aboutsummaryrefslogtreecommitdiff
path: root/crypto/heimdal/lib
Commit message (Collapse)AuthorAgeFilesLines
* MFV r320905: Import upstream fix for CVE-2017-11103.Xin LI2017-07-121-2/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Submitted by: hrs Obtained from: Heimdal Security: FreeBSD-SA-17:05.heimdal Security: CVE-2017-11103 Notes: svn path=/head/; revision=320906
* | Renumber copyright clause 4Warner Losh2017-02-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Renumber cluase 4 to 3, per what everybody else did when BSD granted them permission to remove clause 3. My insistance on keeping the same numbering for legal reasons is too pedantic, so give up on that point. Submitted by: Jan Schaumann <jschauma@stevens.edu> Pull Request: https://github.com/freebsd/freebsd/pull/96 Notes: svn path=/head/; revision=314436
* | Remove duplicate symbol from libhx509 version-script.mapEd Maste2016-08-221-1/+0
| | | | | | | | | | | | | | | | | | Upstream commit r21331 (7758a5d0) added semiprivate function _hx509_request_to_pkcs10 twice. This change has been committed upstream as 8ef0071d. Notes: svn path=/head/; revision=304624
* | Remove duplicate symbols from libroken version-script.mapEd Maste2016-07-211-6/+0
| | | | | | | | | | | | | | | | | | Upstream commit r24759 (efed563) prefixed some symbols with rk_, but introduced 6 duplicate symbols in the version script (because the rk_-prefixed versions of the symbols were already present). Notes: svn path=/head/; revision=303156
* | libkrb5: Fix potential double-freeConrad Meyer2016-05-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed memory and then be double-freed. After freeing it the first time, initialize it to NULL, which causes subsequent krb5_free_principal calls to do the right thing. Reported by: Coverity CID: 1273430 Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=299495
* | NO_MAN= has been deprecated in favor of MAN= for some time, go aheadWarner Losh2014-04-132-2/+2
| | | | | | | | | | | | | | | | | | and finish the job. ncurses is now the only Makefile in the tree that uses it since it wasn't a simple mechanical change, and will be addressed in a future commit. Notes: svn path=/head/; revision=264400
* | Apply patch from upstream Heimdal for encoding fixBenjamin Kaduk2013-12-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RFC 4402 specifies the implementation of the gss_pseudo_random() function for the krb5 mechanism (and the C bindings therein). The implementation uses a PRF+ function that concatenates the output of individual krb5 pseudo-random operations produced with a counter and seed. The original implementation of this function in Heimdal incorrectly encoded the counter as a little-endian integer, but the RFC specifies the counter encoding as big-endian. The implementation initializes the counter to zero, so the first block of output (16 octets, for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 specifies that the counter should begin at 1, but both existing implementations begin with zero and it looks like the standard will be re-issued, with test vectors, to begin at zero.) This is upstream's commit f85652af868e64811f2b32b815d4198e7f9017f6, from 13 October, 2013: % Fix krb5's gss_pseudo_random() (n is big-endian) % % The first enctype RFC3961 prf output length's bytes are correct because % the little- and big-endian representations of unsigned zero are the % same. The second block of output was wrong because the counter was not % being encoded as big-endian. % % This change could break applications. But those applications would not % have been interoperating with other implementations anyways (in % particular: MIT's). Approved by: hrs (mentor, src committer) MFC after: 3 days Notes: svn path=/head/; revision=259286
* | Fix gssapi/gssapi_krb5.h after Heimdal 1.5.1 import.Hiroki Sato2013-06-301-1/+1
| | | | | | | | | | | | | | Reviewed by: dfr Notes: svn path=/head/; revision=252409
* | Have the ipropd-master listen on an IPv6 socket in addition to an IPv4Bjoern A. Zeeb2013-05-181-6/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | socket to allow propagation of changes to a Heimdal Kerberos database from the KDC master to the slave(s) work on IPv6 as well. Update the stats logging to also handle IPv6 addresses. Reported by: peter (found on FreeBSD cluster) X-to-be-tested-by: peter MFC after: 3 weeks Notes: svn path=/head/; revision=250782
* | In crypto/heimdal/lib/sl/slc-lex.l, don't define YY_NO_INPUT, sinceDimitry Andric2012-11-141-2/+0
| | | | | | | | | | | | | | | | | | %option nounput is already specified. MFC after: 3 days Notes: svn path=/head/; revision=243034
* | - Update FreeBSD's Heimdal distribution to 1.5.2. This is a bugfixStanislav Sedov2012-04-0823-56/+103
|\| | | | | | | | | | | | | release, which fixes a DoS issue in libkrb5. Notes: svn path=/head/; revision=234027
* | - Update FreeBSD Heimdal distribution to version 1.5.1. This also bringsStanislav Sedov2012-03-221093-58843/+302956
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | several new kerberos related libraries and applications to FreeBSD: o kgetcred(1) allows one to manually get a ticket for a particular service. o kf(1) securily forwards ticket to another host through an authenticated and encrypted stream. o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1) and other user kerberos operations. klist and kswitch are just symlinks to kcc(1) now. o kswitch(1) allows you to easily switch between kerberos credentials if you're running KCM. o hxtool(1) is a certificate management tool to use with PKINIT. o string2key(1) maps a password into key. o kdigest(8) is a userland tool to access the KDC's digest interface. o kimpersonate(8) creates a "fake" ticket for a service. We also now install manpages for some lirbaries that were not installed before, libheimntlm and libhx509. - The new HEIMDAL version no longer supports Kerberos 4. All users are recommended to switch to Kerberos 5. - Weak ciphers are now disabled by default. To enable DES support (used by telnet(8)), use "allow_weak_crypto" option in krb5.conf. - libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings disabled due to the function they use (krb5_get_err_text(3)) being deprecated. I plan to work on this next. - Heimdal's KDC now require sqlite to operate. We use the bundled version and install it as libheimsqlite. If some other FreeBSD components will require it in the future we can rename it to libbsdsqlite and use for these components as well. - This is not a latest Heimdal version, the new one was released while I was working on the update. I will update it to 1.5.2 soon, as it fixes some important bugs and security issues. Notes: svn path=/head/; revision=233294
| * - Flatten the vendor heimdal tree.Stanislav Sedov2011-09-29945-253324/+0
| | | | | | | | Notes: svn path=/vendor-crypto/heimdal/dist/; revision=225864
* | Fix clang warning (why is there nowhere yyparse() is declared?).Ben Laurie2011-05-181-0/+1
| | | | | | | | | | | | | | Approved by: philip (mentor) Notes: svn path=/head/; revision=222081
* | Fix conflicts after heimdal-1.1 import and add build infrastructure. ImportDoug Rabson2008-05-0766-9333/+1153
| | | | | | | | | | | | | | all non-style changes made by heimdal to our own libgssapi. Notes: svn path=/head/; revision=178828
* | This commit was generated by cvs2svn to compensate for changes in r178825,Doug Rabson2008-05-07869-15265/+153766
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=178826
| * Vendor import of Heimdal 1.1Doug Rabson2008-05-07872-15844/+154896
| | | | | | | | Notes: svn path=/vendor-crypto/heimdal/dist/; revision=178825
* | Fix the amd64 (and presumably ia64) lib32 build by ensuring that theDoug Rabson2006-01-021-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | heimdal GSS-API mechanism uses its own version of gssapi.h, including all the implementation-dependant pollution contained therein. This moves the file off the vendor branch, sadly. Submitted by: bz Notes: svn path=/head/; revision=153969
* | This commit was generated by cvs2svn to compensate for changes in r142403,Jacques Vidrine2005-02-2429-2159/+3343
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=142404
| * Vendor import of Heimdal 0.6.3.vendor/heimdal/0.6.3Jacques Vidrine2005-02-2429-2159/+3343
| | | | | | | | | | Notes: svn path=/vendor-crypto/heimdal/dist/; revision=142403 svn path=/vendor-crypto/heimdal/0.6.3/; revision=142405; tag=vendor/heimdal/0.6.3
| * Remove lib/kdfs from vendor branch: we do not build it, and it will notJacques Vidrine2005-02-244-1119/+0
| | | | | | | | | | | | | | be included in future imports. Notes: svn path=/vendor-crypto/heimdal/dist/; revision=142401
| * Clean up the Heimdal vendor branch by removing files not included inJacques Vidrine2005-02-24128-23937/+0
| | | | | | | | | | | | | | | | | | | | | | any import for several years. If memory serves, this was Suggested by: ru an awfully long time ago-- sorry for the delay! Notes: svn path=/vendor-crypto/heimdal/dist/; revision=142400
* | Resolve conflicts after import of Heimdal 0.6.1.Jacques Vidrine2004-04-034-208/+196
| | | | | | | | Notes: svn path=/head/; revision=127811
* | This commit was generated by cvs2svn to compensate for changes in r127808,Jacques Vidrine2004-04-0375-2369/+6009
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=127809
| * Vendor import of Heimdal 0.6.1.Jacques Vidrine2004-04-0378-2573/+6429
| | | | | | | | Notes: svn path=/vendor-crypto/heimdal/dist/; revision=127808
* | This commit was generated by cvs2svn to compensate for changes in r120952,Jacques Vidrine2003-10-091-3/+3
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=120953
| * Correct badly-formed code (missing quote) within `#if 0' section.Jacques Vidrine2003-10-091-3/+3
| | | | | | | | | | | | | | | | | | Newer versions of GCC error in such situations. Obtained from: Heimdal CVS Notes: svn path=/vendor-crypto/heimdal/dist/; revision=120952
* | Resolve conflicts after import of Heimdal 0.6.Jacques Vidrine2003-10-091-27/+479
| | | | | | | | Notes: svn path=/head/; revision=120948
* | This commit was generated by cvs2svn to compensate for changes in r120945,Jacques Vidrine2003-10-09174-1829/+8156
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=120946
| * Vendor import of Heimdal 0.6.Jacques Vidrine2003-10-09176-1874/+8649
| | | | | | | | Notes: svn path=/vendor-crypto/heimdal/dist/; revision=120945
* | This commit was generated by cvs2svn to compensate for changes in r107207,Jacques Vidrine2002-11-2433-505/+428
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=107208
| * Import of Heimdal 0.5.1.Jacques Vidrine2002-11-2433-505/+428
| | | | | | | | | | | | | | Approved by: re Notes: svn path=/vendor-crypto/heimdal/dist/; revision=107207
* | This commit was generated by cvs2svn to compensate for changes in r104204,Jacques Vidrine2002-09-301-2/+2
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=104205
| * Fix an annoying bug that causes a spurious error message when changingJacques Vidrine2002-09-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | passwords, even when the operation actually succeeded. % k5passwd luser@REA.LM's Password: ************** New password: ************** Verifying password - New password: ************** k5passwd: krb5_change_password: unable to reach any changepw server in realm REA.LM [In reality, the password was changed.] Obtained from: Heimdal CVS Notes: svn path=/vendor-crypto/heimdal/dist/; revision=104204
* | Resolve conflicts.Jacques Vidrine2002-09-163-52/+22
| | | | | | | | Notes: svn path=/head/; revision=103426
* | This commit was generated by cvs2svn to compensate for changes in r103423,Jacques Vidrine2002-09-1653-567/+1676
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=103424
| * Import of Heimdal Kerberos from KTH repository circa 2002/09/16.Jacques Vidrine2002-09-1660-705/+1817
| | | | | | | | Notes: svn path=/vendor-crypto/heimdal/dist/; revision=103423
* | Pass the pointy hat! Remove accidently imported files.Jacques Vidrine2002-08-3079-12808/+0
| | | | | | | | Notes: svn path=/head/; revision=102654
* | Remove some parts of the Heimdal distribution which we do not useJacques Vidrine2002-08-3032-9349/+0
| | | | | | | | | | | | | | and have never used. Notes: svn path=/head/; revision=102651
* | Remove files no longer relevant after latest import.Jacques Vidrine2002-08-308-868/+0
| | | | | | | | Notes: svn path=/head/; revision=102648
* | Resolve conflicts after import of Heimdal Kerberos circa 2002/08/29.Jacques Vidrine2002-08-302-28/+45
| | | | | | | | Notes: svn path=/head/; revision=102647
* | This commit was generated by cvs2svn to compensate for changes in r102644,Jacques Vidrine2002-08-30253-6513/+22681
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=102645
| * Import of Heimdal Kerberos from KTH repository circa 2002/08/29.Jacques Vidrine2002-08-30255-6541/+22726
| | | | | | | | Notes: svn path=/vendor-crypto/heimdal/dist/; revision=102644
* | Update build after import of Heimdal Kerberos 2002/02/17.Jacques Vidrine2002-02-191-203/+0
| | | | | | | | Notes: svn path=/head/; revision=90931
* | Remove files that were dropped from Heimdal Kerberos 2002/02/17.Jacques Vidrine2002-02-192-102/+0
| | | | | | | | Notes: svn path=/head/; revision=90930
* | Resolve conflicts after import of Heimdal Kerberos 2002/02/17.Jacques Vidrine2002-02-193-104/+148
| | | | | | | | Notes: svn path=/head/; revision=90929
* | This commit was generated by cvs2svn to compensate for changes in r90926,Jacques Vidrine2002-02-19209-5867/+11261
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=90927
| * Import of Heimdal Kerberos from KTH repository circa 2002/02/17.Jacques Vidrine2002-02-19215-6133/+11573
| | | | | | | | Notes: svn path=/vendor-crypto/heimdal/dist/; revision=90926
* | fix merges from 0.3fAssar Westerlund2001-06-213-265/+500
| | | | | | | | Notes: svn path=/head/; revision=78536
* | This commit was generated by cvs2svn to compensate for changes in r78527,Assar Westerlund2001-06-21220-1650/+12748
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=78528
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-24 01:16:51 +0000