oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Fixes from NetBSD via Thomas Klausner and Roland C. Dowdeswell

Browse Source
This commit is contained in:
Love Hornquist Astrand
2011-05-04 21:31:10 -07:00
parent 9a1a5e5da6
commit b1909b2daa
28 changed files with 337 additions and 782 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
lib/gssapi/gssapi.3
View File

@@ -53,57 +53,52 @@ These functions constitute the gssapi library,
.Em libgssapi .
Declarations for these functions may be obtained from the include file
.Pa gssapi.h .
.sp 2
.nf
.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u
\fIName/Page\fP \fIDescription\fP
.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u+6nC
.sp 5p
gss_accept_sec_context.3
gss_acquire_cred.3
gss_add_cred.3
gss_add_oid_set_member.3
gss_canonicalize_name.3
gss_compare_name.3
gss_context_time.3
gss_create_empty_oid_set.3
gss_delete_sec_context.3
gss_display_name.3
gss_display_status.3
gss_duplicate_name.3
gss_export_name.3
gss_export_sec_context.3
gss_get_mic.3
gss_import_name.3
gss_import_sec_context.3
gss_indicate_mechs.3
gss_init_sec_context.3
gss_inquire_context.3
gss_inquire_cred.3
gss_inquire_cred_by_mech.3
gss_inquire_mechs_for_name.3
gss_inquire_names_for_mech.3
gss_krb5_ccache_name.3
gss_krb5_compat_des3_mic.3
gss_krb5_copy_ccache.3
gss_krb5_extract_authz_data_from_sec_context.3
gss_krb5_import_ccache.3
gss_process_context_token.3
gss_release_buffer.3
gss_release_cred.3
gss_release_name.3
gss_release_oid_set.3
gss_seal.3
gss_sign.3
gss_test_oid_set_member.3
gss_unseal.3
gss_unwrap.3
gss_verify.3
gss_verify_mic.3
gss_wrap.3
gss_wrap_size_limit.3
.ta
.Fi
.Bl -column -compact
.It Sy Name/Page
.It Xr gss_accept_sec_context 3
.It Xr gss_acquire_cred 3
.It Xr gss_add_cred 3
.It Xr gss_add_oid_set_member 3
.It Xr gss_canonicalize_name 3
.It Xr gss_compare_name 3
.It Xr gss_context_time 3
.It Xr gss_create_empty_oid_set 3
.It Xr gss_delete_sec_context 3
.It Xr gss_display_name 3
.It Xr gss_display_status 3
.It Xr gss_duplicate_name 3
.It Xr gss_export_name 3
.It Xr gss_export_sec_context 3
.It Xr gss_get_mic 3
.It Xr gss_import_name 3
.It Xr gss_import_sec_context 3
.It Xr gss_indicate_mechs 3
.It Xr gss_init_sec_context 3
.It Xr gss_inquire_context 3
.It Xr gss_inquire_cred 3
.It Xr gss_inquire_cred_by_mech 3
.It Xr gss_inquire_mechs_for_name 3
.It Xr gss_inquire_names_for_mech 3
.It Xr gss_krb5_ccache_name 3
.It Xr gss_krb5_compat_des3_mic 3
.It Xr gss_krb5_copy_ccache 3
.It Xr gss_krb5_extract_authz_data_from_sec_context 3
.It Xr gss_krb5_import_ccache 3
.It Xr gss_process_context_token 3
.It Xr gss_release_buffer 3
.It Xr gss_release_cred 3
.It Xr gss_release_name 3
.It Xr gss_release_oid_set 3
.It Xr gss_seal 3
.It Xr gss_sign 3
.It Xr gss_test_oid_set_member 3
.It Xr gss_unseal 3
.It Xr gss_unwrap 3
.It Xr gss_verify 3
.It Xr gss_verify_mic 3
.It Xr gss_wrap 3
.It Xr gss_wrap_size_limit 3
.El
.Sh COMPATIBILITY
The
.Nm Heimdal

9
lib/hx509/revoke.c
View File

@@ -1054,8 +1054,13 @@ static char *
printable_time(time_t t)
{
static char s[128];
strlcpy(s, ctime(&t)+ 4, sizeof(s));
s[20] = 0;
char *p;
if ((p = ctime(&t)) == NULL)
strlcpy(s, "?", sizeof(s));
else {
strlcpy(s, p + 4, sizeof(s));
s[20] = 0;
}
return s;
}

48
lib/kadm5/iprop-log.8
View File

@@ -83,28 +83,17 @@ maintain the iprop log file
.Sh DESCRIPTION
Supported options:
.Bl -tag -width Ds
.It Xo
.Fl -version
.Xc
.It Xo
.Fl h ,
.Fl -help
.Xc
.It Fl -version
.It Fl h , Fl -help
.El
.Pp
command can be one of the following:
.Bl -tag -width truncate
.It truncate
.Bl -tag -width Ds
.It Xo
.Fl c Ar file ,
.Fl -config-file= Ns Ar file
.Xc
.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
.It Xo
.Fl r Ar string ,
.Fl -realm= Ns Ar string
.Xc
.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
@@ -113,10 +102,7 @@ last entry of the old log. If the log is truncted by emptying the
file, the log will start over at the first version (0).
.It dump
.Bl -tag -width Ds
.It Xo
.Fl c Ar file ,
.Fl -config-file= Ns Ar file
.Xc
.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
.It Xo
.Fl r Ar string ,
@@ -128,23 +114,15 @@ realm
Print out all entries in the log to standard output.
.It replay
.Bl -tag -width Ds
.It Xo
.Fl -start-version= Ns Ar version-number
.Xc
.It Fl -start-version= Ns Ar version-number
start replay with this version
.It Xo
.Fl -end-version= Ns Ar version-number
.Xc
end replay with this version
.It Xo
.Fl c Ar file ,
.Fl -config-file= Ns Ar file
.Xc
.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
.It Xo
.Fl r Ar string ,
.Fl -realm= Ns Ar string
.Xc
.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
@@ -152,15 +130,9 @@ Replay the changes from specified entries (or all if none is
specified) in the transaction log to the database.
.It last-version
.Bl -tag -width Ds
.It Xo
.Fl c Ar file ,
.Fl -config-file= Ns Ar file
.Xc
.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
.It Xo
.Fl r Ar string ,
.Fl -realm= Ns Ar string
.Xc
.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp

140
lib/kadm5/iprop.8
View File

@@ -38,51 +38,49 @@
.Nm iprop ,
.Nm ipropd-master ,
.Nm ipropd-slave
.Nd
propagate changes to a Heimdal Kerberos master KDC to slave KDCs
.Nd propagate changes to a Heimdal Kerberos master KDC to slave KDCs
.Sh SYNOPSIS
.Nm ipropd-master
.Oo Fl c Ar string \*(Ba Xo
.Fl -config-file= Ns Ar string
.Fl Fl config-file= Ns Ar string
.Xc
.Oc
.Oo Fl r Ar string \*(Ba Xo
.Fl -realm= Ns Ar string
.Fl Fl realm= Ns Ar string
.Xc
.Oc
.Oo Fl k Ar kspec \*(Ba Xo
.Fl -keytab= Ns Ar kspec
.Fl Fl keytab= Ns Ar kspec
.Xc
.Oc
.Oo Fl d Ar file \*(Ba Xo
.Fl -database= Ns Ar file
.Fl Fl database= Ns Ar file
.Xc
.Oc
.Op Fl -slave-stats-file= Ns Ar file
.Op Fl -time-missing= Ns Ar time
.Op Fl -time-gone= Ns Ar time
.Op Fl -detach
.Op Fl -version
.Op Fl -help
.Op Fl Fl slave-stats-file= Ns Ar file
.Op Fl Fl time-missing= Ns Ar time
.Op Fl Fl time-gone= Ns Ar time
.Op Fl Fl detach
.Op Fl Fl version
.Op Fl Fl help
.Nm ipropd-slave
.Oo Fl c Ar string \*(Ba Xo
.Fl -config-file= Ns Ar string
.Fl Fl config-file= Ns Ar string
.Xc
.Oc
.Oo Fl r Ar string \*(Ba Xo
.Fl -realm= Ns Ar string
.Fl Fl realm= Ns Ar string
.Xc
.Oc
.Oo Fl k Ar kspec \*(Ba Xo
.Fl -keytab= Ns Ar kspec
.Fl Fl keytab= Ns Ar kspec
.Xc
.Oc
.Op Fl -time-lost= Ns Ar time
.Op Fl -detach
.Op Fl -version
.Op Fl -help
.Op Fl Fl time-lost= Ns Ar time
.Op Fl Fl detach
.Op Fl Fl version
.Op Fl Fl help
.Ar master
.Pp
.Sh DESCRIPTION
.Nm ipropd-master
is used to propagate changes to a Heimdal Kerberos database from the
@@ -96,9 +94,9 @@ file in the KDC's database directory, e.g.\&
.Pa /var/heimdal/slaves .
This has principals one per-line of the form
.Dl iprop/ Ns Ar slave Ns @ Ns Ar REALM
where
.Ar slave
is the hostname of the slave server in the given
where
.Ar slave
is the hostname of the slave server in the given
.Ar REALM ,
e.g.\&
.Dl iprop/kerberos-1.example.com@EXAMPLE.COM
@@ -110,20 +108,23 @@ In contrast to
.Xr hprop 8 ,
which sends the whole database to the slaves regularly,
.Nm
normally sends only the changes as they happen on the master. The
master keeps track of all the changes by assigning a version number to
every change to the database. The slaves know which was the latest
version they saw, and in this way it can be determined if they are in
sync or not. A log of all the changes is kept on the master. When a
slave is at an older version than the oldest one in the log, the whole
database has to be sent.
normally sends only the changes as they happen on the master.
The master keeps track of all the changes by assigning a version
number to every change to the database.
The slaves know which was the latest version they saw, and in this
way it can be determined if they are in sync or not.
A log of all the changes is kept on the master.
When a slave is at an older version than the oldest one in the log,
the whole database has to be sent.
.Pp
The changes are propagated over a secure channel (on port 2121 by
default). This should normally be defined as
default).
This should normally be defined as
.Dq iprop/tcp
in
.Pa /etc/services
or another source of the services database. The master and slaves
or another source of the services database.
The master and slaves
must each have access to a keytab with keys for the
.Nm iprop
service principal on the local host.
@@ -136,78 +137,37 @@ file (e.g.\&
Supported options for
.Nm ipropd-master :
.Bl -tag -width Ds
.It Xo
.Fl c Ar string ,
.Fl -config-file= Ns Ar string
.Xc
.It Xo
.Fl r Ar string ,
.Fl -realm= Ns Ar string
.Xc
.It Xo
.Fl k Ar kspec ,
.Fl -keytab= Ns Ar kspec
.Xc
.It Fl c Ar string , Fl Fl config-file= Ns Ar string
.It Fl r Ar string , Fl Fl realm= Ns Ar string
.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec
keytab to get authentication from
.It Xo
.Fl d Ar file ,
.Fl -database= Ns Ar file
.Xc
.It Fl d Ar file , Fl Fl database= Ns Ar file
Database (default per KDC)
.It Xo
.Fl -slave-stats-file= Ns Ar file
.Xc
.It Fl Fl slave-stats-file= Ns Ar file
file for slave status information
.It Xo
.Fl -time-missing= Ns Ar time
.Xc
.It Fl Fl time-missing= Ns Ar time
time before slave is polled for presence (default 2 min)
.It Xo
.Fl -time-gone= Ns Ar time
.Xc
.It Fl Fl time-gone= Ns Ar time
time of inactivity after which a slave is considered gone (default 5 min)
.It Xo
.Fl -detach
.Xc
.It Fl Fl detach
detach from console
.It Xo
.Fl -version
.Xc
.It Xo
.Fl -help
.Xc
.It Fl Fl version
.It Fl Fl help
.El
.Pp
Supported options for
.Nm ipropd-slave :
.Bl -tag -width Ds
.It Xo
.Fl c Ar string ,
.Fl -config-file= Ns Ar string
.Xc
.It Xo
.Fl r Ar string ,
.Fl -realm= Ns Ar string
.Xc
.It Xo
.Fl k Ar kspec ,
.Fl -keytab= Ns Ar kspec
.Xc
.It Fl c Ar string , Fl Fl config-file= Ns Ar string
.It Fl r Ar string , Fl Fl realm= Ns Ar string
.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec
keytab to get authentication from
.It Xo
.Fl -time-lost= Ns Ar time
.Xc
.It Fl Fl time-lost= Ns Ar time
time before server is considered lost (default 5 min)
.It Xo
.Fl -detach
.Xc
.It Fl Fl detach
detach from console
.It Xo
.Fl -version
.Xc
.It Xo
.Fl -help
.Xc
.It Fl Fl version
.It Fl Fl help
.El
Time arguments for the relevant options above may be specified in forms
like 5 min, 300 s, or simply a number of seconds.

2
lib/krb5/auth_context.c
View File

@@ -262,6 +262,7 @@ krb5_auth_con_getaddrs(krb5_context context,
return 0;
}
/* coverity[+alloc : arg-*2] */
static krb5_error_code
copy_key(krb5_context context,
krb5_keyblock *in,
@@ -289,6 +290,7 @@ krb5_auth_con_getlocalsubkey(krb5_context context,
return copy_key(context, auth_context->local_subkey, keyblock);
}
/* coverity[+alloc : arg-*2] */
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getremotesubkey(krb5_context context,
krb5_auth_context auth_context,

2
lib/krb5/krb5_get_in_cred.3
View File

@@ -169,7 +169,7 @@ but are more specialized.
.Nm krb5_get_in_tkt_with_password
uses the clients password to authenticate.
If the password argument is
.DV NULL
.Dv NULL
the user user queried with the default password query function.
.Pp
.Nm krb5_get_in_tkt_with_keytab

2
lib/krb5/krb5_init_context.3
View File

@@ -219,7 +219,7 @@ error-code handler
to the specified
.Fa context .
The error handler must generated by the the re-rentrant version of the
.Xr compile_et 3
.Xr compile_et 1
program.
.Fn krb5_add_extra_addresses
add a list of addresses that should be added when requesting tickets.

1
lib/krb5/salt.c
View File

@@ -33,6 +33,7 @@
#include "krb5_locl.h"
/* coverity[+alloc : arg-*3] */
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_salttype_to_string (krb5_context context,
krb5_enctype etype,

63
lib/roken/get_window_size.c
View File

@@ -58,32 +58,46 @@
#include "roken.h"
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
get_window_size(int fd, struct winsize *wp)
get_window_size(int fd, int *lines, int *columns)
{
int ret = -1;
memset(wp, 0, sizeof(*wp));
int ret;
char *s;
#if defined(TIOCGWINSZ)
ret = ioctl(fd, TIOCGWINSZ, wp);
{
struct winsize ws;
ret = ioctl(fd, TIOCGWINSZ, &ws);
if (ret != -1) {
if (lines)
*lines = ws.ws_row;
if (columns)
*columns = ws.ws_col;
return 0;
}
}
#elif defined(TIOCGSIZE)
{
struct ttysize ts;
ret = ioctl(fd, TIOCGSIZE, &ts);
if(ret == 0) {
wp->ws_row = ts.ts_lines;
wp->ws_col = ts.ts_cols;
}
if (ret != -1) {
if (lines)
*lines = ts.ws_lines;
if (columns)
*columns = ts.ts_cols;
return 0;
}
}
#elif defined(HAVE__SCRSIZE)
{
int dst[2];
_scrsize(dst);
wp->ws_row = dst[1];
wp->ws_col = dst[0];
ret = 0;
_scrsize(dst);
if (lines)
*lines = dst[1];
if (columns)
*columns = dst[0];
return 0;
}
#elif defined(_WIN32)
{
@@ -100,14 +114,17 @@ get_window_size(int fd, struct winsize *wp)
}
}
#endif
if (ret != 0) {
char *s;
if((s = getenv("COLUMNS")))
wp->ws_col = atoi(s);
if((s = getenv("LINES")))
wp->ws_row = atoi(s);
if(wp->ws_col > 0 && wp->ws_row > 0)
ret = 0;
if (columns) {
if ((s = getenv("COLUMNS")))
*columns = atoi(s);
else
return -1;
}
return ret;
if (lines) {
if ((s = getenv("LINES")))
*lines = atoi(s);
else
return -1;
}
return 0;
}

5
lib/roken/getarg.c
View File

@@ -228,7 +228,6 @@ arg_printusage_i18n (struct getargs *args,
size_t i, max_len = 0;
char buf[128];
int col = 0, columns;
struct winsize ws;
if (progname == NULL)
progname = getprogname();
@@ -240,9 +239,7 @@ arg_printusage_i18n (struct getargs *args,
mandoc_template(args, num_args, progname, extra_string, i18n);
return;
}
if(get_window_size(2, &ws) == 0)
columns = ws.ws_col;
else
if(get_window_size(2, NULL, &columns) == -1)
columns = 80;
col = 0;
col += fprintf (stderr, "%s: %s", usage, progname);

2
lib/roken/roken.h.in
View File

@@ -759,7 +759,7 @@ struct winsize {
};
#endif
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, struct winsize *);
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, int *, int *);
#ifndef HAVE_VSYSLOG
#define vsyslog rk_vsyslog

2
lib/vers/print_version.c
View File

@@ -52,5 +52,7 @@ print_version(const char *progname)
package_list = "no version information";
fprintf(stderr, "%s (%s)\n", progname, package_list);
fprintf(stderr, "Copyright 1995-2011 Kungliga Tekniska Högskolan\n");
#ifdef PACKAGE_BUGREPORT
fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT);
#endif
}