[with_capng=no]) +fi +if test "$with_capng" = "yes"; then + AC_DEFINE_UNQUOTED([HAVE_CAPNG], 1, [whether capng is available for privilege reduction]) +fi +AM_CONDITIONAL([HAVE_CAPNG], [test "$with_capng" != "no"]) +AC_SUBST([CAPNG_CFLAGS]) +AC_SUBST([CAPNG_LIBS]) + +dnl Check for sqlite +rk_TEST_PACKAGE(sqlite3, +[#include +#ifndef SQLITE_OPEN_CREATE +#error "old version" +#endif], +[-lsqlite3],,,SQLITE3) + +if test "X$with_sqlite3" != Xyes ; then + INCLUDE_sqlite3="-I\$(top_srcdir)/lib/sqlite" + LIB_sqlite3="\$(top_builddir)/lib/sqlite/libheimsqlite.la" +fi +AM_CONDITIONAL(SQLITE3, test "X$with_sqlite3" = Xyes) + +AC_ARG_ENABLE(sqlite-cache, + AS_HELP_STRING([--disable-sqlite-cache],[if you want support for cache in sqlite])) +if test "$enable_sqlite_cache" != no; then + AC_DEFINE(HAVE_SCC, 1, [Define if you want support for cache in sqlite.]) +fi +AM_CONDITIONAL(have_scc, test "$enable_sqlite_cache" != no) + + +dnl check for libintl +rk_TEST_PACKAGE(libintl, +[#include ], +[-lintl],,,LIBINTL) + +dnl path where the hdb directory is stored +AC_ARG_WITH([hdbdir], + [AS_HELP_STRING([--with-hdbdir],[Default location for KDC database @<:@default=/var/heimdal@:>@])], + [], + [with_hdbdir=/var/heimdal]) +DIR_hdbdir="$with_hdbdir" +AC_SUBST([DIR_hdbdir]) + + +dnl no kerberos4 any more +with_krb4=no +AC_SUBST(INCLUDE_krb4) +AC_SUBST(LIB_krb4) +AM_CONDITIONAL(KRB4, false) + +AM_CONDITIONAL(KRB5, true) +AM_CONDITIONAL(do_roken_rename, true) + +AC_DEFINE(SUPPORT_INETD, 1, [Enable use of inetd style startup.])dnl + + +AC_DEFINE(KRB5, 1, [Enable Kerberos 5 support in applications.])dnl +AC_SUBST(LIB_kdb)dnl + +KRB_CRYPTO + +KRB_PTHREADS + +AC_ARG_ENABLE(dce, + AS_HELP_STRING([--enable-dce],[if you want support for DCE/DFS PAG's])) +if test "$enable_dce" = yes; then + AC_DEFINE(DCE, 1, [Define if you want support for DCE/DFS PAG's.]) +fi +AM_CONDITIONAL(DCE, test "$enable_dce" = yes) + +## XXX quite horrible: +if test -f /etc/ibmcxx.cfg; then + dpagaix_ldadd=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[[^=]]*=\(.*\)/\1/;s/,/ /gp;}'` + dpagaix_cflags=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[[^=]]*=\(.*\)/\1/;s/-q[^,]*//;s/,/ /gp;}'` + dpagaix_ldflags= +else + dpagaix_cflags="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce" + dpagaix_ldadd="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r" + dpagaix_ldflags="-Wl,-bI:dfspag.exp" +fi +AC_SUBST(dpagaix_cflags) +AC_SUBST(dpagaix_ldadd) +AC_SUBST(dpagaix_ldflags) + +AC_ARG_ENABLE([afs-support], + AS_HELP_STRING([--disable-afs-support],[if you don't want support for AFS])) +if test "$enable_afs_support" = no; then + AC_DEFINE(NO_AFS, 1, [Define if you don't wan't support for AFS.]) + NO_AFS="1" +fi +AC_SUBST(NO_AFS)dnl + +rk_DB + +dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken]) + +rk_ROKEN(lib/roken) +LIBADD_roken="$LIB_roken" +AC_SUBST(LIBADD_roken)dnl +LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken" + +rk_OTP + +rk_LIBDISPATCH + +AC_CHECK_OSFC2 + +AC_ARG_ENABLE(mmap, + AS_HELP_STRING([--disable-mmap],[disable use of mmap])) +if test "$enable_mmap" = "no"; then + AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.]) +fi + +AC_ARG_ENABLE(afs-string-to-key, + AS_HELP_STRING([--disable-afs-string-to-key], + [disable use of weak AFS string-to-key functions]), + [], [enable_afs_string_to_key=yes]) + +if test "$enable_afs_string_to_key" = "yes"; then + AC_DEFINE(ENABLE_AFS_STRING_TO_KEY, 1, [Define if want to use the weak AFS string to key functions.]) +fi + + +rk_CHECK_MAN + +rk_TEST_PACKAGE(readline, +[#include +#if defined(HAVE_READLINE_READLINE_H) +#include +#elif defined(HAVE_READLINE_H) +#include +#endif +],-lreadline,,, READLINE,, [readline.h readline/readline.h]) + +rk_TEST_PACKAGE(libedit, +[#include +#if defined(HAVE_READLINE_READLINE_H) +#include +#elif defined(HAVE_READLINE_H) +#include +#endif +],-ledit,,, READLINE,, [readline.h readline/readline.h]) + +AC_CONFIG_SUBDIRS([lib/libedit]) + +rk_TEST_PACKAGE(hesiod,[#include ],-lhesiod,,, HESIOD) + +KRB_C_BIGENDIAN +AC_C_INLINE + +KRB_CHECK_X + +AM_CONDITIONAL(HAVE_X, test "$no_x" != yes) + +AC_CHECK_XAU + +dnl AM_C_PROTOTYPES + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +AC_TYPE_OFF_T +AC_CHECK_TYPE_EXTRA(mode_t, unsigned short, []) +AC_CHECK_TYPE_EXTRA(sig_atomic_t, int, [#include ]) +AC_HAVE_TYPE([long long]) +AC_HEADER_TIME +AC_STRUCT_TM + +dnl Checks for header files. +AC_HEADER_STDC + +AC_CHECK_HEADERS([\ + CommonCrypto/CommonDigest.h \ + CommonCrypto/CommonCryptor.h \ + arpa/ftp.h \ + arpa/telnet.h \ + bind/bitypes.h \ + bsdsetjmp.h \ + curses.h \ + dlfcn.h \ + fnmatch.h \ + inttypes.h \ + io.h \ + libutil.h \ + limits.h \ + maillock.h \ + netgroup.h \ + netinet/in6_machtypes.h \ + pthread.h \ + pty.h \ + sac.h \ + sgtty.h \ + siad.h \ + signal.h \ + strings.h \ + stropts.h \ + sys/bitypes.h \ + sys/category.h \ + sys/file.h \ + sys/filio.h \ + sys/ioccom.h \ + sys/mman.h \ + sys/param.h \ + sys/pty.h \ + sys/ptyio.h \ + sys/select.h \ + sys/socket.h \ + sys/str_tty.h \ + sys/stream.h \ + sys/stropts.h \ + sys/syscall.h \ + sys/termio.h \ + sys/timeb.h \ + sys/times.h \ + sys/types.h \ + sys/un.h \ + locale.h \ + termcap.h \ + termio.h \ + termios.h \ + time.h \ + tmpdir.h \ + udb.h \ + util.h \ + utmp.h \ + utmpx.h \ +]) + +dnl On Solaris 8 there's a compilation warning for term.h because +dnl it doesn't define `bool'. +AC_CHECK_HEADERS(term.h, , , -) + +dnl aix have asl.h (A/IX screen library) that we don't want +AC_CHECK_HEADERS(asl.h, , , [ +#include +#ifndef ASL_STRING_EMERG +#error ASL_STRING_EMERG missing +#endif]) + +AC_CHECK_HEADERS(net/if.h, , , [AC_INCLUDES_DEFAULT +#if HAVE_SYS_SOCKET_H +#include +#endif]) + +AC_CHECK_HEADERS(sys/ptyvar.h, , , [AC_INCLUDES_DEFAULT +#if HAVE_SYS_TTY_H +#include +#endif]) + +AC_CHECK_HEADERS(sys/strtty.h, , , [AC_INCLUDES_DEFAULT +#if HAVE_TERMIOS_H +#include +#endif +#if HAVE_SYS_STREAM_H +#include +#endif]) + +AC_CHECK_HEADERS(sys/ucred.h, , , [AC_INCLUDES_DEFAULT +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_PARAM_H +#include +#endif]) + +AC_CHECK_HEADERS(security/pam_modules.h, , , [AC_INCLUDES_DEFAULT +#include +]) + +dnl export symbols +rk_WIN32_EXPORT(BUILD_KRB5_LIB, KRB5_LIB) +rk_WIN32_EXPORT(BUILD_ROKEN_LIB, ROKEN_LIB) +rk_WIN32_EXPORT(BUILD_GSSAPI_LIB, GSSAPI_LIB) + +dnl Checks for libraries. + +AC_FIND_FUNC_NO_LIBS(logwtmp, util,[ +#ifdef HAVE_UTIL_H +#include +#endif +],[0,0,0]) +AC_FIND_FUNC_NO_LIBS(logout, util,[ +#ifdef HAVE_UTIL_H +#include +#endif +],[0]) +AC_FIND_FUNC_NO_LIBS(openpty, util,[ +#ifdef HAVE_UTIL_H +#include +#endif +],[0,0,0,0,0]) + +AC_FIND_FUNC_NO_LIBS(tgetent, termcap ncurses curses,[ +#ifdef HAVE_TERMCAP_H +#include +#endif +#ifdef HAVE_CURSES_H +#include +#endif +],[0,0]) + +dnl Checks for library functions. + +AC_CHECK_FUNCS([ \ + _getpty \ + _scrsize \ + arc4random \ + fcntl \ + getpeereid \ + getpeerucred \ + grantpt \ + mktime \ + ptsname \ + rand \ + revoke \ + select \ + setitimer \ + setpcred \ + setpgid \ + setproctitle \ + setregid \ + setresgid \ + setresuid \ + setreuid \ + setsid \ + setutent \ + sigaction \ + strstr \ + ttyname \ + ttyslot \ + umask \ + unlockpt \ + vhangup \ + yp_get_default_domain \ +]) + +AC_MSG_CHECKING([checking for __sync_add_and_fetch]) +AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[unsigned int foo; __sync_add_and_fetch(&foo, 1);]])], + [ac_rk_have___sync_add_and_fetch=yes], [ac_rk_have___sync_add_and_fetch=no]) +if test "$ac_rk_have___sync_add_and_fetch" = "yes" ; then + AC_DEFINE_UNQUOTED(HAVE___SYNC_ADD_AND_FETCH, 1, [have __sync_add_and_fetch]) +fi +AC_MSG_RESULT($ac_rk_have___sync_add_and_fetch) + +AC_FUNC_MMAP + +KRB_CAPABILITIES + +AC_CHECK_GETPWNAM_R_POSIX + +dnl detect doors on solaris +if test "$enable_pthread_support" != no; then + saved_LIBS="$LIBS" + LIBS="$LIBS $PTHREADS_LIBS" + AC_FIND_FUNC_NO_LIBS(door_create, door) + LIBS="$saved_LIBS" +fi + +AC_ARG_ENABLE(kcm, + AS_HELP_STRING([--enable-kcm],[enable Kerberos Credentials Manager]), +,[enable_kcm=yes]) + +if test "$enable_kcm" = yes ; then + if test "$ac_cv_header_sys_un_h" != yes -a "$ac_cv_funclib_door_create" != yes ; then + enable_kcm=no + fi +fi +if test "$enable_kcm" = yes; then + AC_DEFINE(HAVE_KCM, 1, + [Define if you want to use the Kerberos Credentials Manager.]) +fi +AM_CONDITIONAL(KCM, test "$enable_kcm" = yes) + + + +dnl Cray stuff +AC_CHECK_FUNCS(getudbnam setlim) + +dnl AC_KRB_FUNC_GETCWD_BROKEN + +dnl +dnl Check for fields in struct utmp +dnl + +AC_HAVE_STRUCT_FIELD(struct utmp, ut_addr, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmp, ut_host, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmp, ut_id, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmp, ut_pid, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmp, ut_type, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmp, ut_user, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmpx, ut_host, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmpx, ut_id, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmpx, ut_line, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmpx, ut_pid, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmpx, ut_tv, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmpx, ut_type, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmpx, ut_user, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmpx, ut_exit, [#include ]) +AC_HAVE_STRUCT_FIELD(struct utmpx, ut_syslen, [#include ]) + +AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t, + u_int8_t, u_int16_t, u_int32_t, u_int64_t, + uint8_t, uint16_t, uint32_t, uint64_t],,,[ +#ifdef HAVE_INTTYPES_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_BIND_BITYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include +#endif +]) + +rk_FRAMEWORK_SECURITY + +KRB_READLINE + +rk_TELNET + +dnl Some operating systems already have com_err and compile_et +CHECK_COMPILE_ET + +rk_AUTH_MODULES([sia afskauthlib]) + +rk_DESTDIRS + +rk_WFLAGS([-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs]) + + +AH_BOTTOM([#ifdef __APPLE__ +#include +#endif]) + +AH_BOTTOM([#ifdef ROKEN_RENAME +#include "roken_rename.h" +#endif]) + +AC_CONFIG_FILES(Makefile \ + etc/Makefile \ + include/Makefile \ + include/gssapi/Makefile \ + include/hcrypto/Makefile \ + include/kadm5/Makefile \ + lib/Makefile \ + base/Makefile \ + lib/asn1/Makefile \ + lib/com_err/Makefile \ + lib/hcrypto/Makefile \ + lib/hx509/Makefile \ + lib/gssapi/Makefile \ + lib/ntlm/Makefile \ + lib/hdb/Makefile \ + lib/ipc/Makefile \ + lib/kadm5/Makefile \ + lib/kafs/Makefile \ + lib/kdfs/Makefile \ + lib/krb5/Makefile \ + lib/otp/Makefile \ + lib/roken/Makefile \ + lib/sl/Makefile \ + lib/sqlite/Makefile \ + lib/vers/Makefile \ + lib/wind/Makefile \ + po/Makefile \ + kuser/Makefile \ + kpasswd/Makefile \ + kadmin/Makefile \ + admin/Makefile \ + kcm/Makefile \ + kdc/Makefile \ + appl/Makefile \ + appl/afsutil/Makefile \ + appl/ftp/Makefile \ + appl/ftp/common/Makefile \ + appl/ftp/ftp/Makefile \ + appl/ftp/ftpd/Makefile \ + appl/gssmask/Makefile \ + appl/kx/Makefile \ + appl/login/Makefile \ + appl/otp/Makefile \ + appl/popper/Makefile \ + appl/push/Makefile \ + appl/rsh/Makefile \ + appl/rcp/Makefile \ + appl/su/Makefile \ + appl/xnlock/Makefile \ + appl/telnet/Makefile \ + appl/telnet/libtelnet/Makefile \ + appl/telnet/telnet/Makefile \ + appl/telnet/telnetd/Makefile \ + appl/test/Makefile \ + appl/kf/Makefile \ + appl/dceutils/Makefile \ + tests/Makefile \ + tests/bin/Makefile \ + tests/can/Makefile \ + tests/db/Makefile \ + tests/kdc/Makefile \ + tests/ldap/Makefile \ + tests/gss/Makefile \ + tests/java/Makefile \ + tests/plugin/Makefile \ + packages/Makefile \ + packages/mac/Makefile \ + doc/Makefile \ + tools/Makefile \ +) + +AC_OUTPUT + +dnl +dnl This is the release version name-number[beta] +dnl + +cat > include/newversion.h.in </dev/null | sed 1q` + Date=`date` + mv -f include/newversion.h.in include/version.h.in + sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h +fi diff --git a/crypto/external/bsd/heimdal/dist/doc/Makefile.am b/crypto/external/bsd/heimdal/dist/doc/Makefile.am new file mode 100644 index 000000000..05407c7a6 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/Makefile.am @@ -0,0 +1,143 @@ +# Id + +include $(top_srcdir)/Makefile.am.common + +AUTOMAKE_OPTIONS = no-texinfo.tex + +MAKEINFOFLAGS = --css-include=$(srcdir)/heimdal.css + +TEXI2DVI = true # ARGH, make distcheck can't be disabled to not build dvifiles + +info_TEXINFOS = heimdal.texi hx509.texi + +dxy_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \ + -e 's,[@]objdir[@],.,g' \ + -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g' + +hcrypto.dxy: hcrypto.din Makefile + $(dxy_subst) < $(srcdir)/hcrypto.din > hcrypto.dxy.tmp + chmod +x hcrypto.dxy.tmp + mv hcrypto.dxy.tmp hcrypto.dxy + +hdb.dxy: hdb.din Makefile + $(dxy_subst) < $(srcdir)/hdb.din > hdb.dxy.tmp + chmod +x hdb.dxy.tmp + mv hdb.dxy.tmp hdb.dxy + +hx509.dxy: hx509.din Makefile + $(dxy_subst) < $(srcdir)/hx509.din > hx509.dxy.tmp + chmod +x hx509.dxy.tmp + mv hx509.dxy.tmp hx509.dxy + +gssapi.dxy: gssapi.din Makefile + $(dxy_subst) < $(srcdir)/gssapi.din > gssapi.dxy.tmp + chmod +x gssapi.dxy.tmp + mv gssapi.dxy.tmp gssapi.dxy + +krb5.dxy: krb5.din Makefile + $(dxy_subst) < $(srcdir)/krb5.din > krb5.dxy.tmp + chmod +x krb5.dxy.tmp + mv krb5.dxy.tmp krb5.dxy + +ntlm.dxy: ntlm.din Makefile + $(dxy_subst) < $(srcdir)/ntlm.din > ntlm.dxy.tmp + chmod +x ntlm.dxy.tmp + mv ntlm.dxy.tmp ntlm.dxy + +wind.dxy: wind.din Makefile + $(dxy_subst) < $(srcdir)/wind.din > wind.dxy.tmp + chmod +x wind.dxy.tmp + mv wind.dxy.tmp wind.dxy + +texi_subst = sed -e 's,[@]dbdir[@],$(localstatedir),g' \ + -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g' + +vars.texi: vars.tin Makefile + $(texi_subst) < $(srcdir)/vars.tin > vars.texi.tmp + chmod +x vars.texi.tmp + mv vars.texi.tmp vars.texi + +PROJECTS = hcrypto hdb hx509 gssapi krb5 ntlm wind + +doxyout doxygen: hdb.dxy hx509.dxy hcrypto.dxy gssapi.dxy krb5.dxy ntlm.dxy wind.dxy + @find $(srcdir)/doxyout -type d ! -perm -200 -exec chmod u+w {} ';' ; \ + rm -rf $(srcdir)/doxyout ; \ + mkdir $(srcdir)/doxyout ; \ + for a in $(PROJECTS) ; do \ + echo $$a ; \ + doxygen $$a.dxy; \ + (cd $(srcdir)/doxyout && find $$a/man -type f > $$a/manpages ) ; \ + done + +install-data-hook: install-doxygen-manpage +uninstall-hook: uninstall-doxygen-manpage +dist-hook: doxygen + +install-doxygen-manpage: + for a in $(PROJECTS) ; do \ + f="$(srcdir)/doxyout/$$a/manpages" ; \ + test -f $$f || continue ; \ + echo "install $$a manual pages $$(wc -l < $$f)" ; \ + while read x ; do \ + section=`echo "$$x" | sed 's/.*\.\([0-9]\)/\1/'` ; \ + $(mkinstalldirs) "$(DESTDIR)$(mandir)/man$$section" ; \ + $(INSTALL_DATA) $(srcdir)/doxyout/$$x "$(DESTDIR)$(mandir)/man$$section" ; \ + done < $$f ; \ + done ; exit 0 + +uninstall-doxygen-manpage: + @for a in $(PROJECTS) ; do \ + f="$(srcdir)/doxyout/$$a/manpages" ; \ + test -f $$f || continue ; \ + echo "removing $$a manual pages" ; \ + while read x ; do \ + section=`echo "$$x" | sed 's/.*\.\([0-9]\)/\1/'` ; \ + base=`basename $$x` ; \ + rm "$(DESTDIR)$(mandir)/man$$section/$$base" ; \ + done < $$f ; \ + done + + +heimdal_TEXINFOS = \ + ack.texi \ + apps.texi \ + copyright.texi \ + heimdal.texi \ + install.texi \ + intro.texi \ + kerberos4.texi \ + migration.texi \ + misc.texi \ + programming.texi \ + setup.texi \ + vars.texi \ + whatis.texi \ + win2k.texi + +EXTRA_DIST = \ + doxyout \ + footer.html \ + gssapi.din \ + hdb.din \ + hcrypto.din \ + header.html \ + heimdal.css \ + hx509.din \ + krb5.din \ + ntlm.din \ + init-creds \ + latin1.tex \ + layman.asc \ + doxytmpl.dxy \ + wind.din \ + vars.tin + +CLEANFILES = \ + hcrypto.dxy* \ + hx509.dxy* \ + hdb.dxy* \ + gssapi.dxy* \ + krb5.dxy* \ + ntlm.dxy* \ + wind.dxy* \ + vars.texi* diff --git a/crypto/external/bsd/heimdal/dist/doc/NTMakefile b/crypto/external/bsd/heimdal/dist/doc/NTMakefile new file mode 100644 index 000000000..4894983ce --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/NTMakefile @@ -0,0 +1,119 @@ +######################################################################## +# +# Copyright (c) 2009, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +RELDIR=doc + +!include ../windows/NTMakefile.w32 + +heimdal_TEXINFOS = \ + $(OBJ)\ack.texi \ + $(OBJ)\apps.texi \ + $(OBJ)\copyright.texi \ + $(OBJ)\heimdal.texi \ + $(OBJ)\install.texi \ + $(OBJ)\intro.texi \ + $(OBJ)\kerberos4.texi \ + $(OBJ)\migration.texi \ + $(OBJ)\misc.texi \ + $(OBJ)\programming.texi \ + $(OBJ)\setup.texi \ + $(OBJ)\vars.texi \ + $(OBJ)\whatis.texi \ + $(OBJ)\win2k.texi + +hx509_TEXINFOS = \ + $(OBJ)\hx509.texi + +{}.texi{$(OBJ)}.texi: + $(CP) $** $@ + +{}.tin{$(OBJ)}.texi: + $(SED) -e "s,[@]dbdir[@],x,g" \ + -e "s,[@]PACKAGE_VERSION[@],$(VER_PACKAGE_VERSION),g" < $** > $@ + +MAKEINFOFLAGS = --css-include=$(SRCDIR)/heimdal.css + +###################################################################### +# Build heimdal.chm + +# Copyrights-and-Licenses.html is where the table of contents ends up +# when generating HTML output using makeinfo. Same goes for +# How-to-use-the-PKCS11-module.html below. + +$(OBJ)\heimdal\index.html $(OBJ)\heimdal\Copyrights-and-Licenses.html: $(heimdal_TEXINFOS) + cd $(OBJ) + $(MAKEINFO) $(MAKEINFOFLAGS) --html heimdal.texi + cd $(SRCDIR) + +$(OBJ)\heimdal\toc.hhc: $(OBJ)\heimdal\Copyrights-and-Licenses.html + $(PERL) $(SRC)\cf\w32-hh-toc-from-info.pl -o$@ $** + +$(OBJ)\heimdal\heimdal.hhp: heimdal.hhp + $(CP) $** $@ + +$(DOCDIR)\heimdal.chm: $(OBJ)\heimdal\heimdal.hhp $(OBJ)\heimdal\toc.hhc + cd $(OBJ)\heimdal + -$(HHC) heimdal.hhp + $(CP) heimdal.chm $@ + cd $(SRCDIR) + +###################################################################### +# Build hx509.chm + +$(OBJ)\hx509\index.html $(OBJ)\hx509\How-to-use-the-PKCS11-module.html: $(hx509_TEXINFOS) + cd $(OBJ) + $(MAKEINFO) $(MAKEINFOFLAGS) --html hx509.texi + cd $(SRCDIR) + +$(OBJ)\hx509\toc.hhc: $(OBJ)\hx509\How-to-use-the-PKCS11-module.html + $(PERL) $(SRC)\cf\w32-hh-toc-from-info.pl -o$@ $** + +$(OBJ)\hx509\hx509.hhp: hx509.hhp + $(CP) $** $@ + +$(DOCDIR)\hx509.chm: $(OBJ)\hx509\hx509.hhp $(OBJ)\hx509\toc.hhc + cd $(OBJ)\hx509 + -$(HHC) hx509.hhp + $(CP) hx509.chm $@ + cd $(SRCDIR) + +!ifndef NO_DOC +all:: $(OBJ)\heimdal\index.html $(OBJ)\hx509\index.html \ + $(DOCDIR)\heimdal.chm $(DOCDIR)\hx509.chm +!endif + +clean:: + -$(RM) $(OBJ)\heimdal\*.* + -$(RM) $(OBJ)\hx509\*.* + -$(RM) $(DOCDIR)\heimdal.chm + -$(RM) $(DOCDIR)\hx509.chm + +.SUFFIXES: .texi .tin diff --git a/crypto/external/bsd/heimdal/dist/doc/ack.texi b/crypto/external/bsd/heimdal/dist/doc/ack.texi new file mode 100644 index 000000000..56f415f49 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/ack.texi @@ -0,0 +1,101 @@ +@c Id +@c $NetBSD: ack.texi,v 1.1.1.2 2011/04/14 14:08:08 elric Exp $ + +@node Acknowledgments, Copyrights and Licenses, Migration, Top +@comment node-name, next, previous, up +@appendix Acknowledgments + +Eric Young wrote ``libdes''. Heimdal used to use libdes, without it +kth-krb would never have existed. Since there are no longer any Eric +Young code left in the library, we renamed it to libhcrypto. + +All functions in libhcrypto have been re-implemented or used available +public domain code. The core AES function where written by Vincent +Rijmen, Antoon Bosselaers and Paulo Barreto. The core DES SBOX +transformation was written by Richard Outerbridge. @code{imath} that +is used for public key crypto support is written by Michael +J. Fromberger. + +The University of California at Berkeley initially wrote @code{telnet}, +and @code{telnetd}. The authentication and encryption code of +@code{telnet} and @code{telnetd} was added by David Borman (then of Cray +Research, Inc). The encryption code was removed when this was exported +and then added back by Juha Eskelinen. + +The @code{popper} was also a Berkeley program initially. + +Some of the functions in @file{libroken} also come from Berkeley by way +of NetBSD/FreeBSD. + +@code{editline} was written by Simmule Turner and Rich Salz. Heimdal +contains a modifed copy. + +The @code{getifaddrs} implementation for Linux was written by Hideaki +YOSHIFUJI for the Usagi project. + +The @code{pkcs11.h} headerfile was written by the Scute project. + +Bugfixes, documentation, encouragement, and code has been contributed by: +@table @asis +@item Alexander Boström +@item Allan McRae +@item Andrew Bartlett +@item Andrew Cobaugh +@item Andrew Tridge +@item Anton Lundin +@item Asanka Herath +@item Björn Sandell +@item Björn Schlögl +@item Brandon S. Allbery KF8NH +@item Brian A May +@item Chaskiel M Grundman +@item Cizzi Storm +@item Daniel Kouril +@item David Love +@item David Markey +@item Derrick J Brashear +@item Donald Norwood +@item Douglas E Engert +@item Frank van der Linden +@item Guido Günther +@item Harald Barth +@item Jaideep Padhye +@item Jan Rekorajski +@item Jason McIntyre +@item Johan Gadsjö +@item Johan Ihrén +@item John Center +@item Jun-ichiro itojun Hagino +@item KAMADA Ken'ichi +@item Ken Hornstein +@item Magnus Ahltorp +@item Marc Horowitz +@item Mario Strasser +@item Mark Eichin +@item Martin von Gagern +@item Matthias Dieter Wallnöfer +@item Mattias Amnefelt +@item Michael B Allen +@item Michael Fromberger +@item Michal Vocu +@item Milosz Kmieciak +@item Miroslav Ruda +@item Mustafa A. Hashmi +@item Petr Holub +@item Russ Allbery +@item Patrik Lundin +@item Phil Fisher +@item Rafal Malinowski +@item Rainer Toebbicke +@item Richard Nyberg +@item Roman Divacky +@item Sho Hosoda, 細田 将 +@item Stefan Metzmacher +@item Ted Percival +@item Victor Guerra +@item Zeqing Xia +@item Åke Sandgren +@item and we hope that those not mentioned here will forgive us. +@end table + +All bugs were introduced by ourselves. diff --git a/crypto/external/bsd/heimdal/dist/doc/apps.texi b/crypto/external/bsd/heimdal/dist/doc/apps.texi new file mode 100644 index 000000000..a9c42337e --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/apps.texi @@ -0,0 +1,271 @@ +@c Id +@c $NetBSD: apps.texi,v 1.1.1.2 2011/04/14 14:08:08 elric Exp $ + +@node Applications, Things in search for a better place, Setting up a realm, Top + +@chapter Applications + +@menu +* Authentication modules:: +* AFS:: +@end menu + +@node Authentication modules, AFS, Applications, Applications +@section Authentication modules + +The problem of having different authentication mechanisms has been +recognised by several vendors, and several solutions have appeared. In +most cases these solutions involve some kind of shared modules that are +loaded at run-time. Modules for some of these systems can be found in +@file{lib/auth}. Presently there are modules for Digital's SIA, +and IRIX' @code{login} and @code{xdm} (in +@file{lib/auth/afskauthlib}). + +@menu +* Digital SIA:: +* IRIX:: +@end menu + +@node Digital SIA, IRIX, Authentication modules, Authentication modules +@subsection Digital SIA + +How to install the SIA module depends on which OS version you're +running. Tru64 5.0 has a new command, @file{siacfg}, which makes this +process quite simple. If you have this program, you should just be able +to run: +@example +siacfg -a KRB5 /usr/athena/lib/libsia_krb5.so +@end example + +On older versions, or if you want to do it by hand, you have to do the +following (not tested by us on Tru64 5.0): + +@itemize @bullet + +@item +Make sure @file{libsia_krb5.so} is available in +@file{/usr/athena/lib}. If @file{/usr/athena} is not on local disk, you +might want to put it in @file{/usr/shlib} or someplace else. If you do, +you'll have to edit @file{krb5_matrix.conf} to reflect the new location +(you will also have to do this if you installed in some other directory +than @file{/usr/athena}). If you built with shared libraries, you will +have to copy the shared @file{libkrb.so}, @file{libdes.so}, +@file{libkadm.so}, and @file{libkafs.so} to a place where the loader can +find them (such as @file{/usr/shlib}). +@item +Copy (your possibly edited) @file{krb5_matrix.conf} to @file{/etc/sia}. +@item +Apply @file{security.patch} to @file{/sbin/init.d/security}. +@item +Turn on KRB5 security by issuing @kbd{rcmgr set SECURITY KRB5} and +@kbd{rcmgr set KRB5_MATRIX_CONF krb5_matrix.conf}. +@item +Digital thinks you should reboot your machine, but that really shouldn't +be necessary. It's usually sufficient just to run +@kbd{/sbin/init.d/security start} (and restart any applications that use +SIA, like @code{xdm}.) +@end itemize + +Users with local passwords (like @samp{root}) should be able to login +safely. + +When using Digital's xdm the @samp{KRB5CCNAME} environment variable isn't +passed along as it should (since xdm zaps the environment). Instead you +have to set @samp{KRB5CCNAME} to the correct value in +@file{/usr/lib/X11/xdm/Xsession}. Add a line similar to +@example +KRB5CCNAME=FILE:/tmp/krb5cc`id -u`_`ps -o ppid= -p $$`; export KRB5CCNAME +@end example +If you use CDE, @code{dtlogin} allows you to specify which additional +environment variables it should export. To add @samp{KRB5CCNAME} to this +list, edit @file{/usr/dt/config/Xconfig}, and look for the definition of +@samp{exportList}. You want to add something like: +@example +Dtlogin.exportList: KRB5CCNAME +@end example + +@subsubheading Notes to users with Enhanced security + +Digital's @samp{ENHANCED} (C2) security, and Kerberos solve two +different problems. C2 deals with local security, adds better control of +who can do what, auditing, and similar things. Kerberos deals with +network security. + +To make C2 security work with Kerberos you will have to do the +following. + +@itemize @bullet +@item +Replace all occurrences of @file{krb5_matrix.conf} with +@file{krb5+c2_matrix.conf} in the directions above. +@item +You must enable ``vouching'' in the @samp{default} database. This will +make the OSFC2 module trust other SIA modules, so you can login without +giving your C2 password. To do this use @samp{edauth} to edit the +default entry @kbd{/usr/tcb/bin/edauth -dd default}, and add a +@samp{d_accept_alternate_vouching} capability, if not already present. +@item +For each user who does @emph{not} have a local C2 password, you should +set the password expiration field to zero. You can do this for each +user, or in the @samp{default} table. To do this use @samp{edauth} to +set (or change) the @samp{u_exp} capability to @samp{u_exp#0}. +@item +You also need to be aware that the shipped @file{login}, @file{rcp}, and +@file{rshd}, don't do any particular C2 magic (such as checking for +various forms of disabled accounts), so if you rely on those features, +you shouldn't use those programs. If you configure with +@samp{--enable-osfc2}, these programs will, however, set the login +UID. Still: use at your own risk. +@end itemize + +At present @samp{su} does not accept the vouching flag, so it will not +work as expected. + +Also, kerberised ftp will not work with C2 passwords. You can solve this +by using both Digital's ftpd and our on different ports. + +@strong{Remember}, if you do these changes you will get a system that +most certainly does @emph{not} fulfil the requirements of a C2 +system. If C2 is what you want, for instance if someone else is forcing +you to use it, you're out of luck. If you use enhanced security because +you want a system that is more secure than it would otherwise be, you +probably got an even more secure system. Passwords will not be sent in +the clear, for instance. + +@node IRIX, , Digital SIA, Authentication modules +@subsection IRIX + +The IRIX support is a module that is compatible with Transarc's +@file{afskauthlib.so}. It should work with all programs that use this +library. This should include @command{login} and @command{xdm}. + +The interface is not very documented but it seems that you have to copy +@file{libkafs.so}, @file{libkrb.so}, and @file{libdes.so} to +@file{/usr/lib}, or build your @file{afskauthlib.so} statically. + +The @file{afskauthlib.so} itself is able to reside in +@file{/usr/vice/etc}, @file{/usr/afsws/lib}, or the current directory +(wherever that is). + +IRIX 6.4 and newer seem to have all programs (including @command{xdm} and +@command{login}) in the N32 object format, whereas in older versions they +were O32. For it to work, the @file{afskauthlib.so} library has to be in +the same object format as the program that tries to load it. This might +require that you have to configure and build for O32 in addition to the +default N32. + +Apart from this it should ``just work''; there are no configuration +files. + +Note that recent Irix 6.5 versions (at least 6.5.22) have PAM, +including a @file{pam_krb5.so} module. Not all relevant programs use +PAM, though, e.g.@: @command{ssh}. In particular, for console +graphical login you need to turn off @samp{visuallogin} and turn on +@samp{xdm} with @command{chkconfig}. + +@node AFS, , Authentication modules, Applications +@section AFS + +@cindex AFS +AFS is a distributed filesystem that uses Kerberos for authentication. + +@cindex OpenAFS +@cindex Arla +For more information about AFS see OpenAFS +@url{http://www.openafs.org/} and Arla +@url{http://www.stacken.kth.se/projekt/arla/}. + +@subsection kafs and afslog +@cindex afslog + +@manpage{afslog,1} will obtains AFS tokens for a number of cells. What cells to get +tokens for can either be specified as an explicit list, as file paths to +get tokens for, or be left unspecified, in which case will use whatever +magic @manpage{kafs,3} decides upon. + +If not told what cell to get credentials for, @manpage{kafs,3} will +search for the files ThisCell and TheseCells in the locations +specified in @manpage{kafs,3} and try to get tokens for these cells +and the cells specified in $HOME/.TheseCells. + +More usefully it will look at and ~/.TheseCells in your home directory +and for each line which is a cell get afs token for these cells. + +The TheseCells file defines the the cells to which applications on the +local client machine should try to aquire tokens for. It must reside in +the directories searched by @manpage{kafs,3} on every AFS client machine. + +The file is in ASCII format and contains one character string, the cell +name, per line. Cell names are case sensitive, but most cell names +are lower case. + +See manpage for @manpage{kafs,3} for search locations of ThisCell and TheseCells. + +@subsection How to get a KeyFile + +@file{ktutil -k AFSKEYFILE:KeyFile get afs@@MY.REALM} + +or you can extract it with kadmin + +@example +kadmin> ext -k AFSKEYFILE:/usr/afs/etc/KeyFile afs@@My.CELL.NAME +@end example + +You have to make sure you have a @code{des-cbc-md5} encryption type since that +is the enctype that will be converted. + +@subsection How to convert a srvtab to a KeyFile + +You need a @file{/usr/vice/etc/ThisCell} containing the cellname of your +AFS-cell. + +@file{ktutil copy krb4:/root/afs-srvtab AFSKEYFILE:/usr/afs/etc/KeyFile}. + +If keyfile already exists, this will add the new key in afs-srvtab to +KeyFile. + +@section Using 2b tokens with AFS + +@subsection What is 2b ? + +2b is the name of the proposal that was implemented to give basic +Kerberos 5 support to AFS in rxkad. It's not real Kerberos 5 support +since it still uses fcrypt for data encryption and not Kerberos +encryption types. + +Its only possible (in all cases) to do this for DES encryption types +because only then the token (the AFS equivalent of a ticket) will be +smaller than the maximum size that can fit in the token cache in the +OpenAFS/Transarc client. It is a so tight fit that some extra wrapping +on the ASN1/DER encoding is removed from the Kerberos ticket. + +2b uses a Kerberos 5 EncTicketPart instead of a Kerberos 4 ditto for +the part of the ticket that is encrypted with the service's key. The +client doesn't know what's inside the encrypted data so to the client +it doesn't matter. + +To differentiate between Kerberos 4 tickets and Kerberos 5 tickets, 2b +uses a special kvno, 213 for 2b tokens and 255 for Kerberos 5 tokens. + +Its a requirement that all AFS servers that support 2b also support +native Kerberos 5 in rxkad. + +@subsection Configuring a Heimdal kdc to use 2b tokens + +Support for 2b tokens in the kdc are turned on for specific principals +by adding them to the string list option @code{[kdc]use_2b} in the +kdc's @file{krb5.conf} file. + +@example +[kdc] + use_2b = @{ + afs@@SU.SE = yes + afs/it.su.se@@SU.SE = yes + @} +@end example + +@subsection Configuring AFS clients for 2b support + +There is no need to configure AFS clients for 2b support. The only +software that needs to be installed/upgrade is a Kerberos 5 enabled +@file{afslog}. diff --git a/crypto/external/bsd/heimdal/dist/doc/copyright.texi b/crypto/external/bsd/heimdal/dist/doc/copyright.texi new file mode 100644 index 000000000..3f7bc2254 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/copyright.texi @@ -0,0 +1,518 @@ + +@c $NetBSD: copyright.texi,v 1.1.1.1 2011/04/13 18:14:33 elric Exp $ +@macro copynext{} +@vskip 20pt plus 1fil +@end macro + +@macro copyrightstart{} +@end macro + +@macro copyrightend{} +@end macro + + +@node Copyrights and Licenses, , Acknowledgments, Top +@comment node-name, next, previous, up +@appendix Copyrights and Licenses + +@heading Kungliga Tekniska Högskolan + +@copyrightstart +@verbatim + +Copyright (c) 1997-2011 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Portions Copyright (c) 2009 Apple Inc. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading Massachusetts Institute of Technology + +The parts of the libtelnet that handle Kerberos. + +@verbatim + +Copyright (C) 1990 by the Massachusetts Institute of Technology + +Export of this software from the United States of America may +require a specific license from the United States Government. +It is the responsibility of any person or organization contemplating +export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + +@end verbatim +@copynext + +@heading The Regents of the University of California + +The parts of the libroken, most of libtelnet, libeditline, telnet, ftp, +and popper. + +@verbatim + +Copyright (c) 1988, 1990, 1993 + The Regents of the University of California. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading The Regents of the University of California. + +libedit + +@verbatim + +Copyright (c) 1992, 1993 + The Regents of the University of California. All rights reserved. + +This code is derived from software contributed to Berkeley by +Christos Zoulas of Cornell University. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading TomsFastMath / LibTomMath + +Tom's fast math (bignum support) and LibTomMath + +@verbatim + +LibTomMath is hereby released into the Public Domain. + +@end verbatim + +@copynext + +@heading Doug Rabson + +GSS-API mechglue layer. + +@verbatim + +Copyright (c) 2005 Doug Rabson +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading PADL Software Pty Ltd + +@table @asis +@item CFX implementation for GSS-API krb5 mech. +@item KCM credential cache. +@end table + +@verbatim + +Copyright (c) 2003, PADL Software Pty Ltd. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of PADL Software nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading Marko Kreen + +Fortuna in libhcrypto + +@verbatim + +Copyright (c) 2005 Marko Kreen +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading NTT (Nippon Telegraph and Telephone Corporation) + +Camellia in libhcrypto + +@verbatim + +Copyright (c) 2006,2007 +NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer as + the first lines of this file unmodified. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +@end verbatim +@copynext + +@heading The NetBSD Foundation, Inc. + +vis.c in libroken + +@verbatim + +Copyright (c) 1999, 2005 The NetBSD Foundation, Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +@end verbatim +@copynext + +@heading Vincent Rijmen, Antoon Bosselaers, Paulo Barreto + +AES in libhcrypto + +@verbatim + +rijndael-alg-fst.c + +@version 3.0 (December 2000) + +Optimised ANSI C code for the Rijndael cipher (now AES) + +@author Vincent Rijmen +@author Antoon Bosselaers +@author Paulo Barreto + +This code is hereby placed in the public domain. + +THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS +OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +@end verbatim +@copynext + +@heading Apple, Inc + +kdc/announce.c + +@verbatim + +Copyright (c) 2008 Apple Inc. All Rights Reserved. + +Export of this software from the United States of America may require +a specific license from the United States Government. It is the +responsibility of any person or organization contemplating export to +obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of Apple Inc. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. Apple Inc. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + +@end verbatim + +@copynext + +@heading Richard Outerbridge + +DES core in libhcrypto + +@verbatim + +D3DES (V5.09) - + +A portable, public domain, version of the Data Encryption Standard. + +Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. +Thanks to: Dan Hoey for his excellent Initial and Inverse permutation +code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis +Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, +for humouring me on. + +Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. +(GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. + + +@end verbatim + +@copynext + +@heading Secure Endpoints Inc + +Windows support + +@verbatim + +Copyright (c) 2009, Secure Endpoints Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +- Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +- Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. + +@end verbatim + +@copynext + +@heading Novell, Inc + +lib/hcrypto/test_dh.c + +@verbatim + +Copyright (c) 2007, Novell, Inc. +Author: Matthias Koenig + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +* Neither the name of the Novell nor the names of its contributors may be used + to endorse or promote products derived from this software without specific + prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + + +@end verbatim + +@copyrightend diff --git a/crypto/external/bsd/heimdal/dist/doc/doxytmpl.dxy b/crypto/external/bsd/heimdal/dist/doc/doxytmpl.dxy new file mode 100644 index 000000000..a16b0d8ce --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/doxytmpl.dxy @@ -0,0 +1,256 @@ +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- +DOXYFILE_ENCODING = UTF-8 +CREATE_SUBDIRS = NO +OUTPUT_LANGUAGE = English +BRIEF_MEMBER_DESC = YES +REPEAT_BRIEF = YES +ABBREVIATE_BRIEF = "The $name class " \ + "The $name widget " \ + "The $name file " \ + is \ + provides \ + specifies \ + contains \ + represents \ + a \ + an \ + the +ALWAYS_DETAILED_SEC = NO +INLINE_INHERITED_MEMB = NO +FULL_PATH_NAMES = YES +STRIP_FROM_PATH = /Applications/ +STRIP_FROM_INC_PATH = +SHORT_NAMES = NO +JAVADOC_AUTOBRIEF = NO +QT_AUTOBRIEF = NO +MULTILINE_CPP_IS_BRIEF = NO +DETAILS_AT_TOP = NO +INHERIT_DOCS = YES +SEPARATE_MEMBER_PAGES = NO +TAB_SIZE = 8 +ALIASES = +OPTIMIZE_OUTPUT_FOR_C = YES +OPTIMIZE_OUTPUT_JAVA = NO +BUILTIN_STL_SUPPORT = NO +CPP_CLI_SUPPORT = NO +DISTRIBUTE_GROUP_DOC = NO +SUBGROUPING = YES +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- +EXTRACT_ALL = NO +EXTRACT_PRIVATE = NO +EXTRACT_STATIC = NO +EXTRACT_LOCAL_CLASSES = YES +EXTRACT_LOCAL_METHODS = NO +EXTRACT_ANON_NSPACES = NO +HIDE_UNDOC_MEMBERS = YES +HIDE_UNDOC_CLASSES = YES +HIDE_FRIEND_COMPOUNDS = NO +HIDE_IN_BODY_DOCS = NO +INTERNAL_DOCS = NO +CASE_SENSE_NAMES = NO +HIDE_SCOPE_NAMES = NO +SHOW_INCLUDE_FILES = YES +INLINE_INFO = YES +SORT_MEMBER_DOCS = YES +SORT_BRIEF_DOCS = NO +SORT_BY_SCOPE_NAME = NO +GENERATE_TODOLIST = YES +GENERATE_TESTLIST = YES +GENERATE_BUGLIST = YES +GENERATE_DEPRECATEDLIST= YES +ENABLED_SECTIONS = +MAX_INITIALIZER_LINES = 30 +SHOW_USED_FILES = YES +SHOW_DIRECTORIES = NO +FILE_VERSION_FILTER = +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- +QUIET = YES +WARNINGS = YES +WARN_IF_DOC_ERROR = YES +WARN_NO_PARAMDOC = YES +WARN_FORMAT = "$file:$line: $text " +WARN_LOGFILE = +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- +INPUT_ENCODING = UTF-8 +FILE_PATTERNS = *.c \ + *.cc \ + *.cxx \ + *.cpp \ + *.c++ \ + *.d \ + *.java \ + *.ii \ + *.ixx \ + *.ipp \ + *.i++ \ + *.inl \ + *.h \ + *.hh \ + *.hxx \ + *.hpp \ + *.h++ \ + *.idl \ + *.odl \ + *.cs \ + *.php \ + *.php3 \ + *.inc \ + *.m \ + *.mm \ + *.dox \ + *.py +RECURSIVE = YES +EXCLUDE = +EXCLUDE_SYMLINKS = NO +EXCLUDE_PATTERNS = */.svn +EXCLUDE_SYMBOLS = +EXAMPLE_PATTERNS = * +EXAMPLE_RECURSIVE = NO +IMAGE_PATH = +INPUT_FILTER = +FILTER_PATTERNS = +FILTER_SOURCE_FILES = NO +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- +SOURCE_BROWSER = NO +INLINE_SOURCES = NO +STRIP_CODE_COMMENTS = YES +REFERENCED_BY_RELATION = NO +REFERENCES_RELATION = NO +REFERENCES_LINK_SOURCE = YES +USE_HTAGS = NO +VERBATIM_HEADERS = NO +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- +ALPHABETICAL_INDEX = NO +COLS_IN_ALPHA_INDEX = 5 +IGNORE_PREFIX = +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- +GENERATE_HTML = YES +HTML_OUTPUT = html +HTML_FILE_EXTENSION = .html +HTML_STYLESHEET = +HTML_ALIGN_MEMBERS = YES +GENERATE_HTMLHELP = NO +HTML_DYNAMIC_SECTIONS = NO +CHM_FILE = +HHC_LOCATION = +GENERATE_CHI = NO +BINARY_TOC = NO +TOC_EXPAND = NO +DISABLE_INDEX = NO +ENUM_VALUES_PER_LINE = 4 +GENERATE_TREEVIEW = NO +TREEVIEW_WIDTH = 250 +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- +GENERATE_LATEX = NO +LATEX_OUTPUT = latex +LATEX_CMD_NAME = latex +MAKEINDEX_CMD_NAME = makeindex +COMPACT_LATEX = NO +PAPER_TYPE = a4wide +EXTRA_PACKAGES = +LATEX_HEADER = +PDF_HYPERLINKS = NO +USE_PDFLATEX = NO +LATEX_BATCHMODE = NO +LATEX_HIDE_INDICES = NO +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- +GENERATE_RTF = NO +RTF_OUTPUT = rtf +COMPACT_RTF = NO +RTF_HYPERLINKS = NO +RTF_STYLESHEET_FILE = +RTF_EXTENSIONS_FILE = +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- +GENERATE_MAN = YES +MAN_OUTPUT = man +MAN_EXTENSION = .3 +MAN_LINKS = YES +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- +GENERATE_XML = NO +XML_OUTPUT = xml +XML_SCHEMA = +XML_DTD = +XML_PROGRAMLISTING = YES +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- +GENERATE_AUTOGEN_DEF = NO +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- +GENERATE_PERLMOD = NO +PERLMOD_LATEX = NO +PERLMOD_PRETTY = YES +PERLMOD_MAKEVAR_PREFIX = +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- +ENABLE_PREPROCESSING = YES +MACRO_EXPANSION = NO +EXPAND_ONLY_PREDEF = NO +SEARCH_INCLUDES = YES +INCLUDE_PATH = +INCLUDE_FILE_PATTERNS = +PREDEFINED = +EXPAND_AS_DEFINED = +SKIP_FUNCTION_MACROS = YES +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- +TAGFILES = +GENERATE_TAGFILE = +ALLEXTERNALS = NO +EXTERNAL_GROUPS = YES +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- +CLASS_DIAGRAMS = NO +MSCGEN_PATH = /Applications/Doxygen.app/Contents/Resources/ +HIDE_UNDOC_RELATIONS = YES +HAVE_DOT = YES +CLASS_GRAPH = YES +COLLABORATION_GRAPH = YES +GROUP_GRAPHS = YES +UML_LOOK = NO +TEMPLATE_RELATIONS = NO +INCLUDE_GRAPH = YES +INCLUDED_BY_GRAPH = YES +CALL_GRAPH = NO +CALLER_GRAPH = NO +GRAPHICAL_HIERARCHY = YES +DIRECTORY_GRAPH = YES +DOT_IMAGE_FORMAT = png +DOT_PATH = /Applications/Doxygen.app/Contents/Resources/ +DOTFILE_DIRS = +DOT_GRAPH_MAX_NODES = 50 +MAX_DOT_GRAPH_DEPTH = 1000 +DOT_TRANSPARENT = NO +DOT_MULTI_TARGETS = NO +GENERATE_LEGEND = YES +DOT_CLEANUP = YES +#--------------------------------------------------------------------------- +# Configuration::additions related to the search engine +#--------------------------------------------------------------------------- +SEARCHENGINE = NO diff --git a/crypto/external/bsd/heimdal/dist/doc/footer.html b/crypto/external/bsd/heimdal/dist/doc/footer.html new file mode 100644 index 000000000..48990aeb8 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/footer.html @@ -0,0 +1,4 @@ +
    +Generated on $datetime for $projectname by doxygen $doxygenversion
    + + diff --git a/crypto/external/bsd/heimdal/dist/doc/gssapi.din b/crypto/external/bsd/heimdal/dist/doc/gssapi.din new file mode 100644 index 000000000..3dd8bb612 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/gssapi.din @@ -0,0 +1,16 @@ +# Doxyfile 1.5.3 + +PROJECT_NAME = Heimdal GSS-API library +PROJECT_NUMBER = @PACKAGE_VERSION@ +OUTPUT_DIRECTORY = @srcdir@/doxyout/gssapi +INPUT = @srcdir@/../lib/gssapi + +WARN_IF_UNDOCUMENTED = NO + +PERL_PATH = /usr/bin/perl + +HTML_HEADER = "@srcdir@/header.html" +HTML_FOOTER = "@srcdir@/footer.html" + +@INCLUDE = "@srcdir@/doxytmpl.dxy" + diff --git a/crypto/external/bsd/heimdal/dist/doc/hcrypto.din b/crypto/external/bsd/heimdal/dist/doc/hcrypto.din new file mode 100644 index 000000000..aeea17921 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/hcrypto.din @@ -0,0 +1,16 @@ +# Doxyfile 1.5.3 + +PROJECT_NAME = "Heimdal crypto library" +PROJECT_NUMBER = @PACKAGE_VERSION@ +OUTPUT_DIRECTORY = @srcdir@/doxyout/hcrypto +INPUT = @srcdir@/../lib/hcrypto +EXAMPLE_PATH = @srcdir@/../lib/hcrypto + +WARN_IF_UNDOCUMENTED = YES + +PERL_PATH = /usr/bin/perl + +HTML_HEADER = "@srcdir@/header.html" +HTML_FOOTER = "@srcdir@/footer.html" + +@INCLUDE = "@srcdir@/doxytmpl.dxy" diff --git a/crypto/external/bsd/heimdal/dist/doc/hdb.din b/crypto/external/bsd/heimdal/dist/doc/hdb.din new file mode 100644 index 000000000..1b100f46f --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/hdb.din @@ -0,0 +1,15 @@ +# Doxyfile 1.5.3 + +PROJECT_NAME = Heimdal hdb library +PROJECT_NUMBER = @PACKAGE_VERSION@ +OUTPUT_DIRECTORY = @srcdir@/doxyout/hdb +INPUT = @srcdir@/../lib/hdb + +WARN_IF_UNDOCUMENTED = YES + +PERL_PATH = /usr/bin/perl + +HTML_HEADER = "@srcdir@/header.html" +HTML_FOOTER = "@srcdir@/footer.html" + +@INCLUDE = "@srcdir@/doxytmpl.dxy" diff --git a/crypto/external/bsd/heimdal/dist/doc/header.html b/crypto/external/bsd/heimdal/dist/doc/header.html new file mode 100644 index 000000000..b3401c8b8 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/header.html @@ -0,0 +1,10 @@ + + +$title + + + +

    +keyhole logo +

    + diff --git a/crypto/external/bsd/heimdal/dist/doc/heimdal.css b/crypto/external/bsd/heimdal/dist/doc/heimdal.css new file mode 100644 index 000000000..2e5b374f1 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/heimdal.css @@ -0,0 +1,53 @@ +body { + color: black; + background-color: #fdfdfd; + font-family: serif; + max-width: 40em; +} +h1, h2, h3 { + font-family: sans-serif; + font-weight: bold; +} +h1 { + padding: 0.5em 0 0.5em 5%; + color: white; + background: #3366cc; + border-bottom: solid 1px black; +} +h1 { + font-size: 200%; +} +h2 { + font-size: 150%; +} +h3 { + font-size: 120%; +} +h4 { + font-weight: bold; +} +pre.example { + margin-left: 2em; + padding: 1em 0em; + border: 2px dashed #c0c0c0; + background: #f0f0f0; +} +a:link { + color: blue; + text-decoration: none; +} +a:visited { + color: red; + text-decoration: none +} +a:hover { + text-decoration: underline +} +span.literal { + font-family: monospace; +} +hr { + border-style: none; + background-color: black; + height: 1px; +} diff --git a/crypto/external/bsd/heimdal/dist/doc/heimdal.hhp b/crypto/external/bsd/heimdal/dist/doc/heimdal.hhp new file mode 100644 index 000000000..2996baa2f --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/heimdal.hhp @@ -0,0 +1,8 @@ +[OPTIONS] +Compatibility=1.1 or later +Compiled file=heimdal.chm +Contents file=toc.hhc +Default topic=index.html +Display compile progress=No +Language=0x409 English (United States) +Title=Heimdal \ No newline at end of file diff --git a/crypto/external/bsd/heimdal/dist/doc/heimdal.texi b/crypto/external/bsd/heimdal/dist/doc/heimdal.texi new file mode 100644 index 000000000..71818cf06 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/heimdal.texi @@ -0,0 +1,150 @@ +\input texinfo @c -*- texinfo -*- +@c $NetBSD: heimdal.texi,v 1.1.1.2 2011/04/14 14:08:08 elric Exp $ +@c %**start of header +@c Id +@setfilename heimdal.info +@settitle HEIMDAL +@iftex +@afourpaper +@end iftex +@c some sensible characters, please? +@tex +\input latin1.tex +@end tex +@setchapternewpage on +@syncodeindex pg cp +@c %**end of header + +@include vars.texi + +@set VERSION @value{PACKAGE_VERSION} +@set EDITION 1.0 + +@ifinfo +@dircategory Security +@direntry +* Heimdal: (heimdal). The Kerberos 5 distribution from KTH +@end direntry +@end ifinfo + +@c title page +@titlepage +@title Heimdal +@subtitle Kerberos 5 from KTH +@subtitle Edition @value{EDITION}, for version @value{VERSION} +@subtitle 2008 +@author Johan Danielsson +@author Love Hörnquist Åstrand +@author Assar Westerlund + +@end titlepage + +@macro manpage{man, section} +@cite{\man\(\section\)} +@end macro + +@c Less filling! Tastes great! +@iftex +@parindent=0pt +@global@parskip 6pt plus 1pt +@global@chapheadingskip = 15pt plus 4pt minus 2pt +@global@secheadingskip = 12pt plus 3pt minus 2pt +@global@subsecheadingskip = 9pt plus 2pt minus 2pt +@end iftex +@ifinfo +@paragraphindent 0 +@end ifinfo + +@ifnottex +@node Top, Introduction, (dir), (dir) +@top Heimdal +@end ifnottex + +This manual for version @value{VERSION} of Heimdal. + +@menu +* Introduction:: +* What is Kerberos?:: +* Building and Installing:: +* Setting up a realm:: +* Applications:: +* Things in search for a better place:: +* Kerberos 4 issues:: +* Windows compatibility:: +* Programming with Kerberos:: +* Migration:: +* Acknowledgments:: +* Copyrights and Licenses:: + +@detailmenu + --- The Detailed Node Listing --- + +Setting up a realm + +* Configuration file:: +* Creating the database:: +* Modifying the database:: +* keytabs:: +* Serving Kerberos 4/524/kaserver:: +* Remote administration:: +* Password changing:: +* Testing clients and servers:: +* Slave Servers:: +* Incremental propagation:: +* Encryption types and salting:: +* Credential cache server - KCM:: +* Cross realm:: +* Transit policy:: +* Setting up DNS:: +* Using LDAP to store the database:: +* Providing Kerberos credentials to servers and programs:: +* Setting up PK-INIT:: + +Applications + +* Authentication modules:: +* AFS:: + +Authentication modules + +* Digital SIA:: +* IRIX:: + +Kerberos 4 issues + +* Principal conversion issues:: +* Converting a version 4 database:: +* kaserver:: + +Windows compatibility + +* Configuring Windows to use a Heimdal KDC:: +* Inter-Realm keys (trust) between Windows and a Heimdal KDC:: +* Create account mappings:: +* Encryption types:: +* Authorisation data:: +* Quirks of Windows 2000 KDC:: +* Useful links when reading about the Windows:: + +Programming with Kerberos + +@end detailmenu +@end menu + +@include intro.texi +@include whatis.texi +@include install.texi +@include setup.texi +@include apps.texi +@include misc.texi +@include kerberos4.texi +@include win2k.texi +@include programming.texi +@include migration.texi +@include ack.texi +@include copyright.texi + +@c @shortcontents +@contents + +@bye diff --git a/crypto/external/bsd/heimdal/dist/doc/hx509.din b/crypto/external/bsd/heimdal/dist/doc/hx509.din new file mode 100644 index 000000000..c6d02b287 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/hx509.din @@ -0,0 +1,15 @@ +# Doxyfile 1.5.3 + +PROJECT_NAME = Heimdal x509 library +PROJECT_NUMBER = @PACKAGE_VERSION@ +OUTPUT_DIRECTORY = @srcdir@/doxyout/hx509 +INPUT = @srcdir@/../lib/hx509 + +WARN_IF_UNDOCUMENTED = YES + +PERL_PATH = /usr/bin/perl + +HTML_HEADER = "@srcdir@/header.html" +HTML_FOOTER = "@srcdir@/footer.html" + +@INCLUDE = "@srcdir@/doxytmpl.dxy" diff --git a/crypto/external/bsd/heimdal/dist/doc/hx509.hhp b/crypto/external/bsd/heimdal/dist/doc/hx509.hhp new file mode 100644 index 000000000..bce680aa9 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/hx509.hhp @@ -0,0 +1,8 @@ +[OPTIONS] +Compatibility=1.1 or later +Compiled file=hx509.chm +Contents file=toc.hhc +Default topic=index.html +Display compile progress=No +Language=0x409 English (United States) +Title=HX509 \ No newline at end of file diff --git a/crypto/external/bsd/heimdal/dist/doc/hx509.texi b/crypto/external/bsd/heimdal/dist/doc/hx509.texi new file mode 100644 index 000000000..45f79d7a9 --- /dev/null +++ b/crypto/external/bsd/heimdal/dist/doc/hx509.texi @@ -0,0 +1,758 @@ +\input texinfo @c -*- texinfo -*- +@c $NetBSD: hx509.texi,v 1.1.1.2 2011/04/14 14:08:08 elric Exp $ +@c %**start of header +@c Id +@setfilename hx509.info +@settitle HX509 +@iftex +@afourpaper +@end iftex +@c some sensible characters, please? +@tex +\input latin1.tex +@end tex +@setchapternewpage on +@syncodeindex pg cp +@c %**end of header + +@include vars.texi + +@set VERSION @value{PACKAGE_VERSION} +@set EDITION 1.0 + +@ifinfo +@dircategory Security +@direntry +* hx509: (hx509). The X.509 distribution from KTH +@end direntry +@end ifinfo + +@c title page +@titlepage +@title HX509 +@subtitle X.509 distribution from KTH +@subtitle Edition @value{EDITION}, for version @value{VERSION} +@subtitle 2008 +@author Love Hörnquist Åstrand + +@def@copynext{@vskip 20pt plus 1fil} +@def@copyrightstart{} +@def@copyrightend{} +@page +@copyrightstart +Copyright (c) 1994-2008 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@copynext + +Copyright (c) 1988, 1990, 1993 + The Regents of the University of California. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@copynext + +Copyright 1992 Simmule Turner and Rich Salz. All rights reserved. + +This software is not subject to any license of the American Telephone +and Telegraph Company or of the Regents of the University of California. + +Permission is granted to anyone to use this software for any purpose on +any computer system, and to alter it and redistribute it freely, subject +to the following restrictions: + +1. The authors are not responsible for the consequences of use of this + software, no matter how awful, even if they arise from flaws in it. + +2. The origin of this software must not be misrepresented, either by + explicit claim or by omission. Since few users ever read sources, + credits must appear in the documentation. + +3. Altered versions must be plainly marked as such, and must not be + misrepresented as being the original software. Since few users + ever read sources, credits must appear in the documentation. + +4. This notice may not be removed or altered. + +@copynext + +IMath is Copyright 2002-2005 Michael J. Fromberger +You may use it subject to the following Licensing Terms: + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +@copyrightend +@end titlepage + +@macro manpage{man, section} +@cite{\man\(\section\)} +@end macro + +@c Less filling! Tastes great! +@iftex +@parindent=0pt +@global@parskip 6pt plus 1pt +@global@chapheadingskip = 15pt plus 4pt minus 2pt +@global@secheadingskip = 12pt plus 3pt minus 2pt +@global@subsecheadingskip = 9pt plus 2pt minus 2pt +@end iftex +@ifinfo +@paragraphindent 0 +@end ifinfo + +@ifnottex +@node Top, Introduction, (dir), (dir) +@top Heimdal +@end ifnottex + +This manual is for version @value{VERSION} of hx509. + +@menu +* Introduction:: +* What is X.509 ?:: +* Setting up a CA:: +* CMS signing and encryption:: +* Certificate matching:: +* Software PKCS 11 module:: + +@detailmenu + --- The Detailed Node Listing --- + +Setting up a CA + +@c * Issuing certificates:: +* Creating a CA certificate:: +* Issuing certificates:: +* Issuing CRLs:: +@c * Issuing a proxy certificate:: +@c * Creating a user certificate:: +@c * Validating a certificate:: +@c * Validating a certificate path:: +* Application requirements:: + +CMS signing and encryption + +* CMS background:: + +Certificate matching + +* Matching syntax:: + +Software PKCS 11 module + +* How to use the PKCS11 module:: + +@end detailmenu +@end menu + +@node Introduction, What is X.509 ?, Top, Top +@chapter Introduction + +The goals of a PKI infrastructure (as defined in +RFC 3280) is to meet +@emph{the needs of deterministic, automated identification, authentication, access control, and authorization}. + + +The administrator should be aware of certain terminologies as explained by the aforementioned +RFC before attemping to put in place a PKI infrastructure. Briefly, these are: + +@itemize @bullet +@item CA +Certificate Authority +@item RA +Registration Authority, i.e., an optional system to which a CA delegates certain management functions. +@item CRL Issuer +An optional system to which a CA delegates the publication of certificate revocation lists. +@item Repository +A system or collection of distributed systems that stores certificates and CRLs +and serves as a means of distributing these certificates and CRLs to end entities +@end itemize + +hx509 (Heimdal x509 support) is a near complete X.509 stack that can +handle CMS messages (crypto system used in S/MIME and Kerberos PK-INIT) +and basic certificate processing tasks, path construction, path +validation, OCSP and CRL validation, PKCS10 message construction, CMS +Encrypted (shared secret encrypted), CMS SignedData (certificate +signed), and CMS EnvelopedData (certificate encrypted). + +hx509 can use PKCS11 tokens, PKCS12 files, PEM files, and/or DER encoded +files. + +@node What is X.509 ?, Setting up a CA, Introduction, Top +@chapter What is X.509, PKIX, PKCS7 and CMS ? + +X.509 was created by CCITT (later ITU) for the X.500 directory +service. Today, X.509 discussions and implementations commonly reference +the IETF's PKIX Certificate and CRL Profile of the X.509 v3 certificate +standard, as specified in RFC 3280. + +ITU continues to develop the X.509 standard together with the IETF in a +rather complicated dance. + +X.509 is a public key based security system that has associated data +stored within a so called certificate. Initially, X.509 was a strict +hierarchical system with one root. However, ever evolving requiments and +technology advancements saw the inclusion of multiple policy roots, +bridges and mesh solutions. + +x.509 can also be used as a peer to peer system, though often seen as a +common scenario. + +@section Type of certificates + +There are several flavors of certificate in X.509. + +@itemize @bullet + +@item Trust anchors + +Trust anchors are strictly not certificates, but commonly stored in a +certificate format as they become easier to manage. Trust anchors are +the keys that an end entity would trust to validate other certificates. +This is done by building a path from the certificate you want to +validate to to any of the trust anchors you have. + +@item End Entity (EE) certificates + +End entity certificates are the most common types of certificates. End +entity certificates cannot issue (sign) certificate themselves and are generally +used to authenticate and authorize users and services. + +@item Certification Authority (CA) certificates + +Certificate authority certificates have the right to issue additional +certificates (be it sub-ordinate CA certificates to build an trust anchors +or end entity certificates). There is no limit to how many certificates a CA +may issue, but there might other restrictions, like the maximum path +depth. + +@item Proxy certificates + +Remember the statement "End Entity certificates cannot issue +certificates"? Well that statement is not entirely true. There is an +extension called proxy certificates defined in RFC3820, that allows +certificates to be issued by end entity certificates. The service that +receives the proxy certificates must have explicitly turned on support +for proxy certificates, so their use is somewhat limited. + +Proxy certificates can be limited by policies stored in the certificate to +what they can be used for. This allows users to delegate the proxy +certificate to services (by sending over the certificate and private +key) so the service can access services on behalf of the user. + +One example of this would be a print service. The user wants to print a +large job in the middle of the night when the printer isn't used that +much, so the user creates a proxy certificate with the policy that it +can only be used to access files related to this print job, creates the +print job description and send both the description and proxy +certificate with key over to print service. Later at night when the +print service initializes (without any user intervention), access to the files +for the print job is granted via the proxy certificate. As a result of (in-place) +policy limitations, the certificate cannot be used for any other purposes. + +@end itemize + +@section Building a path + +Before validating a certificate path (or chain), the path needs to be +constructed. Given a certificate (EE, CA, Proxy, or any other type), +the path construction algorithm will try to find a path to one of the +trust anchors. + +The process starts by looking at the issuing CA of the certificate, by +Name or Key Identifier, and tries to find that certificate while at the +same time evaluting any policies in-place. + +@node Setting up a CA, Creating a CA certificate, What is X.509 ?, Top +@chapter Setting up a CA + +Do not let information overload scare you off! If you are simply testing +or getting started with a PKI infrastructure, skip all this and go to +the next chapter (see: @pxref{Creating a CA certificate}). + +Creating a CA certificate should be more the just creating a +certificate, CA's should define a policy. Again, if you are simply +testing a PKI, policies do not matter so much. However, when it comes to +trust in an organisation, it will probably matter more whom your users +and sysadmins will find it acceptable to trust. + +At the same time, try to keep things simple, it's not very hard to run a +Certificate authority and the process to get new certificates should be simple. + +You may find it helpful to answer the following policy questions for +your organization at a later stage: + +@itemize @bullet +@item How do you trust your CA. +@item What is the CA responsibility. +@item Review of CA activity. +@item How much process should it be to issue certificate. +@item Who is allowed to issue certificates. +@item Who is allowed to requests certificates. +@item How to handle certificate revocation, issuing CRLs and maintain OCSP services. +@end itemize + +@node Creating a CA certificate, Issuing certificates, Setting up a CA, Top +@section Creating a CA certificate + +This section describes how to create a CA certificate and what to think +about. + +@subsection Lifetime CA certificate + +You probably want to create a CA certificate with a long lifetime, 10 +years at the very minimum. This is because you don't want to push out the +certificate (as a trust anchor) to all you users again when the old +CA certificate expires. Although a trust anchor can't really expire, not all +software works in accordance with published standards. + +Keep in mind the security requirements might be different 10-20 years +into the future. For example, SHA1 is going to be withdrawn in 2010, so +make sure you have enough buffering in your choice of digest/hash +algorithms, signature algorithms and key lengths. + +@subsection Create a CA certificate + +This command below can be used to generate a self-signed CA certificate. + +@example +hxtool issue-certificate \ + --self-signed \ + --issue-ca \ + --generate-key=rsa \ + --subject="CN=CertificateAuthority,DC=test,DC=h5l,DC=se" \ + --lifetime=10years \ + --certificate="FILE:ca.pem" +@end example + +@subsection Extending the lifetime of a CA certificate + +You just realised that your CA certificate is going to expire soon and +that you need replace it with a new CA. The easiest way to do that +is to extend the lifetime of your existing CA certificate. + +The example below will extend the CA certificate's lifetime by 10 years. +You should compare this new certificate if it contains all the +special tweaks as the old certificate had. + +@example +hxtool issue-certificate \ + --self-signed \ + --issue-ca \ + --lifetime="10years" \ + --template-certificate="FILE:ca.pem" \ + --template-fields="serialNumber,notBefore,subject,SPKI" \ + --ca-private-key=FILE:ca.pem \ + --certificate="FILE:new-ca.pem" +@end example + +@subsection Subordinate CA + +This example below creates a new subordinate certificate authority. + +@example +hxtool issue-certificate \ + --ca-certificate=FILE:ca.pem \ + --issue-ca \ + --generate-key=rsa \ + --subject="CN=CertificateAuthority,DC=dev,DC=test,DC=h5l,DC=se" \ + --certificate="FILE:dev-ca.pem" +@end example + + +@node Issuing certificates, Issuing CRLs, Creating a CA certificate, Top +@section Issuing certificates + +First you'll create a CA certificate, after that you have to deal with +your users and servers and issue certificates to them. + +@c I think this section needs a bit of clarity. Can I add a separate +@c section which explains CSRs as well? + + +@itemize @bullet + +@item Do all the work themself + +Generate the key for the user. This has the problme that the the CA +knows the private key of the user. For a paranoid user this might leave +feeling of disconfort. + +@item Have the user do part of the work + +Receive PKCS10 certificate requests fromusers. PKCS10 is a request for a +certificate. The user may specify what DN they want as well as provide +a certificate signing request (CSR). To prove the user have the key, +the whole request is signed by the private key of the user. + +@end itemize + +@subsection Name space management + +@c The explanation given below is slightly unclear. I will re-read the +@c RFC and document accordingly + +What people might want to see. + +Re-issue certificates just because people moved within the organization. + +Expose privacy information. + +Using Sub-component name (+ notation). + +@subsection Certificate Revocation, CRL and OCSP + +Certificates that a CA issues may need to be revoked at some stage. As +an example, an employee leaves the organization and does not bother +handing in his smart card (or even if the smart card is handed back -- +the certificate on it must no longer be acceptable to services; the +employee has left). + +You may also want to revoke a certificate for a service which is no +longer being offered on your network. Overlooking these scenarios can +lead to security holes which will quickly become a nightmare to deal +with. + +There are two primary protocols for dealing with certificate +revokation. Namely: + +@itemize @bullet +@item Certificate Revocation List (CRL) +@item Online Certificate Status Protocol (OCSP) +@end itemize + +If however the certificate in qeustion has been destroyed, there is no +need to revoke the certificate because it can not be used by someone +else. This matter since for each certificate you add to CRL, the +download time and processing time for clients are longer. + +CRLs and OCSP responders however greatly help manage compatible services +which may authenticate and authorize users (or services) on an on-going +basis. As an example, VPN connectivity established via certificates for +connecting clients would require your VPN software to make use of a CRL +or an OCSP service to ensure revoked certificates belonging to former +clients are not allowed access to (formerly subscribed) network +services. + + +@node Issuing CRLs, Application requirements, Issuing certificates, Top +@section Issuing CRLs + +Create an empty CRL with no certificates revoked. Default expiration +value is one year from now. + +@example +hxtool crl-sign \ + --crl-file=crl.der \ + --signer=FILE:ca.pem +@end example + +Create a CRL with all certificates in the directory +@file{/path/to/revoked/dir} included in the CRL as revoked. Also make +it expire one month from now. + +@example +hxtool crl-sign \ + --crl-file=crl.der \ + --signer=FILE:ca.pem \ + --lifetime='1 month' \ + DIR:/path/to/revoked/dir +@end example + +@node Application requirements, CMS signing and encryption, Issuing CRLs, Top +@section Application requirements + +Application place different requirements on certificates. This section +tries to expand what they are and how to use hxtool to generate +certificates for those services. + +@subsection HTTPS - server + +@example +hxtool issue-certificate \ + --subject="CN=www.test.h5l.se,DC=test,DC=h5l,DC=se" \ + --type="https-server" \ + --hostname="www.test.h5l.se" \ + --hostname="www2.test.h5l.se" \ + ... +@end example + +@subsection HTTPS - client + +@example +hxtool issue-certificate \ + --subject="UID=testus,DC=test,DC=h5l,DC=se" \ + --type="https-client" \ + ... +@end example + +@subsection S/MIME - email + +There are two things that should be set in S/MIME certificates, one or +more email addresses and an extended eku usage (EKU), emailProtection. + +The email address format used in S/MIME certificates is defined in +RFC2822, section 3.4.1 and it should be an ``addr-spec''. + +There are two ways to specifify email address in certificates. The old +way is in the subject distinguished name, @emph{this should not be used}. The +new way is using a Subject Alternative Name (SAN). + +Even though the email address is stored in certificates, they don't need +to be, email reader programs are required to accept certificates that +doesn't have either of the two methods of storing email in certificates +-- in which case, the email client will try to protect the user by +printing the name of the certificate instead. + +S/MIME certificate can be used in another special way. They can be +issued with a NULL subject distinguished name plus the email in SAN, +this is a valid certificate. This is used when you wont want to share +more information then you need to. + +hx509 issue-certificate supports adding the email SAN to certificate by +using the --email option, --email also gives an implicit emailProtection +eku. If you want to create an certificate without an email address, the +option --type=email will add the emailProtection EKU. + +@example +hxtool issue-certificate \ + --subject="UID=testus-email,DC=test,DC=h5l,DC=se" \ + --type=email \ + --email="testus@@test.h5l.se" \ + ... +@end example + +An example of an certificate without and subject distinguished name with +an email address in a SAN. + +@example +hxtool issue-certificate \ + --subject="" \ + --type=email \ + --email="testus@@test.h5l.se" \ + ... +@end example + +@subsection PK-INIT + +A PK-INIT infrastructure allows users and services to pick up kerberos +credentials (tickets) based on their certificate. This, for example, +allows users to authenticate to their desktops using smartcards while +acquiring kerberos tickets in the process. + +As an example, an office network which offers centrally controlled +desktop logins, mail, messaging (xmpp) and openafs would give users +single sign-on facilities via smartcard based logins. Once the kerberos +ticket has been acquired, all kerberized services would immediately +become accessible based on deployed security policies. + +Let's go over the process of initializing a demo PK-INIT framework: + +@example +hxtool issue-certificate \ + --type="pkinit-kdc" \ + --pk-init-principal="krbtgt/TEST.H5L.SE@@TEST.H5L.SE" \ + --hostname=kerberos.test.h5l.se \ + --ca-certificate="FILE:ca.pem,ca.key" \ + --generate-key=rsa \ + --certificate="FILE:kdc.pem" \ + --subject="cn=kdc" +@end example + +How to create a certificate for a user. + +@example +hxtool issue-certificate \ + --type="pkinit-client" \ + --pk-init-principal="user@@TEST.H5L.SE" \ + --ca-certificate="FILE:ca.pem,ca.key" \ + --generate-key=rsa \ + --subject="cn=Test User" \ + --certificate="FILE:user.pem" +@end example + +The --type field can be specified multiple times. The same certificate +can hence house extensions for both pkinit-client as well as S/MIME. + +To use the PKCS11 module, please see the section: +@pxref{How to use the PKCS11 module}. + +More about how to configure the KDC, see the documentation in the +Heimdal manual to set up the KDC. + +@subsection XMPP/Jabber + +The jabber server certificate should have a dNSname that is the same as +the user entered into the application, not the same as the host name of +the machine. + +@example +hxtool issue-certificate \ + --subject="CN=xmpp1.test.h5l.se,DC=test,DC=h5l,DC=se" \ + --hostname="xmpp1.test.h5l.se" \ + --hostname="test.h5l.se" \ + ... +@end example + +The certificate may also contain a jabber identifier (JID) that, if the +receiver allows it, authorises the server or client to use that JID. + +When storing a JID inside the certificate, both for server and client, +it's stored inside a UTF8String within an otherName entity inside the +subjectAltName, using the OID id-on-xmppAddr (1.3.6.1.5.5.7.8.5). + +To read more about the requirements, see RFC3920, Extensible Messaging +and Presence Protocol (XMPP): Core. + +hxtool issue-certificate have support to add jid to the certificate +using the option @kbd{--jid}. + +@example +hxtool issue-certificate \ + --subject="CN=Love,DC=test,DC=h5l,DC=se" \ + --jid="lha@@test.h5l.se" \ + ... +@end example + + +@node CMS signing and encryption, CMS background, Application requirements, Top +@chapter CMS signing and encryption + +CMS is the Cryptographic Message System that among other, is used by +S/MIME (secure email) and Kerberos PK-INIT. It's an extended version of +the RSA, Inc standard PKCS7. + +@node CMS background, Certificate matching, CMS signing and encryption, Top +@section CMS background + + +@node Certificate matching, Matching syntax, CMS background, Top +@chapter Certificate matching + +To match certificates hx509 have a special query language to match +certifictes in queries and ACLs. + +@node Matching syntax, Software PKCS 11 module, Certificate matching, Top +@section Matching syntax + +This is the language definitions somewhat slopply descriped: + +@example + +expr = TRUE, + FALSE, + ! expr, + expr AND expr, + expr OR expr, + ( expr ) + compare + +compare = + word == word, + word != word, + word IN ( word [, word ...]) + word IN %@{variable.subvariable@} + +word = + STRING, + %@{variable@} + +@end example + +@node Software PKCS 11 module, How to use the PKCS11 module, Matching syntax, Top +@chapter Software PKCS 11 module + +PKCS11 is a standard created by RSA, Inc to support hardware and +software encryption modules. It can be used by smartcard to expose the +crypto primitives inside without exposing the crypto keys. + +Hx509 includes a software implementation of PKCS11 that runs within the +memory space of the process and thus exposes the keys to the +application. + +@node How to use the PKCS11 module, , Software PKCS 11 module, Top +@section How to use the PKCS11 module + +@example +$ cat > ~/.soft-pkcs11.rc <