Skip to content

Commit

Permalink
- Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
Browse files Browse the repository at this point in the history 
  several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
  • Loading branch information
@stass
stass committed Mar 22, 2012
2 parents 5730afc + 813b789 commit ae77177
Show file tree
Hide file tree
Showing 2,815 changed files with 430,427 additions and 180,539 deletions.
50 changes: 32 additions & 18 deletions Makefile.inc1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -468,13 +468,6 @@ build32:
-p ${LIB32TMP}/usr/include >/dev/null
mkdir -p ${WORLDTMP}
ln -sf ${.CURDIR}/sys ${WORLDTMP}
.if ${MK_KERBEROS} != "no"
.for _t in obj depend all
cd ${.CURDIR}/kerberos5/tools; \
MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} SSP_CFLAGS= DESTDIR= \
DIRPRFX=kerberos5/tools/ ${_t}
.endfor
.endif
.for _t in obj includes
cd ${.CURDIR}/include; ${LIB32WMAKE} DIRPRFX=include/ ${_t}
cd ${.CURDIR}/lib; ${LIB32WMAKE} DIRPRFX=lib/ ${_t}
Expand Down Expand Up @@ -1065,12 +1058,22 @@ _dtrace_tools= cddl/usr.bin/sgsmsg cddl/lib/libctf lib/libelf \
_dtc= gnu/usr.bin/dtc
.endif

.if ${MK_KERBEROS} != "no"
_kerberos5_bootstrap_tools= \
kerberos5/tools/make-roken \
kerberos5/lib/libroken \
kerberos5/lib/libvers \
kerberos5/tools/asn1_compile \
kerberos5/tools/slc
.endif

# Please document (add comment) why something is in 'bootstrap-tools'.
# Try to bound the building of the bootstrap-tool to just the
# FreeBSD versions that need the tool built at this stage of the build.
bootstrap-tools:
.for _tool in \
${_clang_tblgen} \
${_kerberos5_bootstrap_tools} \
${_dtrace_tools} \
${_strfile} \
${_gperf} \
Expand Down Expand Up @@ -1112,10 +1115,6 @@ _share= share/syscons/scrnmaps
_gcc_tools= gnu/usr.bin/cc/cc_tools
.endif

.if ${MK_KERBEROS} != "no"
_kerberos5_tools= kerberos5/tools
.endif

.if ${MK_RESCUE} != "no"
_rescue= rescue/rescue
.endif
Expand All @@ -1140,8 +1139,7 @@ build-tools:
${MAKE} DIRPRFX=${_tool}/ build-tools
.endfor
.for _tool in \
${_gcc_tools} \
${_kerberos5_tools}
${_gcc_tools}
${_+_}@${ECHODIR} "===> ${_tool} (obj,depend,all)"; \
cd ${.CURDIR}/${_tool}; \
${MAKE} DIRPRFX=${_tool}/ obj; \
Expand Down Expand Up @@ -1247,10 +1245,15 @@ gnu/lib/libgcc__L: lib/libc__L
lib/libcxxrt__L: gnu/lib/libgcc__L
.endif

_prebuild_libs= ${_kerberos5_lib_libasn1} ${_kerberos5_lib_libhdb} \
_prebuild_libs= ${_kerberos5_lib_libasn1} \
${_kerberos5_lib_libhdb} \
${_kerberos5_lib_libheimbase} \
${_kerberos5_lib_libheimntlm} \
${_kerberos5_lib_libheimsqlite} \
${_kerberos5_lib_libheimipcc} \
${_kerberos5_lib_libhx509} ${_kerberos5_lib_libkrb5} \
${_kerberos5_lib_libroken} \
${_kerberos5_lib_libwind} \
lib/libbz2 lib/libcom_err lib/libcrypt \
lib/libexpat \
${_lib_libgssapi} ${_lib_libipx} \
Expand Down Expand Up @@ -1301,14 +1304,21 @@ _secure_lib= secure/lib
.if ${MK_KERBEROS} != "no"
kerberos5/lib/libasn1__L: lib/libcom_err__L kerberos5/lib/libroken__L
kerberos5/lib/libhdb__L: kerberos5/lib/libasn1__L lib/libcom_err__L \
kerberos5/lib/libkrb5__L kerberos5/lib/libroken__L
kerberos5/lib/libheimntlm__L: secure/lib/libcrypto__L kerberos5/lib/libkrb5__L
kerberos5/lib/libkrb5__L kerberos5/lib/libroken__L \
kerberos5/lib/libwind__L kerberos5/lib/libheimsqlite__L
kerberos5/lib/libheimntlm__L: secure/lib/libcrypto__L kerberos5/lib/libkrb5__L \
kerberos5/lib/libroken__L lib/libcom_err__L
kerberos5/lib/libhx509__L: kerberos5/lib/libasn1__L lib/libcom_err__L \
secure/lib/libcrypto__L kerberos5/lib/libroken__L
secure/lib/libcrypto__L kerberos5/lib/libroken__L kerberos5/lib/libwind__L
kerberos5/lib/libkrb5__L: kerberos5/lib/libasn1__L lib/libcom_err__L \
lib/libcrypt__L secure/lib/libcrypto__L kerberos5/lib/libhx509__L \
kerberos5/lib/libroken__L
kerberos5/lib/libroken__L kerberos5/lib/libwind__L \
kerberos5/lib/libheimbase__L kerberos5/lib/libheimipcc__L
kerberos5/lib/libroken__L: lib/libcrypt__L
kerberos5/lib/libwind__L: kerberos5/lib/libroken__L lib/libcom_err__L
kerberos5/lib/libheimbase__L: lib/libthr__L
kerberos5/lib/libheimipcc__L: kerberos5/lib/libroken__L kerberos5/lib/libheimbase__L lib/libthr__L
kerberos5/lib/libheimsqlite__L: lib/libthr__L
.endif

.if ${MK_GSSAPI} != "no"
Expand All @@ -1323,10 +1333,14 @@ _lib_libipx= lib/libipx
_kerberos5_lib= kerberos5/lib
_kerberos5_lib_libasn1= kerberos5/lib/libasn1
_kerberos5_lib_libhdb= kerberos5/lib/libhdb
_kerberos5_lib_libheimbase= kerberos5/lib/libheimbase
_kerberos5_lib_libkrb5= kerberos5/lib/libkrb5
_kerberos5_lib_libhx509= kerberos5/lib/libhx509
_kerberos5_lib_libroken= kerberos5/lib/libroken
_kerberos5_lib_libheimntlm= kerberos5/lib/libheimntlm
_kerberos5_lib_libheimsqlite= kerberos5/lib/libheimsqlite
_kerberos5_lib_libheimipcc= kerberos5/lib/libheimipcc
_kerberos5_lib_libwind= kerberos5/lib/libwind
.endif

.if ${MK_NIS} != "no"
Expand Down
33 changes: 33 additions & 0 deletions ObsoleteFiles.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,39 @@
# xargs -n1 | sort | uniq -d;
# done

# 201203XX: Update heimdal to 1.5.1.
OLD_FILES+=usr/include/krb5-v4compat.h \
usr/include/krb_err.h \
usr/include/hdb-private.h \
usr/share/man/man3/krb5_addresses.3.gz \
usr/share/man/man3/krb5_cc_cursor.3.gz \
usr/share/man/man3/krb5_cc_ops.3.gz \
usr/share/man/man3/krb5_config.3.gz \
usr/share/man/man3/krb5_config_get_int_default.3.gz \
usr/share/man/man3/krb5_context.3.gz \
usr/share/man/man3/krb5_data.3.gz \
usr/share/man/man3/krb5_err.3.gz \
usr/share/man/man3/krb5_errx.3.gz \
usr/share/man/man3/krb5_keyblock.3.gz \
usr/share/man/man3/krb5_keytab_entry.3.gz \
usr/share/man/man3/krb5_kt_cursor.3.gz \
usr/share/man/man3/krb5_kt_ops.3.gz \
usr/share/man/man3/krb5_set_warn_dest.3.gz \
usr/share/man/man3/krb5_verify_user.3.gz \
usr/share/man/man3/krb5_verr.3.gz \
usr/share/man/man3/krb5_verrx.3.gz \
usr/share/man/man3/krb5_vwarnx.3.gz \
usr/share/man/man3/krb5_warn.3.gz \
usr/share/man/man3/krb5_warnx.3.gz
OLD_LIBS+=usr/lib/libasn1.so.10 \
usr/lib/libhdb.so.10 \
usr/lib/libheimntlm.so.10 \
usr/lib/libhx509.so.10 \
usr/lib/libkadm5clnt.so.10 \
usr/lib/libkadm5srv.so.10 \
usr/lib/libkafs5.so.10 \
usr/lib/libkrb5.so.10 \
usr/lib/libroken.so.10
# 20120309: Remove fifofs header files.
OLD_FILES+=usr/include/fs/fifofs/fifo.h
OLD_DIRS+=usr/include/fs/fifofs
Expand Down
235 changes: 0 additions & 235 deletions contrib/com_err/ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,235 +0,0 @@
2007-07-17 Love H�rnquist �strand <[email protected]>

* Makefile.am: split source files in dist and nodist.

2007-07-16 Love H�rnquist �strand <[email protected]>

* Makefile.am: Only do roken rename for the library.

2007-07-15 Love H�rnquist �strand <[email protected]>

* Makefile.am: use version script.

* version-script.map: use version script.

2007-07-10 Love H�rnquist �strand <[email protected]>

* Makefile.am: New library version.

2006-10-19 Love H�rnquist �strand <[email protected]>

* Makefile.am (compile_et_SOURCES): add lex.h

2005-12-12 Love H�rnquist �strand <[email protected]>

* com_err.3: Document the _r functions.

2005-07-07 Love H�rnquist �strand <[email protected]>

* com_err.h: Include <stdarg.h> for va_list to help AIX 5.2.

2005-06-16 Love H�rnquist �strand <[email protected]>

* parse.y: rename base to base_id since flex defines a function
with the argument base

* compile_et.h: rename base to base_id since flex defines a
function with the argument base

* compile_et.c: rename base to base_id since flex defines a
function with the argument base

* parse.y (name2number): rename base to num to avoid shadowing

* compile_et.c: rename optind to optidx

2005-05-16 Love H�rnquist �strand <[email protected]>

* parse.y: check allocation errors

* lex.l: check allocation errors correctly

* compile_et.h: include <err.h>

* (main): compile_et.c: use strlcpy

2005-04-29 Dave Love <[email protected]>

* Makefile.am (LDADD): Add libcom_err.la

2005-04-24 Love H�rnquist �strand <[email protected]>

* include strlcpy and *printf and use them

2005-02-03 Love H�rnquist �strand <[email protected]>

* com_right.h: de-__P

* com_err.h: de-__P

2002-08-20 Johan Danielsson <[email protected]>

* compile_et.c: don't add comma after last enum member

2002-08-12 Johan Danielsson <[email protected]>

* compile_et.c: just declare er_list directly instead of including
com_right in generated header files

2002-03-11 Assar Westerlund <[email protected]>

* Makefile.am (libcom_err_la_LDFLAGS): set version to 2:1:1

2002-03-10 Assar Westerlund <[email protected]>

* com_err.c (error_message): do not call strerror with a negative error

2001-05-17 Assar Westerlund <[email protected]>

* Makefile.am: bump version to 2:0:1

2001-05-11 Assar Westerlund <[email protected]>

* com_err.h (add_to_error_table): add prototype
* com_err.c (add_to_error_table): new function, from Derrick J
Brashear <[email protected]>

2001-05-06 Assar Westerlund <[email protected]>

* com_err.h: add printf formats for gcc

2001-02-28 Johan Danielsson <[email protected]>

* error.c (initialize_error_table_r): put table at end of the list

2001-02-15 Assar Westerlund <[email protected]>

* com_err.c (default_proc): add printf attributes

2000-08-16 Assar Westerlund <[email protected]>

* Makefile.am: bump version to 1:1:0

2000-07-31 Assar Westerlund <[email protected]>

* com_right.h (initialize_error_table_r): fix prototype

2000-04-05 Assar Westerlund <[email protected]>

* com_err.c (_et_lit): explicitly initialize it to NULL to make
dyld on Darwin/MacOS X happy

2000-01-16 Assar Westerlund <[email protected]>

* com_err.h: remove __P definition (now in com_right.h). this
file always includes com_right.h so that's where it should reside.
* com_right.h: moved __P here and added it to the function
prototypes
* com_err.h (error_table_name): add __P

1999-07-03 Assar Westerlund <[email protected]>

* parse.y (statement): use asprintf

1999-06-13 Assar Westerlund <[email protected]>

* Makefile.in: make it solaris make vpath-safe

Thu Apr 1 11:13:53 1999 Johan Danielsson <[email protected]>

* compile_et.c: use getargs

Sat Mar 20 00:16:30 1999 Assar Westerlund <[email protected]>

* compile_et.c: static-ize

Thu Mar 18 11:22:13 1999 Johan Danielsson <[email protected]>

* Makefile.am: include Makefile.am.common

Tue Mar 16 22:30:05 1999 Assar Westerlund <[email protected]>

* parse.y: use YYACCEPT instead of return

Sat Mar 13 22:22:56 1999 Assar Westerlund <[email protected]>

* compile_et.c (generate_h): cast when calling is* to get rid of a
warning

Thu Mar 11 15:00:51 1999 Johan Danielsson <[email protected]>

* parse.y: prototype for error_message

Sun Nov 22 10:39:02 1998 Assar Westerlund <[email protected]>

* compile_et.h: include ctype and roken

* compile_et.c: include err.h
(generate_h): remove unused variable

* Makefile.in (WFLAGS): set

Fri Nov 20 06:58:59 1998 Assar Westerlund <[email protected]>

* lex.l: undef ECHO to work around AIX lex bug

Sun Sep 27 02:23:59 1998 Johan Danielsson <[email protected]>

* com_err.c (error_message): try to pass code to strerror, to see
if it might be an errno code (this if broken, but some MIT code
seems to expect this behaviour)

Sat Sep 26 17:42:39 1998 Johan Danielsson <[email protected]>

* compile_et.c: <foo_err.h> -> "foo_err.h"

Tue Jun 30 17:17:36 1998 Assar Westerlund <[email protected]>

* Makefile.in: add str{cpy,cat}_truncate

Mon May 25 05:24:39 1998 Assar Westerlund <[email protected]>

* Makefile.in (clean): try to remove shared library debris

Sun Apr 19 09:50:17 1998 Assar Westerlund <[email protected]>

* Makefile.in: add symlink magic for linux

Sun Apr 5 09:22:11 1998 Assar Westerlund <[email protected]>

* parse.y: define alloca to malloc in case we're using bison but
don't have alloca

Tue Mar 24 05:13:01 1998 Assar Westerlund <[email protected]>

* Makefile.in: link with snprintf (From Derrick J Brashear
<[email protected]>)

Fri Feb 27 05:01:42 1998 Assar Westerlund <[email protected]>

* parse.y: initialize ec->next

Thu Feb 26 02:22:25 1998 Assar Westerlund <[email protected]>

* Makefile.am: @LEXLIB@

Sat Feb 21 15:18:54 1998 assar westerlund <[email protected]>

* Makefile.in: set YACC and LEX

Tue Feb 17 22:20:27 1998 Bjoern Groenvall <[email protected]>

* com_right.h: Change typedefs so that one may mix MIT compile_et
generated code with krb4 dito.

Tue Feb 17 16:30:55 1998 Johan Danielsson <[email protected]>

* compile_et.c (generate): Always return a value.

* parse.y: Files don't have to end with `end'.

Mon Feb 16 16:09:20 1998 Johan Danielsson <[email protected]>

* lex.l (getstring): Replace getc() with input().

* Makefile.am: Fixes for new compile_et.
Loading

0 comments on commit ae77177

Please sign in to comment.