Commit Graph

31 Commits

Author SHA1 Message Date
John Baldwin
e4456411a8 Update the existing heimdal implementation for OpenSSL 1.1.
Existing work is underway to import a newer version of heimdal, but
this patchset gets us to a fully working tree to enable more wide
spread testing of OpenSSL 1.1 for now.

I've also enabled WARNS=1 for kerberos (which is the reason for the
change in libroken).  Having -Werror enabled was useful during the
1.1 updates and we probably should have warnings enabled by default
for kerberos anyway.

This passes make tinderbox, and I have also done some very light
runtime testing on amd64.

Reviewed by:	bjk, jkim, emaste
Differential Revision:	https://reviews.freebsd.org/D17276
2018-10-05 16:35:24 +00:00
Stanislav Sedov
cf771f223b - Update FreeBSD's Heimdal distribution to 1.5.2. This is a bugfix
release, which fixes a DoS issue in libkrb5.
2012-04-08 08:19:17 +00:00
Stanislav Sedov
ae77177087 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
Xin LI
04b7709ccf Now we have closefrom(). 2009-06-15 23:03:38 +00:00
Konstantin Belousov
20e76cb365 Add strndup(3) prototype to string.h.
This change was erronously ommitted from the r185690, and attempt
to simply add the prototype to string.h has revealed that several
contributed programs defined local prototypes for strndup(), controlled
by autoconfed config.h. So, manually change #undef HAVE_STRNDUP to
#define HAVE_STRNDUP 1. Next import of the corresponding program would
regenerate config.h, overriding the changes in this commit.

No objections from: kan
2008-12-08 21:04:24 +00:00
Doug Rabson
d7135570b3 Update heimdal_version.
Pointed out by: antoine@
2008-05-08 13:11:34 +00:00
Doug Rabson
33f1219925 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
Jacques Vidrine
7ca39a7ff1 Update Heimdal 0.6.1 -> 0.6.3. 2005-02-24 22:24:24 +00:00
Jacques Vidrine
52d887f87c Update version strings for Heimdal: 0.6 -> 0.6.1 2004-04-13 16:41:00 +00:00
Ruslan Ermilov
11bf3600e8 Overhaul of kerberos5/ makefiles. Most significant changes are:
- Dropped support for standalone builds, this was only partially
  supported anyway, and required so much magic in makefiles that
  made life dangerous (e.g., by using the custom yacc rules).

- Got rid of .OBJDIR in makefiles -- makes building of individual
  files possible again.

- Made the .x.c transformations -j safe.

- Reprogrammed LDADD to fix static build of some utilities that
  was broken.

- Fixed LDFLAGS and DPADD in the WITH_OPENLDAP case -- positively
  affects the contents of .depend files.

- Removed redundant .h's from SRCS, only kept those that are
  generated.

- libkrb5/ INCS were bogusly installed again with libgssapi/.

- Made build-tools real tools with their own makefiles in
  separate directories.  This allows us to properly track
  their dependencies, etc.

- Faster build, 21% less of makefile code!

Approved by:	nectar
Reviewed by:	markm
Silence on:	arch
2004-01-31 08:15:57 +00:00
Mark Murray
2e472f2df6 No need for two copies of this file; there is already a distribution
copy in src/crypto/heimdal/...

Reported by:	ru
2003-11-17 14:59:06 +00:00
Jacques Vidrine
f0a7f80d65 Update build infrastructure for Heimdal 0.6. 2003-10-09 19:48:47 +00:00
Mark Murray
6843449a02 Remove some KRB4 scraps, and allow NOSHARED make worlds to
complete.

OK'ed by:	re(scottl)
2003-05-11 18:49:29 +00:00
Mark Murray
53056489db Post KerberosIV de-orbit: Clean up Kerberos5. We dont need KerberosIV
compatiblity mode anymore. Rename the k5foo utils to kfoo (after
repo-copy).
2003-03-09 21:56:55 +00:00
Jacques Vidrine
8e708b24ca Define OPENSSL_DES_LIBDES_COMPATIBILITY so that Heimdal will build with
OpenSSL 0.9.7 when it is imported.  (This currently has no effect.)
2003-01-21 14:08:24 +00:00
Jacques Vidrine
4556abb542 Update version numbers after import of Heimdal 0.5.1.
Approved by:	re
2002-11-24 21:00:51 +00:00
Assar Westerlund
43106c5234 update version numbers to (consistenly):
krb4 1.0.5 fb1 (including the kadmind fix)
heimdal 0.5 fb1 (including the kadmind fix)
2002-10-23 06:12:21 +00:00
Jacques Vidrine
75019e2096 This is Heimdal 0.5. 2002-09-19 12:12:26 +00:00
Jacques Vidrine
42756860e3 Update build infrastructure after import of Heimdal Kerberos 2002/09/16. 2002-09-16 21:10:29 +00:00
Jacques Vidrine
797fe7ebb1 Update build infrastructure after import of Heimdal Kerberos 2002/08/29. 2002-08-30 21:33:20 +00:00
Ruslan Ermilov
9645701d92 Bootstrapping aid for pre-getprogname(3) systems.
Spotted by:	Gareth Hopkins <gareth@za.uu.net>
Approved by:	nectar
MFC after:	3 days
2002-08-13 16:52:52 +00:00
Jacques Vidrine
b32781172b Update Heimdal version string to 0.4e. This should have been done when that
version was imported on 2002/02/19.
2002-04-29 15:31:45 +00:00
Jacques Vidrine
eacee0ff7e Update build after import of Heimdal Kerberos 2002/02/17. 2002-02-19 15:53:33 +00:00
Assar Westerlund
c2a6ca2a3c update infrastructure for heimdal 0.3f 2001-06-21 12:55:45 +00:00
Assar Westerlund
21d27f9321 de-constify to make it compatible with (krb4) and make-print-version
Submitted by:	Peter Pentchev <roam@orbitel.bg> (just inverted)
2001-05-11 16:56:36 +00:00
Assar Westerlund
5bf44e3d56 remove definition of KRB4, this gets defined conditionally in
kerberos5/Makefile and should not have a constant value here.

Submitted by:	Jun Kuriyama <kuriyama@imgsrc.co.jp>
2001-02-21 13:27:39 +00:00
Assar Westerlund
2655cbec4e update build infrastructure for heimdal 0.3e 2001-02-13 16:57:04 +00:00
Kris Kennaway
7c99dc5eaa Unbreak heimdal build: we can no longer #include <netinet6/in6.h> 2000-07-06 10:09:59 +00:00
Mark Murray
b825cbde03 KerberosIV is no longer compulsory. This should fix "make release". 2000-03-01 13:50:48 +00:00
Mark Murray
fc4b5dfa38 Use libcrypto instead of libdes. Upgrade for Heimdal-0.2p 2000-02-24 21:15:14 +00:00
Mark Murray
eb9e1f54bd Userland build of Kerberos5 (AKA Heimdal). More to come.
This is not ready for primetime yet! Please hold off on the bug reports.
2000-01-15 21:38:08 +00:00