From noreply at github.com Fri Dec 14 12:18:28 2018 From: noreply at github.com (GitHub) Date: Fri, 14 Dec 2018 03:18:28 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] e21866: GSS unwrap: wipe copy of DES key when done with it Message-ID: <5c13918463375_e022ad9a32b2580173d5@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: e21866f7a29ab9d0fcf69efddaec6f758faf7494 https://github.com/heimdal/heimdal/commit/e21866f7a29ab9d0fcf69efddaec6f758faf7494 Author: Benjamin Kaduk Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/gssapi/krb5/unwrap.c Log Message: ----------- GSS unwrap: wipe copy of DES key when done with it Zero out the DES_cblock structure instead of the (not yet used at this point in the function) key schedule. The contents could potentially be left on the stack in the case of an error return from _gssapi_verify_pad(). **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri Dec 14 12:39:00 2018 From: noreply at github.com (GitHub) Date: Fri, 14 Dec 2018 03:39:00 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 136f8f: Windows: Avoid using deprecated function. Message-ID: <5c139654ef092_13bc2b189adf058885116@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 136f8fb55037a06e7e3ce9f09fa786099d87745b https://github.com/heimdal/heimdal/commit/136f8fb55037a06e7e3ce9f09fa786099d87745b Author: Rod Widdowson Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/roken/rand.c Log Message: ----------- Windows: Avoid using deprecated function. In VC15 GetVersionEx has been deprecated. In order to continue to support Win2K use the undeprecated VerifyVersionInfoW API (available since Win2K). Inline helper functions used in latest Win10 SDK to simplify code. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri Dec 14 22:03:36 2018 From: noreply at github.com (GitHub) Date: Fri, 14 Dec 2018 13:03:36 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 8d8920: Fixes https://github.com/heimdal/heimdal/issues/37... Message-ID: <5c141aa8ae3b9_3a5a2ae3b9a96588387b9@hookshot-fe-6e9b612.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 8d8920b079d4a22e5fd941d8179c33fc0fc71ef6 https://github.com/heimdal/heimdal/commit/8d8920b079d4a22e5fd941d8179c33fc0fc71ef6 Author: Quanah Gibson-Mount Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/libedit/configure.ac Log Message: ----------- Fixes https://github.com/heimdal/heimdal/issues/376 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri Dec 14 23:30:16 2018 From: noreply at github.com (GitHub) Date: Fri, 14 Dec 2018 14:30:16 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 7ad6c0: Fix assorted typos Message-ID: <5c142ef8171e6_58352ac6e845e57828c6@hookshot-fe-6b2eebc.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 7ad6c01a8d5d45fa87ca2077bdc39e0a6df7de7a https://github.com/heimdal/heimdal/commit/7ad6c01a8d5d45fa87ca2077bdc39e0a6df7de7a Author: Olly Betts Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M kdc/kerberos5.c M kdc/pkinit.c M lib/gssapi/gss_acquire_cred.3 M lib/hcrypto/rand-fortuna.c M lib/krb5/context.c M lib/krb5/data.c M tests/ldap/check-ldap.in Log Message: ----------- Fix assorted typos **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri Dec 14 23:31:45 2018 From: noreply at github.com (GitHub) Date: Fri, 14 Dec 2018 14:31:45 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 4279b4: Remove an extra line that uses "klist". The comma... Message-ID: <5c142f512ad69_8762af45b84a574401b1@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 4279b467cbef7cfe718de8f49797999a108777b4 https://github.com/heimdal/heimdal/commit/4279b467cbef7cfe718de8f49797999a108777b4 Author: YASUOKA Masahiko Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M tests/gss/check-context.in Log Message: ----------- Remove an extra line that uses "klist". The command was replaced with "heimtools klist". **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri Dec 14 23:38:44 2018 From: noreply at github.com (GitHub) Date: Fri, 14 Dec 2018 14:38:44 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] de4fbc: lib/krb5: Do not re-send the AS-REQ if fast was di... Message-ID: <5c1430f4be7e2_396c2b2280e4a58436fd@hookshot-fe-6e9b612.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: de4fbc95145737ad71e115e47dcb635fcd71bdab https://github.com/heimdal/heimdal/commit/de4fbc95145737ad71e115e47dcb635fcd71bdab Author: Andrew Bartlett Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/krb5/init_creds_pw.c Log Message: ----------- lib/krb5: Do not re-send the AS-REQ if fast was disabled Without this, in an AS-REQ that has no local key for FAST we would send the AS-REQ again, which can bump the bad password count on the KDC twice. So only try again if FAST was actually tried. Signed-off-by: Andrew Bartlett **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri Dec 14 23:39:57 2018 From: noreply at github.com (GitHub) Date: Fri, 14 Dec 2018 14:39:57 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] f7c286: PY3: dict has no iterkeys method Message-ID: <5c14313daa824_4a712ab132278590712e6@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: f7c2860a3623e382ae524a353ec428705f02e786 https://github.com/heimdal/heimdal/commit/f7c2860a3623e382ae524a353ec428705f02e786 Author: Noel Power Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/wind/gen-map.py Log Message: ----------- PY3: dict has no iterkeys method Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from Samba commit c6884138e4c1aec80e8f99ef0978b43919ae9d3a) Commit: 965bb515ed54d768bf8b702e548ec8acfcd8c10b https://github.com/heimdal/heimdal/commit/965bb515ed54d768bf8b702e548ec8acfcd8c10b Author: Noel Power Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/wind/gen-errorlist.py Log Message: ----------- PY3: iterkeys -> keys Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from Samba commit d20e85d008e1b7badbea5ada8b22639f7767a097) Commit: f26b1cd599ed3f1fef9a1476bca708055b2c59b2 https://github.com/heimdal/heimdal/commit/f26b1cd599ed3f1fef9a1476bca708055b2c59b2 Author: Noel Power Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/wind/gen-errorlist.py Log Message: ----------- PY3: iterkeys -> keys Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from Samba commit b2b0f8191dde58fe234b0147c4a0bd39020aa504) Commit: fc9aab949fcb1bb93f43a5bee01132ffed70a01a https://github.com/heimdal/heimdal/commit/fc9aab949fcb1bb93f43a5bee01132ffed70a01a Author: Noel Power Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/wind/gen-normalize.py Log Message: ----------- PY3: dict doesn't have has_key Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from Samba commit 82c84513331da9d0f42ba73d03e58dce5d0f76d3) Commit: 07e3cbb7fb88ef27d6145f4f2b22a1becf7088c5 https://github.com/heimdal/heimdal/commit/07e3cbb7fb88ef27d6145f4f2b22a1becf7088c5 Author: Noel Power Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/wind/gen-combining.py Log Message: ----------- PY3: dict_keys doesn't have a sort method Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from Samba commit 0358d57db4705b2330e294b5d6318c1a78a8518c) Commit: 96b410ed46689f4cfb8b6505ab6c9ac0d4965f9f https://github.com/heimdal/heimdal/commit/96b410ed46689f4cfb8b6505ab6c9ac0d4965f9f Author: Noel Power Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/wind/generate.py Log Message: ----------- PY3: bytes.maketrans, string.maketrans is a PY2 only function Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from Samba commit b342e6f038b5277cf30115f11cf0f30d238c12ea) Commit: 76b2f1572911e2872414dfd64db5001439e858cf https://github.com/heimdal/heimdal/commit/76b2f1572911e2872414dfd64db5001439e858cf Author: Noel Power Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/wind/generate.py Log Message: ----------- PY3: string.translate string.upper don't exist in PY3 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from Samba commit a0c8c8c8331856d9f09d18b389b7dd01c8d33de2) Commit: 926b3aae822e72b85f1d5adefba49417806909d8 https://github.com/heimdal/heimdal/commit/926b3aae822e72b85f1d5adefba49417806909d8 Author: Noel Power Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/wind/stringprep.py Log Message: ----------- PY3: string.upper not in PY3 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from Samba commit 899ef5d186c2c44f63c1cbf415daa33e9f668a5b) Commit: 06143cc12bbd377172203c032491b58ee7c4c6b2 https://github.com/heimdal/heimdal/commit/06143cc12bbd377172203c032491b58ee7c4c6b2 Author: Noel Power Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/wind/gen-map.py Log Message: ----------- PY3: xrange->range Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from Samba commit e2c0af6bcdf271ff75c455695c129bc18322bd5a) Commit: fa3c0031a8becea94045cd0d060ce37d1a58ed52 https://github.com/heimdal/heimdal/commit/fa3c0031a8becea94045cd0d060ce37d1a58ed52 Author: Noel Power Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/wind/gen-normalize.py Log Message: ----------- Bulk: enclose .keys() method with list where list (from python2) expected Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from Samba commit 521bc6056edc5252f2256664f4eacba13a3749e3) Commit: 5542a0ba16b53eb223c9cc0acdf91b53d80adc54 https://github.com/heimdal/heimdal/commit/5542a0ba16b53eb223c9cc0acdf91b53d80adc54 Author: Noel Power Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M lib/wind/gen-bidi.py M lib/wind/gen-combining.py M lib/wind/gen-errorlist.py M lib/wind/gen-map.py M lib/wind/gen-normalize.py Log Message: ----------- PY3: make sure print stmt is enclosed by '(' & ')' Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from Samba merge request https://gitlab.com/samba-team/samba/merge_requests/68) Compare: https://github.com/heimdal/heimdal/compare/de4fbc951457...5542a0ba16b5 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 15 00:00:12 2018 From: noreply at github.com (GitHub) Date: Fri, 14 Dec 2018 15:00:12 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9de0cd: tests: fix kadmin5 wrapper from repeating flags Message-ID: <5c1435fcc2f84_8d72acc7979857c438bd@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9de0cd8f7e448ed2fb5b35b4f8f782731e05e448 https://github.com/heimdal/heimdal/commit/9de0cd8f7e448ed2fb5b35b4f8f782731e05e448 Author: Isaac Boukris Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M tests/kdc/check-kdc.in Log Message: ----------- tests: fix kadmin5 wrapper from repeating flags Signed-off-by: Isaac Boukris Commit: 751f56160496e45eb0077cce6b4a9cf63d4c001f https://github.com/heimdal/heimdal/commit/751f56160496e45eb0077cce6b4a9cf63d4c001f Author: Isaac Boukris Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M kdc/krb5tgs.c Log Message: ----------- Correct S4U2Self spelling in a comment Signed-off-by: Isaac Boukris Commit: 30d16fd151ebde58e626be5ccd1abb5777db550d https://github.com/heimdal/heimdal/commit/30d16fd151ebde58e626be5ccd1abb5777db550d Author: Isaac Boukris Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M kdc/krb5tgs.c Log Message: ----------- krb5tgs: use string representation in logs Found by binary printouts in logs. Signed-off-by: Isaac Boukris Compare: https://github.com/heimdal/heimdal/compare/5542a0ba16b5...30d16fd151eb **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 15 00:04:11 2018 From: noreply at github.com (GitHub) Date: Fri, 14 Dec 2018 15:04:11 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 3806a7: In KCM, when allocating new kcm_ccache struct, the... Message-ID: <5c1436eb392f9_3c042b0d8501c59421974@hookshot-fe-2cc8887.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 3806a730cb1893c20b37d8e7ad38935b8f1861da https://github.com/heimdal/heimdal/commit/3806a730cb1893c20b37d8e7ad38935b8f1861da Author: Pavel Semerad Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M kcm/cache.c Log Message: ----------- In KCM, when allocating new kcm_ccache struct, there is missing inicialization of kdc_offset. It is getting random values in my case and stored tickets are unusable, last time I got this value to "klist -v": KDC time offset: 61 years 11 months 2 weeks 3 days 5 hours 28 minutes 32 seconds This commit seems to correct it. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 15 00:07:58 2018 From: noreply at github.com (GitHub) Date: Fri, 14 Dec 2018 15:07:58 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9f5889: Add missing initialization of kdc_offset in kcm Message-ID: <5c1437ce6b175_19d02ad92f12259065518@hookshot-fe-265448d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9f58896af958ae5e6e3ebde8c48dad4eda841986 https://github.com/heimdal/heimdal/commit/9f58896af958ae5e6e3ebde8c48dad4eda841986 Author: Pavel Semerad Date: 2018-12-14 (Fri, 14 Dec 2018) Changed paths: M kcm/cache.c Log Message: ----------- Add missing initialization of kdc_offset in kcm In KCM, when allocating new kcm_ccache struct, there is missing inicialization of kdc_offset. It is getting random values in my case and stored tickets are unusable, last time I got this value to "klist -v": KDC time offset: 61 years 11 months 2 weeks 3 days 5 hours 28 minutes 32 seconds This commit seems to correct it. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 15 03:02:09 2018 From: noreply at github.com (GitHub) Date: Fri, 14 Dec 2018 18:02:09 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 35e9d2: roken: Solaris auxval test fails (#441) Message-ID: <5c1460a1e6961_54472abce1e1e57443286@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-auxval Home: https://github.com/heimdal/heimdal Commit: 35e9d2d5a8ce7c1914f52a341d87f72e2d61d4c5 https://github.com/heimdal/heimdal/commit/35e9d2d5a8ce7c1914f52a341d87f72e2d61d4c5 Author: Luke Howard Date: 2018-12-15 (Sat, 15 Dec 2018) Changed paths: M lib/roken/getauxval.h Log Message: ----------- roken: Solaris auxval test fails (#441) The Solaris auxval test fails, because Solaris uses different preprocessor symbols (and numbers) for its UID and GID auxval types. Note that issuid() could simply be an alias of issetugid() on Solaris, so perhaps this is not necessary. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 17 18:21:09 2018 From: noreply at github.com (GitHub) Date: Mon, 17 Dec 2018 09:21:09 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] c75bb3: For issue#381 Message-ID: <5c17db05173e1_25232ab9c56a2580548ba@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: c75bb31a9cb816c0022c1e8de8a1549674f1f609 https://github.com/heimdal/heimdal/commit/c75bb31a9cb816c0022c1e8de8a1549674f1f609 Author: Quanah Gibson-Mount Date: 2018-12-18 (Tue, 18 Dec 2018) Changed paths: M tests/kdc/wait-kdc.sh Log Message: ----------- For issue#381 Fix output to be grammatically correct. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Tue Dec 18 20:12:48 2018 From: noreply at github.com (GitHub) Date: Tue, 18 Dec 2018 11:12:48 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 6b3ce5: libedit: make makelist compatible with solaris 10 Message-ID: <5c1946b0f3753_5d202b2874d54590506a7@hookshot-fe-da92815.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 6b3ce5d2297d6b16444abcba5e890e671450a159 https://github.com/heimdal/heimdal/commit/6b3ce5d2297d6b16444abcba5e890e671450a159 Author: Daria Phoebe Brashear Date: 2018-12-18 (Tue, 18 Dec 2018) Changed paths: M lib/libedit/src/makelist Log Message: ----------- libedit: make makelist compatible with solaris 10 solaris 10 tr doesn't support [:upper:] and [:lower:]; work around since we only need ascii letters anyway Commit: 78c915f65a648ea731fc0cee147c422c8cf4c369 https://github.com/heimdal/heimdal/commit/78c915f65a648ea731fc0cee147c422c8cf4c369 Author: Daria Phoebe Brashear Date: 2018-12-18 (Tue, 18 Dec 2018) Changed paths: M configure.ac M lib/com_err/Makefile.am M lib/com_err/lex.l M lib/sl/Makefile.am M lib/sl/slc-lex.l Log Message: ----------- lex: %option not supported by solaris lex it turns out that we don't need to tell lex we don't plan to use unput; we can just.... not use unput. however, if we're flex, use the command line option if it's available, to avoid warnings Compare: https://github.com/heimdal/heimdal/compare/c75bb31a9cb8...78c915f65a64 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Tue Dec 18 23:51:14 2018 From: noreply at github.com (GitHub) Date: Tue, 18 Dec 2018 14:51:14 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] ec8857: roken: Solaris auxval test fails (#441) Message-ID: <5c1979e2116e4_5d682ace30026574279e9@hookshot-fe-6e9b612.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: ec88576ace34b0cc5742b0f478dc6bf980d79ac1 https://github.com/heimdal/heimdal/commit/ec88576ace34b0cc5742b0f478dc6bf980d79ac1 Author: Luke Howard Date: 2018-12-19 (Wed, 19 Dec 2018) Changed paths: M lib/roken/getauxval.h Log Message: ----------- roken: Solaris auxval test fails (#441) The Solaris auxval test fails, because Solaris uses different preprocessor symbols (and numbers) for its UID and GID auxval types. Note that issuid() could simply be an alias of issetugid() on Solaris, so perhaps this is not necessary. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 19 06:28:40 2018 From: noreply at github.com (GitHub) Date: Tue, 18 Dec 2018 21:28:40 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] a8f090: base: expose atomic operations internally (#447) Message-ID: <5c19d708b6245_9f82b027b58e578101053@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: a8f0905b71e103332f6705ffcbcab0a7768a809e https://github.com/heimdal/heimdal/commit/a8f0905b71e103332f6705ffcbcab0a7768a809e Author: Luke Howard Date: 2018-12-18 (Tue, 18 Dec 2018) Changed paths: M lib/base/baselocl.h M lib/base/heimbase.h Log Message: ----------- base: expose atomic operations internally (#447) Commit: 4a93c4774a597f58546e631a3699b8ad0775dce5 https://github.com/heimdal/heimdal/commit/4a93c4774a597f58546e631a3699b8ad0775dce5 Author: Luke Howard Date: 2018-12-18 (Tue, 18 Dec 2018) Changed paths: M lib/gssapi/gen-oid.pl M lib/gssapi/mech/gss_authorize_localname.c M lib/gssapi/mech/gss_compare_name.c M lib/gssapi/mech/gss_display_name.c M lib/gssapi/mech/gss_duplicate_name.c M lib/gssapi/mech/gss_duplicate_oid.c M lib/gssapi/mech/gss_import_name.c M lib/gssapi/mech/gss_indicate_mechs.c M lib/gssapi/mech/gss_inquire_cred.c M lib/gssapi/mech/gss_inquire_mechs_for_name.c M lib/gssapi/mech/gss_krb5.c M lib/gssapi/mech/gss_mech_switch.c M lib/gssapi/mech/gss_mo.c M lib/gssapi/mech/gss_names.c M lib/gssapi/mech/gss_oid.c M lib/gssapi/mech/gss_release_name.c M lib/gssapi/mech/gss_release_oid.c M lib/gssapi/mech/gss_set_cred_option.c M lib/gssapi/mech/gss_utils.c M lib/gssapi/mech/mech_locl.h M lib/gssapi/mech/mech_switch.h M lib/gssapi/mech/mechqueue.h M lib/gssapi/mech/name.h M lib/gssapi/mech/utils.h M lib/gssapi/spnego/context_stubs.c M lib/gssapi/spnego/cred_stubs.c M lib/gssapi/spnego/init_sec_context.c M lib/gssapi/spnego/spnego_locl.h Log Message: ----------- gss: intern OIDs (#447) Intern OIDs so that gss_release_oid() can be a NOOP. Compare: https://github.com/heimdal/heimdal/compare/ec88576ace34...4a93c4774a59 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 19 09:41:00 2018 From: noreply at github.com (GitHub) Date: Wed, 19 Dec 2018 00:41:00 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] efc5ad: gss: cleanup warnings in HEIM_SLIST_ATOMIC_FOREACH... Message-ID: <5c1a041c88f0a_6c492b2499f1058469892@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: efc5ad8b3c2726b66d95ecf5397b980f9dec925e https://github.com/heimdal/heimdal/commit/efc5ad8b3c2726b66d95ecf5397b980f9dec925e Author: Luke Howard Date: 2018-12-19 (Wed, 19 Dec 2018) Changed paths: M lib/gssapi/mech/mechqueue.h Log Message: ----------- gss: cleanup warnings in HEIM_SLIST_ATOMIC_FOREACH (#447) Cleanup unused result warning when calling heim_base_exchange_pointer() from HEIM_SLIST_ATOMIC_FOREACH() in mechqueue.h. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 20 02:23:27 2018 From: noreply at github.com (GitHub) Date: Wed, 19 Dec 2018 17:23:27 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 5180a4: asn1: maximum unsigned INTEGER range is 2^63 (#458... Message-ID: <5c1aef0f50280_962a2ad29a64457863099@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 5180a4ed75f1ac5953fdfcb73ace272ac332c775 https://github.com/heimdal/heimdal/commit/5180a4ed75f1ac5953fdfcb73ace272ac332c775 Author: Luke Howard Date: 2018-12-20 (Thu, 20 Dec 2018) Changed paths: M lib/asn1/test.asn1 Log Message: ----------- asn1: maximum unsigned INTEGER range is 2^63 (#458) As ranges are stored as signed 64-bit integers, they will be clamped to 2^63. Do not use a maximum range of 2^64 in the test suite. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 20 02:44:07 2018 From: noreply at github.com (GitHub) Date: Wed, 19 Dec 2018 17:44:07 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 59aee7: PY3: fix "TabError: inconsistent use of tabs and s... Message-ID: <5c1af3e744015_45182affb215a59063d6@hookshot-fe-31feec6.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 59aee7cad2b3fdb7fe8ddcc621e12703cdc35022 https://github.com/heimdal/heimdal/commit/59aee7cad2b3fdb7fe8ddcc621e12703cdc35022 Author: Noel Power Date: 2018-12-19 (Wed, 19 Dec 2018) Changed paths: M lib/wind/UnicodeData.py Log Message: ----------- PY3: fix "TabError: inconsistent use of tabs and spaces" Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry-picked from Samba commit e8fec94827c933041acd5b447eeeefd0b7b507ef) **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 20 02:53:39 2018 From: noreply at github.com (GitHub) Date: Wed, 19 Dec 2018 17:53:39 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] a3d895: keytab: Avoid use of signed integer as a boolean Message-ID: <5c1af623b267f_2aa22ab6d5d725744237c@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: a3d8951df560fd1baaedd7e3392953e40ef72077 https://github.com/heimdal/heimdal/commit/a3d8951df560fd1baaedd7e3392953e40ef72077 Author: Andrew Bartlett Date: 2018-12-20 (Thu, 20 Dec 2018) Changed paths: M lib/krb5/keytab_any.c Log Message: ----------- keytab: Avoid use of signed integer as a boolean with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2" gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives: keytab_any.c: In function ‘any_remove_entry’: keytab_any.c:241:7: warning: assuming signed overflow does not occur when simplifying conditional to constant [-Wstrict-overflow] if(!found) ^ Signed-off-by: Andrew Bartlett Commit: 2ea34666d933596e2c0f9756a43088d73c0fae44 https://github.com/heimdal/heimdal/commit/2ea34666d933596e2c0f9756a43088d73c0fae44 Author: Andrew Bartlett Date: 2018-12-20 (Thu, 20 Dec 2018) Changed paths: M lib/krb5/krbhst.c Log Message: ----------- heimdal: Fix printing a short int into a string The size of portstr is too small to print an integer. Instead just let snprintf do the work. This fixes building with GCC 7.1 Based on feedback by Jeffrey Altman BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930 (Inspired by Samba commit abd74c3ba5e3ee3f5320bff6ed7dff4fbcb79373) Signed-off-by: Andrew Bartlett Commit: ce2df481b775d832e42c878203d55ff1286d2f6d https://github.com/heimdal/heimdal/commit/ce2df481b775d832e42c878203d55ff1286d2f6d Author: Andreas Schneider Date: 2018-12-20 (Thu, 20 Dec 2018) Changed paths: M lib/krb5/config_file.c Log Message: ----------- Fix size types This fixes compilation with -Wstrict-overflow=2 with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2" gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives: config_file.c: In function ‘krb5_config_vget_strings’: config_file.c:1122:10: warning: assuming signed overflow does not occur when simplifying conditional to constant [-Wstrict-overflow] while(nstr--) ^ Upstream pull request: https://github.com/heimdal/heimdal/pull/354 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (similar to Samba commit 72979d1d60ca2eab1e7903c2e77b8cca69667691, cut down to just the config_file.c and keytab_any.c changes reproduced above by abartlet) Commit: 122226c3f398feefca9ea86d6ce9f7c9c61dfee8 https://github.com/heimdal/heimdal/commit/122226c3f398feefca9ea86d6ce9f7c9c61dfee8 Author: Andreas Schneider Date: 2018-12-20 (Thu, 20 Dec 2018) Changed paths: M lib/krb5/addr_families.c Log Message: ----------- heimdal: Fix size types and array access This fixes compilation with -Wstrict-overflow=2. with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2" gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives: addr_families.c: In function ‘krb5_sockaddr2address’: addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:851:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_sockaddr2address (krb5_context context, ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_sockaddr2port’: addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:879:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_sockaddr2port (krb5_context context, ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_addr2sockaddr’: addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:914:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_addr2sockaddr (krb5_context context, ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_max_sockaddr_size’: addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for(a = at; a < at + num_addrs; ++a) ^ addr_families.c:950:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_max_sockaddr_size (void) ^ addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for(a = at; a < at + num_addrs; ++a) ^ addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_sockaddr_uninteresting’: addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:974:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_sockaddr_uninteresting(const struct sockaddr *sa) ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_sockaddr_is_loopback’: addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:983:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_sockaddr_is_loopback(const struct sockaddr *sa) ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_h_addr2sockaddr’: addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:1011:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_h_addr2sockaddr (krb5_context context, ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_h_addr2addr’: addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:1042:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_h_addr2addr (krb5_context context, ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_anyaddr’: addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:1073:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_anyaddr (krb5_context context, ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_print_address’: addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:1108:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_print_address (const krb5_address *addr, ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_address_order’: addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:1238:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_address_order(krb5_context context, ^ addr_families.c:1238:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c: In function ‘krb5_free_address’: addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:1333:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_free_address(krb5_context context, ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_copy_address’: addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:1383:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_copy_address(krb5_context context, ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] addr_families.c: In function ‘krb5_address_prefixlen_boundary’: addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:1537:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] krb5_address_prefixlen_boundary(krb5_context context, ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] for (a = at; a < at + num_addrs; ++a) ^ addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow] CC libkrb5_la-config_file.lo Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (Similar to Samba commit aa17db1f4061920512396032fcd3c7c8a4a8f38f) Compare: https://github.com/heimdal/heimdal/compare/59aee7cad2b3...122226c3f398 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 20 06:26:03 2018 From: noreply at github.com (GitHub) Date: Wed, 19 Dec 2018 21:26:03 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 176fe6: hdb: fix uninitialized variable use in MIT bridge Message-ID: <5c1b27eb9a89d_15f82b23278b25842746@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 176fe6c06c5491db791ffa3d6ce513f8504c722e https://github.com/heimdal/heimdal/commit/176fe6c06c5491db791ffa3d6ce513f8504c722e Author: Luke Howard Date: 2018-12-20 (Thu, 20 Dec 2018) Changed paths: M lib/hdb/hdb-mitdb.c Log Message: ----------- hdb: fix uninitialized variable use in MIT bridge **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 20 07:59:20 2018 From: noreply at github.com (GitHub) Date: Wed, 19 Dec 2018 22:59:20 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] e11abf: hdb: support "hard" alias path in AS-REQ (#452) Message-ID: <5c1b3dc846d2_3a1a2b1ff5c0658011ec@hookshot-fe-31feec6.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: e11abf414c4686de67593c4a036bc235b77391a3 https://github.com/heimdal/heimdal/commit/e11abf414c4686de67593c4a036bc235b77391a3 Author: Luke Howard Date: 2018-12-20 (Thu, 20 Dec 2018) Changed paths: M lib/hdb/common.c Log Message: ----------- hdb: support "hard" alias path in AS-REQ (#452) Adds support for "hard" aliases when initially authenticating, that is, allowing a client or server principal to be known by many names without requiring that the client support name canonicalization. In order to avoid changing the behavior for other backends such as Samba, this is implemented in the HDB backend rather than the KDC. To use, add an alias for both the client and TGS ("krbtgt") principals using kadmin. This behavior is unchanged if name canonicalization is enabled. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri Dec 21 05:47:44 2018 From: noreply at github.com (GitHub) Date: Thu, 20 Dec 2018 20:47:44 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9d98ce: krb5: fix const warning in krb5_c_verify_checksum(... Message-ID: <5c1c7070400b7_72302ad3225ee5784855@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9d98ce72ff7d3ad5f278e08d6cb34ee1ba115d80 https://github.com/heimdal/heimdal/commit/9d98ce72ff7d3ad5f278e08d6cb34ee1ba115d80 Author: Luke Howard Date: 2018-12-21 (Fri, 21 Dec 2018) Changed paths: M lib/krb5/mit_glue.c Log Message: ----------- krb5: fix const warning in krb5_c_verify_checksum() **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 22 06:05:18 2018 From: noreply at github.com (GitHub) Date: Fri, 21 Dec 2018 21:05:18 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] a6ce55: krb5: support %{euid} path expansion token Message-ID: <5c1dc60ec9bca_28502af7f6f70580484e0@hookshot-fe-6b2eebc.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: a6ce554c7a99380713269e134fa0de0823897738 https://github.com/heimdal/heimdal/commit/a6ce554c7a99380713269e134fa0de0823897738 Author: Luke Howard Date: 2018-12-22 (Sat, 22 Dec 2018) Changed paths: M lib/krb5/expand_path.c M lib/krb5/test_cc.c Log Message: ----------- krb5: support %{euid} path expansion token **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 22 06:39:05 2018 From: noreply at github.com (GitHub) Date: Fri, 21 Dec 2018 21:39:05 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] dd7eb8: roken: add rk_getpwuid_r() Message-ID: <5c1dcdf9e13c6_a4b2ae284ef058883730@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: dd7eb8f6652eeffdcf7ee4143275f2d47cfbe30c https://github.com/heimdal/heimdal/commit/dd7eb8f6652eeffdcf7ee4143275f2d47cfbe30c Author: Luke Howard Date: 2018-12-22 (Sat, 22 Dec 2018) Changed paths: M lib/roken/getxxyyy.c M lib/roken/roken.h.in Log Message: ----------- roken: add rk_getpwuid_r() TODO: implement non-POSIX getpwnam_r()/getpwuid_r() wrappers Commit: 862133e2da874e0e28cc329c1ea589fb57cd27d6 https://github.com/heimdal/heimdal/commit/862133e2da874e0e28cc329c1ea589fb57cd27d6 Author: Luke Howard Date: 2018-12-22 (Sat, 22 Dec 2018) Changed paths: M lib/krb5/expand_path.c M lib/krb5/test_cc.c Log Message: ----------- krb5: support %{username} path expansion token Commit: 6d7b0bfd17e060df1ae6a840dc72c76590b49664 https://github.com/heimdal/heimdal/commit/6d7b0bfd17e060df1ae6a840dc72c76590b49664 Author: Luke Howard Date: 2018-12-22 (Sat, 22 Dec 2018) Changed paths: M lib/krb5/cache.c M lib/krb5/verify_krb5_conf.c Log Message: ----------- krb5: support default_ccache_name for MIT compat Allow default_ccache_name as an alias for default_cc_name in krb5.conf, for MIT compatibility (#355) Compare: https://github.com/heimdal/heimdal/compare/a6ce554c7a99...6d7b0bfd17e0 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 22 08:14:41 2018 From: noreply at github.com (GitHub) Date: Fri, 21 Dec 2018 23:14:41 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] bfdef9: krb5: krb5_get_init_creds_opt_set_change_password_... Message-ID: <5c1de461705a7_48052ab0fb77857c34758@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/322 Home: https://github.com/heimdal/heimdal Commit: bfdef9f54f3cb92383b59d5641a940845b982054 https://github.com/heimdal/heimdal/commit/bfdef9f54f3cb92383b59d5641a940845b982054 Author: Luke Howard Date: 2018-12-22 (Sat, 22 Dec 2018) Changed paths: M lib/krb5/init_creds_pw.c Log Message: ----------- krb5: krb5_get_init_creds_opt_set_change_password_prompt incomplete (#322) krb5_get_init_creds_opt_set_change_password_prompt() was being ignored by krb5_init_creds_step() which broke pam_krb5 tests. MIT does handle password expiration within krb5_init_creds_step(), instead deferring to higher level functions such as krb5_get_init_creds_password(). However, Heimdal kinit requires this to be implemented. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 22 08:16:25 2018 From: noreply at github.com (GitHub) Date: Fri, 21 Dec 2018 23:16:25 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <5c1de4c9b5208_9902ae764d50590350dc@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/322 Home: https://github.com/heimdal/heimdal **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 22 08:16:34 2018 From: noreply at github.com (GitHub) Date: Fri, 21 Dec 2018 23:16:34 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <5c1de4d2470d1_66722b06e6b7e57c793f7@hookshot-fe-31feec6.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-auxval Home: https://github.com/heimdal/heimdal **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 22 08:16:37 2018 From: noreply at github.com (GitHub) Date: Fri, 21 Dec 2018 23:16:37 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <5c1de4d5c37a8_765b2ace86b0c57814929@hookshot-fe-265448d.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 22 08:16:39 2018 From: noreply at github.com (GitHub) Date: Fri, 21 Dec 2018 23:16:39 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <5c1de4d785a05_728d2adb0ca0e580104792@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/aes-cts-hmac-sha2 Home: https://github.com/heimdal/heimdal **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 23 05:35:38 2018 From: noreply at github.com (GitHub) Date: Sat, 22 Dec 2018 20:35:38 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 3c9274: gss: fix leak in add_builtin() if interning OID fa... Message-ID: <5c1f109a30ff5_65442ab778eb8570272be@hookshot-fe-b0febf1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 3c92747f2a632c2e1ca5c60a00fefb6d2e3cccad https://github.com/heimdal/heimdal/commit/3c92747f2a632c2e1ca5c60a00fefb6d2e3cccad Author: Luke Howard Date: 2018-12-23 (Sun, 23 Dec 2018) Changed paths: M lib/gssapi/mech/gss_mech_switch.c Log Message: ----------- gss: fix leak in add_builtin() if interning OID fails 4a93c477 (#447) introduced a leak in add_builtin(). Reported by jaltman at auristor.com. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 23 06:59:27 2018 From: noreply at github.com (GitHub) Date: Sat, 22 Dec 2018 21:59:27 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 070d0c: krb5: krb5_get_init_creds_opt_set_change_password_... Message-ID: <5c1f243fb5df7_636d2ab17b3ac58065275@hookshot-fe-2cc8887.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 070d0cf9283fd8878c087e531a2f91e51f0ff2c8 https://github.com/heimdal/heimdal/commit/070d0cf9283fd8878c087e531a2f91e51f0ff2c8 Author: Luke Howard Date: 2018-12-23 (Sun, 23 Dec 2018) Changed paths: M lib/krb5/init_creds_pw.c Log Message: ----------- krb5: krb5_get_init_creds_opt_set_change_password_prompt incomplete (#322) krb5_get_init_creds_opt_set_change_password_prompt() was being ignored by krb5_init_creds_step() which broke pam_krb5 tests. MIT doesn't handle password expiration within krb5_init_creds_step(), instead deferring to higher level functions such as krb5_get_init_creds_password(). However, Heimdal kinit uses krb5_init_creds_step() directly and thus requires this behaviour to be implemented to pass its own tests. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 23 07:18:13 2018 From: noreply at github.com (GitHub) Date: Sat, 22 Dec 2018 22:18:13 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 2974a9: roken: skip AT_HWCAP[2] in auxval test (#446) Message-ID: <5c1f28a59df6a_41522af97864a57c1059c2@hookshot-fe-6e9b612.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 2974a9841fc818994111d461fbb7d3f46b1fcaba https://github.com/heimdal/heimdal/commit/2974a9841fc818994111d461fbb7d3f46b1fcaba Author: Luke Howard Date: 2018-12-23 (Sun, 23 Dec 2018) Changed paths: M lib/roken/test-auxval.c Log Message: ----------- roken: skip AT_HWCAP[2] in auxval test (#446) AT_HWCAP and AT_HWCAP2 are handled specially by libc and cannot be parsed directly out of /proc/self/auxv. Skip them in the auxval test. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 23 07:34:44 2018 From: noreply at github.com (GitHub) Date: Sat, 22 Dec 2018 22:34:44 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] def6e4: kadmin: honour pw-expiration-time when adding prin... Message-ID: <5c1f2c8436a45_6df92add162dc58052524@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: def6e4fc799dcc7b6fd311d17605587e69e04593 https://github.com/heimdal/heimdal/commit/def6e4fc799dcc7b6fd311d17605587e69e04593 Author: Luke Howard Date: 2018-12-23 (Sun, 23 Dec 2018) Changed paths: M kadmin/ank.c Log Message: ----------- kadmin: honour pw-expiration-time when adding principal (#360) Adding a principal with a random key or password did not respect non-default password expiration times, because the act of setting the key or password would clobber it with the default. As we update the principal anyway after setting the keys, use this opportunity to restore the requested password expiration time. (There are other ways to solve this, but this is the least intrusive.) **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 23 07:45:52 2018 From: noreply at github.com (GitHub) Date: Sat, 22 Dec 2018 22:45:52 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 634113: roken: fix build breakage, AT_HWCAP2 may be undefi... Message-ID: <5c1f2f20ea42b_6ea22b122654e580311c6@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 63411321753e1ee959fd1e69ba5986d2438f1b39 https://github.com/heimdal/heimdal/commit/63411321753e1ee959fd1e69ba5986d2438f1b39 Author: Luke Howard Date: 2018-12-23 (Sun, 23 Dec 2018) Changed paths: M lib/roken/test-auxval.c Log Message: ----------- roken: fix build breakage, AT_HWCAP2 may be undefined (#446) **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 23 08:33:33 2018 From: noreply at github.com (GitHub) Date: Sat, 22 Dec 2018 23:33:33 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 7c8263: Make the password used in check-kadmin.in be setta... Message-ID: <5c1f3a4d50b74_77f62ac99ae5a57c5757e@hookshot-fe-265448d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 7c826371203623b54662c0bc0eca093b30053daa https://github.com/heimdal/heimdal/commit/7c826371203623b54662c0bc0eca093b30053daa Author: Adam Lewenberg Date: 2018-12-23 (Sun, 23 Dec 2018) Changed paths: M tests/kdc/check-kadmin.in Log Message: ----------- Make the password used in check-kadmin.in be settable as a parameter When we use a custom patch that makes strong passwords required even for administrators the check-kadmin test will fail because "foo" (the password used in check-kadmin.in) is not a strong password. So, we make the password used in check-kadmin.in settable as a parameter. This way, we only have to change one line of check-kadmin.in rather than a dozen to get check-kadmin to pass when using the strong-passwords everywhere patch. Note that this change makes no real change to any of the tests in check-kadmin.in: no tests are changed, removed, or added. Commit: c9c72ab11c7a9fba9277fcbe0aedfd847f665ab3 https://github.com/heimdal/heimdal/commit/c9c72ab11c7a9fba9277fcbe0aedfd847f665ab3 Author: Adam Henry Lewenberg Date: 2018-12-23 (Sun, 23 Dec 2018) Changed paths: M tests/kdc/check-kadmin.in Log Message: ----------- Put double quotes around the foopassword in case password has whitespace >From a suggestion by nicowilliams, put double quotes aroung the varaible $foopassword in case the password contains whitespace or other special characters. Compare: https://github.com/heimdal/heimdal/compare/63411321753e...c9c72ab11c7a **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 23 08:43:05 2018 From: noreply at github.com (GitHub) Date: Sat, 22 Dec 2018 23:43:05 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 976348: gssapi: fix pointer type mismatch in NTLM mech Message-ID: <5c1f3c89d39de_6d502afb794e6570477bf@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9763482d9fbb03b283d4bf31d8982ee7fe3a06a9 https://github.com/heimdal/heimdal/commit/9763482d9fbb03b283d4bf31d8982ee7fe3a06a9 Author: Luke Howard Date: 2018-12-23 (Sun, 23 Dec 2018) Changed paths: M lib/gssapi/ntlm/accept_sec_context.c Log Message: ----------- gssapi: fix pointer type mismatch in NTLM mech Commit: 511c84fe651d46b34529b8a99bb401f7e44eb505 https://github.com/heimdal/heimdal/commit/511c84fe651d46b34529b8a99bb401f7e44eb505 Author: Luke Howard Date: 2018-12-23 (Sun, 23 Dec 2018) Changed paths: M .gitignore Log Message: ----------- roken: add test-auxval test to .gitignore Compare: https://github.com/heimdal/heimdal/compare/c9c72ab11c7a...511c84fe651d **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 24 03:28:03 2018 From: noreply at github.com (GitHub) Date: Sun, 23 Dec 2018 18:28:03 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 872222: AC_FIND_FUNC_NO_LIBS should check libtinfo for tge... Message-ID: <5c2044335692f_620b2ad5ccd74584151e2@hookshot-fe-b0febf1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 872222db35384f343a8a566a56a28c4eb73d38ed https://github.com/heimdal/heimdal/commit/872222db35384f343a8a566a56a28c4eb73d38ed Author: Damir Franusic Date: 2018-12-24 (Mon, 24 Dec 2018) Changed paths: M configure.ac M lib/libedit/config.h.in M lib/libedit/configure.ac Log Message: ----------- AC_FIND_FUNC_NO_LIBS should check libtinfo for tgetent Commit: 329918bd671c89de6e1c2874baba48d658a89a10 https://github.com/heimdal/heimdal/commit/329918bd671c89de6e1c2874baba48d658a89a10 Author: Damir Franusic Date: 2018-12-24 (Mon, 24 Dec 2018) Changed paths: M lib/hcrypto/Makefile.am Log Message: ----------- hcrypto: fix include path Commit: 572a6fd7ac41e9210ef3eb765fe7da4ec8a94bb2 https://github.com/heimdal/heimdal/commit/572a6fd7ac41e9210ef3eb765fe7da4ec8a94bb2 Author: Luke Howard Date: 2018-12-24 (Mon, 24 Dec 2018) Changed paths: M lib/hx509/Makefile.am Log Message: ----------- hx509: fix dependency, hxtool requires ASN.1 headers Compare: https://github.com/heimdal/heimdal/compare/511c84fe651d...572a6fd7ac41 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 24 03:30:14 2018 From: noreply at github.com (GitHub) Date: Sun, 23 Dec 2018 18:30:14 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] f132d2: solaris 8 sparc defines _LP64 to empty, causing bu... Message-ID: <5c2044b65cb8a_aa32ab1084ca58452680@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: f132d2040dbc326b8f3c8b3970001a966e58ade1 https://github.com/heimdal/heimdal/commit/f132d2040dbc326b8f3c8b3970001a966e58ade1 Author: David Mulder Date: 2018-12-23 (Sun, 23 Dec 2018) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- solaris 8 sparc defines _LP64 to empty, causing build failure **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 24 08:06:03 2018 From: noreply at github.com (GitHub) Date: Sun, 23 Dec 2018 23:06:03 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 2e1304: kinit: don't leave dangling temporary ccaches Message-ID: <5c20855b497ca_65742abb7a940588974bc@hookshot-fe-31feec6.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 2e1304b9d55d24a3846f4dc9c794d0c197af4438 https://github.com/heimdal/heimdal/commit/2e1304b9d55d24a3846f4dc9c794d0c197af4438 Author: Luke Howard Date: 2018-12-24 (Mon, 24 Dec 2018) Changed paths: M kuser/kinit.c Log Message: ----------- kinit: don't leave dangling temporary ccaches kinit does not destroy ccaches created with krb5_cc_new_unique() if ticket acquisition fails. This was leaving dangling keyring entries with the keyring ccache. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 24 08:17:33 2018 From: noreply at github.com (GitHub) Date: Sun, 23 Dec 2018 23:17:33 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] fb8159: krb5: port MIT Linux keyring credentials cache (#1... Message-ID: <5c20880dc9511_67842b1d67a3257865261@hookshot-fe-b0febf1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: fb81598d447305352cd38095ffac701cc3eed0cf https://github.com/heimdal/heimdal/commit/fb81598d447305352cd38095ffac701cc3eed0cf Author: Luke Howard Date: 2018-12-24 (Mon, 24 Dec 2018) Changed paths: M .travis.yml M configure.ac M include/Makefile.am M include/config.h.w32 M lib/base/heimbase.h M lib/krb5/Makefile.am M lib/krb5/NTMakefile M lib/krb5/constants.c M lib/krb5/context.c A lib/krb5/k5e1_err.et M lib/krb5/krb5.h M lib/krb5/krb5_locl.h A lib/krb5/krcache.c M lib/krb5/libkrb5-exports.def.in M lib/krb5/test_cc.c M lib/krb5/version-script.map M packages/windows/sdk/NTMakefile Log Message: ----------- krb5: port MIT Linux keyring credentials cache (#166) **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 24 17:37:26 2018 From: noreply at github.com (GitHub) Date: Mon, 24 Dec 2018 08:37:26 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] a9c9ff: lib/kadm5: improve kadm_c_ error handling Message-ID: <5c210b46754a0_22682b070543457c524cf@hookshot-fe-da92815.cp1-iad.github.net.mail> Branch: refs/heads/jaltman/kadm_c_error_handling Home: https://github.com/heimdal/heimdal Commit: a9c9ff40d6b897e85e005577f4b3ab6ab4252f1c https://github.com/heimdal/heimdal/commit/a9c9ff40d6b897e85e005577f4b3ab6ab4252f1c Author: Jeffrey Altman Date: 2018-12-24 (Mon, 24 Dec 2018) Changed paths: M lib/kadm5/chpass_c.c M lib/kadm5/create_c.c M lib/kadm5/delete_c.c M lib/kadm5/get_c.c M lib/kadm5/get_princs_c.c M lib/kadm5/modify_c.c M lib/kadm5/privs_c.c M lib/kadm5/randkey_c.c M lib/kadm5/rename_c.c Log Message: ----------- lib/kadm5: improve kadm_c_ error handling Perform error checking for each function call and consistently return errors at the point of failure. Refactor functions to use a common exit path. Preserve error messages stored in the kadm5_client_context.context when appropriate. Change-Id: I7aa04020e4de3454066f0d88ba805fed999dbd1a **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 24 19:13:31 2018 From: noreply at github.com (GitHub) Date: Mon, 24 Dec 2018 10:13:31 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 6561af: hx509: update gen_req.sh for OpenSSL 1.1 (#392) Message-ID: <5c2121cb5fd0d_19ba2aed29832584272e5@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 6561afff3afdf74e3c9c7b0ecaad4b141275431f https://github.com/heimdal/heimdal/commit/6561afff3afdf74e3c9c7b0ecaad4b141275431f Author: Luke Howard Date: 2018-12-24 (Mon, 24 Dec 2018) Changed paths: M lib/hx509/Makefile.am M lib/hx509/data/gen-req.sh A lib/hx509/data/openssl.1.0.cnf A lib/hx509/data/openssl.1.1.cnf R lib/hx509/data/openssl.cnf Log Message: ----------- hx509: update gen_req.sh for OpenSSL 1.1 (#392) OpenSSL 1.1 has the pkInitKDC OID built in, which breaks as it was redefined by openssl.cnf in Heimdal. Try to determine if OpenSSL >= 1.1 and if so, use a configuration file that omits this OID definition. The implementation is not robust but as this is simply an example (not run by the test suites), it should be adequete. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 24 21:24:38 2018 From: noreply at github.com (GitHub) Date: Mon, 24 Dec 2018 12:24:38 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 14af1e: lib/kadm5: improve kadm_c_ error handling Message-ID: <5c214086754da_69f72abcbd67e5901652e@hookshot-fe-b0febf1.cp1-iad.github.net.mail> Branch: refs/heads/jaltman/kadm_c_error_handling Home: https://github.com/heimdal/heimdal Commit: 14af1e9803f6972fe25337d0ecc62da806612a22 https://github.com/heimdal/heimdal/commit/14af1e9803f6972fe25337d0ecc62da806612a22 Author: Jeffrey Altman Date: 2018-12-24 (Mon, 24 Dec 2018) Changed paths: M lib/kadm5/chpass_c.c M lib/kadm5/create_c.c M lib/kadm5/delete_c.c M lib/kadm5/get_c.c M lib/kadm5/get_princs_c.c M lib/kadm5/modify_c.c M lib/kadm5/privs_c.c M lib/kadm5/randkey_c.c M lib/kadm5/rename_c.c Log Message: ----------- lib/kadm5: improve kadm_c_ error handling Perform error checking for each function call and consistently return errors at the point of failure. Refactor functions to use a common exit path. Preserve error messages stored in the kadm5_client_context.context when appropriate. Change-Id: I7aa04020e4de3454066f0d88ba805fed999dbd1a Commit: 006f43a7e62ab4cd4730b1ce553897df6d436a6c https://github.com/heimdal/heimdal/commit/006f43a7e62ab4cd4730b1ce553897df6d436a6c Author: Jeffrey Altman Date: 2018-12-24 (Mon, 24 Dec 2018) Changed paths: M lib/kadm5/ad.c M lib/kadm5/chpass_c.c M lib/kadm5/common_glue.c M lib/kadm5/context_s.c M lib/kadm5/create_c.c M lib/kadm5/delete_c.c M lib/kadm5/get_c.c M lib/kadm5/get_princs_c.c M lib/kadm5/get_princs_s.c M lib/kadm5/get_s.c M lib/kadm5/init_c.c M lib/kadm5/ipropd_master.c M lib/kadm5/ipropd_slave.c M lib/kadm5/log.c M lib/kadm5/modify_c.c M lib/kadm5/modify_s.c M lib/kadm5/privs_c.c M lib/kadm5/randkey_c.c M lib/kadm5/rename_c.c M lib/kadm5/rename_s.c M lib/kadm5/send_recv.c M lib/kadm5/set_keys.c M lib/kadm5/set_modifier.c Log Message: ----------- lib/kadm5: use krb5_enomem() where possible Change-Id: I487fbc640a8f793f0aa02ef4c94099e09241d616 Compare: https://github.com/heimdal/heimdal/compare/a9c9ff40d6b8...006f43a7e62a **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 24 22:05:53 2018 From: noreply at github.com (GitHub) Date: Mon, 24 Dec 2018 13:05:53 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 30ce6f: lib/krb5: krcc_remove_cred remove dead code Message-ID: <5c214a3188ef_666c2ab086d5a578518d8@hookshot-fe-31feec6.cp1-iad.github.net.mail> Branch: refs/heads/jaltman/krcache-coverity Home: https://github.com/heimdal/heimdal Commit: 30ce6f47bd3466010598e0e35321c8eb93e1d276 https://github.com/heimdal/heimdal/commit/30ce6f47bd3466010598e0e35321c8eb93e1d276 Author: Jeffrey Altman Date: 2018-12-24 (Mon, 24 Dec 2018) Changed paths: M lib/krb5/krcache.c Log Message: ----------- lib/krb5: krcc_remove_cred remove dead code At the completion of the while loop the value of 'ret' cannot be zero. The expected value is KRB5_CC_END. Any other value is an error to return to the caller. If 'ret' is KRB5_CC_END then return krcc_end_get() result(). Change-Id: Ic2afb5a754e03d521c10a259c53fc70b86b4a132 Commit: f84009ab1340b44ef15bdfe62eb05d1892a709cb https://github.com/heimdal/heimdal/commit/f84009ab1340b44ef15bdfe62eb05d1892a709cb Author: Jeffrey Altman Date: 2018-12-24 (Mon, 24 Dec 2018) Changed paths: M lib/krb5/krcache.c Log Message: ----------- lib/krb5: krcache add_unique_keyring dead code removal After the for loop 'key' cannot have the value -1. The loop must execute at least once resulting either in the function returning to the caller or the value of 'key' getting set to a value other than -1. Change-Id: Idaf65e3cf3d22a27828ad0dd04650a4f54ba94fc Compare: https://github.com/heimdal/heimdal/compare/30ce6f47bd34^...f84009ab1340 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 24 23:47:37 2018 From: noreply at github.com (GitHub) Date: Mon, 24 Dec 2018 14:47:37 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 49daca: lib/krb5: krcc_remove_cred remove dead code Message-ID: <5c216209bdcbb_58aa2afb0dfda58849514@hookshot-fe-2cc8887.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 49dacab0b8776900f908ebb498b5e2c43ee35b08 https://github.com/heimdal/heimdal/commit/49dacab0b8776900f908ebb498b5e2c43ee35b08 Author: Jeffrey Altman Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/krb5/krcache.c Log Message: ----------- lib/krb5: krcc_remove_cred remove dead code At the completion of the while loop the value of 'ret' cannot be zero. The expected value is KRB5_CC_END. Any other value is an error to return to the caller. If 'ret' is KRB5_CC_END then return krcc_end_get() result(). Change-Id: Ic2afb5a754e03d521c10a259c53fc70b86b4a132 Commit: 17e8216927d48b3a25fa70ddaecc2c2eb912b32a https://github.com/heimdal/heimdal/commit/17e8216927d48b3a25fa70ddaecc2c2eb912b32a Author: Jeffrey Altman Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/krb5/krcache.c Log Message: ----------- lib/krb5: krcache add_unique_keyring dead code removal After the for loop 'key' cannot have the value -1. The loop must execute at least once resulting either in the function returning to the caller or the value of 'key' getting set to a value other than -1. Change-Id: Idaf65e3cf3d22a27828ad0dd04650a4f54ba94fc Compare: https://github.com/heimdal/heimdal/compare/6561afff3afd...17e8216927d4 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Tue Dec 25 07:29:26 2018 From: noreply at github.com (GitHub) Date: Mon, 24 Dec 2018 22:29:26 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 785db7: Fix -O3 -Werror=unused-result build in dcache.c (#... Message-ID: <5c21ce46eeded_2a292ad45170657053582@hookshot-fe-6b2eebc.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 785db7b74068ab8950c4eba56d72cd7d1009255d https://github.com/heimdal/heimdal/commit/785db7b74068ab8950c4eba56d72cd7d1009255d Author: Andrew Bartlett Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/krb5/dcache.c Log Message: ----------- Fix -O3 -Werror=unused-result build in dcache.c (#420) * Fix -O3 -Werror=unused-result build in dcache.c gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) with -O3 -Werror=unused-result ../lib/krb5/dcache.c:85:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result] asprintf(&path, "%s/primary-XXXXXX", dc->dir); ^ ../lib/krb5/dcache.c: In function ‘primary_create’: ../lib/krb5/dcache.c:56:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result] asprintf(&primary, "%s/primary", dc->dir); ^ ../lib/krb5/dcache.c: In function ‘dcc_gen_new’: ../lib/krb5/dcache.c:423:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result] asprintf(&name, ":%s/tktXXXXXX", dc->dir); ^ ../lib/krb5/dcache.c: In function ‘dcc_resolve’: ../lib/krb5/dcache.c:340:2: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result] asprintf(&dc->name, ":%s/%s", dc->dir, residual); ^ ../lib/krb5/dcache.c:348:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result] asprintf(&filename, "FILE%s", dc->name); ^ cc1: all warnings being treated as errors Signed-off-by: Andrew Bartlett * Update dcache.c When asprintf() fails it is not guaranteed that the output variable will be NULL on all platforms and releases. * Update dcache.c **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Tue Dec 25 15:54:01 2018 From: noreply at github.com (GitHub) Date: Tue, 25 Dec 2018 06:54:01 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] d1eba7: lib/kadm5: improve kadm_c_ error handling Message-ID: <5c224489cad63_1ab42b1bd8c62590299c3@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/jaltman/kadm_c_error_handling Home: https://github.com/heimdal/heimdal Commit: d1eba78927af66ff113ed348a6bb76e4809f15f2 https://github.com/heimdal/heimdal/commit/d1eba78927af66ff113ed348a6bb76e4809f15f2 Author: Jeffrey Altman Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/kadm5/chpass_c.c M lib/kadm5/create_c.c M lib/kadm5/delete_c.c M lib/kadm5/get_c.c M lib/kadm5/get_princs_c.c M lib/kadm5/modify_c.c M lib/kadm5/privs_c.c M lib/kadm5/randkey_c.c M lib/kadm5/rename_c.c Log Message: ----------- lib/kadm5: improve kadm_c_ error handling Perform error checking for each function call and consistently return errors at the point of failure. Refactor functions to use a common exit path. Preserve error messages stored in the kadm5_client_context.context when appropriate. Change-Id: I7aa04020e4de3454066f0d88ba805fed999dbd1a Commit: a6cc466303546177e6b5372788426fe05ac5699e https://github.com/heimdal/heimdal/commit/a6cc466303546177e6b5372788426fe05ac5699e Author: Jeffrey Altman Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/kadm5/ad.c M lib/kadm5/chpass_c.c M lib/kadm5/common_glue.c M lib/kadm5/context_s.c M lib/kadm5/create_c.c M lib/kadm5/delete_c.c M lib/kadm5/get_c.c M lib/kadm5/get_princs_c.c M lib/kadm5/get_princs_s.c M lib/kadm5/get_s.c M lib/kadm5/init_c.c M lib/kadm5/ipropd_master.c M lib/kadm5/ipropd_slave.c M lib/kadm5/log.c M lib/kadm5/modify_c.c M lib/kadm5/modify_s.c M lib/kadm5/privs_c.c M lib/kadm5/randkey_c.c M lib/kadm5/rename_c.c M lib/kadm5/rename_s.c M lib/kadm5/send_recv.c M lib/kadm5/set_keys.c M lib/kadm5/set_modifier.c Log Message: ----------- lib/kadm5: use krb5_enomem() where possible Change-Id: I487fbc640a8f793f0aa02ef4c94099e09241d616 Compare: https://github.com/heimdal/heimdal/compare/006f43a7e62a...a6cc46630354 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Tue Dec 25 16:54:37 2018 From: noreply at github.com (GitHub) Date: Tue, 25 Dec 2018 07:54:37 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 622c4d: Fixed incorrect NTLM version. It was 00 earlier, Message-ID: <5c2252bd88594_1e2a2b0a7710657410393d@hookshot-fe-da92815.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 622c4ded2f20585bd984c35eb6204bb048f5fdf6 https://github.com/heimdal/heimdal/commit/622c4ded2f20585bd984c35eb6204bb048f5fdf6 Author: Sushant Mathur Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/ntlm/ntlm.c Log Message: ----------- Fixed incorrect NTLM version. It was 00 earlier, changed it to 0f(15). Also made the reserved field before it 00 00 00 instead of 0f 00 00. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Tue Dec 25 23:57:57 2018 From: noreply at github.com (GitHub) Date: Tue, 25 Dec 2018 14:57:57 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 50ebc1: lib/kadm5: improve kadm_c_ error handling Message-ID: <5c22b5f55144_1f672ac79309e59050898@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 50ebc1491ac686fcdd5022401c784af72e65e06b https://github.com/heimdal/heimdal/commit/50ebc1491ac686fcdd5022401c784af72e65e06b Author: Jeffrey Altman Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/kadm5/chpass_c.c M lib/kadm5/create_c.c M lib/kadm5/delete_c.c M lib/kadm5/get_c.c M lib/kadm5/get_princs_c.c M lib/kadm5/modify_c.c M lib/kadm5/privs_c.c M lib/kadm5/randkey_c.c M lib/kadm5/rename_c.c Log Message: ----------- lib/kadm5: improve kadm_c_ error handling Perform error checking for each function call and consistently return errors at the point of failure. Refactor functions to use a common exit path. Preserve error messages stored in the kadm5_client_context.context when appropriate. Change-Id: I7aa04020e4de3454066f0d88ba805fed999dbd1a Commit: db859520b4c1ecae21be74bf3bdc50c54c318183 https://github.com/heimdal/heimdal/commit/db859520b4c1ecae21be74bf3bdc50c54c318183 Author: Jeffrey Altman Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/kadm5/ad.c M lib/kadm5/chpass_c.c M lib/kadm5/common_glue.c M lib/kadm5/context_s.c M lib/kadm5/create_c.c M lib/kadm5/delete_c.c M lib/kadm5/get_c.c M lib/kadm5/get_princs_c.c M lib/kadm5/get_princs_s.c M lib/kadm5/get_s.c M lib/kadm5/init_c.c M lib/kadm5/ipropd_master.c M lib/kadm5/ipropd_slave.c M lib/kadm5/log.c M lib/kadm5/modify_c.c M lib/kadm5/modify_s.c M lib/kadm5/privs_c.c M lib/kadm5/randkey_c.c M lib/kadm5/rename_c.c M lib/kadm5/rename_s.c M lib/kadm5/send_recv.c M lib/kadm5/set_keys.c M lib/kadm5/set_modifier.c Log Message: ----------- lib/kadm5: use krb5_enomem() where possible Change-Id: I487fbc640a8f793f0aa02ef4c94099e09241d616 Compare: https://github.com/heimdal/heimdal/compare/622c4ded2f20...db859520b4c1 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 05:11:21 2018 From: noreply at github.com (GitHub) Date: Tue, 25 Dec 2018 20:11:21 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 7138a0: Fix rk_mkdir() on WIN32 Message-ID: <5c22ff69ae1f3_72032b0f8330c58810815b@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 7138a04690cb13724f723c22f595cc56d35302fd https://github.com/heimdal/heimdal/commit/7138a04690cb13724f723c22f595cc56d35302fd Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/roken/mkdir.c M lib/roken/roken.h.in M windows/NTMakefile.config Log Message: ----------- Fix rk_mkdir() on WIN32 Commit: af9e9388678d30f21e34de26f2fa6d855d55453b https://github.com/heimdal/heimdal/commit/af9e9388678d30f21e34de26f2fa6d855d55453b Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/roken/parse_units.c Log Message: ----------- Fix infinite loop in print_units_table() Commit: 8a77f45aff366b1cd8c70c43ce63eb16a0c9839c https://github.com/heimdal/heimdal/commit/8a77f45aff366b1cd8c70c43ce63eb16a0c9839c Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M .gitignore M appl/Makefile.am R appl/su/ChangeLog R appl/su/Makefile.am R appl/su/NTMakefile R appl/su/su.1 R appl/su/su.c R appl/su/supaths.h M configure.ac Log Message: ----------- Remove appl/su Commit: 3b8c762dd09153a3c3e5a7f729bb0878ec50d90a https://github.com/heimdal/heimdal/commit/3b8c762dd09153a3c3e5a7f729bb0878ec50d90a Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: R cf/broken-glob.m4 M cf/roken-frag.m4 M include/config.h.w32 M lib/roken/Makefile.am M lib/roken/NTMakefile R lib/roken/glob.c R lib/roken/glob.hin Log Message: ----------- Remove lib/roken glob() We no longer use it since removing ftp from appl/. Note that expansion of ~username/ couldn't have been working because k_getpwnam() was being called with an unsigned short * that was forcibly cast to char *, but it really was shorts, not chars... Anyone who ever feels like reviving lib/roken/glob.[ch] will want to fix that... Commit: 8fae8a1826faca4739eaf1cf6baf9cf4c6360598 https://github.com/heimdal/heimdal/commit/8fae8a1826faca4739eaf1cf6baf9cf4c6360598 Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M cf/roken-frag.m4 M include/config.h.w32 R lib/roken/iruserok.c M lib/roken/roken.h.in Log Message: ----------- Remove iruserok() Commit: 784637709b8863d38a37ee745f7e7a39550643d5 https://github.com/heimdal/heimdal/commit/784637709b8863d38a37ee745f7e7a39550643d5 Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/roken/Makefile.am M lib/roken/roken.h.in R lib/roken/verify.c M lib/roken/version-script.map Log Message: ----------- Remove unix_verify_user() Commit: a9886924341446064fdfc68ed4a2c1b3921c007c https://github.com/heimdal/heimdal/commit/a9886924341446064fdfc68ed4a2c1b3921c007c Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M cf/krb-func-getlogin.m4 M include/config.h.w32 Log Message: ----------- Add check for getlogin_r() Commit: e2685c5b7c705225200244900d335bfec5b16d6c https://github.com/heimdal/heimdal/commit/e2685c5b7c705225200244900d335bfec5b16d6c Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M cf/check-getpwnam_r-posix.m4 M include/config.h.w32 Log Message: ----------- Add check for getpw*_r() Commit: a152c4c8085a27b2c100f68dd2880a87c7909d28 https://github.com/heimdal/heimdal/commit/a152c4c8085a27b2c100f68dd2880a87c7909d28 Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/roken/Makefile.am R lib/roken/k_getpwnam.c R lib/roken/k_getpwuid.c M lib/roken/roken.h.in M lib/roken/version-script.map Log Message: ----------- Remove k_getpwnam() and k_getpwuid() Commit: 073ffd04238d8c7068ea14a44e561d48ca28cd11 https://github.com/heimdal/heimdal/commit/073ffd04238d8c7068ea14a44e561d48ca28cd11 Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/roken/roken-common.h Log Message: ----------- roken: Make sure we have MAX_PATH Commit: 95eb83c42431e9cae43e25bb501ddffb9cf1fe33 https://github.com/heimdal/heimdal/commit/95eb83c42431e9cae43e25bb501ddffb9cf1fe33 Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M lib/krb5/expand_path.c M lib/roken/Makefile.am M lib/roken/NTMakefile A lib/roken/getuserinfo.c M lib/roken/roken.h.in A lib/roken/test-getuserinfo.c M lib/roken/version-script.map Log Message: ----------- roken: Add roken_get_username() and friends We add roken_get_{shell, username, appdatadir, homedir}() functions. These use a combination of secure_getenv(), getpwuid_r(), getlogin_r(), or various WIN32 functions to get this information. Use roken_get_appdatadir() instead of roken_get_homedir() when looking for dotfiles. Commit: 620862049e72a9c8d95612728f8d3f5ff10cfcc4 https://github.com/heimdal/heimdal/commit/620862049e72a9c8d95612728f8d3f5ff10cfcc4 Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M appl/afsutil/pagsh.c M appl/otp/otp.c M configure.ac M kadmin/NTMakefile M lib/hx509/softp11.c M lib/krb5/config_file.c M lib/krb5/get_default_principal.c Log Message: ----------- Use roken_get_*() instead of getpwuuid() Using non-reentrant getpwuid() (or getpwnam(), or getspnam()) can be dangerous. We had a report of a login application / PAM that calls those, and Heimdal, by calling them too, clobbered the cached struct passwd used by the login app / PAM. Commit: 3f1451a4c37d24b98c0adcd5ceeefb0ed25ad4c2 https://github.com/heimdal/heimdal/commit/3f1451a4c37d24b98c0adcd5ceeefb0ed25ad4c2 Author: Nicolas Williams Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M appl/kf/kf.c M lib/kadm5/init_c.c M lib/roken/Makefile.am M lib/roken/NTMakefile R lib/roken/get_default_username.c M lib/roken/roken.h.in M lib/roken/version-script.map Log Message: ----------- Remove get_default_username() Commit: 6ce1aa84c53970e6ae5b2d8a8c74624ad3f7ad64 https://github.com/heimdal/heimdal/commit/6ce1aa84c53970e6ae5b2d8a8c74624ad3f7ad64 Author: Luke Howard Date: 2018-12-25 (Tue, 25 Dec 2018) Changed paths: M .gitignore M lib/krb5/kuserok.c M lib/roken/Makefile.am R lib/roken/getxxyyy.c M lib/roken/roken.h.in Log Message: ----------- Remove rk_getpw*_r() functions Compare: https://github.com/heimdal/heimdal/compare/db859520b4c1...6ce1aa84c539 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 05:38:50 2018 From: noreply at github.com (GitHub) Date: Tue, 25 Dec 2018 20:38:50 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] c89d3f: kadmin: allow enforcing password quality on admin ... Message-ID: <5c2305da62200_728b2ad53d62c57c11935@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: c89d3f3b8c1a908c7bb4573f93258d2d469a7fe8 https://github.com/heimdal/heimdal/commit/c89d3f3b8c1a908c7bb4573f93258d2d469a7fe8 Author: Luke Howard Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M doc/setup.texi M kadmin/server.c M kpasswd/kpasswdd.c M lib/krb5/verify_krb5_conf.c M tests/kdc/check-kadmin.in M tests/ldap/check-ldap.in Log Message: ----------- kadmin: allow enforcing password quality on admin password change This patch adds the "enforce_on_admin_set" configuration knob in the [password_quality] section. When this is enabled, administrative password changes via the kadmin or kpasswd protocols will be subject to password quality checks. (An administrative password change is one where the authenticating principal is different to the principal whose password is being changed.) Note that kadmin running in local mode (-l) is unaffected by this patch. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 06:48:06 2018 From: noreply at github.com (GitHub) Date: Tue, 25 Dec 2018 21:48:06 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] d150c9: kpasswd: don't log "Changing password for %s" when... Message-ID: <5c231616d5a16_6d502afb794e6570561a3@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: d150c9989bc01dcabc0a9a4c8f546abf203fd0ec https://github.com/heimdal/heimdal/commit/d150c9989bc01dcabc0a9a4c8f546abf203fd0ec Author: Luke Howard Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M kpasswd/kpasswdd.c Log Message: ----------- kpasswd: don't log "Changing password for %s" when setting password Fix a regression introduced in c89d3f3b where administrative password changes would be logged as user password changes, if enforce_on_admin_set was set. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 18:04:07 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 09:04:07 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 62c179: kadm5: pre/post-commit plugin hook for kadm5 updat... Message-ID: <5c23b487c7368_76a82aed562d05782106a@hookshot-fe-265448d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 62c1790bf5cf7266a53b7cc22dcbebeead5557b1 https://github.com/heimdal/heimdal/commit/62c1790bf5cf7266a53b7cc22dcbebeead5557b1 Author: Luke Howard Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M lib/kadm5/Makefile.am M lib/kadm5/NTMakefile M lib/kadm5/chpass_s.c M lib/kadm5/context_s.c M lib/kadm5/create_s.c M lib/kadm5/delete_s.c M lib/kadm5/destroy_s.c A lib/kadm5/kadm5-hook.h M lib/kadm5/kadm5_err.et M lib/kadm5/modify_s.c M lib/kadm5/private.h M lib/kadm5/randkey_s.c M lib/kadm5/rename_s.c A lib/kadm5/sample_hook.c A lib/kadm5/server_hooks.c M lib/kadm5/setkey3_s.c Log Message: ----------- kadm5: pre/post-commit plugin hook for kadm5 update operations (#397) This change adds plugin support to the kadmin libraries for performing actions before and after a password change is committed to the KDC database and after a change is made to the attributes of a principal (specifically, a change to DISALLOW_ALL_TIX). This change adds a hook_libraries configuration option to the [kadmin] section of krb5.conf (or kdc.conf if you use that file) that must be set to load the module. That configuration option is in the form: [kadmin] hook_libraries = /usr/local/lib/krb5/plugins/kadm5_hook/krb5_sync.so where the value is the full path to the plugin that you want to load. If this option is not present, kadmind will not load a plugin and the changes from the patch will be inactive. If this option is given and the plugin cannot be loaded, kadmind startup will abort with a (hopefully useful) error message in syslog. Any plugin used with this patch must expose a public function named kadm5_hook_init of type kadm5_hook_init_t that returns a kadm5_hook structure. See sample_hook.c for an example of this initialization function. typedef struct kadm5_hook { const char *name; uint32_t version; const char *vendor; void (KRB5_CALLCONV *fini)(krb5_context, void *data); krb5_error_code (KRB5_CALLCONV *chpass)(krb5_context context, void *data, enum kadm5_hook_stage stage, krb5_error_code code, krb5_const_principal princ, uint32_t flags, size_t n_ks_tuple, krb5_key_salt_tuple *ks_tuple, const char *password, char **error_msg); ... }; where enum kadm5_hook_stage is: enum kadm5_hook_stage { KADM5_HOOK_STAGE_PRECOMMIT, KADM5_HOOK_STAGE_POSTCOMMIT }; init creates a hook context that is passed into all subsequent calls. chpass is called for password changes, create is called for principal creation (with the newly-created principal in the kadm5_principal_ent_t argument), and modify is called when a principal is modified. The purpose of the remaining functions should be self-explanatory. returning 0 on success and a Kerberos error code on failure, setting the Kerberos error message in the provided context. The error code passed in is valid for post-commit hooks and contains the result of the update operation. This change is submitted under the following license Copyright 2012, 2013 The Board of Trustees of the Leland Stanford Junior University Portions Copyright 2018 AuriStor Inc. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. Commit: c6bf100b4301750f6c2b038d2b83c2a17ce4e2a6 https://github.com/heimdal/heimdal/commit/c6bf100b4301750f6c2b038d2b83c2a17ce4e2a6 Author: Luke Howard Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M doc/setup.texi M kadmin/server.c M kpasswd/kpasswdd.c M lib/kadm5/acl.c M lib/kadm5/chpass_s.c M lib/kadm5/create_s.c Log Message: ----------- kadm5: move password quality checks out of daemons and into libkadm5 Note that this has a slight behavior change to c89d3f3b in order to continue allow kadmin in local mode to bypass password quality checks. Password quality checks are always bypassed if the *client* kadmin principal is kadmin/admin, i.e. that of the kadmin service itself. This is the case when running kadmin in local mode. As this is the equivalent of a superuser account, one would anticipate that deployments would use specific administrator instances for appropriate ACLs for day-to-day administration; operations by these will be subject to password quality checks if enforce_on_admin_set is TRUE, or if the user is changing their own password. Compare: https://github.com/heimdal/heimdal/compare/d150c9989bc0...c6bf100b4301 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 18:22:48 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 09:22:48 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 8b8157: lib/wind: PY3 gen-punycode-examples.py Message-ID: <5c23b8e8ac478_77da2aef7f9ea57c79676@hookshot-fe-265448d.cp1-iad.github.net.mail> Branch: refs/heads/jaltman/more-py3-fixes Home: https://github.com/heimdal/heimdal Commit: 8b8157868f5faa71df137d463f704c5f876adec6 https://github.com/heimdal/heimdal/commit/8b8157868f5faa71df137d463f704c5f876adec6 Author: Jeffrey Altman Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M lib/wind/gen-punycode-examples.py Log Message: ----------- lib/wind: PY3 gen-punycode-examples.py Update gen-punycode-examples.py for python 3. gen-punycode-examples.py parses the Sample strings from section 7.1 of rfc3492.txt and generates the punycode_examples.[ch] sources containing the punycode_examples[]. Python 3 requires that print output be surrounded by parentheses and the split and join operations have been moved from the "string" class to built-ins. This change adds the missing parentheses and switches to the built-in split and join str operations. The "string" class is no longer required as an import. Change-Id: Ic5f341080d2ff2feef692c89e0b28dcbf4e48cb4 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 18:51:42 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 09:51:42 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 63914b: lib/wind: PY3 gen-punycode-examples.py Message-ID: <5c23bfaef224a_22d42aebabe7e584485ae@hookshot-fe-da92815.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 63914b95b8aa1153fc44c7cc5b6a4ca1eb2bbc39 https://github.com/heimdal/heimdal/commit/63914b95b8aa1153fc44c7cc5b6a4ca1eb2bbc39 Author: Jeffrey Altman Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M lib/wind/gen-punycode-examples.py Log Message: ----------- lib/wind: PY3 gen-punycode-examples.py Update gen-punycode-examples.py for python 3. gen-punycode-examples.py parses the Sample strings from section 7.1 of rfc3492.txt and generates the punycode_examples.[ch] sources containing the punycode_examples[]. Python 3 requires that print output be surrounded by parentheses and the split and join operations have been moved from the "string" class to built-ins. This change adds the missing parentheses and switches to the built-in split and join str operations. The "string" class is no longer required as an import. Change-Id: Ic5f341080d2ff2feef692c89e0b28dcbf4e48cb4 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 19:03:27 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 10:03:27 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] becb0b: Deadlock in lib/krb5/mcache.c #432 Message-ID: <5c23c26f7e98b_6df92add162dc580609a@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: becb0b03aed50f71a6a20ac88009b63e92115688 https://github.com/heimdal/heimdal/commit/becb0b03aed50f71a6a20ac88009b63e92115688 Author: YASUOKA Masahiko Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M lib/krb5/mcache.c Log Message: ----------- Deadlock in lib/krb5/mcache.c #432 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 19:04:20 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 10:04:20 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 7515d7: lib/ipc: client double close of socket file descri... Message-ID: <5c23c2a41d665_6c1d2ae7f17d657857933@hookshot-fe-b0febf1.cp1-iad.github.net.mail> Branch: refs/heads/jaltman/lib-ipc-double-close Home: https://github.com/heimdal/heimdal Commit: 7515d7e8f43e0c57bd89f2b9d95948bebf4f042e https://github.com/heimdal/heimdal/commit/7515d7e8f43e0c57bd89f2b9d95948bebf4f042e Author: Jeffrey Altman Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M lib/ipc/client.c Log Message: ----------- lib/ipc: client double close of socket file descriptor #431 When connect() fails in connect_unix() the path_ctx.fd is not set to -1 after close(). When common_release() is executed due to the error return from connect_unix() it calls close() a second time. There is no need to call close() from connect_unix(). Remove the duplicate request. This issue was reported by YASUOKA Masahiko. Change-Id: I825e274cc7f12e50a8779a2b62ddb756817cdb52 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 21:13:29 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 12:13:29 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 60b25d: lib/ipc: client double close of socket file descri... Message-ID: <5c23e0e9e0191_2c3f2ac94a95c5847762b@hookshot-fe-6b2eebc.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 60b25dd9c5b6b21ab99c4248725872a0341bf19d https://github.com/heimdal/heimdal/commit/60b25dd9c5b6b21ab99c4248725872a0341bf19d Author: Jeffrey Altman Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M lib/ipc/client.c Log Message: ----------- lib/ipc: client double close of socket file descriptor #431 When connect() fails in connect_unix() the path_ctx.fd is not set to -1 after close(). When common_release() is executed due to the error return from connect_unix() it calls close() a second time. There is no need to call close() from connect_unix(). Remove the duplicate request. This issue was reported by YASUOKA Masahiko. Change-Id: I825e274cc7f12e50a8779a2b62ddb756817cdb52 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 21:13:36 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 12:13:36 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <5c23e0f07d273_66de2ad59fbfc58096042@hookshot-fe-b0febf1.cp1-iad.github.net.mail> Branch: refs/heads/jaltman/lib-ipc-double-close Home: https://github.com/heimdal/heimdal **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 22:10:00 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 13:10:00 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] f50949: lib/krb5: send_to_kdc KRB5KDC_ERR_SVC_UNAVAILABLE ... Message-ID: <5c23ee287ae37_6182b0eb03da58886286@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/jaltman/lib-krb5-svc-unavailable Home: https://github.com/heimdal/heimdal Commit: f5094981ef912aaa84e55209d6a819bdf32a66de https://github.com/heimdal/heimdal/commit/f5094981ef912aaa84e55209d6a819bdf32a66de Author: Jeffrey Altman Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M lib/krb5/send_to_kdc.c Log Message: ----------- lib/krb5: send_to_kdc KRB5KDC_ERR_SVC_UNAVAILABLE infinite loop #346 Prior to this change a KDC response of KRB5KDC_ERR_SVC_UNAVAILABLE would result in the client looping forever. Setting the action to KRB5_SENTO_CONTINUE repeats the current loop without altering the current state. Hence the infinite loop. As of this change, the action is set to KRB5_SENDTO_RESET which forces the current kdc's response to be cleared and then to retry. If KRB5KDC_ERR_SVC_UNAVAILABLE continues to be returned, the retry limit will be reached and the loop will end. This bug was filed by multiple sources including Samba and ScottUrban on github. Change-Id: If1611be0ada3422cefae89541ed3b3df1f6efe29 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 23:04:28 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 14:04:28 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 3a52ba: lib/krb5: send_to_kdc KRB5KDC_ERR_SVC_UNAVAILABLE ... Message-ID: <5c23faec23f38_29582b1eb944057c10484c@hookshot-fe-6b2eebc.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 3a52ba6ed0630c86c6606196e3e06a10c5f68da6 https://github.com/heimdal/heimdal/commit/3a52ba6ed0630c86c6606196e3e06a10c5f68da6 Author: Jeffrey Altman Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M lib/krb5/send_to_kdc.c Log Message: ----------- lib/krb5: send_to_kdc KRB5KDC_ERR_SVC_UNAVAILABLE infinite loop #346 Prior to this change a KDC response of KRB5KDC_ERR_SVC_UNAVAILABLE would result in the client looping forever. Setting the action to KRB5_SENTO_CONTINUE repeats the current loop without altering the current state. Hence the infinite loop. As of this change, the action is set to KRB5_SENDTO_RESET which forces the current kdc's response to be cleared and then to retry. If KRB5KDC_ERR_SVC_UNAVAILABLE continues to be returned, the retry limit will be reached and the loop will end. This bug was filed by multiple sources including Samba and ScottUrban on github. Change-Id: If1611be0ada3422cefae89541ed3b3df1f6efe29 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 23:04:57 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 14:04:57 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <5c23fb09b1cda_7b0a2b0e1986057c1043de@hookshot-fe-265448d.cp1-iad.github.net.mail> Branch: refs/heads/jaltman/lib-krb5-svc-unavailable Home: https://github.com/heimdal/heimdal **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 23:05:24 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 14:05:24 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] a13457: lib/roken: rk_random_init HAVE_ARC4RANDOM #401 Message-ID: <5c23fb2464999_6da42ad929dbc57c8026b@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/jaltman/lib_roken_rand Home: https://github.com/heimdal/heimdal Commit: a13457a4b6877e04c020393732954f3ce03bd388 https://github.com/heimdal/heimdal/commit/a13457a4b6877e04c020393732954f3ce03bd388 Author: Jeffrey Altman Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M lib/roken/rand.c Log Message: ----------- lib/roken: rk_random_init HAVE_ARC4RANDOM #401 When arc4random() is available, rk_random_init() does not have to call arc4random_stir(). ac4random_stir() will be called as a result of the first call to arc4random(). Change-Id: I6f4a3be7c39752746657945ed15896472908f889 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 23:49:08 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 14:49:08 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 434f76: lib/roken: rk_random_init HAVE_ARC4RANDOM #401 Message-ID: <5c2405645c8e7_281f2af3d51f85807315c@hookshot-fe-6b2eebc.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 434f76bcb77754263fcd5a7ab5938e534dc220bc https://github.com/heimdal/heimdal/commit/434f76bcb77754263fcd5a7ab5938e534dc220bc Author: Jeffrey Altman Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M lib/roken/rand.c Log Message: ----------- lib/roken: rk_random_init HAVE_ARC4RANDOM #401 When arc4random() is available, rk_random_init() does not have to call arc4random_stir(). ac4random_stir() will be called as a result of the first call to arc4random(). Change-Id: I6f4a3be7c39752746657945ed15896472908f889 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed Dec 26 23:55:15 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 14:55:15 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] c555ed: KDC: Allow hdb to set the issued ticket's realm Message-ID: <5c2406d35e353_46c22b1700048584212f0@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: c555ed6a1f7ddb1cb391326140a0c30a68a9b700 https://github.com/heimdal/heimdal/commit/c555ed6a1f7ddb1cb391326140a0c30a68a9b700 Author: Isaac Boukris Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M kdc/krb5tgs.c Log Message: ----------- KDC: Allow hdb to set the issued ticket's realm This is used by Samba to set the canonical realm in case netbios realm was requested (same as Windows). Regression introduced by upstream commit: 378f34b4be9865ed3949918fba8d2dd877b395c0 Signed-off-by: Isaac Boukris Commit: c67b29669432be7bab1d3ca1565127b587640e48 https://github.com/heimdal/heimdal/commit/c67b29669432be7bab1d3ca1565127b587640e48 Author: Isaac Boukris Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M kdc/kerberos5.c Log Message: ----------- KDC: Add ETYPE_INFO{,2} padata on PREAUTH_FAILED Without it, Windows clients will perform an extra AS-REQ, causing password lockout count to increase by two instead of one. This is an alternative to Samba commit: 978bc8681e74ffa17f96fd5d4355094c4a26691c One difference however, it doesn't return ENC_TIMESTAMP in PREAUTH_REQUIRED, only the necessary ETYPE_INFO{,2} (same as Windows). Signed-off-by: Isaac Boukris Commit: 2ee4169dd199e78d80d610602f44cfaa82cb39b4 https://github.com/heimdal/heimdal/commit/2ee4169dd199e78d80d610602f44cfaa82cb39b4 Author: Isaac Boukris Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M lib/krb5/get_cred.c Log Message: ----------- Avoid shadowing KDC returned error code The referral function does not handle short names, so avoid falling over it in case capath fails, in order to preserve the error code returned by the KDC (it wasn't a problem before the order between the two functions has changed). Signed-off-by: Isaac Boukris Commit: efb111e450e1b3e3cc4d853fc393b1d3babc1981 https://github.com/heimdal/heimdal/commit/efb111e450e1b3e3cc4d853fc393b1d3babc1981 Author: Isaac Boukris Date: 2018-12-26 (Wed, 26 Dec 2018) Changed paths: M kuser/kinit.c M lib/krb5/init_creds_pw.c M tests/kdc/check-pkinit.in M tests/kdc/check-referral.in Log Message: ----------- Separate enterprise and canonicalize flags The meaning of the two is different and we should not implicitly set both if one was requested (this aligns the logic with MIT kinit -C/-E options). Signed-off-by: Isaac Boukris Compare: https://github.com/heimdal/heimdal/compare/434f76bcb777...efb111e450e1 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 27 00:25:21 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 15:25:21 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <5c240de18db8_58832adb2f2a657c11097d@hookshot-fe-2cc8887.cp1-iad.github.net.mail> Branch: refs/heads/jaltman/lib_roken_rand Home: https://github.com/heimdal/heimdal **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 27 01:59:44 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 16:59:44 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] f62b00: kadm5: improve kadm5 hook logging (#397) Message-ID: <5c242400b5a5c_77232afdd776857c311b@hookshot-fe-265448d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: f62b00e33cff67151bb3da5cb62027502da32f5f https://github.com/heimdal/heimdal/commit/f62b00e33cff67151bb3da5cb62027502da32f5f Author: Luke Howard Date: 2018-12-27 (Thu, 27 Dec 2018) Changed paths: M lib/kadm5/chpass_s.c M lib/kadm5/create_s.c M lib/kadm5/delete_s.c M lib/kadm5/modify_s.c M lib/kadm5/randkey_s.c M lib/kadm5/rename_s.c M lib/kadm5/server_hooks.c M lib/kadm5/setkey3_s.c Log Message: ----------- kadm5: improve kadm5 hook logging (#397) Centralize logging for kadm5 hook failure, log successful hook loading, better logging on hook load failures and on platforms that do not support dlopen(). **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 27 06:27:54 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 21:27:54 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 83def5: kadmin: do not assign passwords at realm initializ... Message-ID: <5c2462dae6311_76bf2af7fb17c578901e0@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 83def5bc18251f474ea09f1f49e4c0a207c85458 https://github.com/heimdal/heimdal/commit/83def5bc18251f474ea09f1f49e4c0a207c85458 Author: Luke Howard Date: 2018-12-27 (Thu, 27 Dec 2018) Changed paths: M kadmin/init.c Log Message: ----------- kadmin: do not assign passwords at realm initialization Since c6bf100b password quality checks have been moved out of kadmindd and into libkadm5. This means that all password changes are subject to quality checks, if enforce_on_admin_set is true (the default). In rare instances it could be possible for realm initialization to fail because the randomly generated passwords do not pass the password quality test. Fix this by creating principals with no password or key, rather than with a random password. Random *keys* continue to be set immediately after the principal is created, and before DISALLOW_ALL_TIX is unset, so there should be no functionality or security implications from this change. It is safe to call a server-side API such as kadm5_s_create_principal_with_key() as local_flag is asserted to be true. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 27 06:43:09 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 21:43:09 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] be3836: Revert "kadmin: do not assign passwords at realm i... Message-ID: <5c24666d319f3_23d32ab109cea58887443@hookshot-fe-da92815.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: be3836d4ca27c3c8e21db24ecb38fe6099fff195 https://github.com/heimdal/heimdal/commit/be3836d4ca27c3c8e21db24ecb38fe6099fff195 Author: Luke Howard Date: 2018-12-27 (Thu, 27 Dec 2018) Changed paths: M kadmin/init.c Log Message: ----------- Revert "kadmin: do not assign passwords at realm initialization" This reverts commit 83def5bc18251f474ea09f1f49e4c0a207c85458. Not passing all tests, will resubmit as pull request. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 27 07:11:29 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 22:11:29 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 410d96: kadmin: do not assign passwords at realm initializ... Message-ID: <5c246d111c2e2_3d2d2aeb41882578361b6@hookshot-fe-6e9b612.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 410d96f480ed2f0d5896e442f63b208445a18ec0 https://github.com/heimdal/heimdal/commit/410d96f480ed2f0d5896e442f63b208445a18ec0 Author: Luke Howard Date: 2018-12-27 (Thu, 27 Dec 2018) Changed paths: M kadmin/init.c M lib/kadm5/libkadm5srv-exports.def M lib/kadm5/version-script.map Log Message: ----------- kadmin: do not assign passwords at realm initialization Since c6bf100b password quality checks have been moved out of kadmindd and into libkadm5. This means that all password changes are subject to quality checks, if enforce_on_admin_set is true (the default). In rare instances it could be possible for realm initialization to fail because the randomly generated passwords do not pass the password quality test. Fix this by creating principals with no password or key, rather than with a random password. Random *keys* continue to be set immediately after the principal is created, and before DISALLOW_ALL_TIX is unset, so there should be no functionality or security implications from this change. It is safe to call a server-side API such as kadm5_s_create_principal_with_key() as local_flag is asserted to be true. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 27 07:40:59 2018 From: noreply at github.com (GitHub) Date: Wed, 26 Dec 2018 22:40:59 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 65ed50: hcrypto: print failure on password mismatch (#469) Message-ID: <5c2473fb4aaf0_41bd2ac49ec685804613d@hookshot-fe-6e9b612.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 65ed504d212490356f9670fff87a08a959b50e64 https://github.com/heimdal/heimdal/commit/65ed504d212490356f9670fff87a08a959b50e64 Author: Luke Howard Date: 2018-12-27 (Thu, 27 Dec 2018) Changed paths: M lib/hcrypto/ui.c Log Message: ----------- hcrypto: print failure on password mismatch (#469) UI_UTIL_read_pw_string(), an interface borrowed from OpenSSL, should report password verification failure to stderr. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu Dec 27 22:55:51 2018 From: noreply at github.com (GitHub) Date: Thu, 27 Dec 2018 13:55:51 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] e93a13: Fix check-ldap slapd start race Message-ID: <5c254a67249f9_47ad2ae3b3638578105058@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: e93a13576532db5d46b365b73829e6c1600d48ff https://github.com/heimdal/heimdal/commit/e93a13576532db5d46b365b73829e6c1600d48ff Author: Nicolas Williams Date: 2018-12-27 (Thu, 27 Dec 2018) Changed paths: M tests/ldap/slapd-init.in Log Message: ----------- Fix check-ldap slapd start race We start slapd in the foreground (-d0) but backgrounded in the shell, then we wait 4 seconds. This causes a race condition however. This commit makes the slapd-init script more robust and limits the wait to however many seconds (up to 30) that slapd needs to start service. Commit: 7a824146faa1dbd4a08c686409bf51f62edcbeae https://github.com/heimdal/heimdal/commit/7a824146faa1dbd4a08c686409bf51f62edcbeae Author: Nicolas Williams Date: 2018-12-27 (Thu, 27 Dec 2018) Changed paths: M tests/ldap/slapd.conf Log Message: ----------- Fix defaultsearchbase in check-ldap's slapd.conf Commit: 698c521dd6c57b2abbb35f5ea0dfd10b06f71819 https://github.com/heimdal/heimdal/commit/698c521dd6c57b2abbb35f5ea0dfd10b06f71819 Author: Nicolas Williams Date: 2018-12-27 (Thu, 27 Dec 2018) Changed paths: M .travis.yml Log Message: ----------- Install ldap-utils in Travis Linux builds Compare: https://github.com/heimdal/heimdal/compare/65ed504d2124...698c521dd6c5 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri Dec 28 07:55:04 2018 From: noreply at github.com (GitHub) Date: Thu, 27 Dec 2018 22:55:04 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 36ad8f: krb5: fix pointer indirection error in keyring cac... Message-ID: <5c25c8c83966d_7a9a2ad473b1c5841000ea@hookshot-fe-265448d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 36ad8fa536d039798d30d72804b6ed85f37b0593 https://github.com/heimdal/heimdal/commit/36ad8fa536d039798d30d72804b6ed85f37b0593 Author: Luke Howard Date: 2018-12-28 (Fri, 28 Dec 2018) Changed paths: M lib/krb5/krcache.c Log Message: ----------- krb5: fix pointer indirection error in keyring cache (#166) **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri Dec 28 08:10:47 2018 From: noreply at github.com (GitHub) Date: Thu, 27 Dec 2018 23:10:47 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 6df981: Fix warning in lib/krb5/test_store.c Message-ID: <5c25cc77780b_4e812af15e1e8578784cd@hookshot-fe-b0febf1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 6df981e0485e5de11e4eb826cf62f35d6607a5a4 https://github.com/heimdal/heimdal/commit/6df981e0485e5de11e4eb826cf62f35d6607a5a4 Author: Nicolas Williams Date: 2018-12-28 (Fri, 28 Dec 2018) Changed paths: M lib/krb5/test_store.c Log Message: ----------- Fix warning in lib/krb5/test_store.c Commit: 06773bba48d950eb694356ac74e9dc79202dad3d https://github.com/heimdal/heimdal/commit/06773bba48d950eb694356ac74e9dc79202dad3d Author: Nicolas Williams Date: 2018-12-28 (Fri, 28 Dec 2018) Changed paths: M lib/ipc/tc.c Log Message: ----------- Fix warning in lib/ipc/tc.c Commit: 7c03b981a4fde0c4ba63b6660aa3dcfbb7c37281 https://github.com/heimdal/heimdal/commit/7c03b981a4fde0c4ba63b6660aa3dcfbb7c37281 Author: Nicolas Williams Date: 2018-12-28 (Fri, 28 Dec 2018) Changed paths: M lib/krb5/get_default_principal.c Log Message: ----------- Fix warning in lib/krb5/get_default_principal.c Commit: b0a357429df127ae7531a052004298bf813b53a3 https://github.com/heimdal/heimdal/commit/b0a357429df127ae7531a052004298bf813b53a3 Author: Nicolas Williams Date: 2018-12-28 (Fri, 28 Dec 2018) Changed paths: M lib/gssapi/test_context.c Log Message: ----------- Fix warning in lib/gssapi/test_context.c Compare: https://github.com/heimdal/heimdal/compare/36ad8fa536d0...b0a357429df1 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri Dec 28 20:28:10 2018 From: noreply at github.com (GitHub) Date: Fri, 28 Dec 2018 11:28:10 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 51c2a5: lib/kadm5: _kadm5_s_init_hooks Message-ID: <5c26794acb8ac_1f8f2aebc57e057843078@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 51c2a5831ad53577d71d0e01f1229464b16549c4 https://github.com/heimdal/heimdal/commit/51c2a5831ad53577d71d0e01f1229464b16549c4 Author: Jeffrey Altman Date: 2018-12-28 (Fri, 28 Dec 2018) Changed paths: M lib/kadm5/server_hooks.c Log Message: ----------- lib/kadm5: _kadm5_s_init_hooks prevent leak of configuration strings introduced by f62b00e33cff67151bb3da5cb62027502da32f5f ("kadm5: improve kadm5 hook logging (#397)") Change-Id: I12c028241e6ee0175599b6edc6a334c6efb858d9 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri Dec 28 20:32:50 2018 From: noreply at github.com (GitHub) Date: Fri, 28 Dec 2018 11:32:50 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 134b53: lib/roken: roken_get_shell unreachable code warnin... Message-ID: <5c267a627b859_47092aeedb9065886714b@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 134b53ead18ede36d392be5651e6c9b17326350f https://github.com/heimdal/heimdal/commit/134b53ead18ede36d392be5651e6c9b17326350f Author: Jeffrey Altman Date: 2018-12-28 (Fri, 28 Dec 2018) Changed paths: M lib/roken/getuserinfo.c Log Message: ----------- lib/roken: roken_get_shell unreachable code warning When WIN32 is undefined an unreachable code warning was generated since "/bin/sh" is returned as the default resposne. Change-Id: I757c9d05db62c1d52fee0e510259098d73273a84 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 29 02:16:30 2018 From: noreply at github.com (GitHub) Date: Fri, 28 Dec 2018 17:16:30 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 4e0102: kadmin selective prune of historic key for princip... Message-ID: <5c26caee827f9_b3c2ae4738be5709741c@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/pull/415/head Home: https://github.com/heimdal/heimdal Commit: 4e01028b049a0832e0ba2b2cd4e322ba338edcf4 https://github.com/heimdal/heimdal/commit/4e01028b049a0832e0ba2b2cd4e322ba338edcf4 Author: Radoslav Bodo Date: 2018-09-13 (Thu, 13 Sep 2018) Changed paths: M kadmin/Makefile.am M kadmin/kadmin-commands.in A kadmin/prune.c M kadmin/server.c M lib/hdb/keys.c M lib/hdb/version-script.map M lib/kadm5/Makefile.am M lib/kadm5/common_glue.c M lib/kadm5/context_s.c M lib/kadm5/init_c.c M lib/kadm5/private.h A lib/kadm5/prune_c.c A lib/kadm5/prune_s.c M lib/kadm5/version-script-client.map M lib/kadm5/version-script.map M tests/kdc/check-kadmin.in Log Message: ----------- kadmin selective prune of historic key for principal Commit: ac921a8e29daf8c98030d5fc69cbdb94da520c2c https://github.com/heimdal/heimdal/commit/ac921a8e29daf8c98030d5fc69cbdb94da520c2c Author: Radoslav Bodo Date: 2018-09-13 (Thu, 13 Sep 2018) Changed paths: M kadmin/server.c M lib/hdb/keys.c M lib/kadm5/prune_c.c M lib/kadm5/prune_s.c Log Message: ----------- if/for spacing cosmetics Commit: 7a7f2683a7a1fa0a902169989dfd90f919f726d1 https://github.com/heimdal/heimdal/commit/7a7f2683a7a1fa0a902169989dfd90f919f726d1 Author: Radoslav Bodo Date: 2018-09-15 (Sat, 15 Sep 2018) Changed paths: M kadmin/NTMakefile M lib/hdb/libhdb-exports.def M lib/kadm5/NTMakefile M lib/kadm5/libkadm5srv-exports.def Log Message: ----------- fix windows build prune sources not registered in makefile hdb export missing prune not registered in kadmin makefile w32-check-exported-symbols.pl kadm5_prune_principal: Only in VS Commit: 3ace7b3c29b57d386ec8733842527cbe43a2578e https://github.com/heimdal/heimdal/commit/3ace7b3c29b57d386ec8733842527cbe43a2578e Author: Radoslav Bodo Date: 2018-09-15 (Sat, 15 Sep 2018) Changed paths: M tests/kdc/check-kadmin.in Log Message: ----------- fix osx testsuite portable code taken from iprop tests to check selective prune Commit: 3dbc34b17cc35dbf6e4746dca7283f99c4820c45 https://github.com/heimdal/heimdal/commit/3dbc34b17cc35dbf6e4746dca7283f99c4820c45 Author: Nicolas Williams Date: 2018-12-28 (Fri, 28 Dec 2018) Changed paths: M kadmin/prune.c M kadmin/server.c M lib/hdb/keys.c Log Message: ----------- wip Commit: 5853652d37cb8320eb1e3d23b82b3c3783360f61 https://github.com/heimdal/heimdal/commit/5853652d37cb8320eb1e3d23b82b3c3783360f61 Author: Nicolas Williams Date: 2018-12-28 (Fri, 28 Dec 2018) Changed paths: M kadmin/kadmin-commands.in M kadmin/prune.c M kadmin/server.c M lib/kadm5/common_glue.c M lib/kadm5/prune_c.c Log Message: ----------- wip Commit: 0a49b6ee7c1536f8c446669c8e4162f6648f027b https://github.com/heimdal/heimdal/commit/0a49b6ee7c1536f8c446669c8e4162f6648f027b Author: Nicolas Williams Date: 2018-12-28 (Fri, 28 Dec 2018) Changed paths: M kadmin/kadmin.1 Log Message: ----------- wip Compare: https://github.com/heimdal/heimdal/compare/4e01028b049a^...0a49b6ee7c15 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 29 02:18:20 2018 From: noreply at github.com (GitHub) Date: Fri, 28 Dec 2018 17:18:20 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <5c26cb5c6b6e1_5f622ad93e0d4584943ad@hookshot-fe-31feec6.cp1-iad.github.net.mail> Branch: refs/heads/pull/415/head Home: https://github.com/heimdal/heimdal **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 29 02:26:27 2018 From: noreply at github.com (GitHub) Date: Fri, 28 Dec 2018 17:26:27 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] e6d1c1: Rewrite gss_add_cred() (fix #413) Message-ID: <5c26cd4370c77_1b0a2b12fe64e58838423@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: e6d1c10808bae4853b005bd981878c42c3432cfe https://github.com/heimdal/heimdal/commit/e6d1c10808bae4853b005bd981878c42c3432cfe Author: Nicolas Williams Date: 2018-12-28 (Fri, 28 Dec 2018) Changed paths: M lib/gssapi/Makefile.am M lib/gssapi/NTMakefile M lib/gssapi/gssapi/gssapi.h M lib/gssapi/gssapi_mech.h A lib/gssapi/krb5/duplicate_cred.c M lib/gssapi/krb5/external.c M lib/gssapi/krb5/test_acquire_cred.c M lib/gssapi/krb5/test_cred.c M lib/gssapi/mech/gss_add_cred.c A lib/gssapi/mech/gss_duplicate_cred.c A lib/gssapi/netlogon/duplicate_cred.c M lib/gssapi/netlogon/external.c M lib/gssapi/netlogon/netlogon.h A lib/gssapi/ntlm/duplicate_cred.c M lib/gssapi/ntlm/external.c M lib/gssapi/ntlm/ntlm.h M lib/gssapi/spnego/external.c Log Message: ----------- Rewrite gss_add_cred() (fix #413) It turns out gss_add_cred() really needed a complete rewrite. It's much better to first have a gss_duplicate_cred() (which has been needed for other reasons anyways), and use that when the input_cred_handle is not GSS_C_NO_CREDENTIAL and output_cred_handle is not NULL, then mutate that duplicate credential handle (or the input_cred_handle if output_cred_handle is NULL). **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 29 05:02:43 2018 From: noreply at github.com (GitHub) Date: Fri, 28 Dec 2018 20:02:43 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] d8e432: kdc: log principal name in TGT not found error Message-ID: <5c26f1e3b1e49_76b82ac4e0b5857c12616c@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: d8e4328762e51c6217fec5f766cba3936c029362 https://github.com/heimdal/heimdal/commit/d8e4328762e51c6217fec5f766cba3936c029362 Author: Luke Howard Date: 2018-12-29 (Sat, 29 Dec 2018) Changed paths: M kdc/krb5tgs.c Log Message: ----------- kdc: log principal name in TGT not found error **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat Dec 29 10:23:53 2018 From: noreply at github.com (GitHub) Date: Sat, 29 Dec 2018 01:23:53 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 7e0ff6: gssapi: add OPTSYM for gss_duplicate_cred() (#487) Message-ID: <5c273d29d283d_19e22ad7f3cfe57c125251@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 7e0ff63b38300e5b433385c9e3241f5000b98696 https://github.com/heimdal/heimdal/commit/7e0ff63b38300e5b433385c9e3241f5000b98696 Author: Luke Howard Date: 2018-12-29 (Sat, 29 Dec 2018) Changed paths: M lib/gssapi/mech/gss_mech_switch.c Log Message: ----------- gssapi: add OPTSYM for gss_duplicate_cred() (#487) Allow API-as-SPI mechanisms to provide gss_duplicate_cred(), introduced in e6d1c108. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 30 22:39:51 2018 From: noreply at github.com (GitHub) Date: Sun, 30 Dec 2018 13:39:51 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 014f16: libhcrypto: UI_UTIL_FLAG_VERIFY_SILENT Message-ID: <5c293b271da8c_28eb2ae0043c8584735c0@hookshot-fe-6b2eebc.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 014f16883c7c911b2804fb081e885e0571528e85 https://github.com/heimdal/heimdal/commit/014f16883c7c911b2804fb081e885e0571528e85 Author: Luke Howard Date: 2018-12-30 (Sun, 30 Dec 2018) Changed paths: M admin/add.c M appl/otp/otp.c M kadmin/ank.c M kadmin/cpw.c M kadmin/stash.c M kdc/kstash.c M kpasswd/kpasswd.c M lib/hcrypto/ui.c M lib/hcrypto/ui.h Log Message: ----------- libhcrypto: UI_UTIL_FLAG_VERIFY_SILENT **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 30 23:27:26 2018 From: noreply at github.com (GitHub) Date: Sun, 30 Dec 2018 14:27:26 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 00c402: x Message-ID: <5c29464ef0780_1fe92b2a59d4e578327e0@hookshot-fe-da92815.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/spnego-error-tokens Home: https://github.com/heimdal/heimdal Commit: 00c4029b709d35a3df739686d22a0fae70773562 https://github.com/heimdal/heimdal/commit/00c4029b709d35a3df739686d22a0fae70773562 Author: Luke Howard Date: 2018-12-31 (Mon, 31 Dec 2018) Changed paths: M lib/gssapi/spnego/accept_sec_context.c M lib/gssapi/spnego/init_sec_context.c Log Message: ----------- x **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 30 23:28:28 2018 From: noreply at github.com (GitHub) Date: Sun, 30 Dec 2018 14:28:28 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 2fc143: SPNEGO: allow mechanism error tokens in reject res... Message-ID: <5c29468cdfcee_3cbf2af22e4ae58454176@hookshot-fe-6e9b612.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/spnego-error-tokens Home: https://github.com/heimdal/heimdal Commit: 2fc143c11673fe16165102cc20230bee84a5e10c https://github.com/heimdal/heimdal/commit/2fc143c11673fe16165102cc20230bee84a5e10c Author: Luke Howard Date: 2018-12-31 (Mon, 31 Dec 2018) Changed paths: M lib/gssapi/spnego/accept_sec_context.c M lib/gssapi/spnego/init_sec_context.c Log Message: ----------- SPNEGO: allow mechanism error tokens in reject responses (#486) **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 30 23:30:03 2018 From: noreply at github.com (GitHub) Date: Sun, 30 Dec 2018 14:30:03 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <5c2946ebaeed4_410f2b06d04205701222b9@hookshot-fe-6e9b612.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/spnego-error-tokens Home: https://github.com/heimdal/heimdal **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun Dec 30 23:33:33 2018 From: noreply at github.com (GitHub) Date: Sun, 30 Dec 2018 14:33:33 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] a91930: SPNEGO: Use error tokens (init. side) (fix #486) Message-ID: <5c2947bd930e2_28bd2aee30630580493c@hookshot-fe-6b2eebc.cp1-iad.github.net.mail> Branch: refs/heads/nicowilliams/fix_486 Home: https://github.com/heimdal/heimdal Commit: a91930da7419bb85f90537f35126c6335d39e638 https://github.com/heimdal/heimdal/commit/a91930da7419bb85f90537f35126c6335d39e638 Author: Nicolas Williams Date: 2018-12-31 (Mon, 31 Dec 2018) Changed paths: M lib/gssapi/spnego/init_sec_context.c Log Message: ----------- SPNEGO: Use error tokens (init. side) (fix #486) Commit: 67025e0e8dcd7cc1e18477896ed19f3023ee89df https://github.com/heimdal/heimdal/commit/67025e0e8dcd7cc1e18477896ed19f3023ee89df Author: Luke Howard Date: 2018-12-31 (Mon, 31 Dec 2018) Changed paths: M lib/gssapi/spnego/accept_sec_context.c Log Message: ----------- SPNEGO: Send error tokens (acc. side) (fix #486) Commit: 23e71f018d83078d7c50f1d22f1870914e8edde9 https://github.com/heimdal/heimdal/commit/23e71f018d83078d7c50f1d22f1870914e8edde9 Author: Nicolas Williams Date: 2018-12-31 (Mon, 31 Dec 2018) Changed paths: M lib/gssapi/spnego/init_sec_context.c Log Message: ----------- fixup! SPNEGO: Use error tokens (init. side) (fix #486) Commit: 98bd2e7755eacdb1bf0ed22476d4219303e400bb https://github.com/heimdal/heimdal/commit/98bd2e7755eacdb1bf0ed22476d4219303e400bb Author: Luke Howard Date: 2018-12-31 (Mon, 31 Dec 2018) Changed paths: M lib/gssapi/spnego/init_sec_context.c Log Message: ----------- fixup! SPNEGO: local variable for negState (fix #486) Compare: https://github.com/heimdal/heimdal/compare/a91930da7419^...98bd2e7755ea **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 31 08:19:32 2018 From: noreply at github.com (GitHub) Date: Sun, 30 Dec 2018 23:19:32 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 58b77b: krb5: fix a couple of missing options in verify_kr... Message-ID: <5c29c304d0df6_62372ad6585e458054951@hookshot-fe-31feec6.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 58b77bb485f43c9e9c8b6f37dc8201d0bebfe748 https://github.com/heimdal/heimdal/commit/58b77bb485f43c9e9c8b6f37dc8201d0bebfe748 Author: Luke Howard Date: 2018-12-31 (Mon, 31 Dec 2018) Changed paths: M lib/krb5/verify_krb5_conf.c Log Message: ----------- krb5: fix a couple of missing options in verify_krb5_conf **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 31 08:20:39 2018 From: noreply at github.com (GitHub) Date: Sun, 30 Dec 2018 23:20:39 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] af0d8e: gssapi: support for client keytab in gss_acquire_c... Message-ID: <5c29c347c7e05_520d2ad5ddf8657840059@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: af0d8ef677f3c6955ccce3723812fa5a784c448e https://github.com/heimdal/heimdal/commit/af0d8ef677f3c6955ccce3723812fa5a784c448e Author: Luke Howard Date: 2018-12-31 (Mon, 31 Dec 2018) Changed paths: M include/config.h.w32 M lib/gssapi/krb5/acquire_cred.c M lib/krb5/keytab.c M lib/krb5/krb5_locl.h M lib/krb5/libkrb5-exports.def.in M lib/krb5/verify_krb5_conf.c M lib/krb5/version-script.map Log Message: ----------- gssapi: support for client keytab in gss_acquire_cred (#383) For compatibility with MIT Kerberos, support automatic acquisition of initiator credentials if a client keytab is available. The default path on non-Windows is /var/heimdal/user/%{euid}/client.keytab, but can be overriden with the KRB5_CLIENT_KTNAME environment variable or the default_client_keytab_name configuration option. If a client keytab does not exist, or exists but does not contain the principal for which initiator credentials are being acquired, the system keytab is tried. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon Dec 31 21:17:12 2018 From: noreply at github.com (GitHub) Date: Mon, 31 Dec 2018 12:17:12 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] f3f06f: kadmin selective prune of historic key for princip... Message-ID: <5c2a79488fef_54b2acbe5d4258436481@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: f3f06fcba906da95ba4436d19aa9a66e2236fa74 https://github.com/heimdal/heimdal/commit/f3f06fcba906da95ba4436d19aa9a66e2236fa74 Author: Radoslav Bodo Date: 2018-12-31 (Mon, 31 Dec 2018) Changed paths: M kadmin/Makefile.am M kadmin/NTMakefile M kadmin/kadmin-commands.in M kadmin/kadmin.1 A kadmin/prune.c M kadmin/server.c M lib/hdb/keys.c M lib/hdb/libhdb-exports.def M lib/hdb/version-script.map M lib/kadm5/Makefile.am M lib/kadm5/NTMakefile M lib/kadm5/common_glue.c M lib/kadm5/context_s.c M lib/kadm5/init_c.c M lib/kadm5/libkadm5srv-exports.def M lib/kadm5/private.h A lib/kadm5/prune_c.c A lib/kadm5/prune_s.c M lib/kadm5/version-script-client.map M lib/kadm5/version-script.map M tests/kdc/check-kadmin.in Log Message: ----------- kadmin selective prune of historic key for principal **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.