Commit Graph

34 Commits

Author SHA1 Message Date
eadler
1ef5fe44d3 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
joel
4234591b03 mdoc: terminate quoted strings.
Reviewed by:	brueffer
2012-03-26 15:18:14 +00:00
stas
e7e0b34988 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
uqs
f699659cf8 Convert files to UTF-8 and add some copyright markers where missing. 2012-01-07 16:13:56 +00:00
ed
1659a97623 Fix whitespace inconsistencies found in homegrown Symbol.maps. 2011-10-07 15:05:24 +00:00
uqs
8ae3afcfad mdoc: drop redundant .Pp and .LP calls
They have no effect when coming in pairs, or before .Bl/.Bd
2010-10-08 12:40:16 +00:00
joel
dd1fff9bcb Fix typos, spelling, formatting and mdoc mistakes found by Nobuyuki while
translating these manual pages.  Minor corrections by me.

Submitted by:	Nobuyuki Koganemaru <n-kogane@syd.odn.ne.jp>
2010-08-16 15:18:30 +00:00
uqs
d88f969fdd mdoc cleanup
Garbage collect unused sections, macros and arguments. Fix prologue and
remove empty lines.

Found by: mdocml
2010-06-02 10:20:23 +00:00
uqs
3960614646 mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by:	ru
Approved by:	philip, ed (mentors)
2010-04-14 19:08:06 +00:00
uqs
8f141f1a13 Fix several typos in macros or macro misusage.
Found by:	make manlint
Reviewed by:	ru
Approved by:	philip (mentor)
2010-03-12 10:01:06 +00:00
gavin
8207abca84 Correct the HISTORY section of these man pages to show when the function,
not the "manual page example" was introduced.

Approved by:	ed (mentor, implicit)
MFC after:	1 week
2010-01-26 15:03:33 +00:00
ed
09818ac28e Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
antoine
bfd388c026 (S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.

PR:		137213
Submitted by:	Eygene Ryabinkin (initial version)
MFC after:	1 month
2009-12-28 22:56:30 +00:00
dfr
ea3d7030c0 Add an implementation of the RPCSEC_GSS authentication protocol for RPC. This
is based on an old implementation from the University of Michigan with lots of
changes and fixes by me and the addition of a Solaris-compatible API.

Sponsored by:	Isilon Systems
Reviewed by:	alfred
2008-08-06 14:02:05 +00:00
dfr
be0348cb75 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
dfr
0831b4437b When receiving delegated credentials, initialise our cred's linked list.
Add a bit more sanity checking for GSS-API mechanisms that claim to have
delegated creds but don't actually return a cred handle.

MFC after: 2 weeks
2008-04-30 11:29:22 +00:00
dfr
ef9dc86e55 Use global implementation of _gss_oid_equal.
MFC after: 2 weeks
2008-04-30 11:27:15 +00:00
dfr
ae8d310620 Allow null oids in _gss_oid_equal().
MFC after: 2 weeks
2008-04-30 11:25:34 +00:00
dfr
e4ca7e7301 Make sure GSS-API mechanisms are loaded if gss_acquire_cred is called
with a null mechanism list.

PR:		misc/117349
Submitted by:	Sean McNeil <sean at mcneil dot com>
2007-11-28 08:50:20 +00:00
kensmith
55889a3fe4 While checking over the libraries for 7.0-REL Kris found the following
libraries had not had their versions bumped relative to 6.3-REL but
had indeed been changed.  We need to bump their version so they can be
properly added to the compat6x port:

	libasn1.so.8 libgssapi.so.8 libhdb.so.8 libkadm5clnt.so.8
	libkadm5srv.so.8 libkafs5.so.8 libkrb5.so.8 libobjc.so.2

MFC After:	1 day
2007-11-20 04:20:32 +00:00
keramida
2034436e8d Remove an extra (commented out) .Sh HISTORY section heading, to avoid
the risk of "shadowing" the following .El request, and delete an empty
line to fix mdoc warnings.

MFC after:	3 days
2007-10-30 16:05:40 +00:00
keramida
4a3248b4b3 Remove an extra (commented out) .Sh HISTORY section heading, to avoid
the risk of "shadowing" the following .El request, strip eol spaces
and delete an empty line to fix mdoc warnings.

MFC after:	3 days
2007-10-30 15:58:39 +00:00
keramida
1e62b24865 Change a .PP request to a valid .Pp mdoc request, and remove an extra
(but commented out) .Sh HISTORY section heading.

MFC after:	3 days
2007-10-30 15:56:12 +00:00
keramida
a4357ef9ba Remove duplicate (but commented out) .Sh HISTORY section heading.
It almost "shadows" the ending .El request of a list, which seems
to have caused mdoc buglets in some gss_*.3 manpages.

MFC after:	3 days
2007-10-30 15:52:55 +00:00
keramida
f46c9a37e3 Remove duplicate (but commented out) .Sh HISTORY section heading
and add a missing .El request.

MFC after:	3 days
2007-10-30 15:45:19 +00:00
dfr
7eef211762 If the mech_type argument to gss_display_status is null, use a default
mechanism.

Approved by: re (kensmith)
2007-07-05 13:40:07 +00:00
dfr
c38fa0f103 Merge fixes back from heimdal.
Approved by: re (kensmith)
2007-06-30 07:47:45 +00:00
harti
f1a585dc51 According to the documentation mech_type for gss_init_sec_context() may
be passed as GSS_C_NO_OID in which case a default mech should be used.
This case was not handled and leads to core dumps when using nss_ldap.
Now use the first mech in this case. When there is no mechanism available
return an error (this part is taken from the PR).

PR:		113266
Submitted by:	Eirik Nygaard <eirikald@pvv.ntnu.no> (partly)
2007-06-14 19:58:24 +00:00
kan
4c8c917a1b Add include directives for string.h and stdlib.h to get proper function
prototypess of memset, memcpy and malloc respectively.
2007-04-04 02:40:59 +00:00
kan
8b7b60e0bc Include string.h to get proper memcpy prototype. 2007-04-04 02:28:48 +00:00
dfr
a943b1ff7a The function isspace does not take a string argument. I have no idea how
this compiled before; it only worked by accident.
2006-02-04 09:40:21 +00:00
dfr
7d855a2e46 Move the Internet Society copyright message so that it appears in the
formatted page as well as the source.
2006-01-25 10:06:28 +00:00
dfr
9eb9045215 Use the correct shared-library version number (the same as the one used
by the standalone version of heimdal GSS-API). If any compat issues
arise, I may increment the version number once more.
2006-01-01 11:01:01 +00:00
dfr
d9cbcb50b5 Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
2005-12-29 14:40:22 +00:00