[Heimdal-source-changes] [heimdal/heimdal] 338d47: Fix Appveyor Windows build
Nico Williams
noreply at github.com
Tors Okt 3 20:36:29 CEST 2019
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 338d47120b29944a38d6ae8b318def936a2d6658
https://github.com/heimdal/heimdal/commit/338d47120b29944a38d6ae8b318def936a2d6658
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/kadm5/init_c.c
M lib/krb5/get_default_principal.c
Log Message:
-----------
Fix Appveyor Windows build
Commit: 5859bc3bdfb797a9a16ef19a97e28605529c6c77
https://github.com/heimdal/heimdal/commit/5859bc3bdfb797a9a16ef19a97e28605529c6c77
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M kadmin/kadmin.1
M kadmin/kadmin.c
Log Message:
-----------
kadmin: add --hdb / -H argument
Makes it possible to
$ kadmin -l -H /tmp/hdb init FOO.EXAMPLE
rather than being able to only init /var/heimdal/heimdal.
Commit: 1ae941af9b5beef88ffb91c274dc6b99c7c77191
https://github.com/heimdal/heimdal/commit/1ae941af9b5beef88ffb91c274dc6b99c7c77191
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M kadmin/kadmind.c
M kcm/main.c
M kdc/config.c
M kpasswd/kpasswdd.c
M lib/kadm5/ipropd_master.c
M lib/kadm5/ipropd_slave.c
M lib/roken/detach.c
M lib/roken/roken.h.in
M lib/roken/test-detach.c
Log Message:
-----------
roken_detach_prep() should return fd
Commit: 34728ce79ee4539606b0e33e973eefb089250a85
https://github.com/heimdal/heimdal/commit/34728ce79ee4539606b0e33e973eefb089250a85
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/roken/base64.c
Log Message:
-----------
rk_base64_encode(): set errno in all error cases
Commit: 1ee136ce40b6a0e4c03a6aaa49d142f02437b946
https://github.com/heimdal/heimdal/commit/1ee136ce40b6a0e4c03a6aaa49d142f02437b946
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M cf/roken-frag.m4
Log Message:
-----------
autoconf: look for unlinkat()
Commit: 8d232aa87d2b38c491356bf8843d9f27dcad7e14
https://github.com/heimdal/heimdal/commit/8d232aa87d2b38c491356bf8843d9f27dcad7e14
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/libhx509-exports.def
Log Message:
-----------
hx509: export hx509_parse_private_key (Windows)
Commit: 252487dfe45cc7af6ed6074d024259dd2e9d93e0
https://github.com/heimdal/heimdal/commit/252487dfe45cc7af6ed6074d024259dd2e9d93e0
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/cert.c
M lib/hx509/ks_file.c
M lib/hx509/libhx509-exports.def
M lib/hx509/version-script.map
Log Message:
-----------
hx509: support reading private keys from PEM files
This commit adds:
- hx509_cert_init_private_key() for creating an hx509_cert object that
has just a private key
- hx509_cert_have_private_key_only() for checking whether an hx509_cert
object has just a private key
This also generalizes the get_key() internal function in hxtool, which
is tasked with reding or generating a private key for use in signing
CSRs. Now hxtool request-create can read/write private keys to/from PEM
files, not just DER files.
This is needed to support key types other than just RSA for CSRs and
certificates.
Commit: 005ba36b83dbbb6a4bbcf5da2bb1cecd9fb886f2
https://github.com/heimdal/heimdal/commit/005ba36b83dbbb6a4bbcf5da2bb1cecd9fb886f2
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/hxtool.c
Log Message:
-----------
hxtool request-create: fix --key argument handling
```
hxtool request-create --subject=... \
--generate-key=... \
--key-bits=... \
--key=STORE \
store
```
wants to generate a key, store it in the location specified by the --key
argument, then read it back, then generate the CSR, and store it in
`store`.
But it didn't work because for generating a key this really wants the
`--key` argument to be a file path into which a raw DER-encoded RSA key
will be written (only RSA is supported, ay!), but for reading the key
back it uses `hx509_certs_init()`, which wants `TYPE:name` keystore
specification. A deadly embrace.
Now that we have improved libhx509 functionality for reading/writing
private keys from/to PEM files we use this functionality and require a
store type in the `--key=STORE` argument.
Commit: 859c587dc25bebf0c3618a7a531fb26642f1416f
https://github.com/heimdal/heimdal/commit/859c587dc25bebf0c3618a7a531fb26642f1416f
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/ca.c
M lib/hx509/hxtool-commands.in
M lib/hx509/hxtool.c
M lib/hx509/libhx509-exports.def
M lib/hx509/version-script.map
Log Message:
-----------
Add more hxtool EKU options, and KeyUsage too
This is necessary in order to have more control over, e.g., template
certificates for kx509. But also it's good to have this more generally.
Some batteries not included. Specifically: no attempt is made to validate that
given KeyUsage values are compatible with the subjectPublicKey's alrogithm and
parameters.
Commit: a2db5caebfb2bf05cd6ec526b5ad94e3a33c4dd6
https://github.com/heimdal/heimdal/commit/a2db5caebfb2bf05cd6ec526b5ad94e3a33c4dd6
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/gssapi/krb5/test_kcred.c
M lib/gssapi/test_kcred.c
Log Message:
-----------
Add note about racy tests
Commit: 049d817c667c7ad67ff23b284639dd09f0b91ca2
https://github.com/heimdal/heimdal/commit/049d817c667c7ad67ff23b284639dd09f0b91ca2
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/ca.c
Log Message:
-----------
Fix hx509_ca_tbs_free() segfault
Commit: cc8a5c59a842873e998220cc316ad43487c67776
https://github.com/heimdal/heimdal/commit/cc8a5c59a842873e998220cc316ad43487c67776
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/hxtool-commands.in
M lib/hx509/hxtool.c
Log Message:
-----------
hxtool: add generate-key command
This will help us not commit private keys in-tree for testing as we can now
more easily generate them as needed.
Commit: 63116100a8b2e096b9230a0cfd6adfa35339dec2
https://github.com/heimdal/heimdal/commit/63116100a8b2e096b9230a0cfd6adfa35339dec2
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/ks_dir.c
M lib/hx509/ks_file.c
M lib/hx509/ks_p11.c
M lib/hx509/ks_p12.c
Log Message:
-----------
hx509: do not crash on missing FILE: name
Commit: 5a0d85e42328d8e6843ef2e16007c48500e27987
https://github.com/heimdal/heimdal/commit/5a0d85e42328d8e6843ef2e16007c48500e27987
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/crypto.c
M lib/hx509/hx509.h
Log Message:
-----------
hx509: Add PKCS#8 private key format option
Commit: e4b35ba13f077bc25c7e67e17edcf68d37c0d9ff
https://github.com/heimdal/heimdal/commit/e4b35ba13f077bc25c7e67e17edcf68d37c0d9ff
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/ks_file.c
Log Message:
-----------
hx509: create files with safe mode_t
Commit: 41fcafd20c6dc2e1cc61e0b3d4e77936ab3eec61
https://github.com/heimdal/heimdal/commit/41fcafd20c6dc2e1cc61e0b3d4e77936ab3eec61
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/file.c
M lib/hx509/hx_locl.h
M lib/hx509/keyset.c
M lib/hx509/ks_dir.c
M lib/hx509/ks_file.c
M lib/hx509/ks_keychain.c
M lib/hx509/ks_mem.c
M lib/hx509/ks_null.c
M lib/hx509/ks_p11.c
M lib/hx509/ks_p12.c
M lib/hx509/libhx509-exports.def
M lib/hx509/version-script.map
Log Message:
-----------
hx509: add hx509_certs_destroy()
Commit: eaebb892b8f9c3a39dd15441584fa8d1e87290ae
https://github.com/heimdal/heimdal/commit/eaebb892b8f9c3a39dd15441584fa8d1e87290ae
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/cert.c
Log Message:
-----------
hx509: hx509_context_free(&null_var) should work
Commit: f2776ce84104192782924c79a467f962238598f1
https://github.com/heimdal/heimdal/commit/f2776ce84104192782924c79a467f962238598f1
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/error.c
Log Message:
-----------
hx509: make hx509_get_error_string(NULL, ...) work
If hx509_context_init() fails we should still be able to do something
with its return code.
Commit: 87eb05df6aac26e0ee5f2ae4d40b361007a83355
https://github.com/heimdal/heimdal/commit/87eb05df6aac26e0ee5f2ae4d40b361007a83355
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/req.c
Log Message:
-----------
hx509: always verify CSR signature
Commit: d13f89cb110cd917ea6c5ecd42a9b5b77f1b887c
https://github.com/heimdal/heimdal/commit/d13f89cb110cd917ea6c5ecd42a9b5b77f1b887c
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/hxtool.c
M lib/hx509/libhx509-exports.def
M lib/hx509/req.c
M lib/hx509/version-script.map
Log Message:
-----------
hx509: expose hx509_request_parse*()
Commit: 63ccdca13701677a8351d4dec444c7f741ba5785
https://github.com/heimdal/heimdal/commit/63ccdca13701677a8351d4dec444c7f741ba5785
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/keyset.c
Log Message:
-----------
hx509: _hx509_certs_keys_free() should not require gate
Commit: 44677c01aefe099a77b9d534833e9024b1fa3450
https://github.com/heimdal/heimdal/commit/44677c01aefe099a77b9d534833e9024b1fa3450
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/hx509/cert.c
M lib/hx509/hxtool.c
Log Message:
-----------
hxtool print: fix output device bugs
Commit: 5e270a89145b97b947b16f944b761ebb87488904
https://github.com/heimdal/heimdal/commit/5e270a89145b97b947b16f944b761ebb87488904
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/krb5/pkinit.c
Log Message:
-----------
Fix missing error checking in lib/krb5/pkinit.c
Commit: 75b5c94a62115e8a27a51a7ee4d3c22ca177df29
https://github.com/heimdal/heimdal/commit/75b5c94a62115e8a27a51a7ee4d3c22ca177df29
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M kdc/connect.c
Log Message:
-----------
kdc: fix invalid free at exit time
Commit: d3ef0ee74358276bf65af3d4b26b9f530ad1c57b
https://github.com/heimdal/heimdal/commit/d3ef0ee74358276bf65af3d4b26b9f530ad1c57b
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M kdc/connect.c
M kdc/main.c
Log Message:
-----------
kdc: fix leaks
Commit: f31cdc30b2c7e58260935f8df7207f9c247a8ae6
https://github.com/heimdal/heimdal/commit/f31cdc30b2c7e58260935f8df7207f9c247a8ae6
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M cf/roken-frag.m4
M lib/roken/Makefile.am
M lib/roken/NTMakefile
A lib/roken/memmem.c
M lib/roken/roken.h.in
M lib/roken/version-script.map
Log Message:
-----------
roken: add rk_memmem()
Commit: 96d1e80bdaded9211b3becc82a2e6c58ccc9a33a
https://github.com/heimdal/heimdal/commit/96d1e80bdaded9211b3becc82a2e6c58ccc9a33a
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M cf/roken-frag.m4
M lib/roken/Makefile.am
M lib/roken/NTMakefile
A lib/roken/mkostemp.c
M lib/roken/roken.h.in
M lib/roken/version-script.map
Log Message:
-----------
roken: add mkostemp()
Commit: cf16e60f3b2c7d5549ffe959ade7505d5e5ce638
https://github.com/heimdal/heimdal/commit/cf16e60f3b2c7d5549ffe959ade7505d5e5ce638
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/krb5/krcache.c
Log Message:
-----------
Fix off by one in KEYRING krcc_remove_cred()
Commit: ec84667763547219241b79547b4d186b8b0c4787
https://github.com/heimdal/heimdal/commit/ec84667763547219241b79547b4d186b8b0c4787
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/krb5/acache.c
M lib/krb5/cache.c
M lib/krb5/fcache.c
M lib/krb5/kcm.c
M lib/krb5/krcache.c
M lib/krb5/mcache.c
M lib/krb5/scache.c
M lib/krb5/test_cc.c
Log Message:
-----------
Fix krb5_cc_move() issues
Move init/copy/destroy fallback sequence from fcc_move() to
krb5_cc_move().
Make sure all backends's move() method calls krb5_cc_destroy() on the
source on success (and only on success).
In text_cc make sure that we can find in the destination the cred
stored into the source.
Commit: e163bfd81b5a24343cb59fd30c40ab1e828f45c8
https://github.com/heimdal/heimdal/commit/e163bfd81b5a24343cb59fd30c40ab1e828f45c8
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/krb5/fcache.c
Log Message:
-----------
Make ccache init atomic
Commit: 621c68abeaaba1108f19904edf9e822d6d0ed1cb
https://github.com/heimdal/heimdal/commit/621c68abeaaba1108f19904edf9e822d6d0ed1cb
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/krb5/test_cc.c
Log Message:
-----------
Improve krb5_cc_remove_cred() test
Commit: fe5c0a907c4b9c1b69caefe54e16ed69dd950a00
https://github.com/heimdal/heimdal/commit/fe5c0a907c4b9c1b69caefe54e16ed69dd950a00
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/krb5/principal.c
Log Message:
-----------
unparse_principal: reject embedded NULs
Commit: 6deb2a6baeba9ed528059eb2d612fdc39e5c06ca
https://github.com/heimdal/heimdal/commit/6deb2a6baeba9ed528059eb2d612fdc39e5c06ca
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M kdc/connect.c
Log Message:
-----------
kdc: improve HTTP parsing
Commit: 37b55e1fdb7f2e3f01f18f9cee13b756960fa2ac
https://github.com/heimdal/heimdal/commit/37b55e1fdb7f2e3f01f18f9cee13b756960fa2ac
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/krb5/pkinit.c
Log Message:
-----------
pkinit: fix memory leak in libkrb5
Commit: 941dfd95a32088d8e1dfce9fe1839d14bd8413b5
https://github.com/heimdal/heimdal/commit/941dfd95a32088d8e1dfce9fe1839d14bd8413b5
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/krb5/pkinit.c
Log Message:
-----------
pkinit: fix leak in client
Commit: 697c6462cf4ef2a0d5c93d0215fb914d820a2592
https://github.com/heimdal/heimdal/commit/697c6462cf4ef2a0d5c93d0215fb914d820a2592
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M kuser/klist.c
Log Message:
-----------
klist: fix verbose printing of config entries
Commit: 375dd8897f8c11946a008eaa4da0868d47862622
https://github.com/heimdal/heimdal/commit/375dd8897f8c11946a008eaa4da0868d47862622
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M kuser/klist.c
Log Message:
-----------
klist: partial fix of -v --json
It's still not supported, but at least it generates valid JSON now.
Note that --json w/o -v is functional but has issues, specifically the
rtbl_add_column_entry() does not encode strings properly for output as JSON
strings. Fixing this will take significantly more effort. One wonders if it
might not be better to use a proper JSON library instead of the rtbl stuff.
Commit: afaaf3d89d86bb33f42a63767b41f57c24238aed
https://github.com/heimdal/heimdal/commit/afaaf3d89d86bb33f42a63767b41f57c24238aed
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-10-03 (Thu, 03 Oct 2019)
Changed paths:
M lib/krb5/cache.c
M lib/krb5/context.c
M lib/krb5/krb5_locl.h
M lib/krb5/libkrb5-exports.def.in
M lib/krb5/version-script.map
Log Message:
-----------
Add krb5_cc_configured_default_name()
Refactor krb5_cc_set_default_name() by splitting out the part that looks
for a configured default ccache name. This will allow one to check if a
given ccache is a default ccache for a process ignoring KRB5CCNAME,
which might prove useful in the kx509 client.
Compare: https://github.com/heimdal/heimdal/compare/989422e0fcd8...afaaf3d89d86
More information about the Heimdal-source-changes
mailing list