1233294Sstas2003-12-19 Love H��rnquist ��strand <lha@it.su.se> 2178825Sdfr 3178825Sdfr * lib/krb5/error_string.c: protect error_string with mutex 4178825Sdfr 5178825Sdfr * lib/krb5/context.c: allocate and destroy mutex in krb5_context 6178825Sdfr 7178825Sdfr * lib/krb5/krb5.h (krb5_context_data): add mutex for error_string 8178825Sdfr 9233294Sstas2003-12-18 Love H��rnquist ��strand <lha@it.su.se> 10178825Sdfr 11178825Sdfr * kuser/kinit.c: make -9 work again 12178825Sdfr 13233294Sstas2003-12-17 Love H��rnquist ��strand <lha@it.su.se> 14178825Sdfr 15178825Sdfr * lib/krb5/init_creds_pw.c: try handle ts preauth better, still 16178825Sdfr not good, but at least it work with older heimdal releases that 17178825Sdfr doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was 18178825Sdfr sent 19178825Sdfr 20233294Sstas2003-12-16 Love H��rnquist ��strand <lha@it.su.se> 21178825Sdfr 22178825Sdfr * lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer 23178825Sdfr used 24178825Sdfr 25233294Sstas2003-12-11 Love H��rnquist ��strand <lha@it.su.se> 26178825Sdfr 27178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as 28178825Sdfr parameters, required by CMS 29178825Sdfr 30233294Sstas2003-12-07 Love H��rnquist ��strand <lha@it.su.se> 31178825Sdfr 32178825Sdfr * lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab): 33178825Sdfr avoid memory leak that snuck in when krb5_keytab_key_proc was 34178825Sdfr exported, pointed out by Panases Inc 35178825Sdfr 36178825Sdfr * lib/krb5/keytab_file.c: do locking, found to be a problem for 37178825Sdfr Panasas Inc 38178825Sdfr 39178825Sdfr * lib/krb5/fcache.c: internally export x{,un}lock and thus prefix 40178825Sdfr them with _krb5_ 41178825Sdfr 42178825Sdfr * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use 43178825Sdfr KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded 44178825Sdfr krb-cred 45178825Sdfr 46178825Sdfr * lib/krb5/krb5_auth_context.3: some text about 47178825Sdfr krb5_auth_con_{add,remove}flags 48178825Sdfr 49178825Sdfr * lib/krb5/auth_context.c: add krb5_auth_con_addflags and 50178825Sdfr krb5_auth_con_removeflags 51178825Sdfr 52233294Sstas2003-12-03 Love H��rnquist ��strand <lha@it.su.se> 53178825Sdfr 54178825Sdfr * lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to 55178825Sdfr avoid memory leak 56178825Sdfr 57233294Sstas2003-12-02 Love H��rnquist ��strand <lha@it.su.se> 58178825Sdfr 59178825Sdfr * lib/krb5/crypto.c: require cipher-text to be padded to padsize 60178825Sdfr 61178825Sdfr * lib/krb5/eai_to_heim_errno.c: EAI_ADDRFAMILY and EAI_NODATA is 62178825Sdfr deprecated in RFC3493 63178825Sdfr 64178825Sdfr * lib/krb5/verify_krb5_conf.c (check_host): don't check for 65178825Sdfr EAI_NODATA, because its depricated in RFC3493 Pointed out by 66178825Sdfr Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss 67178825Sdfr 68233294Sstas2003-12-01 Love H��rnquist ��strand <lha@it.su.se> 69178825Sdfr 70178825Sdfr * lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS 71178825Sdfr 72178825Sdfr * lib/krb5/test_crypto.c: add --version,--help 73178825Sdfr 74178825Sdfr * kuser/kinit.c (main): return the return value from simple_execvp 75178825Sdfr 76233294Sstas2003-11-26 Love H��rnquist ��strand <lha@it.su.se> 77178825Sdfr 78178825Sdfr * kuser/kinit.c: don't use PKINIT DH per default since its too 79178825Sdfr slow 80178825Sdfr 81178825Sdfr * lib/krb5/pkinit.c: tweek to make pkinit work with the fact the 82178825Sdfr asn1_compile can't generate code for context tagless optionals 83178825Sdfr 84178825Sdfr * kdc/pkinit.c: add support for KDC side of DH PKINIT 85178825Sdfr 86178825Sdfr * lib/krb5/pkinit.c: clean up error handling, make enc-type work 87178825Sdfr again 88178825Sdfr 89233294Sstas2003-11-25 Love H��rnquist ��strand <lha@it.su.se> 90178825Sdfr 91178825Sdfr * kuser/kinit.c: add flag to make it work with pkinit dh 92178825Sdfr 93178825Sdfr * lib/krb5/pkinit.c: make PKINIT DH support work 94178825Sdfr 95233294Sstas2003-11-24 Love H��rnquist ��strand <lha@it.su.se> 96178825Sdfr 97178825Sdfr * lib/hdb/Makefile.am (LDADD): link with LIB_dlopen 98178825Sdfr 99178825Sdfr * kdc/pkinit.c: clean up 100178825Sdfr 101178825Sdfr * lib/krb5/krb5.h: make pkinit_win2k_compatible into a flag field 102178825Sdfr 103178825Sdfr * lib/krb5/pkinit.c: remove most compile depencies clean up 104178825Sdfr 105178825Sdfr * kdc/pkinit.c: print an error and turn of pkinit if openssl 106178825Sdfr failed to load 107178825Sdfr 108178825Sdfr * kdc/config.c: read pkinit (pki-mumble) configuration options 109178825Sdfr 110178825Sdfr * kdc/kerberos5.c: add pkinit support 111178825Sdfr 112178825Sdfr * kdc/kdc_locl.h: add prototypes for pkinit 113178825Sdfr 114178825Sdfr * kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I 115178825Sdfr removed the dependency on valicert asn1 parser, remove smartcard 116178825Sdfr and globus support (for now). Work to be done on this: DH support, 117178825Sdfr Globus support, Smartcard support, windows support (MS implements 118178825Sdfr -09 of the draft), make it conform to the new draft 119178825Sdfr 120178825Sdfr * lib/krb5/pkinit.c: fix bugs, improve error reporting 121178825Sdfr 122233294Sstas2003-11-23 Love H��rnquist ��strand <lha@it.su.se> 123178825Sdfr 124178825Sdfr * kuser/kinit.c: add some "struct foo;" glue for pkinit 125178825Sdfr structures that isn't used 126178825Sdfr 127178825Sdfr * lib/krb5/pkinit.c: clean up, make remove depenency on openssl's 128178825Sdfr api 129178825Sdfr 130178825Sdfr * lib/krb5/krb5_locl.h: add some glue for pkinit add reference 131178825Sdfr counter to _krb5_get_init_creds_opt_private 132178825Sdfr 133178825Sdfr * lib/krb5/init_creds.c: reference count krb5_get_init_creds_opt 134178825Sdfr private component to avoid copy all the data in it 135178825Sdfr 136178825Sdfr * lib/krb5/crypto.c (AES_string_to_key): fix memory leak 137178825Sdfr 138178825Sdfr * lib/krb5/init_creds_pw.c (init_cred_loop): fix memory leak 139178825Sdfr 140178825Sdfr * lib/krb5/heim_threads.h: include pthread.h in the pthread case 141178825Sdfr 142233294Sstas2003-11-18 Love H��rnquist ��strand <lha@it.su.se> 143178825Sdfr 144178825Sdfr * kpasswd/kpasswdd.c (main): parse kdc.conf 145178825Sdfr From: Jeffrey Hutzelman <jhutz@cmu.edu> 146178825Sdfr 147233294Sstas2003-11-15 Love H��rnquist ��strand <lha@it.su.se> 148178825Sdfr 149178825Sdfr * lib/krb5/Makefile.am (TESTS): add test_crypto 150178825Sdfr 151178825Sdfr * lib/krb5/test_crypto.c: time crypto operations 152178825Sdfr 153233294Sstas2003-11-14 Love H��rnquist ��strand <lha@it.su.se> 154178825Sdfr 155178825Sdfr * doc/init-creds: spelling, Bruno Rohee <bruno@rohee.com> 156178825Sdfr 157233294Sstas2003-11-09 Love H��rnquist ��strand <lha@it.su.se> 158178825Sdfr 159178825Sdfr * lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free 160178825Sdfr the ticket now, rewrite error handling to handle that 161178825Sdfr 162178825Sdfr * kpasswd/kpasswdd.c (process): don't free ticket, 163178825Sdfr krb5_free_ticket does that now 164178825Sdfr 165178825Sdfr * kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket 166178825Sdfr does that now 167178825Sdfr 168178825Sdfr * lib/krb5/ticket.c (krb5_free_ticket): free the ticket itself to 169178825Sdfr match mit behavior, pointed out by Derrick Brashear 170178825Sdfr 171178825Sdfr * lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket 172178825Sdfr 173233294Sstas2003-11-08 Love H��rnquist ��strand <lha@it.su.se> 174178825Sdfr 175178825Sdfr * lib/krb5/padata.c: add krb5_padata_add 176178825Sdfr 177178825Sdfr * lib/krb5/krb5.h: krb5_context_data.pkinit_win2k_compatible 178178825Sdfr 179178825Sdfr * lib/krb5/Makefile.am: add pkinit.c 180178825Sdfr 181178825Sdfr * kuser/kinit.c: add pkinit support 182178825Sdfr 183178825Sdfr * lib/krb5/init_creds_pw.c: add support for pkinit 184178825Sdfr 185178825Sdfr * lib/krb5/krb5_locl.h: add the opaque krb5_pk_init_ctx to 186178825Sdfr _krb5_get_init_creds_opt_private 187178825Sdfr 188178825Sdfr * lib/krb5/pkinit.c: rename krb5_pk_init_openssl_ctx to 189178825Sdfr krb5_pk_init_ctx fix win2k error handling 190178825Sdfr 191178825Sdfr * lib/krb5/pkinit.c: PKINIT patch from Daniel Kouril and Petr 192178825Sdfr Holub, I removed the dependency on valicert asn1 parser, remove 193178825Sdfr smartcard and globus support (for now). Work to be done on this: 194178825Sdfr DH support, Globus support, Smartcard support, windows support (MS 195178825Sdfr implements -09 of the draft), verify that it conforms the new 196178825Sdfr draft 197178825Sdfr 198233294Sstas2003-11-07 Love H��rnquist ��strand <lha@it.su.se> 199178825Sdfr 200178825Sdfr * lib/asn1/der_copy.c (copy_oid): copy all components 201178825Sdfr 202178825Sdfr2003-10-27 Johan Danielsson <joda@pdc.kth.se> 203178825Sdfr 204178825Sdfr * lib/krb5/krb5.conf.5: document capaths section 205178825Sdfr 206178825Sdfr2003-10-22 Johan Danielsson <joda@pdc.kth.se> 207178825Sdfr 208178825Sdfr * kdc/kerberos5.c: make sure that the server realm and the krbtgt 209178825Sdfr second component are identical; get rpath from the capaths section 210178825Sdfr 211178825Sdfr * kdc/kerberos5.c: change logic for when to check transited policy 212178825Sdfr to a tri-state model involving per principal flags (to be 213178825Sdfr implemented) 214178825Sdfr 215178825Sdfr * kdc/kdc_locl.h: change enforce_transited_policy to a tri-state 216178825Sdfr variable 217178825Sdfr 218178825Sdfr * kdc/config.c: change enforce_transited_policy to a tri-state 219178825Sdfr variable 220178825Sdfr 221233294Sstas2003-10-22 Love H��rnquist ��strand <lha@it.su.se> 222178825Sdfr 223178825Sdfr * lib/krb5/transited.c (krb5_domain_x500_encode): always zero out 224178825Sdfr encoding to make sure it have a defined value on failure 225178825Sdfr 226178825Sdfr * lib/krb5/transited.c (krb5_domain_x500_encode): 227178825Sdfr if num_realms ==0, set encoding and return (avoids malloc(0)), 228178825Sdfr check return value for malloc 229178825Sdfr 230178825Sdfr2003-10-21 Johan Danielsson <joda@pdc.kth.se> 231178825Sdfr 232178825Sdfr * kdc/kerberos5.c (fix_transited_encoding): always print 233178825Sdfr cross-realm information 234178825Sdfr 235233294Sstas2003-10-21 Love H��rnquist ��strand <lha@it.su.se> 236178825Sdfr 237178825Sdfr * doc/setup.texi: spelling, From: Tracy Di Marco White 238178825Sdfr 239178825Sdfr * kdc/kerberos5.c (fix_transited_encoding): set transited type 240178825Sdfr 241178825Sdfr2003-10-21 Johan Danielsson <joda@pdc.kth.se> 242178825Sdfr 243178825Sdfr * kdc/kdc.8: document enforce-transited-policy 244178825Sdfr 245178825Sdfr * kdc/kerberos5.c: always check transited policy if flag set 246178825Sdfr either globally or on principal 247178825Sdfr 248178825Sdfr * kdc/config.c: add flag to always check transited policy 249178825Sdfr 250178825Sdfr * lib/hdb/hdb.asn1: add flag to enforce transited policy 251178825Sdfr 252233294Sstas2003-10-21 Love H��rnquist ��strand <lha@it.su.se> 253178825Sdfr 254178825Sdfr * lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms 255178825Sdfr to zero not num_realms 256178825Sdfr 257178825Sdfr * kuser/kgetcred.1: add --no-transit-check 258178825Sdfr 259178825Sdfr * kuser/kgetcred.c: add --no-transit-check 260178825Sdfr 261178825Sdfr * doc/setup.texi: describe Transit policy 262178825Sdfr 263178825Sdfr2003-10-20 Johan Danielsson <joda@pdc.kth.se> 264178825Sdfr 265178825Sdfr * kdc/kerberos5.c (fix_transited_encoding): also verify with 266178825Sdfr policy, unless asked not to 267178825Sdfr 268178825Sdfr * lib/krb5/rd_req.c (krb5_decrypt_ticket): try to verify transited 269178825Sdfr realms, unless the transited-policy-checked flag is set 270178825Sdfr 271178825Sdfr * lib/krb5/transited.c (krb5_domain_x500_decode): handle zero 272178825Sdfr length tr data; 273178825Sdfr (krb5_check_transited): new function that does more useful stuff 274178825Sdfr 275178825Sdfr * lib/krb5/get_cred.c: get capath info from [capaths] section 276178825Sdfr 277178825Sdfr2003-10-16 Johan Danielsson <joda@pdc.kth.se> 278178825Sdfr 279178825Sdfr * lib/krb5/fcache.c: Sleep forever waiting for lock. Previous 280178825Sdfr method doesn't work well with a large number of clients accessing 281178825Sdfr the cache at the same time, and there is no simple way to add a 282178825Sdfr timeout to the lock. 283178825Sdfr 284233294Sstas2003-10-13 Love H��rnquist ��strand <lha@it.su.se> 285178825Sdfr 286178825Sdfr * lib/krb5/verify_krb5_conf.c: print the error value 287178825Sdfr krb5_init_context failed with 288178825Sdfr 289178825Sdfr * lib/krb5/config_file.c (krb5_config_parse_file_debug): punt if 290178825Sdfr there is binding before a section declaration. Bug found by 291178825Sdfr Arkadiusz Miskiewicz <arekm@pld-linux.org> 292178825Sdfr 293178825Sdfr2003-10-13 Johan Danielsson <joda@pdc.kth.se> 294178825Sdfr 295178825Sdfr * lib/krb5/fcache.c (erase_file): revert a change in previous; if 296178825Sdfr the ccache is a symlink, kdestroy should remove it 297178825Sdfr 298178825Sdfr * lib/krb5/fcache.c: implement locking 299178825Sdfr 300178825Sdfr2003-10-12 Johan Danielsson <joda@pdc.kth.se> 301178825Sdfr 302178825Sdfr * kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred 303178825Sdfr returns error other than KRB5_CC_END 304178825Sdfr 305233294Sstas2003-10-07 Love H��rnquist ��strand <lha@it.su.se> 306178825Sdfr 307178825Sdfr * lib/krb5/init_creds_pw.c: add some help function that is common 308178825Sdfr between ENC_TS and SAM2, free the etype{,2}-infos on failure, move 309178825Sdfr the pa counter into krb5_get_init_creds_ctx 310178825Sdfr 311233294Sstas2003-10-06 Love H��rnquist ��strand <lha@it.su.se> 312178825Sdfr 313178825Sdfr * kdc/kaserver.c (do_getticket): if times data is shorter then 8 314178825Sdfr byte, request is malformed. 315178825Sdfr 316178825Sdfr * kdc/kaserver.c (do_authenticate): if request length is less then 317178825Sdfr 8 byte, its a bad request and fail. Pointed out by Marco Foglia 318178825Sdfr <marco@foglia.org> 319178825Sdfr 320178825Sdfr * lib/krb5/verify_krb5_conf.c: add flag --warn-mit-syntax that 321178825Sdfr warns for mit syntax is used and just ignore the mit syntax when 322178825Sdfr its used 323178825Sdfr 324178825Sdfr * lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi] 325178825Sdfr 326233294Sstas2003-10-04 Love H��rnquist ��strand <lha@it.su.se> 327178825Sdfr 328178825Sdfr * lib/asn1/lex.l: add BOOLEAN 329178825Sdfr 330178825Sdfr * lib/asn1/parse.y: add BOOLEAN 331178825Sdfr 332233294Sstas2003-10-03 Love H��rnquist ��strand <lha@it.su.se> 333178825Sdfr 334178825Sdfr * kuser/kinit.c: When running kinit in "fork mode" do pagsh 335178825Sdfr independent of krb4, also always do krb4 setup of cc. Always try 336178825Sdfr to destroy the v4 cc. 337178825Sdfr - add boolean --{,no-}request-pac that will request pac or not 338178825Sdfr 339178825Sdfr * kuser/klist.c (check_for_tgt): set client as part of the 340178825Sdfr pattern/match cred 341178825Sdfr 342178825Sdfr * lib/krb5/convert_creds.c (_krb5_krb_dest_tkt): unlink v4 token 343178825Sdfr (get_krb4_cc_name): move out from _krb5_krb_tf_setup 344178825Sdfr (_krb5_krb_tf_setup): adapt to allocated filename instead of 345178825Sdfr static filename 346178825Sdfr 347178825Sdfr * lib/krb5/krb5-v4compat.h: add _krb5_krb_dest_tkt and TKT_ROOT 348178825Sdfr 349178825Sdfr * lib/krb5/init_creds_pw.c (*) send PA_PAC_REQUEST when the user 350178825Sdfr have requested either use PAC or not use PAC, if the option not 351178825Sdfr set from the user, leave it up to the kdc to decide. 352178825Sdfr (init_creds_loop): clear error string on success 353178825Sdfr 354178825Sdfr * lib/krb5/init_creds.c: add 355178825Sdfr krb5_get_init_creds_opt_set_paq_request break out common part of 356178825Sdfr extended opt functions to require_ext_opt 357178825Sdfr 358178825Sdfr * lib/krb5/krb5_locl.h: add enum krb5_get_init_creds_req_pac and 359178825Sdfr use it in struct _krb5_get_init_creds_opt_private 360178825Sdfr 361178825Sdfr * tools/kdc-log-analyze.pl: handle some more failure lines 362178825Sdfr 363178825Sdfr * doc/programming.texi: some diffrences between Heimdal and MIT 364178825Sdfr Kerberos in the API 365178825Sdfr 366178825Sdfr * doc/setup.texi: add Setting up DNS 367178825Sdfr 368178825Sdfr * lib/krb5/rd_req.c (krb5_rd_req): always free keyblock since its 369178825Sdfr alway used 370178825Sdfr 371178825Sdfr * lib/asn1/Makefile.am: add SAM types and PAC_REQUEST 372178825Sdfr 373178825Sdfr * lib/asn1/k5.asn1: add more preauth types, add PA-PAC-REQUEST 374178825Sdfr 375178825Sdfr * lib/asn1: add boolean support 376178825Sdfr 377233294Sstas2003-10-02 Love H��rnquist ��strand <lha@it.su.se> 378178825Sdfr 379178825Sdfr * lib/krb5/changepw.c (setpw_send_request): free ap_req_data on 380178825Sdfr failure 381178825Sdfr 382233294Sstas2003-09-30 Love H��rnquist ��strand <lha@it.su.se> 383178825Sdfr 384178825Sdfr * appl/test/http_client.c (do_connect): use ai_protocol 0 385178825Sdfr 386178825Sdfr * lib/krb5/init_creds_pw.c (init_cred_loop): handle 387178825Sdfr KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again, this time requesting 388178825Sdfr LARGE_MSG from send to kdc, and if this is the second time bail 389178825Sdfr out; try to free memory 390178825Sdfr 391178825Sdfr * lib/krb5/send_to_kdc.c (krb5_sendto_kdc_flags): new function, 392178825Sdfr and then implement the order krb5_sendto_kdc* function with this 393178825Sdfr function. 394178825Sdfr 395178825Sdfr * lib/krb5/krbhst.c (krb5_krbhst_init_flags): new function, use it 396178825Sdfr and adapt callers 397178825Sdfr (krbhst_get_default_proto): new function, returns udp, or in case 398178825Sdfr large_msg was requested for the krb5_krbhst_data, use tcp. 399178825Sdfr (*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid 400178825Sdfr using udp, use krbhst_get_default_proto 401178825Sdfr 402178825Sdfr * lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and 403178825Sdfr krb5_send_to_kdc_flags) 404178825Sdfr 405233294Sstas2003-09-23 Love H��rnquist ��strand <lha@it.su.se> 406178825Sdfr 407178825Sdfr * lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth 408178825Sdfr context, use that 409178825Sdfr 410178825Sdfr * appl/test/uu_client.c: print authorization data if there are any 411178825Sdfr 412178825Sdfr * lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String 413178825Sdfr 414233294Sstas2003-09-21 Love H��rnquist ��strand <lha@it.su.se> 415178825Sdfr 416178825Sdfr * lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy 417178825Sdfr * lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy 418178825Sdfr 419178825Sdfr * lib/hdb/Makefile.am: libhdb might depend on LIB_dlopen 420178825Sdfr 421178825Sdfr * kuser/kinit.c: don't get v4 tickets by default 422178825Sdfr 423233294Sstas2003-09-20 Love H��rnquist ��strand <lha@it.su.se> 424178825Sdfr 425178825Sdfr * kpasswd/kpasswdd.c (process): remove a abort() 426178825Sdfr 427178825Sdfr * doc/win2k.texi: add some text about netdom.exe and trusts 428178825Sdfr 429178825Sdfr * TODO-1.0: gssapi rc4 done 430178825Sdfr 431178825Sdfr * kpasswd/kpasswdd.c: add support for Set password protocol as 432178825Sdfr defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change 433178825Sdfr Password and Set Password Protocols 434178825Sdfr 435233294Sstas2003-09-19 Love H��rnquist ��strand <lha@it.su.se> 436178825Sdfr 437178825Sdfr * lib/hdb/db3.c: improve readability of ->open ifdef, check if 438178825Sdfr version >= 4.1 439178825Sdfr 440178825Sdfr * lib/krb5/init_creds.c (krb5_get_init_creds_opt_copy): add 441178825Sdfr 442178825Sdfr * lib/krb5/rd_req.c (krb5_rd_req): allow caller to pass in a key 443178825Sdfr in the auth_context, they way processes that doesn't use the 444178825Sdfr keytab can still pass in the key of the service (matches behavior 445178825Sdfr of MIT Kerberos). 446178825Sdfr 447233294Sstas2003-09-18 Love H��rnquist ��strand <lha@it.su.se> 448178825Sdfr 449178825Sdfr * lib/krb5/init_creds_pw.c: collect all init_creds context into a 450178825Sdfr structure so it can easier be passed around, also, while here, 451178825Sdfr change nonce for every request 452178825Sdfr 453178825Sdfr * lib/krb5/get_in_tkt.c (init_as_req): don't realloc data before 454178825Sdfr the loop, add_padata() will handle that itself 455178825Sdfr 456178825Sdfr * lib/krb5/get_for_creds.c (add_addrs): don't increase addr->len 457178825Sdfr until in contains interesting data, use right iteration counter 458178825Sdfr when clearing the addresses 459178825Sdfr 460178825Sdfr * lib/krb5/log.c (log_realloc): increase len after realloc returns 461178825Sdfr sucessfully 462178825Sdfr 463233294Sstas2003-09-12 Love H��rnquist ��strand <lha@it.su.se> 464178825Sdfr 465178825Sdfr * lib/krb5/config_file.c: fix prototypes 466178825Sdfr From: Fredrik Ljungberg <flag@pobox.se> 467178825Sdfr 468233294Sstas2003-09-10 Love H��rnquist ��strand <lha@it.su.se> 469178825Sdfr 470178825Sdfr * appl/test/http_client.c: close socket when we are done, don't 471178825Sdfr allow the server to restart gssapi negotiation 472178825Sdfr 473178825Sdfr * lib/hdb/hdb_locl.h: include <limits.h> for ULONG_MAX noted by 474178825Sdfr Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss 475178825Sdfr 476178825Sdfr * appl/test/gssapi_client.c (proto): use select_mech 477178825Sdfr 478178825Sdfr * appl/test/http_client.c: use getarg 479178825Sdfr 480178825Sdfr * appl/test/gss_common.h: prototype for select_mech 481178825Sdfr 482178825Sdfr * appl/test/gss_common.c (select_mech): return the gss_OID from a 483178825Sdfr mech name 484178825Sdfr 485178825Sdfr * appl/test/http_client.c: print both source and target 486178825Sdfr 487178825Sdfr * appl/test/Makefile.am: build http_client 488178825Sdfr 489233294Sstas2003-09-09 Love H��rnquist ��strand <lha@it.su.se> 490178825Sdfr 491178825Sdfr * lib/asn1/asn1_print.c: add support for printing Enumerated 492178825Sdfr 493178825Sdfr * appl/test/gssapi_client.c: allow user to select mech; krb5, 494178825Sdfr spnego, and no-oid 495178825Sdfr 496178825Sdfr * appl/test/test_locl.h: add mech 497178825Sdfr 498178825Sdfr * appl/test/common.c: add --mech,-m argument 499178825Sdfr 500178825Sdfr * appl/test/gssapi_server.c: print the mech that was used 501178825Sdfr 502178825Sdfr * kdc/kerberos5.c (only_older_enctype_p): check request if the 503178825Sdfr client only supports old enctypes, before it used the database 504178825Sdfr 505233294Sstas2003-09-08 Love H��rnquist ��strand <lha@it.su.se> 506178825Sdfr 507178825Sdfr * **/*.c: add context argument to krb5_get_init_creds_opt_alloc 508178825Sdfr 509178825Sdfr * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): add 510178825Sdfr context argument 511178825Sdfr 512178825Sdfr * lib/krb5/krb5_get_init_creds.3: spelling 513178825Sdfr 514233294Sstas2003-09-04 Love H��rnquist ��strand <lha@it.su.se> 515178825Sdfr 516178825Sdfr * lib/krb5/context.c (add_file): make len argument an pointer to 517178825Sdfr an integer 518178825Sdfr 519178825Sdfr * lib/asn1/k5.asn1: add SAM types 520178825Sdfr 521178825Sdfr * lib/krb5/init_creds_pw.c: break out the encrypt timestamp 522178825Sdfr preauth to its function break out the pa_data_to_key_plain to its 523178825Sdfr own function make more variables const 524178825Sdfr 525178825Sdfr2003-09-04 Johan Danielsson <joda@pdc.kth.se> 526178825Sdfr 527178825Sdfr * lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt} 528178825Sdfr 529233294Sstas2003-09-03 Love H��rnquist ��strand <lha@it.su.se> 530178825Sdfr 531178825Sdfr * lib/krb5/krb5.h: Add key usage for encryption of the 532178825Sdfr SAM-NONCE-OR-SAD field. 533178825Sdfr 534178825Sdfr * include/make_crypto.c: include <openssl/ui.h> in the openssl 535178825Sdfr case 536178825Sdfr 537178825Sdfr * kdc/hprop.h: use new DES_ api 538178825Sdfr 539178825Sdfr * lib/krb5/krb5-v4compat.h: assume session key is a char array of 540178825Sdfr length 8 541178825Sdfr 542178825Sdfr * lib/krb5/prompter_posix.c: 543178825Sdfr s/des_read_pw_string/UI_UTIL_read_pw_string/ 544178825Sdfr 545178825Sdfr * kuser/kinit.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ 546178825Sdfr 547178825Sdfr * kdc/string2key.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ 548178825Sdfr 549178825Sdfr * kdc/kstash.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ 550178825Sdfr 551178825Sdfr * admin/add.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ 552178825Sdfr 553178825Sdfr * lib/krb5/crypto.c: switch from the des_ to the DES_ api 554178825Sdfr 555178825Sdfr * kdc/hprop.c: use DES_KEY_SZ instead of sizeof(des_block) 556178825Sdfr 557178825Sdfr * kuser/kverify.c: use 558178825Sdfr krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free 559178825Sdfr 560178825Sdfr * kpasswd/kpasswd-generator.c: use 561178825Sdfr krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free 562178825Sdfr 563178825Sdfr * kdc/hprop.c: use 564178825Sdfr krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free compare 565178825Sdfr a uint32_t with 0xffffffff instead of -1 566178825Sdfr 567178825Sdfr * lib/krb5/krb5_425_conv_principal.3: fix [Gt] 568178825Sdfr 569178825Sdfr * kuser/kinit.c: use 570178825Sdfr krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free 571178825Sdfr 572178825Sdfr * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): handle 573178825Sdfr password passed in though context 574178825Sdfr 575178825Sdfr * lib/krb5/Makefile.am (TESTS): += test_config 576178825Sdfr 577178825Sdfr * lib/krb5/aes-test.c: move variable thats used within a #ifdef to 578178825Sdfr be defined within that #ifdef 579178825Sdfr 580178825Sdfr * lib/krb5/data.c (krb5_data_free): reset whole krb5_data when 581178825Sdfr freeing it 582178825Sdfr 583178825Sdfr * lib/krb5/keyblock.c (krb5_keyblock_zero): new function, zeros 584178825Sdfr out a keyblock 585178825Sdfr 586178825Sdfr * lib/krb5/init_creds_pw.c: rewrite/implement 587178825Sdfr krb5_get_init_creds_password with new preauth handing, still it 588178825Sdfr can only work with krb5-pa-enc-timestamp for preauth, but now it 589178825Sdfr can handle etype-info2 590178825Sdfr 591178825Sdfr * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): allocate 592178825Sdfr a opt structure 593178825Sdfr (krb5_get_init_creds_opt_free): free a opt structure 594178825Sdfr (krb5_get_init_creds_opt_set_pa_password): set preauth info for 595178825Sdfr enc-timestamp 596178825Sdfr 597178825Sdfr * lib/krb5/krb5_locl.h: add struct 598178825Sdfr _krb5_get_init_creds_opt_private 599178825Sdfr 600233294Sstas2003-09-02 Love H��rnquist ��strand <lha@it.su.se> 601178825Sdfr 602178825Sdfr * lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef, 603178825Sdfr add a pointer to a private part of krb5_get_init_creds_opt 604178825Sdfr 605178825Sdfr * kdc/string2key.c (main): avoid const warning by using a extra 606178825Sdfr variable 607178825Sdfr 608233294Sstas2003-08-31 Love H��rnquist ��strand <lha@it.su.se> 609178825Sdfr 610178825Sdfr * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): 611178825Sdfr reindent 612178825Sdfr 613178825Sdfr * lib/krb5/ticket.c (krb5_copy_ticket): free all data when 614178825Sdfr failing, copy data to right memory, the later pointed out by Luke 615178825Sdfr Howard. 616178825Sdfr 617233294Sstas2003-08-30 Love H��rnquist ��strand <lha@it.su.se> 618178825Sdfr 619178825Sdfr * lib/krb5/krb5.h: cfx-01 use diffrent usage numbers 620178825Sdfr 621233294Sstas2003-08-29 Love H��rnquist ��strand <lha@it.su.se> 622178825Sdfr 623178825Sdfr * lib/hdb/db3.c: try to include more db headers 624178825Sdfr 625178825Sdfr * lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss 626178825Sdfr From: Luke Howard <lukeh@PADL.COM> 627178825Sdfr 628233294Sstas2003-08-28 Love H��rnquist ��strand <lha@it.su.se> 629178825Sdfr 630178825Sdfr * lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56 631178825Sdfr 632178825Sdfr * appl/test/gssapi_client.c: send both INT and CONF wrapped token 633178825Sdfr 634178825Sdfr * appl/test/gssapi_server.c: recv both INT and CONF wrapped token 635178825Sdfr 636178825Sdfr * lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE 637178825Sdfr 638233294Sstas2003-08-27 Love H��rnquist ��strand <lha@it.su.se> 639178825Sdfr 640178825Sdfr * appl/test/uu_client.c (proto): fill in client in the match cred 641178825Sdfr 642233294Sstas2003-08-26 Love H��rnquist ��strand <lha@it.su.se> 643178825Sdfr 644178825Sdfr * lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers 645178825Sdfr 646178825Sdfr * lib/krb5/crypto.c (usage2arcfour): simplify, only include 647178825Sdfr special cases From: Luke Howard <lukeh@PADL.COM> 648178825Sdfr 649233294Sstas2003-08-25 Love H��rnquist ��strand <lha@it.su.se> 650178825Sdfr 651178825Sdfr * lib/hdb/hdb-ldap.c: code rewrite from Luke Howard 652178825Sdfr <lukeh@PADL.COM> 653178825Sdfr 654178825Sdfr * lib/krb5/crypto.c (arcfour_checksum_p): return true when is 655178825Sdfr arcfour, not when its not pointed out by Luke Howard 656178825Sdfr 657178825Sdfr * doc/ack.texi: update Luke Howard email address 658178825Sdfr 659233294Sstas2003-08-24 Love H��rnquist ��strand <lha@it.su.se> 660178825Sdfr 661178825Sdfr * lib/krb5/krb5_encrypt.3: document: 662178825Sdfr krb5_crypto_getconfoundersize, krb5_crypto_getblocksize 663178825Sdfr krb5_crypto_getenctype, krb5_crypto_getpadsize 664178825Sdfr 665178825Sdfr * lib/krb5/crypto.c (krb5_crypto_getpadsize, 666178825Sdfr krb5_crypto_getconfoundersize): added From: Luke Howard 667178825Sdfr <lukeh@PADL.COM> 668178825Sdfr 669233294Sstas2003-08-23 Love H��rnquist ��strand <lha@it.su.se> 670178825Sdfr 671178825Sdfr * kdc/connect.c (handle_tcp): handle recvfrom returning 0 672178825Sdfr (connection closed) 673178825Sdfr 674178825Sdfr * kdc/connect.c (grow_descr): increment the size after we succeed 675178825Sdfr to allocate the space 676178825Sdfr 677178825Sdfr * lib/krb5/krb5_create_checksum.3: text about when 678178825Sdfr krb5_crypto_get_checksum_type is useful 679178825Sdfr 680178825Sdfr * lib/krb5/crypto.c (krb5_crypto_get_checksum_type): fix format 681178825Sdfr string 682178825Sdfr 683178825Sdfr * lib/krb5/krb5_create_checksum.3: document 684178825Sdfr krb5_crypto_get_checksum_type 685178825Sdfr 686178825Sdfr * lib/krb5/crypto.c: add krb5_crypto_get_checksum_type 687178825Sdfr From: Luke Howard <lukeh@PADL.COM> 688178825Sdfr 689178825Sdfr * lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code 690178825Sdfr From: Luke Howard <lukeh@PADL.COM> 691178825Sdfr 692233294Sstas2003-08-21 Love H��rnquist ��strand <lha@it.su.se> 693178825Sdfr 694178825Sdfr * include/make_crypto.c: include aes.h inc in the local libdes 695178825Sdfr case too 696178825Sdfr 697178825Sdfr2003-08-20 Johan Danielsson <joda@pdc.kth.se> 698178825Sdfr 699178825Sdfr * lib/asn1/der_free.c: set free'd poiners to NULL 700178825Sdfr 701178825Sdfr * lib/asn1/gen_free.c: set free'd poiners to NULL 702178825Sdfr 703233294Sstas2003-08-20 Love H��rnquist ��strand <lha@it.su.se> 704178825Sdfr 705178825Sdfr * lib/krb5/heim_threads.h: XXX don't use "plain" pthread support 706178825Sdfr on netbsd 707178825Sdfr 708178825Sdfr * lib/krb5/crypto.c: Do the arcfour checksum mapping for 709178825Sdfr krb5_create_checksum and krb5_verify_checksum, From: Luke Howard 710178825Sdfr <lukeh@PADL.COM> 711178825Sdfr 712233294Sstas2003-08-18 Love H��rnquist ��strand <lha@it.su.se> 713178825Sdfr 714178825Sdfr * lib/krb5/test_config.c: check krb5_prepend_config_files_default 715178825Sdfr and krb5_prepend_config_files 716178825Sdfr 717178825Sdfr * lib/krb5/context.c: add krb5_prepend_config_files and 718178825Sdfr krb5_prepend_config_files_default 719178825Sdfr 720233294Sstas2003-08-17 Love H��rnquist ��strand <lha@it.su.se> 721178825Sdfr 722178825Sdfr * lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t 723178825Sdfr as argument 724178825Sdfr 725178825Sdfr * lib/krb5/parse-name-test.c: please lint (and me) 726178825Sdfr 727178825Sdfr * kdc/config.c (configure): remove only set variable 'e' 728178825Sdfr 729178825Sdfr * kdc/connect.c (init_socket): sockaddr size argument to 730178825Sdfr krb5_addr2sockaddr is a krb5_addr2sockaddr * 731178825Sdfr 732178825Sdfr * kdc/kerberos5.c (as_rep): remove usused variable 733178825Sdfr (tgs_rep2): don't use a temporary ret-variable, ret is reset later 734178825Sdfr 735178825Sdfr * lib/krb5/krb5_get_in_cred.3: these function will be deprecated 736178825Sdfr 737178825Sdfr * lib/krb5/Makefile.am: man_MANS += krb5_get_init_creds.3 738178825Sdfr 739178825Sdfr * lib/krb5/krb5_get_init_creds.3: begining of documentation of 740178825Sdfr krb5_get_init_creds 741178825Sdfr 742178825Sdfr * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): for compatibility with 743178825Sdfr with the mit implemtation, don't free `creds' argument when done, 744178825Sdfr its up the the caller to do that, also allow a NULL ccache. 745178825Sdfr 746233294Sstas2003-08-16 Love H��rnquist ��strand <lha@it.su.se> 747178825Sdfr 748178825Sdfr * lib/krb5/krb5.conf.5: document tgs_require_subkey 749178825Sdfr 750178825Sdfr * lib/asn1/Makefile.am: remove trance of generate tests files, its 751178825Sdfr not really for consumption yet 752178825Sdfr 753178825Sdfr * lib/hdb/Makefile.am: split generated source from non generated 754178825Sdfr source we make-proto.pl can generate prototypes for non 755178825Sdfr generate-source only (make-proto.pl dies on asn1compile's .c 756178825Sdfr files) 757178825Sdfr 758178825Sdfr * lib/krb5/get_cred.c (init_tgs_req): make generation of subkey 759178825Sdfr optional on configuration parameter 760178825Sdfr [realms]realm={tgs_require_subkey=bool} 761178825Sdfr defaults to off. The RFC1510 weakly defines the correct behavior, 762178825Sdfr so old DCE secd apparently required the subkey to be there, and MS 763178825Sdfr will use it when its there. But the request isn't encrypted in the 764178825Sdfr subkey, so you get to choose if you want to talk to a MS mdc or a 765178825Sdfr old DCE secd. 766178825Sdfr 767178825Sdfr * kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero 768178825Sdfr 769233294Sstas2003-08-15 Love H��rnquist ��strand <lha@it.su.se> 770178825Sdfr 771178825Sdfr * lib/krb5/principal.c (unparse_name): len can't be zero, so, 772178825Sdfr don't check for that 773178825Sdfr 774233294Sstas2003-08-13 Love H��rnquist ��strand <lha@it.su.se> 775178825Sdfr 776178825Sdfr * lib/krb5/principal.c (unparse_name): make sure there are space 777178825Sdfr for a NUL, set *name to NULL when there is a failure (so caller 778178825Sdfr can't get hold of a freed pointer) 779178825Sdfr 780233294Sstas2003-07-26 Love H��rnquist ��strand <lha@it.su.se> 781178825Sdfr 782178825Sdfr * lib/krb5/kerberos.8: remove duplicate manual, from 783178825Sdfr cjep@netbsd.org 784178825Sdfr 785233294Sstas2003-07-25 Love H��rnquist ��strand <lha@it.su.se> 786178825Sdfr 787178825Sdfr * lib/krb5/cache.c: indent 788178825Sdfr 789178825Sdfr * lib/krb5/cache.c (krb5_cc_set_default_name): only read 790178825Sdfr KRB5CCNAME when not suid 791178825Sdfr 792233294Sstas2003-07-24 Love H��rnquist ��strand <lha@it.su.se> 793178825Sdfr 794178825Sdfr * lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes, 795178825Sdfr use a char array instead of des_cblock 796178825Sdfr 797233294Sstas2003-07-23 Love H��rnquist ��strand <lha@it.su.se> 798178825Sdfr 799178825Sdfr * kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2 800178825Sdfr 801178825Sdfr * lib/krb5/crypto.c (hmac): make it return an error when out of 802178825Sdfr memory, update callsites to either return error or use krb5_abortx 803178825Sdfr (krb5_hmac): expose hmac 804178825Sdfr 805233294Sstas2003-07-22 Love H��rnquist ��strand <lha@it.su.se> 806178825Sdfr 807178825Sdfr * lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype 808178825Sdfr of keyblock 809178825Sdfr 810178825Sdfr * lib/krb5/Makefile.am (man_MANS): += krb5_keyblock.3 811178825Sdfr 812178825Sdfr * lib/krb5/krb5_keyblock.3: some information about krb5_keyblock 813178825Sdfr and related functions 814178825Sdfr 815178825Sdfr * lib/krb5/heim_threads.h: make the non-debug version of the mutex 816178825Sdfr macros "use" the "mutex" integer so the compile wont complain 817178825Sdfr about defined unused variables 818178825Sdfr 819178825Sdfr * lib/krb5/heim_threads.h: make thread local storage macros take a 820178825Sdfr "return" argument so no functions need to be created for the 821178825Sdfr no-pthread case 822178825Sdfr 823178825Sdfr * lib/krb5/heim_threads.h: adding RWLOCKS and [sg]etspecific 824178825Sdfr 825178825Sdfr * configure.in: use KRB_PTHREADS 826178825Sdfr 827178825Sdfr * lib/asn1/Makefile.am (gen_files): add asn1_KerberosString and 828178825Sdfr sort 829178825Sdfr 830178825Sdfr * lib/asn1/k5.asn1 (ETYPE-INFO2-ENTRY): salt is a KerberosString 831178825Sdfr 832178825Sdfr * lib/krb5/krb5.3: add ticket access functions 833178825Sdfr * lib/krb5/krb5_ticket.3: ditto 834178825Sdfr * lib/krb5/ticket.c: ditto 835178825Sdfr * lib/krb5/Makefile.am: ditto 836178825Sdfr 837178825Sdfr * lib/krb5/mit_glue.c: add some more krb5_c functions 838178825Sdfr 839178825Sdfr * lib/krb5/krb5_c_make_checksum.3: add some more krb5_c functions 840178825Sdfr 841178825Sdfr * lib/krb5/crypto.c (krb5_cksumtype_valid): check is checksum type 842178825Sdfr is a valid one 843178825Sdfr 844178825Sdfr * lib/krb5/crypto.c (krb5_checksum_is_keyed): only set extented 845178825Sdfr error string when there is a context 846178825Sdfr (krb5_checksum_is_collision_proof): ditto 847178825Sdfr 848233294Sstas2003-07-21 Love H��rnquist ��strand <lha@it.su.se> 849178825Sdfr 850178825Sdfr * lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data 851178825Sdfr argument optional 852178825Sdfr (krb5_c_{encrypt,decrypt}): return "better" error codes for 853178825Sdfr invalid ivec length 854178825Sdfr 855178825Sdfr * lib/krb5/krb5_c_make_checksum.3: update krb5_c_get_checksum 856178825Sdfr usage 857178825Sdfr 858178825Sdfr * lib/krb5/crypto.c (krb5_crypto_getenctype): new function 859178825Sdfr 860178825Sdfr * include/make_crypto.c: avoid redefining 861178825Sdfr OPENSSL_DES_LIBDES_COMPATIBILITY 862178825Sdfr 863178825Sdfr * lib/krb5/krb5.h: add krb5_enc_data 864178825Sdfr 865233294Sstas2003-07-19 Love H��rnquist ��strand <lha@it.su.se> 866178825Sdfr 867178825Sdfr * lib/krb5/krb5.3: add krb5_c_ functions 868178825Sdfr 869178825Sdfr * lib/krb5/mit_glue.c: support passing in NULL as the 870178825Sdfr cipher_state/ivec 871178825Sdfr 872178825Sdfr * lib/krb5/aes-test.c: add test for krb5_c_encrypt_length and 873178825Sdfr krb5_c_decrypt 874178825Sdfr 875178825Sdfr * lib/krb5/krb5_c_make_checksum.3: krb5_c encryption glue 876178825Sdfr 877178825Sdfr * lib/krb5/crypto.c (wrapped_length/wrapped_length_derived): when 878178825Sdfr calculating the length of the encrypted data, use the keyed 879178825Sdfr checksum length if the enctype supports a keyed checksum. This 880178825Sdfr only matter for aes, for all other enctypes the key and unkeyed 881178825Sdfr checksum have the same length. 882178825Sdfr 883233294Sstas2003-07-18 Love H��rnquist ��strand <lha@it.su.se> 884178825Sdfr 885178825Sdfr * lib/krb5/mit_glue.c: first version of krb5_c encryption glue 886178825Sdfr 887178825Sdfr * doc/install.texi: update pointer to luke ldap documentation 888178825Sdfr 889178825Sdfr * lib/hdb/hdb.c (hdb_create): check for dynamic backend after 890178825Sdfr static to avoid warning from dynamic backend when using a known 891178825Sdfr static backend 892178825Sdfr 893233294Sstas2003-07-16 Love H��rnquist ��strand <lha@it.su.se> 894178825Sdfr 895178825Sdfr * lib/krb5/cache.c: don't return value in void function 896178825Sdfr 897233294Sstas2003-07-15 Love H��rnquist ��strand <lha@it.su.se> 898178825Sdfr 899178825Sdfr * lib/krb5/creds.c (krb5_compare_creds): if client is specified in 900178825Sdfr the mcreds, check that too 901178825Sdfr 902178825Sdfr * lib/krb5/{keytab_file.c,principal.c,mk_error.c,krb5.h,get_cred.c}: 903178825Sdfr prefix libasn1 types with heim_ 904178825Sdfr 905178825Sdfr * lib/asn1: prefix typedefs and structs with heim_ 906178825Sdfr 907233294Sstas2003-07-13 Love H��rnquist ��strand <lha@it.su.se> 908178825Sdfr 909178825Sdfr * lib/hdb/hdb.c: avoid unnecessary setting of variable 910178825Sdfr 911233294Sstas2003-07-07 Love H��rnquist ��strand <lha@it.su.se> 912178825Sdfr 913178825Sdfr * kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred 914178825Sdfr 915178825Sdfr * appl/test/uu_client.c (proto): use krb5_cc_clear_mcred 916178825Sdfr 917178825Sdfr * lib/krb5/get_cred.c (init_tgs_req): in case of error, don't free 918178825Sdfr in the req_body addresses since they where pass in by caller 919178825Sdfr (find_cred): use krb5_cc_clear_mcred 920178825Sdfr 921178825Sdfr * lib/krb5/krb5_ccache.3: document krb5_cc_clear_mcred 922178825Sdfr 923178825Sdfr * lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a 924178825Sdfr krb5_creds to use with krb5_cc_retrieve_cred 925178825Sdfr 926233294Sstas2003-06-30 Love H��rnquist ��strand <lha@it.su.se> 927178825Sdfr 928178825Sdfr * lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix, 929178825Sdfr don't load anything 930178825Sdfr 931233294Sstas2003-06-29 Love H��rnquist ��strand <lha@it.su.se> 932178825Sdfr 933178825Sdfr * lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke 934178825Sdfr Howard <lukeh@PADL.COM> 935178825Sdfr 936178825Sdfr * lib/hdb/hdb.h: add struct hdb_so_method and 937178825Sdfr HDB_INTERFACE_VERSION 938178825Sdfr 939233294Sstas2003-06-28 Love H��rnquist ��strand <lha@it.su.se> 940178825Sdfr 941178825Sdfr * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using 942178825Sdfr arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since 943178825Sdfr Microsoft calculates the keyed checksum with the subkey of the 944178825Sdfr authenticator. 945178825Sdfr 946178825Sdfr * kuser/kinit.c: write out v4 credential caches with 947178825Sdfr _krb5_krb_tf_setup 948178825Sdfr 949178825Sdfr * lib/krb5/krb5-v4compat.h: add _krb5_krb_tf_setup 950178825Sdfr 951178825Sdfr * lib/krb5/convert_creds.c (_krb5_krb_tf_setup): create/append v4 952178825Sdfr credential to a new krb4 ticket file 953178825Sdfr 954178825Sdfr2003-06-27 Johan Danielsson <joda@pdc.kth.se> 955178825Sdfr 956178825Sdfr * lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since 957178825Sdfr it contains more than 9 words; from wiz 958178825Sdfr 959233294Sstas2003-06-25 Love H��rnquist ��strand <lha@it.su.se> 960178825Sdfr 961178825Sdfr * lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from 962178825Sdfr stefan sokoll <stefansokoll@yahoo.de> 963178825Sdfr 964233294Sstas2003-06-24 Love H��rnquist ��strand <lha@it.su.se> 965178825Sdfr 966178825Sdfr * lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text 967178825Sdfr 968178825Sdfr * lib/krb5/time.c: improve comment for krb5_set_real_time 969178825Sdfr 970178825Sdfr2003-06-23 Johan Danielsson <joda@pdc.kth.se> 971178825Sdfr 972178825Sdfr * kuser/kinit.1: document -A 973178825Sdfr 974178825Sdfr * kuser/kinit.c: add -A as an alias for --no-addresses 975178825Sdfr 976233294Sstas2003-06-22 Love H��rnquist ��strand <lha@it.su.se> 977178825Sdfr 978178825Sdfr * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a 979178825Sdfr krb5_timestamp to krb5_us_timeofday 980178825Sdfr 981178825Sdfr * lib/krb5/mk_error.c (krb5_mk_error): pass in a krb5_timestamp to 982178825Sdfr krb5_us_timeofday 983178825Sdfr 984178825Sdfr * lib/krb5/time.c (krb5_set_real_time): fix comment and make it 985178825Sdfr work 986178825Sdfr 987178825Sdfr * lib/krb5/time.c, lib/krb5/krb5_timeofday.3, 988178825Sdfr lib/krb5/Makefile.am lib/krb5/test_time.c: 989178825Sdfr 990178825Sdfr implement krb5_set_real_time, used by SAMBA, requested by Luke 991178825Sdfr Howard <lukeh@PADL.COM> 992178825Sdfr 993178825Sdfr * lib/asn1/k5.asn1: make the aes and sha1 checksum types match 994178825Sdfr draft-ietf-krb-wg-crypto-05 995178825Sdfr 996233294Sstas2003-06-21 Love H��rnquist ��strand <lha@it.su.se> 997178825Sdfr 998178825Sdfr * lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data 999178825Sdfr 1000178825Sdfr * lib/krb5/crypto.c: clean up AES code to use a structure instead 1001178825Sdfr of a key array 1002178825Sdfr (_krb5_AES_string_to_default_iterator): set to 4096 as described in 1003178825Sdfr aes draft -04 1004178825Sdfr (derive_key): always remove the key->schedule since its 1005178825Sdfr will contain the wrong (parent key) info 1006178825Sdfr 1007233294Sstas2003-06-18 Love H��rnquist ��strand <lha@it.su.se> 1008178825Sdfr 1009178825Sdfr * lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn 1010178825Sdfr * doc/setup.texi: add more kdc's to the example 1011178825Sdfr 1012233294Sstas2003-06-17 Love H��rnquist ��strand <lha@it.su.se> 1013178825Sdfr 1014178825Sdfr * lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto 1015178825Sdfr Patino <jalbertop@aranea.com.mx>, Luke Howard <lukeh@PADL.COM> 1016178825Sdfr Pointed out by Andrew Bartlett of Samba 1017178825Sdfr 1018178825Sdfr * lib/krb5/heim_threads.h: remove freebsd comment, don't use debug 1019178825Sdfr pthread stubs by default 1020178825Sdfr 1021178825Sdfr * lib/krb5/Makefile.am (man_MANS): drop krb5_free_addresses.3 1022178825Sdfr 1023178825Sdfr * lib/krb5/krb5_free_addresses.3: removed file, functions are 1024178825Sdfr documented in krb5_address.3 1025178825Sdfr 1026178825Sdfr * lib/krb5/codec.c: add krb5_{de,en}code_ETYPE_INFO2 1027178825Sdfr 1028178825Sdfr * lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add 1029178825Sdfr krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256 1030178825Sdfr 1031233294Sstas2003-06-06 Love H��rnquist ��strand <lha@it.su.se> 1032178825Sdfr 1033178825Sdfr * doc/setup.texi: Point out that slave needs /var/heimdal 1034178825Sdfr directory and masterkey From: Mans Nilsson <mansaxel@sunet.se>, 1035178825Sdfr Fix spelling while here 1036178825Sdfr 1037233294Sstas2003-06-02 Love H��rnquist ��strand <lha@it.su.se> 1038178825Sdfr 1039178825Sdfr * lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3: 1040178825Sdfr add manpage for: krb5_get_in_cred, krb5_get_in_tkt, 1041178825Sdfr krb5_get_in_tkt_with_keytab, krb5_get_in_tkt_with_password, 1042178825Sdfr krb5_get_in_tkt_with_skey 1043178825Sdfr 1044178825Sdfr2003-05-28 Assar Westerlund <assar@kth.se> 1045178825Sdfr 1046178825Sdfr * lib/krb5/heim_threads.h: Fix unlock/destroy macros for the 1047178825Sdfr non-threaded cases to work. Fix typo. 1048178825Sdfr 1049178825Sdfr2003-05-27 Johan Danielsson <joda@pdc.kth.se> 1050178825Sdfr 1051178825Sdfr * lib/asn1/{der_put.c,der_length.c,check-der.c}: Fix encoding of 1052178825Sdfr "unsigned" integers. If MSB is set, we need to pad with a zero 1053178825Sdfr byte. 1054178825Sdfr 1055233294Sstas2003-05-27 Love H��rnquist ��strand <lha@it.su.se> 1056178825Sdfr 1057178825Sdfr * lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes 1058178825Sdfr 1059178825Sdfr * lib/hdb/hdb-ldap.c (LDAP__connect): bind sasl "EXTERNAL" to ldap 1060178825Sdfr connection 1061178825Sdfr (LDAP_store): remove superfluous argument to asprintf 1062178825Sdfr 1063178825Sdfr From Alberto Patino <jalbertop@aranea.com.mx> 1064178825Sdfr 1065233294Sstas2003-05-26 Love H��rnquist ��strand <lha@it.su.se> 1066178825Sdfr 1067178825Sdfr * lib/krb5/*.[0-9]: pacify mdoclink 1068178825Sdfr 1069178825Sdfr * lib/krb5/krb5_ccache.3: document diffrences between mit and 1070178825Sdfr heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$// 1071178825Sdfr 1072233294Sstas2003-05-21 Love H��rnquist ��strand <lha@it.su.se> 1073178825Sdfr 1074178825Sdfr * appl/test/gssapi_server.c (proto): start to use 1075178825Sdfr gss_krb5_copy_ccache 1076178825Sdfr 1077178825Sdfr * appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t 1078178825Sdfr groveling for now 1079178825Sdfr 1080233294Sstas2003-05-20 Love H��rnquist ��strand <lha@it.su.se> 1081178825Sdfr 1082178825Sdfr * lib/asn1: 1083178825Sdfr - add parser/generate glue for UTF8String and NULL 1084178825Sdfr (DER primitive encode/decode functions missing) 1085178825Sdfr - handle parsing of DEFAULT and, ... 1086178825Sdfr 1087233294Sstas2003-05-16 Love H��rnquist ��strand <lha@it.su.se> 1088178825Sdfr 1089178825Sdfr * lib/krb5/heim_threads.h: add missing argument to mutex_init 1090178825Sdfr 1091178825Sdfr * lib/krb5/crypto.c: protect the random initiator with a mutex 1092178825Sdfr 1093178825Sdfr * lib/krb5/mcache.c: protect the mcc_head with a mutex 1094178825Sdfr 1095178825Sdfr * lib/krb5/krb5_locl.h: include heim_threads.h 1096178825Sdfr 1097178825Sdfr * lib/krb5/heim_threads.h: wrapper macros for thread 1098178825Sdfr synchronization primitives 1099178825Sdfr 1100233294Sstas2003-05-15 Love H��rnquist ��strand <lha@it.su.se> 1101178825Sdfr 1102178825Sdfr * lib/krb5/krb5_principal.3 1103178825Sdfr lib/krb5/Makefile.am: 1104178825Sdfr Add all Kerberos principal function to one manpage, add a few more 1105178825Sdfr principal function to it, remove old now dup manpages 1106178825Sdfr 1107178825Sdfr * lib/krb5/krb5_build_principal.3: remove file 1108178825Sdfr * lib/krb5/krb5_free_principal.3: remove file 1109178825Sdfr * lib/krb5/krb5_sname_to_principal.3: remove file 1110178825Sdfr * lib/krb5/krb5_principal_get_realm.3: remove file 1111178825Sdfr 1112233294Sstas2003-05-14 Love H��rnquist ��strand <lha@it.su.se> 1113178825Sdfr 1114178825Sdfr * lib/krb5/verify_krb5_conf.8: sort sections, from netbsd 1115178825Sdfr 1116178825Sdfr * lib/krb5/krb5_verify_user.3: .Sh EXAMPLE -> .Sh EXAMPLES, from 1117178825Sdfr netbsd 1118178825Sdfr 1119178825Sdfr * lib/krb5/krb5_openlog.3: .Sh EXAMPLE -> .Sh EXAMPLES, sort 1120178825Sdfr sections, from netbsd 1121178825Sdfr 1122178825Sdfr * lib/krb5/krb5_keytab.3: .Sh EXAMPLE -> .Sh EXAMPLES, mdoc fixes, 1123178825Sdfr from netbsd 1124178825Sdfr 1125178825Sdfr * lib/krb5/krb5_get_krbhst.3: .Sh EXAMPLE -> .Sh EXAMPLES, from 1126178825Sdfr netbsd 1127178825Sdfr 1128178825Sdfr * lib/krb5/krb5_get_all_client_addrs.3: add .Os, from NetBSD 1129178825Sdfr 1130178825Sdfr * lib/krb5/krb5_build_principal.3: sort sections, from NetBSD 1131178825Sdfr 1132178825Sdfr * lib/krb5/krb5.conf.5: .Sh EXAMPLE -> .Sh EXAMPLES, from netbsd 1133178825Sdfr 1134178825Sdfr * lib/krb5/get_default_realm.c: compatability -> compatibility, 1135178825Sdfr from netbsd 1136178825Sdfr 1137178825Sdfr * lib/krb5/krb5_warn.3: add copyright/license 1138178825Sdfr 1139178825Sdfr * lib/krb5/krb5_context.3: add SYNOPSIS and LIBRARY 1140178825Sdfr 1141178825Sdfr * lib/krb5/krb5.3: add RCSID 1142178825Sdfr 1143178825Sdfr * kdc/hprop.8: fix mdoc problem, from netbsd 1144178825Sdfr 1145178825Sdfr * lib/krb5/krb5_krbhst_init.3: uppercase url, from Thomas Klausner 1146178825Sdfr <wiz@netbsd.org> 1147178825Sdfr 1148178825Sdfr * kuser/kinit.1: setup -> set up, new sentence, new line from 1149178825Sdfr Thomas Klausner <wiz@netbsd.org> 1150178825Sdfr 1151233294Sstas2003-05-13 Love H��rnquist ��strand <lha@it.su.se> 1152178825Sdfr 1153178825Sdfr * kpasswd/kpasswd.1: handle setting passwords for multiple 1154178825Sdfr principals at the same time 1155178825Sdfr 1156178825Sdfr * kpasswd/kpasswd.c: handle setting passwords for multiple 1157178825Sdfr principals at the same time 1158178825Sdfr 1159178825Sdfr * lib/krb5/changepw.c: draft-ietf-cat-kerb-chg-password-02 and 1160178825Sdfr rfc3244 share the response packet sure more constants now that 1161178825Sdfr they exists 1162178825Sdfr 1163233294Sstas2003-05-12 Love H��rnquist ��strand <lha@it.su.se> 1164178825Sdfr 1165178825Sdfr * lib/krb5/krb5.h: some define for rfc3244 1166178825Sdfr 1167178825Sdfr * lib/krb5/krb5.3: add krb5_change_password and krb5_set_password 1168178825Sdfr 1169178825Sdfr * kpasswd/kpasswd.1: document --admin-principal 1170178825Sdfr 1171178825Sdfr * kpasswd/kpasswd.c: use krb5_set_password 1172178825Sdfr 1173178825Sdfr * lib/krb5/krb5_set_password.3: document krb5_change_password and 1174178825Sdfr krb5_set_password 1175178825Sdfr 1176178825Sdfr * lib/krb5/changepw.c: implement rfc3244, partly from 1177178825Sdfr shadow@dementia.org 1178178825Sdfr 1179178825Sdfr * lib/asn1/Makefile.am (gen_files): asn1_ChangePasswdDataMS.x for 1180178825Sdfr RFC3244 1181178825Sdfr 1182178825Sdfr * lib/asn1/k5.asn1: add ChangePasswdDataMS, for 1183178825Sdfr RFC3244 1184178825Sdfr 1185233294Sstas2003-05-08 Love H��rnquist ��strand <lha@it.su.se> 1186178825Sdfr 1187178825Sdfr * kuser/kdestroy.c: destroy tokens even if there isn't v4 support 1188178825Sdfr 1189178825Sdfr * kuser/kinit.c: get token even if there isn't v4 support 1190178825Sdfr 1191178825Sdfr * kuser/klist.c: print tokens even if there isn't v4 support 1192178825Sdfr 1193178825Sdfr2003-05-06 Johan Danielsson <joda@pdc.kth.se> 1194178825Sdfr 1195178825Sdfr * lib/krb5/name-45-test.c: need to use empty krb5.conf for some 1196178825Sdfr tests 1197178825Sdfr 1198178825Sdfr * lib/asn1/check-gen.c: there is no \e escape sequence; replace 1199178825Sdfr everything with hex-codes, and cast to unsigned char* to make some 1200178825Sdfr compilers happy 1201178825Sdfr 1202233294Sstas2003-05-06 Love H��rnquist ��strand <lha@it.su.se> 1203178825Sdfr 1204178825Sdfr * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first 1205178825Sdfr argument to krb5_us_timeofday have correct type 1206178825Sdfr 1207178825Sdfr2003-05-05 Assar Westerlund <assar@kth.se> 1208178825Sdfr 1209178825Sdfr * include/make_crypto.c (main): include aes.h if ENABLE_AES 1210178825Sdfr 1211233294Sstas2003-05-05 Love H��rnquist ��strand <lha@it.su.se> 1212178825Sdfr 1213178825Sdfr * make-release: when fixing a valid cvs tag from release name 1214178825Sdfr replace all number. to number- for all non-overlapping matches 1215178825Sdfr 1216233294Sstas2003-05-04 Love H��rnquist ��strand <lha@it.su.se> 1217178825Sdfr 1218178825Sdfr * lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and 1219178825Sdfr asn1_ETYPE_INFO2_ENTRY.x 1220178825Sdfr (libasn1_la_LDFLAGS): set version to 6:1:1 1221178825Sdfr 1222178825Sdfr * doc/Makefile.am: add apps.texi 1223178825Sdfr 1224178825Sdfr * doc/setup.texi: add move forward link to applications 1225178825Sdfr 1226178825Sdfr * doc/heimdal.texi: add applications 1227178825Sdfr 1228178825Sdfr * doc/misc.texi: move afs stuff to applications add link to 1229178825Sdfr applications 1230178825Sdfr 1231178825Sdfr * doc/apps.texi: text about applications using kerberos 1232178825Sdfr move afs text here 1233178825Sdfr 1234233294Sstas2003-05-03 Love H��rnquist ��strand <lha@it.su.se> 1235178825Sdfr 1236178825Sdfr * doc/setup.texi: add cross realm text 1237178825Sdfr 1238233294Sstas2003-04-29 Love H��rnquist ��strand <lha@it.su.se> 1239178825Sdfr 1240178825Sdfr * lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and 1241178825Sdfr krb5_string_to_enctype 1242178825Sdfr 1243233294Sstas2003-04-28 Love H��rnquist ��strand <lha@it.su.se> 1244178825Sdfr 1245178825Sdfr * kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd 1246178825Sdfr 1247233294Sstas2003-04-26 Love H��rnquist ��strand <lha@it.su.se> 1248178825Sdfr 1249178825Sdfr * lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2 1250178825Sdfr * lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2 1251178825Sdfr 1252178825Sdfr2003-04-25 Johan Danielsson <joda@pdc.kth.se> 1253178825Sdfr 1254178825Sdfr * lib/krb5/build_auth.c (krb5_build_authenticator): if the local 1255178825Sdfr sequence number is non-zero, don't generate a new one 1256178825Sdfr 1257178825Sdfr * lib/krb5/mk_rep.c (krb5_mk_rep): if the local sequence number is 1258178825Sdfr non-zero, don't generate a new one 1259178825Sdfr 1260178825Sdfr * lib/krb5/time.c (krb5_us_timeofday): make the sec parameter a 1261178825Sdfr krb5_timestamp 1262178825Sdfr 1263178825Sdfr * lib/krb5/mk_priv.c lib/krb5/mk_safe.c lib/krb5/rd_priv.c 1264178825Sdfr lib/krb5/rd_safe.c lib/krb5/rd_cred.c: implement RET_SEQUENCE and 1265178825Sdfr RET_TIME 1266178825Sdfr 1267178825Sdfr * lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching 1268178825Sdfr asn1) 1269178825Sdfr 1270233294Sstas2003-04-24 Love H��rnquist ��strand <lha@it.su.se> 1271178825Sdfr 1272178825Sdfr * doc/programming.texi: s/managment/management/, from jmc 1273178825Sdfr <jmc@prioris.mini.pw.edu.pl> 1274178825Sdfr 1275233294Sstas2003-04-23 Love H��rnquist ��strand <lha@it.su.se> 1276178825Sdfr 1277178825Sdfr * lib/krb5/context.c (default_etypes): also advertise that we 1278178825Sdfr handle aes encryption types 1279178825Sdfr 1280178825Sdfr * lib/krb5/Makefile.am: add krb5_c_ checksum related functions 1281178825Sdfr 1282178825Sdfr * lib/krb5/krb5_c_make_checksum.3: document krb5_c_ checksum 1283178825Sdfr related functions 1284178825Sdfr 1285178825Sdfr * lib/krb5/mit_glue.c: add compat mit krb5_c checksum related 1286178825Sdfr functions 1287178825Sdfr 1288178825Sdfr * lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY 1289178825Sdfr 1290233294Sstas2003-04-22 Love H��rnquist ��strand <lha@it.su.se> 1291178825Sdfr 1292178825Sdfr * lib/krb5/krbhst.c: copy NUL too, from janj@wenf.org via openbsd 1293178825Sdfr 1294233294Sstas2003-04-17 Love H��rnquist ��strand <lha@it.su.se> 1295178825Sdfr 1296178825Sdfr * lib/asn1/der_copy.c (copy_general_string): use strdup 1297178825Sdfr * lib/asn1/der_put.c: remove sprintf 1298178825Sdfr * lib/asn1/gen.c: remove strcpy/sprintf 1299178825Sdfr 1300178825Sdfr * lib/krb5/name-45-test.c: use a more unique name then ratatosk so 1301178825Sdfr that other (me) have such hosts in the local domain and the tests 1302178825Sdfr fails, to take hokkigai.pdc.kth.se instead 1303178825Sdfr 1304178825Sdfr * lib/krb5/test_alname.c: add --version and --help 1305178825Sdfr 1306233294Sstas2003-04-16 Love H��rnquist ��strand <lha@it.su.se> 1307178825Sdfr 1308178825Sdfr * lib/krb5/krb5_warn.3: add krb5_get_err_text 1309178825Sdfr 1310178825Sdfr * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd 1311178825Sdfr * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd 1312178825Sdfr * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use 1313178825Sdfr strlcpy, from openbsd 1314178825Sdfr * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd 1315178825Sdfr * appl/kf/kfd.c: use strlcpy, from openbsd 1316178825Sdfr 1317178825Sdfr2003-04-16 Johan Danielsson <joda@pdc.kth.se> 1318178825Sdfr 1319178825Sdfr * configure.in: fix for large file support in AIX, _LARGE_FILES 1320178825Sdfr needs to be defined on the command line, since lex likes to 1321178825Sdfr include stdio.h before we get to config.h 1322178825Sdfr 1323233294Sstas2003-04-16 Love H��rnquist ��strand <lha@it.su.se> 1324178825Sdfr 1325178825Sdfr * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h, 1326178825Sdfr from Thomas Klausner <wiz@netbsd.org> 1327178825Sdfr 1328178825Sdfr * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner 1329178825Sdfr <wiz@netbsd.org> 1330178825Sdfr 1331233294Sstas2003-04-15 Love H��rnquist ��strand <lha@it.su.se> 1332178825Sdfr 1333178825Sdfr * kdc/kerberos5.c: fix some more memory leaks 1334178825Sdfr 1335233294Sstas2003-04-11 Love H��rnquist ��strand <lha@it.su.se> 1336178825Sdfr 1337178825Sdfr * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 1338178825Sdfr 1339233294Sstas2003-04-08 Love H��rnquist ��strand <lha@it.su.se> 1340178825Sdfr 1341178825Sdfr * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl> 1342178825Sdfr 1343233294Sstas2003-04-06 Love H��rnquist ��strand <lha@it.su.se> 1344178825Sdfr 1345178825Sdfr * lib/krb5/krb5.3: s/kerberos/Kerberos/ 1346178825Sdfr * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ 1347178825Sdfr * lib/krb5/krb5_address.3: s/kerberos/Kerberos/ 1348178825Sdfr * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/ 1349178825Sdfr * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/ 1350178825Sdfr * kuser/kinit.1: s/kerberos/Kerberos/ 1351178825Sdfr * kdc/kdc.8: s/kerberos/Kerberos/ 1352178825Sdfr 1353233294Sstas2003-04-01 Love H��rnquist ��strand <lha@it.su.se> 1354178825Sdfr 1355178825Sdfr * lib/krb5/test_alname.c: more krb5_aname_to_localname tests 1356178825Sdfr 1357178825Sdfr * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when 1358178825Sdfr converting too root, make sure user is ok according to 1359178825Sdfr krb5_kuserok before allowing it. 1360178825Sdfr 1361178825Sdfr * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname 1362178825Sdfr 1363178825Sdfr * lib/krb5/test_alname.c: add test for krb5_aname_to_localname 1364178825Sdfr 1365178825Sdfr * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1 1366178825Sdfr instead of the "illegal" salt #~, same change as kth-krb did 1367178825Sdfr 1999. Problems occur with crypt() that behaves like AT&T crypt 1368178825Sdfr (openssl does this). Pointed out by Marcus Watts. 1369178825Sdfr 1370178825Sdfr * admin/change.c (kt_change): collect all principals we are going 1371178825Sdfr to change, and pick the highest kvno and use that to guess what 1372178825Sdfr kvno the resulting kvno is going to be. Now two ktutil change in a 1373178825Sdfr row works. XXX fix the protocol to pass the kvno back. 1374178825Sdfr 1375233294Sstas2003-03-31 Love H��rnquist ��strand <lha@it.su.se> 1376178825Sdfr 1377178825Sdfr * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl> 1378178825Sdfr 1379233294Sstas2003-03-30 Love H��rnquist ��strand <lha@it.su.se> 1380178825Sdfr 1381178825Sdfr * doc/setup.texi: add description on how to turn on v4, 524 and 1382178825Sdfr kaserver support 1383178825Sdfr 1384233294Sstas2003-03-29 Love H��rnquist ��strand <lha@it.su.se> 1385178825Sdfr 1386178825Sdfr * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog 1387178825Sdfr and afs-use-524 1388178825Sdfr 1389233294Sstas2003-03-28 Love H��rnquist ��strand <lha@it.su.se> 1390178825Sdfr 1391178825Sdfr * kdc/kerberos5.c (as_rep): when the second enctype_to_string 1392178825Sdfr failes, remember to free memory from the first enctype_to_string 1393178825Sdfr 1394178825Sdfr * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2, 1395178825Sdfr from Harald Joerg <harald.joerg@fujitsu-siemens.com> 1396178825Sdfr (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc 1397178825Sdfr 1398178825Sdfr * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key 1399178825Sdfr length when key is longer then expected length, its probably 1400178825Sdfr longer since the encrypted data was padded, reported by Aidan 1401178825Sdfr Cully <aidan@kublai.com> 1402178825Sdfr 1403178825Sdfr * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of 1404178825Sdfr encyption type, inspired by Aidan Cully <aidan@kublai.com> 1405178825Sdfr 1406233294Sstas2003-03-27 Love H��rnquist ��strand <lha@it.su.se> 1407178825Sdfr 1408178825Sdfr * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 1409178825Sdfr (wildcard kvno) after principal when the keytab entry isn't found, 1410178825Sdfr reported by Chris Chiappa <chris@chiappa.net> 1411178825Sdfr 1412233294Sstas2003-03-26 Love H��rnquist ��strand <lha@it.su.se> 1413178825Sdfr 1414178825Sdfr * doc/misc.texi: update 2b example to match reality (from 1415178825Sdfr mattiasa@e.kth.se) 1416178825Sdfr 1417178825Sdfr * doc/misc.texi: spelling and add `Configuring AFS clients' 1418178825Sdfr subsection 1419178825Sdfr 1420233294Sstas2003-03-25 Love H��rnquist ��strand <lha@it.su.se> 1421178825Sdfr 1422178825Sdfr * lib/krb5/krb5.3: add krb5_free_data_contents.3 1423178825Sdfr 1424178825Sdfr * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT 1425178825Sdfr API 1426178825Sdfr 1427178825Sdfr * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat 1428178825Sdfr with MIT API 1429178825Sdfr 1430178825Sdfr * lib/krb5/krb5_verify_user.3: write more about how the ccache 1431178825Sdfr argument should be inited when used 1432178825Sdfr 1433178825Sdfr2003-03-25 Johan Danielsson <joda@pdc.kth.se> 1434178825Sdfr 1435178825Sdfr * lib/krb5/addr_families.c (krb5_print_address): make sure 1436178825Sdfr print_addr is defined for the given address type; make addrports 1437178825Sdfr printable 1438178825Sdfr 1439178825Sdfr * kdc/string2key.c: print the used enctype for kerberos 5 keys 1440178825Sdfr 1441233294Sstas2003-03-25 Love H��rnquist ��strand <lha@it.su.se> 1442178825Sdfr 1443178825Sdfr * lib/krb5/aes-test.c: add another arcfour test 1444178825Sdfr 1445233294Sstas2003-03-22 Love H��rnquist ��strand <lha@it.su.se> 1446178825Sdfr 1447178825Sdfr * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 1448178825Sdfr 1449233294Sstas2003-03-20 Love H��rnquist ��strand <lha@it.su.se> 1450178825Sdfr 1451178825Sdfr * lib/krb5/krb5_ccache.3: update .Dd 1452178825Sdfr 1453178825Sdfr * lib/krb5/krb5.3: sort in krb5_data functions 1454178825Sdfr 1455178825Sdfr * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 1456178825Sdfr 1457178825Sdfr * lib/krb5/krb5_data.3: document krb5_data 1458178825Sdfr 1459178825Sdfr * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if 1460178825Sdfr prompter is NULL, don't try to ask for a password to 1461178825Sdfr change. reported by Iain Moffat @ ufl.edu via Howard Chu 1462178825Sdfr <hyc@highlandsun.com> 1463178825Sdfr 1464233294Sstas2003-03-19 Love H��rnquist ��strand <lha@it.su.se> 1465178825Sdfr 1466178825Sdfr * lib/krb5/krb5_keytab.3: spelling, from 1467178825Sdfr <jmc@prioris.mini.pw.edu.pl> 1468178825Sdfr 1469178825Sdfr * lib/krb5/krb5.conf.5: . means new line 1470178825Sdfr 1471178825Sdfr * lib/krb5/krb5.conf.5: spelling, from 1472178825Sdfr <jmc@prioris.mini.pw.edu.pl> 1473178825Sdfr 1474178825Sdfr * lib/krb5/krb5_auth_context.3: spelling, from 1475178825Sdfr <jmc@prioris.mini.pw.edu.pl> 1476178825Sdfr 1477233294Sstas2003-03-18 Love H��rnquist ��strand <lha@it.su.se> 1478178825Sdfr 1479178825Sdfr * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 1480178825Sdfr 1481178825Sdfr * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time 1482178825Sdfr 1483178825Sdfr * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time 1484178825Sdfr 1485178825Sdfr * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out 1486178825Sdfr #ifdef KRB4 from enable_v4_cross_realm since 524 needs it 1487178825Sdfr 1488178825Sdfr * kdc/config.c: 524 is independent of kerberos 4, so move out 1489178825Sdfr enable_v4_cross_realm from #ifdef KRB4 since 524 needs it 1490178825Sdfr 1491178825Sdfr2003-03-17 Assar Westerlund <assar@kth.se> 1492178825Sdfr 1493178825Sdfr * kdc/kdc.8: document --kerberos4-cross-realm 1494178825Sdfr * kdc/kerberos4.c: pay attention to enable_v4_cross_realm 1495178825Sdfr * kdc/kdc_locl.h (enable_v4_cross_realm): add 1496178825Sdfr * kdc/524.c (encode_524_response): check the enable_v4_cross_realm 1497178825Sdfr flag before giving out v4 tickets for foreign v5 principals 1498178825Sdfr * kdc/config.c: add --enable-kerberos4-cross-realm option (default 1499178825Sdfr to off) 1500178825Sdfr 1501233294Sstas2003-03-17 Love H��rnquist ��strand <lha@it.su.se> 1502178825Sdfr 1503178825Sdfr * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 1504178825Sdfr 1505178825Sdfr * lib/krb5/krb5_aname_to_localname.3: manpage for 1506178825Sdfr krb5_aname_to_localname 1507178825Sdfr 1508178825Sdfr * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ 1509178825Sdfr 1510233294Sstas2003-03-16 Love H��rnquist ��strand <lha@it.su.se> 1511178825Sdfr 1512178825Sdfr * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 1513178825Sdfr 1514178825Sdfr * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 1515178825Sdfr 1516178825Sdfr * lib/krb5/krb5_set_default_realm.3: Manpage for 1517178825Sdfr krb5_free_host_realm, krb5_get_default_realm, 1518178825Sdfr krb5_get_default_realms, krb5_get_host_realm, and 1519178825Sdfr krb5_set_default_realm. 1520178825Sdfr 1521178825Sdfr * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado 1522178825Sdfr <sobrado@acm.org> via NetBSD 1523178825Sdfr 1524178825Sdfr * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type 1525178825Sdfr 1526178825Sdfr * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab 1527178825Sdfr 1528178825Sdfr * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix 1529178825Sdfr 1530178825Sdfr * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more 1531178825Sdfr types, add krb5_fcc_ops and krb5_mcc_ops 1532178825Sdfr 1533178825Sdfr * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for 1534178825Sdfr a id 1535178825Sdfr 1536233294Sstas2003-03-15 Love H��rnquist ��strand <lha@it.su.se> 1537178825Sdfr 1538178825Sdfr * doc/intro.texi: add reference to source code, binaries and the 1539178825Sdfr manual 1540178825Sdfr 1541178825Sdfr * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal 1542178825Sdfr 1543233294Sstas2003-03-14 Love H��rnquist ��strand <lha@it.su.se> 1544178825Sdfr 1545178825Sdfr * kdc/kdc.8: better/difrent english 1546178825Sdfr 1547178825Sdfr * kdc/kdc.8: . -> .\n, copyright/license 1548178825Sdfr 1549178825Sdfr * kdc/kdc.8: changed configuration file -> restart kdc 1550178825Sdfr 1551178825Sdfr * kdc/kerberos4.c: add krb4 into the most error messages written 1552178825Sdfr to the logfile 1553178825Sdfr 1554178825Sdfr * lib/krb5/krb5_ccache.3: add missing name of argument 1555178825Sdfr (krb5_context) to most functions 1556178825Sdfr 1557233294Sstas2003-03-13 Love H��rnquist ��strand <lha@it.su.se> 1558178825Sdfr 1559178825Sdfr * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of 1560178825Sdfr function and return FALSE when there isn't a local account for 1561178825Sdfr `luser'. 1562178825Sdfr 1563178825Sdfr * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text 1564178825Sdfr describing the function 1565178825Sdfr 1566233294Sstas2003-03-12 Love H��rnquist ��strand <lha@it.su.se> 1567178825Sdfr 1568178825Sdfr * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name 1569178825Sdfr returned memory, don't return ENOMEM 1570178825Sdfr 1571233294Sstas2003-03-11 Love H��rnquist ��strand <lha@it.su.se> 1572178825Sdfr 1573178825Sdfr * lib/krb5/krb5.3: add krb5_address stuff and sort 1574178825Sdfr 1575178825Sdfr * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description 1576178825Sdfr 1577178825Sdfr * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 1578178825Sdfr 1579178825Sdfr * lib/krb5/krb5_address.3: document types krb5_address and 1580178825Sdfr krb5_addresses and their helper functions 1581178825Sdfr 1582233294Sstas2003-03-10 Love H��rnquist ��strand <lha@it.su.se> 1583178825Sdfr 1584178825Sdfr * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 1585178825Sdfr 1586178825Sdfr * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se 1587178825Sdfr 1588178825Sdfr * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 1589178825Sdfr 1590178825Sdfr * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se 1591178825Sdfr 1592178825Sdfr * lib/krb5/krb5.3: add more functions 1593178825Sdfr 1594178825Sdfr * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc 1595178825Sdfr functions 1596178825Sdfr 1597178825Sdfr * lib/krb5/krb5_kuserok.3: document krb5_kuserok 1598178825Sdfr 1599178825Sdfr * lib/krb5/krb5_verify_user.3: document 1600178825Sdfr krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior 1601178825Sdfr 1602178825Sdfr * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and 1603178825Sdfr krb5_verify_user_opt 1604178825Sdfr 1605178825Sdfr * lib/krb5/*.[0-9]: add copyright/licenses on more manpages 1606178825Sdfr 1607178825Sdfr * kuser/kdestroy.c (main): handle that krb5_cc_default_name can 1608178825Sdfr return NULL 1609178825Sdfr 1610178825Sdfr * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor 1611178825Sdfr (TESTS): add test_cc 1612178825Sdfr 1613178825Sdfr * lib/krb5/test_cc.c: test some 1614178825Sdfr krb5_cc_default_name/krb5_cc_set_default_name combinations 1615178825Sdfr 1616178825Sdfr * lib/krb5/context.c (init_context_from_config_file): set 1617178825Sdfr default_cc_name to NULL 1618178825Sdfr (krb5_free_context): free default_cc_name if set 1619178825Sdfr 1620178825Sdfr * lib/krb5/cache.c (krb5_cc_set_default_name): new function 1621178825Sdfr (krb5_cc_default_name): use krb5_cc_set_default_name 1622178825Sdfr 1623178825Sdfr * lib/krb5/krb5.h (krb5_context_data): add default_cc_name 1624178825Sdfr 1625233294Sstas2003-02-25 Love H��rnquist ��strand <lha@it.su.se> 1626178825Sdfr 1627178825Sdfr * appl/kf/kf.1: s/securly/securely/ from NetBSD 1628178825Sdfr 1629233294Sstas2003-02-18 Love H��rnquist ��strand <lha@it.su.se> 1630178825Sdfr 1631178825Sdfr * kdc/connect.c: s/intialize/initialize, from 1632178825Sdfr <jmc@prioris.mini.pw.edu.pl> 1633178825Sdfr 1634233294Sstas2003-02-17 Love H��rnquist ��strand <lha@it.su.se> 1635178825Sdfr 1636178825Sdfr * configure.in: add AM_MAINTAINER_MODE 1637178825Sdfr 1638233294Sstas2003-02-16 Love H��rnquist ��strand <lha@it.su.se> 1639178825Sdfr 1640178825Sdfr * **/*.[0-9]: add copyright/licenses on all manpages 1641178825Sdfr 1642178825Sdfr2003-14-16 Jacques Vidrine <nectar@kth.se> 1643178825Sdfr 1644178825Sdfr * lib/krb5/get_in_tkt.c (init_as_req): Send only a single 1645178825Sdfr PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption 1646178825Sdfr type specified by the KDC. 1647178825Sdfr 1648233294Sstas2003-02-15 Love H��rnquist ��strand <lha@it.su.se> 1649178825Sdfr 1650178825Sdfr * fix-export: some autoconf put their version number in 1651178825Sdfr autom4te.cache, so remove autom4te*.cache 1652178825Sdfr 1653178825Sdfr * fix-export: make sure $1 is a directory 1654178825Sdfr 1655233294Sstas2003-02-04 Love H��rnquist ��strand <lha@it.su.se> 1656178825Sdfr 1657178825Sdfr * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 1658178825Sdfr 1659178825Sdfr * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 1660178825Sdfr 1661233294Sstas2003-01-31 Love H��rnquist ��strand <lha@it.su.se> 1662178825Sdfr 1663178825Sdfr * kdc/hpropd.8: s/databases/a database/ s/Not/not/ 1664178825Sdfr 1665178825Sdfr * kdc/hprop.8: add missing . 1666178825Sdfr 1667233294Sstas2003-01-30 Love H��rnquist ��strand <lha@it.su.se> 1668178825Sdfr 1669178825Sdfr * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, 1670178825Sdfr address, write out encryption type in sentences, s/Host/host 1671178825Sdfr 1672233294Sstas2003-01-26 Love H��rnquist ��strand <lha@it.su.se> 1673178825Sdfr 1674178825Sdfr * lib/asn1/check-gen.c: add checks for Authenticator too 1675178825Sdfr 1676233294Sstas2003-01-25 Love H��rnquist ��strand <lha@it.su.se> 1677178825Sdfr 1678178825Sdfr * doc/setup.texi: in the hprop example, use hprop and the first 1679178825Sdfr component, not host 1680178825Sdfr 1681178825Sdfr * lib/krb5/get_addrs.c (find_all_addresses): address-less 1682178825Sdfr point-to-point might not have an address, just ignore 1683178825Sdfr those. Reported by Harald Barth. 1684178825Sdfr 1685233294Sstas2003-01-23 Love H��rnquist ��strand <lha@it.su.se> 1686178825Sdfr 1687178825Sdfr * lib/krb5/verify_krb5_conf.c (check_section): when key isn't 1688178825Sdfr found, don't print out all known keys 1689178825Sdfr 1690178825Sdfr * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity 1691178825Sdfr and facility start resp 1692178825Sdfr (check_log): find_value() returns -1 when key isn't found 1693178825Sdfr 1694178825Sdfr * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a 1695178825Sdfr 'const void *' to avoid AES_KEY being exposed in krb5-private.h 1696178825Sdfr 1697178825Sdfr * lib/krb5/krb5.conf.5: add [kdc]use_2b 1698178825Sdfr 1699178825Sdfr * kdc/524.c (encode_524_response): its 2b not b2 1700178825Sdfr 1701178825Sdfr * doc/misc.texi: quote @ where missing 1702178825Sdfr 1703178825Sdfr * lib/asn1/Makefile.am: add check-gen 1704178825Sdfr 1705178825Sdfr * lib/asn1/check-gen.c: add Principal check 1706178825Sdfr 1707178825Sdfr * lib/asn1/check-common.h: move generic asn1/der functions from 1708178825Sdfr check-der.c to here 1709178825Sdfr 1710178825Sdfr * lib/asn1/check-common.c: move generic asn1/der functions from 1711178825Sdfr check-der.c to here 1712178825Sdfr 1713178825Sdfr * lib/asn1/check-der.c: move out the generic asn1/der functions to 1714178825Sdfr a common file 1715178825Sdfr 1716233294Sstas2003-01-22 Love H��rnquist ��strand <lha@it.su.se> 1717178825Sdfr 1718178825Sdfr * doc/misc.texi: more text about afs, how to get get your KeyFile, 1719178825Sdfr and how to start use 2b tokens 1720178825Sdfr 1721178825Sdfr * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre 1722178825Sdfr <jmc@cvs.openbsd.org> 1723178825Sdfr 1724178825Sdfr2003-01-21 Jacques Vidrine <nectar@kth.se> 1725178825Sdfr 1726178825Sdfr * kuser/kuser_locl.h: include crypto-headers.h for 1727178825Sdfr des_read_pw_string prototype 1728178825Sdfr 1729233294Sstas2003-01-16 Love H��rnquist ��strand <lha@it.su.se> 1730178825Sdfr 1731178825Sdfr * admin/ktutil.8: document -v, --verbose 1732178825Sdfr 1733178825Sdfr * admin/get.c (kt_get): make getarg usage consistent with other 1734178825Sdfr other parts of ktutil 1735178825Sdfr 1736178825Sdfr * admin/copy.c (kt_copy): remove adding verbose_flag to args 1737178825Sdfr struct, since it will overrun the args array (from Sumit Bose) 1738178825Sdfr 1739233294Sstas2003-01-15 Love H��rnquist ��strand <lha@it.su.se> 1740178825Sdfr 1741178825Sdfr * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = 1742178825Sdfr ... } 1743178825Sdfr 1744178825Sdfr * lib/krb5/aes-test.c: test vectors in aes-draft 1745178825Sdfr 1746178825Sdfr * lib/krb5/Makefile.am: add aes-test.c 1747178825Sdfr 1748178825Sdfr * lib/krb5/crypto.c: Add support for AES 1749178825Sdfr (draft-raeburn-krb-rijndael-krb-02), not enabled by default. 1750178825Sdfr (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify 1751178825Sdfr to support checksumtype that are have a shorter wireformat then 1752178825Sdfr their output block size. 1753178825Sdfr 1754178825Sdfr * lib/krb5/crypto.c (struct encryption_type): split the blocksize 1755178825Sdfr into blocksize and padsize, padsize is the minimum padding 1756178825Sdfr size. they are the same for now 1757178825Sdfr (enctype_*): add padsize 1758178825Sdfr (encrypt_internal): use padsize 1759178825Sdfr (encrypt_internal_derived): use padsize 1760178825Sdfr (wrapped_length): use padsize 1761178825Sdfr (wrapped_length_dervied): use padsize 1762178825Sdfr 1763178825Sdfr * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key 1764178825Sdfr function for each enctype in preparation enctypes that uses 1765178825Sdfr `Encryption and Checksum Specifications for Kerberos 5' draft 1766178825Sdfr 1767178825Sdfr * lib/asn1/k5.asn1: add checksum and enctype for AES from 1768178825Sdfr draft-raeburn-krb-rijndael-krb-02.txt 1769178825Sdfr 1770178825Sdfr * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, 1771178825Sdfr KEYTYPE_AES256 1772178825Sdfr 1773233294Sstas2003-01-14 Love H��rnquist ��strand <lha@it.su.se> 1774178825Sdfr 1775178825Sdfr * lib/hdb/common.c (_hdb_fetch): handle error code from 1776178825Sdfr hdb_value2entry 1777178825Sdfr 1778178825Sdfr * kdc/Makefile.am: always include kerberos4.c and 524.c in 1779178825Sdfr kdc_SOURCES to support 524 1780178825Sdfr 1781178825Sdfr * kdc/524.c: always compile in support for 524 1782178825Sdfr 1783178825Sdfr * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 1784178825Sdfr 1785178825Sdfr * kdc/config.c: always compile in support for 524 1786178825Sdfr 1787178825Sdfr * kdc/connect.c: always compile in support for 524 1788178825Sdfr 1789178825Sdfr * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() 1790178825Sdfr even when we build without kerberos 4, 524 needs them 1791178825Sdfr 1792178825Sdfr * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out 1793178825Sdfr Kerberos 4 help functions/structures so other parts of the source 1794178825Sdfr tree can use it (like the KDC) 1795178825Sdfr 1796