to get the krb5 GSS functions. gssapi/gssapi_krb5.h should be included.
[this is necesary for the next Heimdal upgrade as krb5.h inclusion is no
longer effective.]
revision 1.11
date: 2010/04/02 15:25:04; author: christos; state: Exp;
make it obvious to grep that ctime is being checked.
and
revision 1.10
date: 2010/04/02 15:23:17; author: christos; state: Exp;
handle ctime returning NULL.
revision 1.7
date: 2010/01/24 16:45:57; author: christos; state: Exp;
make the window size function return the lines and columns
variables separately instead of depending on the existance
of struct winsize. Technically I should bump the library
version or version the symbol, but nothing seems to use
this outside the library!
We should review this logic and come up with a better way to do this as
now that there are DNS SRV RRs for locating KDCs, the lack of a config
does not imply that Kerberos should be turned off.
Instead, document saslc_sess_getmech().
* Add FUNCTIONS and describe the functions in a list for readability.
* Sort SYNOPSIS in the order of appearance in FUNCTIONS.
* Split couple of long paragraphs for readability.
* Split the code example into EXAMPLES.
* Add missing prototypes to SYNOPSIS.
* Small markup improvements.
No contextual change.
define to make it more obvious what is the intended action. One more
return value is also added, to fix comparison of security policy
descriptors. Namely, getsp() should not allow wildcard matching (as the
comment says, it does exact matching) - otherwise we get problems when
kernel has generic policy with no ports, and a second similar policy with
ports.
for weak references. GCC 4.2+ and Clang require static, older GCC wants
extern. Change __weak_reference to include sym. This requires changes
the existing users to not reuse the name of the symbol, but avoids
further differences between GCC 4.1 and GCC 4.2+/clang.
SASLC_PROP_SERVICENAME ("SERVICENAME")
to
SASLC_PROP_SERVNAME ("SERVNAME")
Hopefully this will avoid confusion with SASLC_PROP_SERVICE ("SERVICE").
SERVNAME is also closer to the name used in the RFC2831 ("serv-name").
(Discussed with christos@.)
Change the hash parameters to keep that collision-less after the above
name change.
While here, go back to using .Sh in the manpage for unknown section
headers as the PostScript output from .Ss is slightly different.
(Discussed with wiz@.)
1) Fix a memory leak in cipher_context_create().
2) Fix a goof in the construction of the digest-uri.
3) Allow SASLC_PROP_SERVICENAME to be a hostname qualified comma
delimited list of service names to select from and update the manpage
to reflect this.
4) Make libsaslc.3 pass mdoclint(1).
Make this library work.
- several API changes (see the manpage)
- take care to match the spec (hopefully)
- deal with comma delimited lists more systematically
- addition of the DIGEST-MD5 security layer
- syslog messages including debugging messages
- many coding simplifications, changes, rewrites, and additions (i.e.,
stuff I can't recall at the moment)
- rewrite the manpage
The API changes have been heavily influenced by hooking this up to
postfix(1).
The ANONYMOUS, LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, and GSSAPI
authentication mechanisms have been tested and shown to work for
authentication with a postfix(1) server using the cyrus-sasl library.
(A postfix(1) libsaslc(3) client wrapper was used for the testing and
will be committed separately.)
The EXTERNAL authentication mechanism should work (it is pretty
simple), but it has not been tested with any servers.
The security layers of DIGEST-MD5 and GSSAPI have also not been tested
with any servers. Do any SMTP servers really support these security
layers? Postfix with cyrus-sasl does not, either as a client or
server, even though the cyrus-sasl library has support for the layers.
The new DIGEST-MD5 security layer encode/decode routines have been
tested against themselves (not terribly useful), but nothing else. As
they use the openssl EVP_* routines (which aren't well documented) to
do the cryptography, the "auth-conf" layer may or may not actually
match the rfc2831 standard. The "auth-int" layer is much more likely
to be in compliance.
Note: I have left support for a version of AES in the DIGEST-MD5 code
even though it is not part of rfc2831 (May 2000). This flavor of AES
was in a later draft (June 2003) that was included in the cyrus-sasl
distribution, but changed to a different flavor of AES in subsequent
drafts (and DES disappeared). AFAIKT, none of those drafts have been
accepted; the last I could find expired in Sept 2007. rfc2831 is
still listed as standards track. The AES support is very minor (some
table entries and a few lines of code to construct the IV) and I was
asked to leave it for now.
Hopefully there are not too many bugs, memory leaks, or
spelling/grammar errors. My apologies in advance.
BTW, if you would prefer to use cyrus-sasl, install it (e.g., from
pkgsrc), and then rebuild postfix with HAVE_CYRUS_SASL defined.
+ minor changes to free resources in error cases
+ update return values from some functions
+ wrap some long lines
+ more tests
+ add length argument to digest functions
an additional minor fix to make this build, and to libsaslc.3 man
page, by myself.
Fix a flaw in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored session cache
ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one
on subsequent connections. See
http://www.openssl.org/news/secadv_20101202.txt
(CVE-2010-4180)
external/lib/Makefile and crypto/external/lib/Makefile, replacing
them all with SUBDIRs directly from lib/Makefile.
compat/compatsubdirs.mk becomes simpler now, as everything is built
from lib/Makefile, meaning all the libraries will now be built under
compat so update the set lists to account for that.
--numtries=<attempts> option to netpgp(1) to provide the maximum
number of attempts to retrieve the correct passphrase when signing or
decrypting, and use it in libnetpgp(3). The default number of
attempts is 3, and a value of "unlimited" will loop until the correct
passphrase has been entered.
- Put roaming_dummy.c in libssh.a to satisfy linking needs for most programs
other than ssh and sshd. ssh and sshd override the shared library (and static
library) functions by linking in their own copy of the roaming functions.
- Bump libssh major.
- Fix compilation issue in evp hash buffer.
- Updated OpenSSH-HPN to hpn13v10
- Added OpenSSH-LPK patches to retrive pubkey from LDAP
- Replaced arc4random_buf() (which is not available on NetBSD) with arc4random
- Disabled roaming reconnect (otherwise: problem with undef symbols in libssh)
where purge_remote() is called. This fixes also a possible crash from the
same patch since ph1->remote can be NULL (when we are responder and config
is not yet selected).
+ use plain SHA1 for session key s2k negotiation
+ don't warn on some conditions when inflating (reading a compressed file)
since the conditions don't hold for partial block lengths
+ prompt for a passphrase when generating a new key - used in the upcoming
secret-sharing functionality for netpgp
+ add support for partial blocks, defined in rfc 4880, and used fairly
extensively by gnupg where the input size may not be known in advance
(e.g. for encrypted compressed data, as produced by default by gpg -e)
with their header files, it seems - insight from the tor project mailing
list).
And just so that the search engines can find it:
> In file included from ssh2pgp.c:39:
> /usr/include/arpa/inet.h:74: warning: 'struct in_addr' declared inside parameter list
> /usr/include/arpa/inet.h:74: warning: its scope is only this definition or declaration, which is probably not what you want
> /usr/include/arpa/inet.h:75: warning: 'struct in_addr' declared inside parameter list
> *** Error code 1
is fixed by including <netinet/in.h> before <arpa/inet.h> - found after a
long-distance debug session with Anthony Bentley - thanks!
