[Heimdal-source-changes] [heimdal/heimdal] 0f9785: hcrypto: config/roken cleanup
GitHub
noreply at github.com
Mon Apr 11 00:08:56 CEST 2016
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 0f97855826c070ac5539696b7797ce2ba219f5c5
https://github.com/heimdal/heimdal/commit/0f97855826c070ac5539696b7797ce2ba219f5c5
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M lib/hcrypto/aes.c
M lib/hcrypto/bn.c
M lib/hcrypto/camellia-ntt.c
M lib/hcrypto/camellia.c
M lib/hcrypto/common.c
M lib/hcrypto/des.c
M lib/hcrypto/destest.c
M lib/hcrypto/dh-ltm.c
M lib/hcrypto/dh-tfm.c
M lib/hcrypto/dh.c
M lib/hcrypto/dsa.c
M lib/hcrypto/ec.c
M lib/hcrypto/engine.c
M lib/hcrypto/evp-cc.c
M lib/hcrypto/evp-crypt.c
M lib/hcrypto/evp-hcrypto.c
M lib/hcrypto/evp-pkcs11.c
M lib/hcrypto/evp-w32.c
M lib/hcrypto/evp-wincng.c
M lib/hcrypto/evp.c
M lib/hcrypto/example_evp_cipher.c
M lib/hcrypto/hmac.c
M lib/hcrypto/md2.c
M lib/hcrypto/md4.c
M lib/hcrypto/md5.c
M lib/hcrypto/md5crypt_test.c
M lib/hcrypto/mdtest.c
M lib/hcrypto/passwd_dlg.c
M lib/hcrypto/pkcs12.c
M lib/hcrypto/pkcs5.c
M lib/hcrypto/rand-fortuna.c
M lib/hcrypto/rand-timer.c
M lib/hcrypto/rand-unix.c
M lib/hcrypto/rand-w32.c
M lib/hcrypto/rand.c
M lib/hcrypto/rc2.c
M lib/hcrypto/rc2test.c
M lib/hcrypto/rc4.c
M lib/hcrypto/rctest.c
M lib/hcrypto/rijndael-alg-fst.c
M lib/hcrypto/rnd_keys.c
M lib/hcrypto/rsa-gmp.c
M lib/hcrypto/rsa-ltm.c
M lib/hcrypto/rsa-tfm.c
M lib/hcrypto/rsa.c
M lib/hcrypto/sha.c
M lib/hcrypto/sha256.c
M lib/hcrypto/sha512.c
M lib/hcrypto/test_bn.c
M lib/hcrypto/test_bulk.c
M lib/hcrypto/test_cipher.c
M lib/hcrypto/test_dh.c
M lib/hcrypto/test_engine_dso.c
M lib/hcrypto/test_hmac.c
M lib/hcrypto/test_pkcs12.c
M lib/hcrypto/test_pkcs5.c
M lib/hcrypto/test_rand.c
M lib/hcrypto/test_rsa.c
M lib/hcrypto/ui.c
M lib/hcrypto/validate.c
Log Message:
-----------
hcrypto: config/roken cleanup
All source files in lib/hcrypto should be built the same way.
Since this source directory is dependent on libroken then all source
files must be built using the roken.h declarations and included headers.
Also, there is no config.h in the local directory so angle brackets
include of quotes should be used.
Finally, because roken.h includes stdio.h, stdlib.h, stdarg.h, limits.h,
strings.h, sys/types.h, etc., do not include them separately.
Start all source files with
#include <config.h>
#include <roken.h>
Change-Id: I09ab47f8a5472018efe6c8b59a0e51fde8f24724
Commit: 1953b0bd397025458e931ab9de8c6f6920021c01
https://github.com/heimdal/heimdal/commit/1953b0bd397025458e931ab9de8c6f6920021c01
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M lib/krb5/fcache.c
M lib/krb5/krb5_get_init_creds.3
M lib/krb5/principal.c
Log Message:
-----------
krb5: pricipal -> principal
fix the spelling errors
Change-Id: I6769ecc50009c11a296766961c1873f4836f33a7
Commit: 1dcfceb0905b02e9c097970faf2bd6dbf7266c3f
https://github.com/heimdal/heimdal/commit/1dcfceb0905b02e9c097970faf2bd6dbf7266c3f
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M lib/base/test_base.c
Log Message:
-----------
lib/base: add tests for mutex and rwlock
Add a basic set of tests for the HEIMDAL_MUTEX and HEIMDAL_RWLOCK
abstraction using both static and dynamic initialization.
Change-Id: Iaeb16e5dfcf00d29be7eaa4f2e6970c4f1268fb0
Commit: 1f53a40827beef38eb568d290d321df58f738137
https://github.com/heimdal/heimdal/commit/1f53a40827beef38eb568d290d321df58f738137
Author: Nicolas Williams <nico at twosigma.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M include/heim_threads.h
Log Message:
-----------
threads: Windows mutex and rwlock implementation
Change-Id: I087bd5884eca9f232f4b5a2a6463b06b38a488e7
Commit: c80816f9c31f036f0b0390c6e2f9708044ba784a
https://github.com/heimdal/heimdal/commit/c80816f9c31f036f0b0390c6e2f9708044ba784a
Author: Nicolas Williams <nico at twosigma.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M lib/krb5/context.c
M lib/krb5/crypto-stubs.c
M lib/krb5/deprecated.c
M lib/krb5/error_string.c
M lib/krb5/krb5_locl.h
Log Message:
-----------
krb5_context: embed mutex in structure
Instead of allocating a separate mutex object on the heap,
include the HEIMDAL_MUTEX in the krb5_context structure.
Change-Id: If6db484177410487176985e43e3b43e0f2166518
Commit: b0e7dc5106e5f86b850f058e473b9e4ff52fa1ab
https://github.com/heimdal/heimdal/commit/b0e7dc5106e5f86b850f058e473b9e4ff52fa1ab
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M lib/krb5/get_host_realm.c
Log Message:
-----------
krb5: DNS TXT records test for invalid gTLD
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is a
controlled interuption service which will return explicit responses to DNS
A, MX, SRV, and TXT queries that can be used to detect private namespace collisions.
Modify the signature of copy_txt_to_realm() to accept a krb5_context so
that meaningful errors can be recorded.
Write a warning to the log (if any).
Change-Id: I51ff8feed4f9d2af8b956bd4ba26e1c4644247c2
Commit: 4b45355162371d2692e7bb6b8c3ad5e730885556
https://github.com/heimdal/heimdal/commit/4b45355162371d2692e7bb6b8c3ad5e730885556
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M lib/krb5/krbhst.c
Log Message:
-----------
krb5: DNS SRV records test for invalid gTLD
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is a
controlled interuption service which will return explicit responses to DNS
A, MX, SRV, and TXT queries that can be used to detect private namespace collisions.
Modify SRV records lookups to detect the special hostname returned in the
SRV response, skip the response, and record an appropriate error if it is detected.
Write a warning to the log (if any).
Change-Id: I47e049b617e39e49939bc92d513a547de1d04624
Commit: 13568961ecdf5edd12644c1ff1d3c2b9e8823c4b
https://github.com/heimdal/heimdal/commit/13568961ecdf5edd12644c1ff1d3c2b9e8823c4b
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M lib/krb5/krbhst.c
Log Message:
-----------
krb5: DNS A record fallback test for invalid gTLD
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is controlled
interuption service which will return explicit responses to DNS A, MX, SRV, and TXT
queries that can be used to detect private namespace collisions.
When performing fallback_get_hosts() check the AF_INET responses to ensure
that they are not the gTLD name collision address 127.0.53.53. If so, add
an error message to the context and return KRB5_KDC_UNREACH.
Write a warning to the log (if any).
Change-Id: I2578f13948b8327cc3f06542c1e489f02410143a
Commit: eb1545382ae5be11bdaa82b6a08f892924ef78eb
https://github.com/heimdal/heimdal/commit/eb1545382ae5be11bdaa82b6a08f892924ef78eb
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M lib/krb5/cache.c
Log Message:
-----------
lib/krb5: fallback Windows default ccname to HLKM
Windows queries the default ccache name via the registry. Prior
to this change only the HKEY_CURRENT_USER hive. Fallback to
HKEY_LOCAL_MACHINE if there is no "ccname" value specified for the
user. This permits system or domain administrators to set the
default ccache to MSLSA: for all users.
Change-Id: Ide3b51358f8fc6944ca698e4a68295be9463d4e0
Commit: 338b4a1fba17044f6f01bc9560fc99626f2e0735
https://github.com/heimdal/heimdal/commit/338b4a1fba17044f6f01bc9560fc99626f2e0735
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M lib/krb5/cache.c
Log Message:
-----------
lib/krb5: reformat krb5_cc_set_default_name
Remove unnecessary levels of indentation.
Switch the conditional from "(e == NULL)" to "(p == NULL)" since it
the variable 'p' that is actually used to store the name of the
default credential cache.
Change-Id: Id884e2cd80b42e47d3c219ac3777161087467a14
Commit: 1b95a70e4ff3aa58788d970f95b2c4f3228f8fba
https://github.com/heimdal/heimdal/commit/1b95a70e4ff3aa58788d970f95b2c4f3228f8fba
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M lib/krb5/cache.c
Log Message:
-----------
lib/krb5: krb5_cc_set_default_name Windows MSLSA:
If there is no default credential cache obtained from the registry
or from configuration files, then check to see if there is a valid
principal available from the MSLSA: credential cache. If so, use
"MSLSA:" as the default credential cache. This will simply configuration
for users on domain joined Windows machines when logged in using a
domain account.
Change-Id: I4c4392e0fdcec89aff3d258ce1b753e6458e3eec
Commit: 924f7b919023f744cdcbb30c4df5b67b7a912e91
https://github.com/heimdal/heimdal/commit/924f7b919023f744cdcbb30c4df5b67b7a912e91
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2016-04-10 (Sun, 10 Apr 2016)
Changed paths:
M lib/krb5/cache.c
Log Message:
-----------
lib/krb5: Windows API:krb5cc ccache fallback
If there is no MSLSA: credential cache principal, then try to
fallback to the MIT default MIT credential cache name, API:krb5cc.
Change-Id: I8f981c5401b4f962cf808e7b0dc782e42bc03023
Compare: https://github.com/heimdal/heimdal/compare/62f982a87b5c...924f7b919023
More information about the Heimdal-source-changes
mailing list