1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-25 11:37:56 +00:00
Commit Graph

35 Commits

Author SHA1 Message Date
Stanislav Sedov
4630ab1f82 - Use __NO_TLS preprocessor value to make assumptions about TLS support
on a platform.
2012-04-08 03:55:25 +00:00
Eitan Adler
50d675f7a9 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
Joel Dahl
c2965cd185 mdoc: terminate quoted strings.
Reviewed by:	brueffer
2012-03-26 15:18:14 +00:00
Stanislav Sedov
ae77177087 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
Ulrich Spörlein
bf3f9db657 Convert files to UTF-8 and add some copyright markers where missing. 2012-01-07 16:13:56 +00:00
Ed Schouten
3a28b8a49f Fix whitespace inconsistencies found in homegrown Symbol.maps. 2011-10-07 15:05:24 +00:00
Ulrich Spörlein
0d9deed52c mdoc: drop redundant .Pp and .LP calls
They have no effect when coming in pairs, or before .Bl/.Bd
2010-10-08 12:40:16 +00:00
Joel Dahl
c2025a7660 Fix typos, spelling, formatting and mdoc mistakes found by Nobuyuki while
translating these manual pages.  Minor corrections by me.

Submitted by:	Nobuyuki Koganemaru <n-kogane@syd.odn.ne.jp>
2010-08-16 15:18:30 +00:00
Ulrich Spörlein
e10c1be450 mdoc cleanup
Garbage collect unused sections, macros and arguments. Fix prologue and
remove empty lines.

Found by: mdocml
2010-06-02 10:20:23 +00:00
Ulrich Spörlein
aa12cea2cc mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by:	ru
Approved by:	philip, ed (mentors)
2010-04-14 19:08:06 +00:00
Ulrich Spörlein
63d46d1d5e Fix several typos in macros or macro misusage.
Found by:	make manlint
Reviewed by:	ru
Approved by:	philip (mentor)
2010-03-12 10:01:06 +00:00
Gavin Atkinson
d76ba3efa9 Correct the HISTORY section of these man pages to show when the function,
not the "manual page example" was introduced.

Approved by:	ed (mentor, implicit)
MFC after:	1 week
2010-01-26 15:03:33 +00:00
Ed Schouten
daaf575910 Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
Antoine Brodin
13e403fdea (S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.

PR:		137213
Submitted by:	Eygene Ryabinkin (initial version)
MFC after:	1 month
2009-12-28 22:56:30 +00:00
Doug Rabson
8f55a568f6 Add an implementation of the RPCSEC_GSS authentication protocol for RPC. This
is based on an old implementation from the University of Michigan with lots of
changes and fixes by me and the addition of a Solaris-compatible API.

Sponsored by:	Isilon Systems
Reviewed by:	alfred
2008-08-06 14:02:05 +00:00
Doug Rabson
33f1219925 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
Doug Rabson
e1a0d9eff3 When receiving delegated credentials, initialise our cred's linked list.
Add a bit more sanity checking for GSS-API mechanisms that claim to have
delegated creds but don't actually return a cred handle.

MFC after: 2 weeks
2008-04-30 11:29:22 +00:00
Doug Rabson
8294c41328 Use global implementation of _gss_oid_equal.
MFC after: 2 weeks
2008-04-30 11:27:15 +00:00
Doug Rabson
733704ea52 Allow null oids in _gss_oid_equal().
MFC after: 2 weeks
2008-04-30 11:25:34 +00:00
Doug Rabson
bfd85d3fbe Make sure GSS-API mechanisms are loaded if gss_acquire_cred is called
with a null mechanism list.

PR:		misc/117349
Submitted by:	Sean McNeil <sean at mcneil dot com>
2007-11-28 08:50:20 +00:00
Ken Smith
c0bb7d9461 While checking over the libraries for 7.0-REL Kris found the following
libraries had not had their versions bumped relative to 6.3-REL but
had indeed been changed.  We need to bump their version so they can be
properly added to the compat6x port:

	libasn1.so.8 libgssapi.so.8 libhdb.so.8 libkadm5clnt.so.8
	libkadm5srv.so.8 libkafs5.so.8 libkrb5.so.8 libobjc.so.2

MFC After:	1 day
2007-11-20 04:20:32 +00:00
Giorgos Keramidas
98eb34a74c Remove an extra (commented out) .Sh HISTORY section heading, to avoid
the risk of "shadowing" the following .El request, and delete an empty
line to fix mdoc warnings.

MFC after:	3 days
2007-10-30 16:05:40 +00:00
Giorgos Keramidas
6f1743c543 Remove an extra (commented out) .Sh HISTORY section heading, to avoid
the risk of "shadowing" the following .El request, strip eol spaces
and delete an empty line to fix mdoc warnings.

MFC after:	3 days
2007-10-30 15:58:39 +00:00
Giorgos Keramidas
81c0ade6b6 Change a .PP request to a valid .Pp mdoc request, and remove an extra
(but commented out) .Sh HISTORY section heading.

MFC after:	3 days
2007-10-30 15:56:12 +00:00
Giorgos Keramidas
22b9ec401b Remove duplicate (but commented out) .Sh HISTORY section heading.
It almost "shadows" the ending .El request of a list, which seems
to have caused mdoc buglets in some gss_*.3 manpages.

MFC after:	3 days
2007-10-30 15:52:55 +00:00
Giorgos Keramidas
2b39bec3a7 Remove duplicate (but commented out) .Sh HISTORY section heading
and add a missing .El request.

MFC after:	3 days
2007-10-30 15:45:19 +00:00
Doug Rabson
41ec374660 If the mech_type argument to gss_display_status is null, use a default
mechanism.

Approved by: re (kensmith)
2007-07-05 13:40:07 +00:00
Doug Rabson
22a25490ab Merge fixes back from heimdal.
Approved by: re (kensmith)
2007-06-30 07:47:45 +00:00
Hartmut Brandt
513edbb8b0 According to the documentation mech_type for gss_init_sec_context() may
be passed as GSS_C_NO_OID in which case a default mech should be used.
This case was not handled and leads to core dumps when using nss_ldap.
Now use the first mech in this case. When there is no mechanism available
return an error (this part is taken from the PR).

PR:		113266
Submitted by:	Eirik Nygaard <eirikald@pvv.ntnu.no> (partly)
2007-06-14 19:58:24 +00:00
Alexander Kabaev
3aebdb89ad Add include directives for string.h and stdlib.h to get proper function
prototypess of memset, memcpy and malloc respectively.
2007-04-04 02:40:59 +00:00
Alexander Kabaev
84da49ceb2 Include string.h to get proper memcpy prototype. 2007-04-04 02:28:48 +00:00
Doug Rabson
73aba427fe The function isspace does not take a string argument. I have no idea how
this compiled before; it only worked by accident.
2006-02-04 09:40:21 +00:00
Doug Rabson
60b9f20a48 Move the Internet Society copyright message so that it appears in the
formatted page as well as the source.
2006-01-25 10:06:28 +00:00
Doug Rabson
0606b9944a Use the correct shared-library version number (the same as the one used
by the standalone version of heimdal GSS-API). If any compat issues
arise, I may increment the version number once more.
2006-01-01 11:01:01 +00:00
Doug Rabson
c0b9f4fe65 Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
2005-12-29 14:40:22 +00:00