From noreply at github.com Wed Dec 4 20:08:03 2013 From: noreply at github.com (GitHub) Date: Wed, 04 Dec 2013 11:08:03 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 750a09: kx509: Create certs for principals with slashes Message-ID: <529f7d933bb0f_2a77d9d58821f3@hookshot-fe2-pe1-prd.aws.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 750a09bca2183415be3ca3b8784e3417f484794b https://github.com/heimdal/heimdal/commit/750a09bca2183415be3ca3b8784e3417f484794b Author: James Lee Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- kx509: Create certs for principals with slashes kx509 fails to create certs for principals with slashes in them. For example: client% kinit foo/admin foo/admin at EXAMPLE.COM's Password: client% kx509 Timed out waiting on KCA The KCA reports: "Principal is not a user." However, there is a use case set out in this post: https://thestaticvoid.com/post/2012/10/25/protecting-puppet-with-kerberos/ that would create a kx509 cert for a host principal for authenticating against a secure HTTP service. This commit modifies the certificate creation code to allow principals with slashes in them. Commit: 9e86558ed44b3205b0d3f2d9c1af99b3a8ed1616 https://github.com/heimdal/heimdal/commit/9e86558ed44b3205b0d3f2d9c1af99b3a8ed1616 Author: Love Hörnquist Åstrand Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- Merge pull request #50 from MrStaticVoid/kx509-allow-slash-in-principal-name kx509: Create certs for principals with slashes Compare: https://github.com/heimdal/heimdal/compare/6b2ebfcf8a8a...9e86558ed44b From noreply at github.com Wed Dec 4 20:09:36 2013 From: noreply at github.com (GitHub) Date: Wed, 04 Dec 2013 11:09:36 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 87a0e1: Add heimdal-krb5.pc file, with krb5.pc depending o... Message-ID: <529f7df01f351_59886add58664e8@hookshot-fe5-pe1-prd.aws.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 87a0e11a8010cb9717e29722fa718887998d34ff https://github.com/heimdal/heimdal/commit/87a0e11a8010cb9717e29722fa718887998d34ff Author: Jelmer Vernooij Date: 2013-11-24 (Sun, 24 Nov 2013) Changed paths: M tools/Makefile.am A tools/heimdal-krb5.pc.in M tools/krb5.pc.in Log Message: ----------- Add heimdal-krb5.pc file, with krb5.pc depending on it. This makes it easier to install Heimdal and MIT kerberos on the same system by just providing the heimdal-krb5.pc file; the krb5.pc file is provided by both. This is similar to what's done with heimdal-gssapi.pc/krb5-gssapi.pc. Signed-off-by: Jelmer Vernooij Commit: 66769e82997ea142940468c35b752eda485f9e16 https://github.com/heimdal/heimdal/commit/66769e82997ea142940468c35b752eda485f9e16 Author: Love Hörnquist Åstrand Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M tools/Makefile.am A tools/heimdal-krb5.pc.in M tools/krb5.pc.in Log Message: ----------- Merge pull request #46 from jelmer/krb5-pc Add heimdal-krb5.pc file, with krb5.pc depending on it. Compare: https://github.com/heimdal/heimdal/compare/9e86558ed44b...66769e82997e From noreply at github.com Wed Dec 4 20:16:32 2013 From: noreply at github.com (GitHub) Date: Wed, 04 Dec 2013 11:16:32 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] ef8119: spelling Message-ID: <529f7f905ca29_630be3d54111447@hookshot-fe2-pe1-prd.aws.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: ef8119a8cc9bb6306331a04f181fd941dddd1834 https://github.com/heimdal/heimdal/commit/ef8119a8cc9bb6306331a04f181fd941dddd1834 Author: Love Hörnquist Åstrand Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M tools/heimdal-krb5.pc.in Log Message: ----------- spelling Commit: b20e7fa4d06ac471e7fc66b1628d31103869b8fe https://github.com/heimdal/heimdal/commit/b20e7fa4d06ac471e7fc66b1628d31103869b8fe Author: Love Hörnquist Åstrand Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M tools/heimdal-gssapi.pc.in Log Message: ----------- use heimdal-krb5 instead of krb5 as dependency Compare: https://github.com/heimdal/heimdal/compare/66769e82997e...b20e7fa4d06a From noreply at github.com Wed Dec 4 20:18:44 2013 From: noreply at github.com (GitHub) Date: Wed, 04 Dec 2013 11:18:44 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] f74e2c: kx509: Create certs for principals with slashes Message-ID: <529f80145b20f_6bf8fdd4c10101e@hookshot-fe6-pe1-prd.aws.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: f74e2c56f1a00c000c03424ee1551bbeeb2e4948 https://github.com/heimdal/heimdal/commit/f74e2c56f1a00c000c03424ee1551bbeeb2e4948 Author: James Lee Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- kx509: Create certs for principals with slashes kx509 fails to create certs for principals with slashes in them. For example: client% kinit foo/admin foo/admin at EXAMPLE.COM's Password: client% kx509 Timed out waiting on KCA The KCA reports: "Principal is not a user." However, there is a use case set out in this post: https://thestaticvoid.com/post/2012/10/25/protecting-puppet-with-kerberos/ that would create a kx509 cert for a host principal for authenticating against a secure HTTP service. This commit modifies the certificate creation code to allow principals with slashes in them. Commit: 9239beffde6adbf2ab1b8075353c536f7649ff59 https://github.com/heimdal/heimdal/commit/9239beffde6adbf2ab1b8075353c536f7649ff59 Author: Jelmer Vernooij Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M tools/Makefile.am A tools/heimdal-krb5.pc.in M tools/krb5.pc.in Log Message: ----------- Add heimdal-krb5.pc file, with krb5.pc depending on it. This makes it easier to install Heimdal and MIT kerberos on the same system by just providing the heimdal-krb5.pc file; the krb5.pc file is provided by both. This is similar to what's done with heimdal-gssapi.pc/krb5-gssapi.pc. Signed-off-by: Jelmer Vernooij Commit: 348519cb1385e28a217d68de8f551682be9dc638 https://github.com/heimdal/heimdal/commit/348519cb1385e28a217d68de8f551682be9dc638 Author: Love Hörnquist Åstrand Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M tools/heimdal-krb5.pc.in Log Message: ----------- spelling Commit: c303daaa68534ef2ac19c264453b82c07fd82231 https://github.com/heimdal/heimdal/commit/c303daaa68534ef2ac19c264453b82c07fd82231 Author: Love Hörnquist Åstrand Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M tools/heimdal-gssapi.pc.in Log Message: ----------- use heimdal-krb5 instead of krb5 as dependency Compare: https://github.com/heimdal/heimdal/compare/c4a060c3c7be...c303daaa6853 From noreply at github.com Wed Dec 4 20:22:57 2013 From: noreply at github.com (GitHub) Date: Wed, 04 Dec 2013 11:22:57 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] ad995f: kx509: Prevent double free Message-ID: <529f8111a7d70_763e3dd485901d@hookshot-fe6-pe1-prd.aws.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: ad995f9b6987d47d243b2745236995c00d5c8ee7 https://github.com/heimdal/heimdal/commit/ad995f9b6987d47d243b2745236995c00d5c8ee7 Author: Jeffrey Altman Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- kx509: Prevent double free Patchset 750a09bca2183415be3ca3b8784e3417f484794b introduced the potential for a double free of 'name'. Change-Id: I23bd4ddb7d9b41cbb3948ab06245f4052b309971 From noreply at github.com Wed Dec 4 20:25:12 2013 From: noreply at github.com (GitHub) Date: Wed, 04 Dec 2013 11:25:12 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] fe6cc9: kx509: Prevent double free Message-ID: <529f81981a739_2a77d9d58847de@hookshot-fe2-pe1-prd.aws.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: fe6cc9ea7cdfc0c3bc93ba1bcc830f93b556611f https://github.com/heimdal/heimdal/commit/fe6cc9ea7cdfc0c3bc93ba1bcc830f93b556611f Author: Jeffrey Altman Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- kx509: Prevent double free Patchset 750a09bca2183415be3ca3b8784e3417f484794b introduced the potential for a double free of 'name'. Change-Id: I23bd4ddb7d9b41cbb3948ab06245f4052b309971 From noreply at github.com Wed Dec 4 20:31:40 2013 From: noreply at github.com (GitHub) Date: Wed, 04 Dec 2013 11:31:40 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] d06976: add --policy documentation Message-ID: <529f831c23582_58b64abd4833377@hookshot-fe5-pe1-prd.aws.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: d069763ac1ecf83ad50d4acd7d3d0007e9ffedbd https://github.com/heimdal/heimdal/commit/d069763ac1ecf83ad50d4acd7d3d0007e9ffedbd Author: Love Hörnquist Åstrand Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M kadmin/kadmin.8 Log Message: ----------- add --policy documentation From noreply at github.com Thu Dec 5 02:16:06 2013 From: noreply at github.com (GitHub) Date: Wed, 04 Dec 2013 17:16:06 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 46a508: Also validate kdigest hacks Message-ID: <529fd3d6df7b1_1529111bd58104721@hookshot-fe1-pe1-prd.aws.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: 46a50886775ee7730ff2a75a0b4ec5d7b512d3df https://github.com/heimdal/heimdal/commit/46a50886775ee7730ff2a75a0b4ec5d7b512d3df Author: Fredrik Pettai Date: 2013-12-04 (Wed, 04 Dec 2013) Changed paths: M lib/krb5/verify_krb5_conf.c Log Message: ----------- Also validate kdigest hacks Add validation of the kdigest configuration parameters From noreply at github.com Thu Dec 5 21:12:21 2013 From: noreply at github.com (GitHub) Date: Thu, 05 Dec 2013 12:12:21 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 871af1: Fix kx509 to include realm Message-ID: <52a0de2560dd_219c1289d48105121@hookshot-fe2-pe1-prd.aws.github.net.mail> Branch: refs/heads/kx509-fix Home: https://github.com/heimdal/heimdal Commit: 871af146d0f42eec7df077bf6e4728d7647206f3 https://github.com/heimdal/heimdal/commit/871af146d0f42eec7df077bf6e4728d7647206f3 Author: Nicolas Williams Date: 2013-12-05 (Thu, 05 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- Fix kx509 to include realm Commit: 7178512cb64f09c7a80bcfa1d5d15caadce4c38b https://github.com/heimdal/heimdal/commit/7178512cb64f09c7a80bcfa1d5d15caadce4c38b Author: Nicolas Williams Date: 2013-12-05 (Thu, 05 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- Add option to require initial kca_service tickets Default to TRUE, and allow setting it on a per-realm basis. Commit: 8534db8e578052f531ed21f04cea97fb6f36b7cd https://github.com/heimdal/heimdal/commit/8534db8e578052f531ed21f04cea97fb6f36b7cd Author: Nicolas Williams Date: 2013-12-05 (Thu, 05 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- ... Commit: 911877a5bce246564ca32b388fac91227c03519f https://github.com/heimdal/heimdal/commit/911877a5bce246564ca32b388fac91227c03519f Author: Nicolas Williams Date: 2013-12-05 (Thu, 05 Dec 2013) Changed paths: M lib/krb5/krb5.conf.5 Log Message: ----------- Document kx509 parameters Compare: https://github.com/heimdal/heimdal/compare/871af146d0f4^...911877a5bce2 From noreply at github.com Thu Dec 5 21:17:39 2013 From: noreply at github.com (GitHub) Date: Thu, 05 Dec 2013 12:17:39 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 955a39: Fix kx509 to include realm Message-ID: <52a0df6378e30_208e87bd4c1072b8@hookshot-fe2-pe1-prd.aws.github.net.mail> Branch: refs/heads/kx509-fix Home: https://github.com/heimdal/heimdal Commit: 955a39a475e9e85ab95fee5714b6001cfc30fb65 https://github.com/heimdal/heimdal/commit/955a39a475e9e85ab95fee5714b6001cfc30fb65 Author: Nicolas Williams Date: 2013-12-05 (Thu, 05 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- Fix kx509 to include realm Commit: e1f4177cb889f4881b86fff453d844ac8782575d https://github.com/heimdal/heimdal/commit/e1f4177cb889f4881b86fff453d844ac8782575d Author: Nicolas Williams Date: 2013-12-05 (Thu, 05 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- Add option to require initial kca_service tickets Default to TRUE, and allow setting it on a per-realm basis. Commit: 0121f31aecf5d2422f44ae68133eb48d85beaba5 https://github.com/heimdal/heimdal/commit/0121f31aecf5d2422f44ae68133eb48d85beaba5 Author: Nicolas Williams Date: 2013-12-05 (Thu, 05 Dec 2013) Changed paths: M lib/krb5/krb5.conf.5 Log Message: ----------- Document kx509 parameters Compare: https://github.com/heimdal/heimdal/compare/911877a5bce2...0121f31aecf5 From noreply at github.com Thu Dec 5 21:18:00 2013 From: noreply at github.com (GitHub) Date: Thu, 05 Dec 2013 12:18:00 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <52a0df78ce0c1_46bb4dfd501015b4@hookshot-fe4-pe1-prd.aws.github.net.mail> Branch: refs/heads/kx509-fix Home: https://github.com/heimdal/heimdal From noreply at github.com Tue Dec 10 07:47:55 2013 From: noreply at github.com (GitHub) Date: Mon, 09 Dec 2013 22:47:55 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 580754: Fix kx509 to include realm Message-ID: <52a6b91b5591b_7a13e5fd581418bc@hookshot-fe3-pe1-prd.aws.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 5807540e1b2f49d8cedd427caf54c921d7af2f20 https://github.com/heimdal/heimdal/commit/5807540e1b2f49d8cedd427caf54c921d7af2f20 Author: Nicolas Williams Date: 2013-12-05 (Thu, 05 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- Fix kx509 to include realm Commit: 2c265a81823e9e4e02906c85b2464837e5dba283 https://github.com/heimdal/heimdal/commit/2c265a81823e9e4e02906c85b2464837e5dba283 Author: Nicolas Williams Date: 2013-12-05 (Thu, 05 Dec 2013) Changed paths: M kdc/kx509.c Log Message: ----------- Add option to require initial kca_service tickets Default to TRUE, and allow setting it on a per-realm basis. Commit: 318f89d60249640eb3f8aebf9092cab1dd5e8a12 https://github.com/heimdal/heimdal/commit/318f89d60249640eb3f8aebf9092cab1dd5e8a12 Author: Nicolas Williams Date: 2013-12-05 (Thu, 05 Dec 2013) Changed paths: M lib/krb5/krb5.conf.5 Log Message: ----------- Document kx509 parameters Commit: 38a92f759d31368b2501c3da67318e3ad2a076c4 https://github.com/heimdal/heimdal/commit/38a92f759d31368b2501c3da67318e3ad2a076c4 Author: Nicolas Williams Date: 2013-12-09 (Mon, 09 Dec 2013) Changed paths: M lib/krb5/verify_krb5_conf.c Log Message: ----------- Add kx509 parameters to verify_krb5_conf.c Compare: https://github.com/heimdal/heimdal/compare/d069763ac1ec...38a92f759d31 From noreply at github.com Fri Dec 13 20:29:04 2013 From: noreply at github.com (GitHub) Date: Fri, 13 Dec 2013 11:29:04 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] f604e4: Issue #491: bus error in resolve_origin() Message-ID: <52ab6000e4446_6f3eb81d481047ce@hookshot-fe4-pe1-prd.aws.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: f604e424d1df67f2f3ceebed2b49c0800468a887 https://github.com/heimdal/heimdal/commit/f604e424d1df67f2f3ceebed2b49c0800468a887 Author: Arran Cudbard-Bell Date: 2013-12-13 (Fri, 13 Dec 2013) Changed paths: M lib/krb5/plugin.c Log Message: ----------- Issue #491: bus error in resolve_origin() resolve_origin attempts to insert '\0' into a field from a DL_info struct, causes BUS error. Signed-off-by: Nicolas Williams Commit: c9985fc695dce0f7d71abbbcc7d8245f7c1ab2dd https://github.com/heimdal/heimdal/commit/c9985fc695dce0f7d71abbbcc7d8245f7c1ab2dd Author: Nicolas Williams Date: 2013-12-13 (Fri, 13 Dec 2013) Changed paths: M lib/krb5/plugin.c Log Message: ----------- Minor WIN32/POSIX bug in resolve_origin() Compare: https://github.com/heimdal/heimdal/compare/38a92f759d31...c9985fc695dc From noreply at github.com Sun Dec 22 21:11:22 2013 From: noreply at github.com (GitHub) Date: Sun, 22 Dec 2013 12:11:22 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 6076a8: Add heimdal-kadm-{client, server} with kadm-{client... Message-ID: <52b7476ad56bb_14f1f5bd4c9731c@hookshot-fe1-pe1-prd.aws.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 6076a828d4b27ffce1ae292cbad4f12b3138ddd7 https://github.com/heimdal/heimdal/commit/6076a828d4b27ffce1ae292cbad4f12b3138ddd7 Author: Jelmer Vernooij Date: 2013-12-07 (Sat, 07 Dec 2013) Changed paths: M tools/Makefile.am A tools/heimdal-kadm-client.pc.in A tools/heimdal-kadm-server.pc.in M tools/kadm-client.pc.in M tools/kadm-server.pc.in M tools/kafs.pc.in Log Message: ----------- Add heimdal-kadm-{client,server} with kadm-{client,server} depending on them. Commit: 27c3ada0f68714a71aec591a4d720ccf6dcbb6ee https://github.com/heimdal/heimdal/commit/27c3ada0f68714a71aec591a4d720ccf6dcbb6ee Author: Love Hörnquist Åstrand Date: 2013-12-22 (Sun, 22 Dec 2013) Changed paths: M tools/Makefile.am A tools/heimdal-kadm-client.pc.in A tools/heimdal-kadm-server.pc.in M tools/kadm-client.pc.in M tools/kadm-server.pc.in M tools/kafs.pc.in Log Message: ----------- Merge pull request #53 from jelmer/kadm-pc Also add heimdal-kadm-{server,client} pc files that are co-installable with MIT. Compare: https://github.com/heimdal/heimdal/compare/c9985fc695dc...27c3ada0f687 From noreply at github.com Mon Dec 23 13:20:49 2013 From: noreply at github.com (GitHub) Date: Mon, 23 Dec 2013 04:20:49 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 22c7f0: Add symbol versioning for libkadm5clnt Message-ID: <52b82aa1ed46c_53fd1489d5090060@hookshot-fe1-pe1-prd.aws.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 22c7f07ed8cdacbce63296866f2c254b89a608d7 https://github.com/heimdal/heimdal/commit/22c7f07ed8cdacbce63296866f2c254b89a608d7 Author: Russ Allbery Date: 2013-12-23 (Mon, 23 Dec 2013) Changed paths: M lib/kadm5/Makefile.am A lib/kadm5/version-script-client.map Log Message: ----------- Add symbol versioning for libkadm5clnt In order to support plugins for kadmin that use libkadm5srv, the libkadm5clnt library has to be versioned to avoid hijacking all of the function calls that should go to the server library. Omit the _kadm5_ clients from the public interface, and version everything else. Signed-off-by: Love Hörnquist Åstrand