1178825Sdfr2005-12-15 Love H�rnquist �strand <lha@it.su.se> 2178825Sdfr 3178825Sdfr * kdc/kerberos5.c (tgs_make_reply): less const on hdb_entry_ex to 4178825Sdfr make samba happy 5178825Sdfr 6178825Sdfr * fix-export: Build kdc-private.h. 7178825Sdfr 8178825Sdfr2005-12-14 Love H�rnquist �strand <lha@it.su.se> 9178825Sdfr 10178825Sdfr * kdc/kerberos5.c (tgs_rep2): also print the principal for which 11178825Sdfr the enctype was missing 12178825Sdfr 13178825Sdfr2005-12-13 Love H�rnquist �strand <lha@it.su.se> 14178825Sdfr 15178825Sdfr * kdc/kaserver.c: Finish up transition from hdb_entry to 16178825Sdfr hdb_entry_ex. 17178825Sdfr 18178825Sdfr * kdc/kerberos4.c: Finish up transition from hdb_entry to 19178825Sdfr hdb_entry_ex. 20178825Sdfr 21178825Sdfr * kdc/524.c: Finish up transition from hdb_entry to hdb_entry_ex. 22178825Sdfr 23178825Sdfr * kdc/kerberos5.c: Finish up transition from hdb_entry with 24178825Sdfr hdb_entry_ex. 25178825Sdfr 26178825Sdfr * lib/krb5/cache.c (krb5_cc_set_default_name): use 27178825Sdfr KRB5_DEFAULT_CCNAME. 28178825Sdfr 29178825Sdfr * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME, pointer to 30178825Sdfr default credential cache. 31178825Sdfr 32178825Sdfr * lib/hdb/ndbm.c: memset hdb_entry_ex before use 33178825Sdfr 34178825Sdfr * lib/hdb/db3.c: memset hdb_entry_ex before use 35178825Sdfr 36178825Sdfr * lib/hdb/db.c: memset hdb_entry_ex before use 37178825Sdfr 38178825Sdfr2005-12-12 Love H�rnquist �strand <lha@it.su.se> 39178825Sdfr 40178825Sdfr * lib/krb5/krb5.3: Add some more entrypoints. 41178825Sdfr 42178825Sdfr * lib/krb5/changepw.c: If there is a target principal, use the 43178825Sdfr realm of the realm to change the password with, 44178825Sdfr 45178825Sdfr * kuser/kinit.c: Default to use DH when fetching keys. 46178825Sdfr 47178825Sdfr * lib/hdb, kdc, kadmin/load.c: Wrap hdb_entry with hdb_entry_ex, patch 48178825Sdfr originally from Andrew Bartlet 49178825Sdfr 50178825Sdfr * lib/hdb/hdb-ldap.c: Wrap hdb_entry with hdb_entry_ex, add url 51178825Sdfr support, add ldapi support. 52178825Sdfr 53178825Sdfr * kdc/kerberos5.c (tgs_make_reply): there are no such things a 54178825Sdfr keytypes any more, just use enctypes. 55178825Sdfr 56178825Sdfr * kdc/kdc_locl.h: Remove private prototypes and instead include 57178825Sdfr <kdc-private.h>. 58178825Sdfr 59178825Sdfr * kdc/Makefile.am: Build kdc-private.h and depend on it. 60178825Sdfr 61178825Sdfr * kdc/config.c (configure): wrap line 62178825Sdfr 63178825Sdfr * doc/kerberos4.texi: KDC 4 support is always compiled in. 64178825Sdfr 65178825Sdfr * TODO: Remove some stuff that have been done. 66178825Sdfr 67178825Sdfr * Makefile.am: Split long line 68178825Sdfr 69178825Sdfr * doc/apps.texi: Spelling, From M�ns Nilsson. 70178825Sdfr 71178825Sdfr * doc/install.texi: spelling, From M�ns Nilsson 72178825Sdfr 73178825Sdfr2005-12-11 Love H�rnquist �strand <lha@it.su.se> 74178825Sdfr 75178825Sdfr * lib/krb5/krb5_principal.3: Constify principal argument to on 76178825Sdfr krb5_principal_get_ functions. 77178825Sdfr 78178825Sdfr * lib/krb5/principal.c: Constify principal argument to on 79178825Sdfr krb5_principal_get_ functions. 80178825Sdfr 81178825Sdfr2005-12-08 Love H�rnquist �strand <lha@it.su.se> 82178825Sdfr 83178825Sdfr * lib/hdb: drop convert_db, 0.0 to 0.1 transition was a long long 84178825Sdfr time ago 85178825Sdfr 86178825Sdfr2005-12-05 Love H�rnquist �strand <lha@it.su.se> 87178825Sdfr 88178825Sdfr * lib/krb5/test_keytab.c: more tests, From Andrew Bartlet 89178825Sdfr 90178825Sdfr * lib/krb5/keytab_memory.c (mkt_remove_entry): realloc can return 91178825Sdfr NULL on success in the case 0 entries are allocated, From Andrew 92178825Sdfr Bartlet 93178825Sdfr 94178825Sdfr2005-12-02 Love H�rnquist �strand <lha@it.su.se> 95178825Sdfr 96178825Sdfr * lib/krb5/acl.c (acl_parse_format): tmp needs to be freed too on 97178825Sdfr failure to parse format specifier. 98178825Sdfr 99178825Sdfr * lib/krb5/store-test.c: Free more of the allocated memory. 100178825Sdfr 101178825Sdfr * lib/krb5/crypto.c (krb5_derive_key): Free more of the allocated 102178825Sdfr memory, this function is only used by the test program. 103178825Sdfr 104178825Sdfr * lib/krb5/parse-name-test.c: Free more of the allocated memory. 105178825Sdfr 106178825Sdfr * lib/krb5/derived-key-test.c: Free more of the allocated memory. 107178825Sdfr 108178825Sdfr2005-12-01 Love H�rnquist �strand <lha@it.su.se> 109178825Sdfr 110178825Sdfr * doc/setup.texi: spelling, From M�ns Nilsson 111178825Sdfr 112178825Sdfr * lib/krb5/krb5_keytab.3: Memory keytab are now named and 113178825Sdfr refcounted. 114178825Sdfr 115178825Sdfr * lib/krb5/test_keytab.c: Test that memory keytab are refcounted. 116178825Sdfr 117178825Sdfr * lib/krb5/keytab_memory.c: Index by name and start reference 118178825Sdfr counting on entries. 119178825Sdfr 120178825Sdfr2005-11-30 Love H�rnquist �strand <lha@it.su.se> 121178825Sdfr 122178825Sdfr * lib/krb5/krb5.h (krb5_address_type): add 123178825Sdfr KRB5_ADDRESS_NETBIOS (20) 124178825Sdfr 125178825Sdfr * lib/hdb/hdb.c (find_method): accept relative paths as old db 126178825Sdfr format too. 127178825Sdfr 128178825Sdfr * lib/krb5/aes-test.c: Remove usage of krb5_enctype_to_keytype. 129178825Sdfr 130178825Sdfr2005-11-29 Dave Love <fx@gnu.org> 131178825Sdfr 132178825Sdfr * kcm/connect.c (kcm_loop): Use HAVE_DOOR_CREATE, not HAVE_DOORS. 133178825Sdfr 134178825Sdfr2005-11-29 Love H�rnquist �strand <lha@it.su.se> 135178825Sdfr 136178825Sdfr * lib/krb5/verify_krb5_conf.c (libdefaults_entries): add 137178825Sdfr default_cc_name 138178825Sdfr 139178825Sdfr * lib/hdb/hdb.c: Only match db databases on filename starting with 140178825Sdfr '/'. 141178825Sdfr 142178825Sdfr * lib/krb5/rd_req.c (krb5_verify_ap_re2): check timestamp in 143178825Sdfr authenticator 144178825Sdfr 145178825Sdfr * lib/krb5/rd_req.c (check_transited): explain the TR-type 0 146178825Sdfr better and why it matters. 147178825Sdfr 148178825Sdfr * lib/krb5/test_cc.c: test krb5_cc_get_prefix_ops 149178825Sdfr 150178825Sdfr * lib/krb5/cache.c (krb5_cc_get_prefix_ops): change the behavior 151178825Sdfr to return NULL when its not found, and fcc when the name starts 152178825Sdfr with a '/'. Almost matches behavior in other parts of the code, 153178825Sdfr but can't really do that since the name passed in to this function 154178825Sdfr may only contain the prefix itself without the colon. 155178825Sdfr 156178825Sdfr * lib/krb5/cache.c (krb5_cc_get_prefix_ops): if there are not 157178825Sdfr colon (:) in the name, its a file credential cache 158178825Sdfr 159178825Sdfr * lib/hdb/db3.c (hdb_db_create): use calloc to callocate memory 160178825Sdfr 161178825Sdfr * lib/hdb/ndbm.c (hdb_ndbm_create): use calloc to allocate memory 162178825Sdfr 163178825Sdfr * lib/hdb/db.c (hdb_db_create): use calloc to allocate memory 164178825Sdfr 165178825Sdfr2005-11-28 Love H�rnquist �strand <lha@it.su.se> 166178825Sdfr 167178825Sdfr * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use session 168178825Sdfr key for delegated credentials 169178825Sdfr 170178825Sdfr * kdc/kerberos5.c (_kdc_as_rep): add comment when we send 171178825Sdfr ETYPE-INFO and ETYPE-INFO2, from Andrew Bartlett 172178825Sdfr 173178825Sdfr2005-11-25 Love H�rnquist �strand <lha@it.su.se> 174178825Sdfr 175178825Sdfr * lib/krb5/keytab.c (krb5_kt_get_full_name): new function 176178825Sdfr 177178825Sdfr2005-11-24 Love H�rnquist �strand <lha@it.su.se> 178178825Sdfr 179178825Sdfr * lib/krb5/test_crypto.c: Split encryption and s2k iterations to 180178825Sdfr diffrent counters, 38seconds of aes256 s2k is way too long. 181178825Sdfr 182178825Sdfr * lib/krb5/test_crypto.c: Add timing code for s2k function. 183178825Sdfr 184178825Sdfr2005-11-07 Love H�rnquist �strand <lha@it.su.se> 185178825Sdfr 186178825Sdfr * kdc/kerberos5.c: Print the time the principal expired, based on 187178825Sdfr patch from Andrew Bartlett. 188178825Sdfr 189178825Sdfr2005-11-01 Love H�rnquist �strand <lha@it.su.se> 190178825Sdfr 191178825Sdfr * lib/krb5/cache.c (krb5_cc_get_full_name): Add 192178825Sdfr 193178825Sdfr2005-11-01 Love H�rnquist �strand <lha@it.su.se> 194178825Sdfr 195178825Sdfr * configure.in: Spelling, From Michael Banck <mbanck@debian.org> 196178825Sdfr 197178825Sdfr2005-10-30 Love H�rnquist �strand <lha@it.su.se> 198178825Sdfr 199178825Sdfr * kcm/headers.h: Maybe include <sys/param.h>. 200178825Sdfr 201178825Sdfr2005-10-27 Love H�rnquist �strand <lha@it.su.se> 202178825Sdfr 203178825Sdfr * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): 204178825Sdfr understand KRB5_AUTHDATA_IF_RELEVANT and KRB5_AUTHDATA_AND_OR (but 205178825Sdfr have KRB5_AUTHDATA_KDC_ISSUED commented out for now) 206178825Sdfr 207178825Sdfr2005-10-26 Love H�rnquist �strand <lha@it.su.se> 208178825Sdfr 209178825Sdfr * kuser/klist.c: In the list caches view, rename the Status field 210178825Sdfr to Expires. 211178825Sdfr 212178825Sdfr * lib/krb5/krb5_encrypt.3: Fix mdoc for 213178825Sdfr krb5_encrypt_EncryptedData, Johnny Lam <jlam@pkgsrc.org> 214178825Sdfr 215178825Sdfr2005-10-25 Love H�rnquist �strand <lha@it.su.se> 216178825Sdfr 217178825Sdfr * appl/test/gssapi_client.c: Check return value from asprintf 218178825Sdfr instead of string != NULL since it undefined behavior on 219178825Sdfr Linux. From Bj�rn Sandell 220178825Sdfr 221178825Sdfr2005-10-21 Love H�rnquist �strand <lha@it.su.se> 222178825Sdfr 223178825Sdfr * lib/krb5/pkinit.c (_krb5_dh_group_ok): if not enough bits are 224178825Sdfr generated from the DH groups, fail. 225178825Sdfr 226178825Sdfr * kdc/pkinit.c (get_dh_param): Pass down config so this function 227178825Sdfr can check pkinit_dh_min_bits 228178825Sdfr 229178825Sdfr * kdc/config.c: Fill in pkinit_dh_min_bits from configuration 230178825Sdfr file. 231178825Sdfr 232178825Sdfr * kdc/kdc.h: Add pkinit_dh_min_bits to krb5_kdc_configuration. 233178825Sdfr 234178825Sdfr2005-10-20 Love H�rnquist �strand <lha@it.su.se> 235178825Sdfr 236178825Sdfr * lib/krb5/pkinit.c: Add option to require binding between reply 237178825Sdfr and response for the win2k version of the protocol. 238178825Sdfr 239178825Sdfr2005-10-19 Love H�rnquist �strand <lha@it.su.se> 240178825Sdfr 241178825Sdfr * doc/programming.texi: Text about Kerberos errors. 242178825Sdfr 243178825Sdfr * lib/krb5/pkinit.c: Try both ReplyKey and ReplyKey-Win2k for the 244178825Sdfr Windows case to support the updated -09 protocol (using 245178825Sdfr asChecksum). Tell KDC we support this by sending 246178825Sdfr KRB5-PADATA-PK-AS-09-BINDING in the pa-data. 247178825Sdfr 248178825Sdfr * lib/krb5/test_cc.c: Test copy FILE -> FILE, and MEMORY -> MEMORY 249178825Sdfr too. 250178825Sdfr 251178825Sdfr * lib/krb5/test_cc.c: Test krb5_cc_copy_cache and 252178825Sdfr krb5_cc_cache_match. 253178825Sdfr 254178825Sdfr * lib/krb5/cache.c (krb5_cc_cache_match): add function that 255178825Sdfr iterates over all credential caches for a user and returns a 256178825Sdfr match. 257178825Sdfr 258178825Sdfr * lib/krb5/krb5_ccache.3: Add krb5_cc_start_seq_get and an 259178825Sdfr example. 260178825Sdfr 261178825Sdfr2005-10-18 Love H�rnquist �strand <lha@it.su.se> 262178825Sdfr 263178825Sdfr * doc/programming.texi: Try to explain krb5_ccache, krb5_principal 264178825Sdfr and errors. 265178825Sdfr 266178825Sdfr2005-10-13 Love H�rnquist �strand <lha@it.su.se> 267178825Sdfr 268178825Sdfr * lib/krb5/krb5_get_credentials.3: Add example how to use 269178825Sdfr krb5_get_credentials. 270178825Sdfr 271178825Sdfr2005-10-12 Love H�rnquist �strand <lha@it.su.se> 272178825Sdfr 273178825Sdfr * lib/krb5/init_creds.c: Rename private to opt_private. 274178825Sdfr 275178825Sdfr * lib/krb5/init_creds_pw.c: Rename private to opt_private. 276178825Sdfr 277178825Sdfr * lib/krb5/pkinit.c: rename element private to opt_private to make 278178825Sdfr c++ picky compilers less upset. 279178825Sdfr 280178825Sdfr * lib/krb5/krb5.h (krb5_get_init_creds_opt): rename element 281178825Sdfr private to opt_private to make c++ picky compilers less upset. 282178825Sdfr 283178825Sdfr2005-10-08 Love H�rnquist �strand <lha@it.su.se> 284178825Sdfr 285178825Sdfr * lib/krb5/krbhst.c (_krb5_krbhost_info_move): new function 286178825Sdfr (_krb5_free_krbhst_info): expose to internal use 287178825Sdfr 288178825Sdfr * lib/krb5/init_creds_pw.c: Prepare to pass down a 289178825Sdfr krb5_krbhst_info into the pre-auth mechs 290178825Sdfr 291178825Sdfr * lib/krb5/pkinit.c: Inline short functions, share more code, 292178825Sdfr rename COMPAT_27 to COMPAT_IETF, pass down a krb5_krbhst_info for 293178825Sdfr verification of KDC info, and general cleaning up. 294178825Sdfr 295178825Sdfr2005-10-07 Love H�rnquist �strand <lha@it.su.se> 296178825Sdfr 297178825Sdfr * lib/krb5/Makefile.am: Install krb5.moduli in sysconfdir. 298178825Sdfr 299178825Sdfr * lib/krb5/krb5_locl.h: rename moduli file to SYSCONFDIR 300178825Sdfr "/krb5.moduli" 301178825Sdfr 302178825Sdfr * lib/krb5/krb5_locl.h: Add forward declaration for 303178825Sdfr krb5_dh_moduli. Add define for MODULI_FILE. 304178825Sdfr 305178825Sdfr * kdc/pkinit.c: Removing PK-INIT-19 support. 306178825Sdfr 307178825Sdfr * lib/krb5/pkinit.c: Removing PK-INIT-19 support. 308178825Sdfr 309178825Sdfr * lib/krb5/pkinit.c (_krb5_dh_group_ok): return DH group name on 310178825Sdfr success. 311178825Sdfr (krb5_get_init_creds_opt_set_pkinit): use moduli file if it exists 312178825Sdfr 313178825Sdfr * kdc/pkinit.c: Save DH group name and print it on success. 314178825Sdfr 315178825Sdfr * lib/krb5/pkinit.c (_krb5_dh_group_ok): if q is zero, ignore it. 316178825Sdfr 317178825Sdfr * kdc/pkinit.c: Check dh group parameters from client. 318178825Sdfr 319178825Sdfr * lib/krb5/krb5_err.et: Match error code with pk-init-27. 320178825Sdfr 321178825Sdfr * lib/krb5/pkinit.c: Update error codes. Add name to group. Change 322178825Sdfr return value of _krb5_dh_group_ok. 323178825Sdfr 324178825Sdfr * lib/krb5/pkinit.c: Add support for reading a moduli-file for DH 325178825Sdfr parameters. 326178825Sdfr 327178825Sdfr2005-10-06 Love H�rnquist �strand <lha@it.su.se> 328178825Sdfr 329178825Sdfr * kuser/klist.1: Document --list-caches 330178825Sdfr 331178825Sdfr * kuser/klist.c: Change short flag of --list-caches to -l (-v is 332178825Sdfr already used). 333178825Sdfr 334178825Sdfr2005-10-03 Love H�rnquist �strand <lha@it.su.se> 335178825Sdfr 336178825Sdfr * lib/krb5/kerberos.8: RFC 1510 was obsoleted by 4120. 337178825Sdfr 338178825Sdfr * lib/krb5/acache.c (init_ccapi): return kerberos errors, callers 339178825Sdfr expect it 340178825Sdfr (acc_get_cache_first): don't leak memory or abort on malloc 341178825Sdfr failure 342178825Sdfr 343178825Sdfr2005-10-02 Love H�rnquist �strand <lha@it.su.se> 344178825Sdfr 345178825Sdfr * lib/krb5/kerberos.8: Update text about Kerberos RFC's. 346178825Sdfr 347178825Sdfr2005-10-01 Love H�rnquist �strand <lha@it.su.se> 348178825Sdfr 349178825Sdfr * kuser/klist.c: Add option --list-caches that lists the avaible 350178825Sdfr caches and their status. 351178825Sdfr 352178825Sdfr $ klist --list-caches 353178825Sdfr Principal Cache name Status 354178825Sdfr lha@E.KTH.SE 2 Valid 355178825Sdfr lha@SU.SE 1 Expired 356178825Sdfr lha/root@SU.SE 0 Expired 357178825Sdfr lha@N.L.NXS.SE Initial default ccache Expired 358178825Sdfr 359178825Sdfr2005-09-30 Love H�rnquist �strand <lha@it.su.se> 360178825Sdfr 361178825Sdfr * lib/krb5/keytab_keyfile.c: Use all DES keys, not just 362178825Sdfr des-cbc-md5, verify that they all are the same. 363178825Sdfr 364178825Sdfr * lib/krb5/mcache.c Implement the cache iteration functions. 365178825Sdfr 366178825Sdfr * lib/krb5/acache.c: Implement the cache iteration functions. 367178825Sdfr 368178825Sdfr * lib/krb5/test_cc.c: Test the new cache iteration functions. 369178825Sdfr 370178825Sdfr * lib/krb5/cache.c: Add cache iteration funcations. Add internal 371178825Sdfr allocation function for the memory of a krb5_ccache, and use it. 372178825Sdfr 373178825Sdfr * lib/krb5/krb5.h (krb5_cc_ops): add cache iteration functions 374178825Sdfr 375178825Sdfr2005-09-25 Love H�rnquist �strand <lha@it.su.se> 376178825Sdfr 377178825Sdfr * lib/krb5/krb5_mk_req.3: Remove leftovers, remove extra space. 378178825Sdfr 379178825Sdfr * kdc/kerberos5.c: More verbose PK-INIT logging. 380178825Sdfr 381178825Sdfr * kdc/pkinit.c: The public DH key is encoded as an INTEGER in 382178825Sdfr subjectPublicKey. Don't verify OID's for now. 383178825Sdfr 384178825Sdfr * lib/krb5/pkinit.c: Support cached DH variable (still need to 385178825Sdfr store it though), don't check the oid of the DH signedData for 386178825Sdfr now. 387178825Sdfr 388178825Sdfr2005-09-22 Love H�rnquist �strand <lha@it.su.se> 389178825Sdfr 390178825Sdfr * lib/krb5/rd_cred.c (krb5_rd_cred): try both the session key and 391178825Sdfr the sender subkey. Both RFC1510 and RFC4120 say that you have to 392178825Sdfr use the session key, Heimdal uses subkey. 393178825Sdfr 394178825Sdfr2005-09-21 Love H�rnquist �strand <lha@it.su.se> 395178825Sdfr 396178825Sdfr * lib/krb5/pkinit.c: Don't check oid's too closely, they change in 397178825Sdfr Windows Vista. 398178825Sdfr 399178825Sdfr2005-09-20 Love H�rnquist �strand <lha@it.su.se> 400178825Sdfr 401178825Sdfr * lib/krb5/pkinit.c: Disable sending -19, fix parsing -27 of the 402178825Sdfr protocol. 403178825Sdfr 404178825Sdfr * kdc/pkinit.c: Support PK-INIT-27 DH (and remove -19) 405178825Sdfr 406178825Sdfr * lib/krb5/pkinit.c (pk_verify_chain_standard): set cert to NULL 407178825Sdfr to make sure its not freed. 408178825Sdfr 409178825Sdfr2005-09-19 Love H�rnquist �strand <lha@it.su.se> 410178825Sdfr 411178825Sdfr * lib/krb5/crypto.c (krb5_DES_string_to_key): If the opaque length 412178825Sdfr it set to 1, and content is 0x01, use the afs3 string-to-key. 413178825Sdfr 414178825Sdfr * kdc/kerberos5.c (make_etype_info2_entry): When its a afs3-salted 415178825Sdfr key, use send the opaque, length 1 (with content set to 0x01) in 416178825Sdfr ETYPE-INFO2-ENTRY. 417178825Sdfr 418178825Sdfr * lib/krb5/kcm.c: Remove signedness warnings. 419178825Sdfr 420178825Sdfr2005-09-15 Love H�rnquist �strand <lha@it.su.se> 421178825Sdfr 422178825Sdfr * configure.in: Use libtool's default values for building 423178825Sdfr shared/static libaries, ie remove AC_ENABLE_SHARED(no), solves 424178825Sdfr building problems users have on Mac OS X. 425178825Sdfr 426178825Sdfr2005-09-08 Love H�rnquist �strand <lha@it.su.se> 427178825Sdfr 428178825Sdfr * lib/krb5/changepw.c: Constify password. 429178825Sdfr 430178825Sdfr2005-09-05 Love H�rnquist �strand <lha@it.su.se> 431178825Sdfr 432178825Sdfr * lib/krb5/krb5_mk_req.3: Document krb5_rd_req. 433178825Sdfr 434178825Sdfr * lib/krb5/Makefile.am: MAN_mans+= krb5_mk_req.3 435178825Sdfr 436178825Sdfr * lib/krb5/krb5_mk_req.3: Document krb5_mk_req, krb5_mk_req_exact, 437178825Sdfr krb5_mk_req_extended, krb5_rd_req, krb5_rd_req_with_keyblock, 438178825Sdfr krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep, 439178825Sdfr krb5_build_ap_req, krb5_verify_ap_req. 440178825Sdfr 441178825Sdfr2005-09-01 Love H�rnquist �strand <lha@it.su.se> 442178825Sdfr 443178825Sdfr * kdc/kerberos5.c (make_etype_info_entry): Dont send salttype at 444178825Sdfr all, use KRB5-PADATA-AFS3-SALT 445178825Sdfr 446178825Sdfr2005-08-31 Love H�rnquist �strand <lha@it.su.se> 447178825Sdfr 448178825Sdfr * kdc/kerberos5.c (log_timestamp): endtime, not endtype 449178825Sdfr 450178825Sdfr2005-08-30 Love H�rnquist �strand <lha@it.su.se> 451178825Sdfr 452178825Sdfr * configure.in: Check for <sys/ucred.h>. 453178825Sdfr 454178825Sdfr * kcm/connect.c (update_client_creds): in case there is no 455178825Sdfr UCRED_VERSION, skip LOCAL_PEERCRED 456178825Sdfr 457178825Sdfr * kcm/headers.h: include <sys/ucred.h> 458178825Sdfr 459178825Sdfr2005-08-27 Love H�rnquist �strand <lha@it.su.se> 460178825Sdfr 461178825Sdfr * lib/krb5/rd_req.c (check_transited): Allow empty content of type 462178825Sdfr 0 because that is was Microsoft generates in their TGT. 463178825Sdfr 464178825Sdfr * kdc/kerberos5.c (fix_transited_encoding): Allow empty content of 465178825Sdfr type 0 because that is was Microsoft enerates in their TGT. 466178825Sdfr 467178825Sdfr2005-08-26 Love H�rnquist �strand <lha@it.su.se> 468178825Sdfr 469178825Sdfr * doc/intro.texi: RFC 4120 replaces RFC 1510 470178825Sdfr 471178825Sdfr2005-08-25 Love H�rnquist �strand <lha@it.su.se> 472178825Sdfr 473178825Sdfr * configure.in: Add --disable-afs-support. 474178825Sdfr 475178825Sdfr2005-08-23 Love H�rnquist �strand <lha@it.su.se> 476178825Sdfr 477178825Sdfr * lib/krb5/Makefile.am: Add test_hostname to check_PROGRAMS but 478178825Sdfr not TESTS, I have no same dns to use. 479178825Sdfr 480178825Sdfr * lib/krb5/test_hostname.c: Testprogram for krb5_expand_hostname() 481178825Sdfr and krb5_expand_hostname_realms(). 482178825Sdfr 483178825Sdfr * configure.in: Build KCM if we have doors or unix sockets. 484178825Sdfr 485178825Sdfr * lib/krb5/principal.c (krb5_425_conv_principal_ex2): Remove 486178825Sdfr shadowing variable. 487178825Sdfr 488178825Sdfr * lib/krb5/get_host_realm.c (dns_find_realm): Fix const warnings, 489178825Sdfr plug memory leak. From: Stefan Metzmacher <metze@samba.org> 490178825Sdfr 491178825Sdfr * lib/krb5/krb5_config.3: Document what happens with NULL to 492178825Sdfr krb5_config_free_strings 493178825Sdfr (nothing). Mdoc nit. 494178825Sdfr 495178825Sdfr2005-08-22 Love H�rnquist �strand <lha@it.su.se> 496178825Sdfr 497178825Sdfr * kuser/klist.c (check_for_tgt): Re-order code so it only free the 498178825Sdfr credential if one was returned. 499178825Sdfr 500178825Sdfr * lib/krb5/test_crypto_wrapping.c: Fix printing of size_t. 501178825Sdfr 502178825Sdfr2005-08-19 Love H�rnquist �strand <lha@it.su.se> 503178825Sdfr 504178825Sdfr * lib/hdb/dbinfo.c: provide interface to find databases 505178825Sdfr 506178825Sdfr * lib/hdb/mkey.c: hdb_seal_key_mkey): dont double encrypt keys 507178825Sdfr 508178825Sdfr2005-08-15 Love H�rnquist �strand <lha@it.su.se> 509178825Sdfr 510178825Sdfr * kdc/kdc_locl.h: Update prototype for _kdc_pk_mk_pa_reply. 511178825Sdfr 512178825Sdfr2005-08-13 Love H�rnquist �strand <lha@it.su.se> 513178825Sdfr 514178825Sdfr * lib/krb5/init_creds_pw.c: Save the request buffer so that 515178825Sdfr pre-auth mechanism that needs it can verify the reply. 516178825Sdfr 517178825Sdfr2005-08-12 Love H�rnquist �strand <lha@it.su.se> 518178825Sdfr 519178825Sdfr * lib/krb5/test_mem.c: Rename logf to avoid shadowing. 520178825Sdfr 521178825Sdfr * lib/krb5/krb5_keytab.3: Fix the version number for 522178825Sdfr fcc-mit-ticketflags. 523178825Sdfr 524178825Sdfr * lib/krb5/fcache.c: Revert previous, I was confused. 525178825Sdfr 526178825Sdfr * lib/krb5/krb5_keytab.3: Document fcc-mit-ticketflags in 527178825Sdfr COMPATIBILITY section. 528178825Sdfr 529178825Sdfr * lib/krb5/fcache.c (fcc_store_cred): default to MIT style ticket 530178825Sdfr flags. 531178825Sdfr 532178825Sdfr * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break; 533178825Sdfr 534178825Sdfr * lib/krb5/krb5_create_checksum.3: Update prototype for 535178825Sdfr krb5_create_checksum. 536178825Sdfr 537178825Sdfr * kdc/pkinit.c: Make compile. 538178825Sdfr 539178825Sdfr * lib/krb5/pkinit.c: Implement verification of asChecksum, now 540178825Sdfr client side code is using -27 of the pk-init draft. 541178825Sdfr 542178825Sdfr * kdc/kdc_locl.h: update prototype for _kdc_as_rep 543178825Sdfr 544178825Sdfr * kdc/pkinit.c: Fill in asChecksum, we now implements -27 in the KDC. 545178825Sdfr 546178825Sdfr * kdc/process.c: Pass down the request buffer to _kdc_as_rep(). 547178825Sdfr 548178825Sdfr * kdc/kerberos5.c (_kdc_as_rep): Pass down the request buffer to 549178825Sdfr _kdc_pk_mk_pa_reply. 550178825Sdfr 551178825Sdfr2005-08-11 Love H�rnquist �strand <lha@it.su.se> 552178825Sdfr 553178825Sdfr * lib/hdb/ext.c: HDB extensions access glue. 554178825Sdfr 555178825Sdfr * kcm/acquire.c: Use krb5_set_password instead of 556178825Sdfr krb5_change_password. 557178825Sdfr 558178825Sdfr * configure.in: Add tests/Makefile and tests/db/Makefile. 559178825Sdfr 560178825Sdfr * NEWS: New ASN.1 compiler 561178825Sdfr 562178825Sdfr * lib/hdb/Makefile.am: Build extensions. 563178825Sdfr 564178825Sdfr * lib/hdb/print.c: Print extensions. 565178825Sdfr 566178825Sdfr * lib/hdb/hdb_err.et: Add error "Entry contains unknown mandatory 567178825Sdfr extension". 568178825Sdfr 569178825Sdfr * lib/hdb/hdb.h: Update interface version (and indent). 570178825Sdfr 571178825Sdfr * lib/hdb/hdb.asn1: Add support for HDB-extension. 572178825Sdfr 573178825Sdfr2005-08-10 Love H�rnquist �strand <lha@it.su.se> 574178825Sdfr 575178825Sdfr * lib/krb5/test_pkinit_dh2key.c: add tests vectors from 576178825Sdfr "Liqiang(Larry) Zhu" <lzhu@windows.microsoft.com> 577178825Sdfr 578178825Sdfr * lib/hdb/mkey.c: Expose the crypto operations on the master key. 579178825Sdfr 580178825Sdfr * lib/krb5/test_pkinit_dh2key.c: even more bits, not done yet 581178825Sdfr 582178825Sdfr2005-08-09 Love H�rnquist �strand <lha@it.su.se> 583178825Sdfr 584178825Sdfr * kdc/kerberos5.c (_kdc_as_rep): preserve the error code in the 585178825Sdfr ENC-TS case. From: Andrew Bartlett <abartlet@samba.org> 586178825Sdfr 587178825Sdfr * kdc/kerberos5.c (tgs_rep2): only needs to log "Failed to verify 588178825Sdfr authenticator" once, its already done by 589178825Sdfr tgs_check_authenticator(). 590178825Sdfr 591178825Sdfr * kdc/kerberos5.c: Indent strings. 592178825Sdfr 593178825Sdfr * kdc/kerberos5.c (log_timestamp): avoid shadow warnings From: 594178825Sdfr Andrew Bartlett <abartlet@samba.org> 595178825Sdfr 596178825Sdfr * lib/krb5/verify_user.c: Add krb5_verify_opt_alloc and 597178825Sdfr krb5_verify_opt_free. 598178825Sdfr 599178825Sdfr * lib/krb5/krb5_verify_user.3: Document krb5_verify_opt_alloc and 600178825Sdfr krb5_verify_opt_free. 601178825Sdfr 602178825Sdfr * lib/hdb/db3.c (DB_open): catch errors from the d->open calls 603178825Sdfr instead of letting them slip though to d->cursor. Bug repport from 604178825Sdfr Andrew Bartlett <abartlet@samba.org> 605178825Sdfr 606178825Sdfr2005-07-29 Love H�rnquist �strand <lha@it.su.se> 607178825Sdfr 608178825Sdfr * kdc/Makefile.am (kdc_LDADD): add LDADD 609178825Sdfr 610178825Sdfr2005-07-28 Love H�rnquist �strand <lha@it.su.se> 611178825Sdfr 612178825Sdfr * kdc/kerberos5.c (_kdc_as_rep): log what enctypes was using in 613178825Sdfr ENC-TS preauth, both for failure and success. 614178825Sdfr 615178825Sdfr * kdc/hprop.c: Use the _krb5_krb_life_to_time function from 616178825Sdfr libkrb5 instead of including our own here too. 617178825Sdfr 618178825Sdfr * kdc/kerberos5.c: indent printf strings 619178825Sdfr 620178825Sdfr * lib/hdb/mkey.c (hdb_unseal_key_mkey): try to unseal key with 621178825Sdfr keyusage 0 in case the key was encrypted with MIT Kerberos (old 622178825Sdfr patch from Johan) 623178825Sdfr 624178825Sdfr2005-07-26 Love H�rnquist �strand <lha@it.su.se> 625178825Sdfr 626178825Sdfr * kdc/pkinit.c: update to pkinit-27 627178825Sdfr 628178825Sdfr2005-07-23 Love H�rnquist �strand <lha@it.su.se> 629178825Sdfr 630178825Sdfr * lib/krb5/pkinit.c: Adapt to IMPLICIT changes in CMS module. 631178825Sdfr 632178825Sdfr2005-07-20 Love H�rnquist �strand <lha@it.su.se> 633178825Sdfr 634178825Sdfr * lib/krb5/test_pkinit_dh2key.c: framework for testing 635178825Sdfr _krb5_pk_octetstring2key 636178825Sdfr 637178825Sdfr * kpasswd/kpasswdd.c (doit): krb5_addr2sockaddr takes a 638178825Sdfr krb5_socklen_t 639178825Sdfr 640178825Sdfr * kdc/connect.c (de_http): sscanf takes a char *, not unsigned 641178825Sdfr ditto, cast approriately 642178825Sdfr 643178825Sdfr * lib/krb5/crypto.c (_krb5_pk_octetstring2key): make sha1 output 644178825Sdfr unsigned char to match openssl 645178825Sdfr 646178825Sdfr2005-07-14 Love H�rnquist �strand <lha@it.su.se> 647178825Sdfr 648178825Sdfr * lib/hdb/common.c: Check encoder lengths from ASN1_MALLOC_ENCODE. 649178825Sdfr 650178825Sdfr2005-07-13 Love H�rnquist �strand <lha@it.su.se> 651178825Sdfr 652178825Sdfr * lib/krb5/rd_cred.c (krb5_rd_cred): don't leak memory 653178825Sdfr 654178825Sdfr * lib/krb5/get_cred.c (krb5_get_credentials_with_flags): only call 655178825Sdfr krb5_cc_retrieve_cred once, and plug memory leak. 656178825Sdfr 657178825Sdfr2005-07-13 Love H�rnquist �strand <lha@it.su.se> 658178825Sdfr 659178825Sdfr * lib/hdb/Makefile.am: the new asn.1 compiler includes the modules 660178825Sdfr name in the depend file 661178825Sdfr 662178825Sdfr * lib/krb5/keytab_file.c (fkt_start_seq_get_int): check return 663178825Sdfr value from krb5_storage_from_fd 664178825Sdfr 665178825Sdfr * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): client do not contribute 666178825Sdfr to the DH when the server doesn't support the cached DH request. 667178825Sdfr 668178825Sdfr * lib/krb5/crypto.c (_krb5_pk_octetstring2key): fix arguments 669178825Sdfr 670178825Sdfr2005-07-12 Love H�rnquist �strand <lha@it.su.se> 671178825Sdfr 672178825Sdfr * lib/krb5/pkinit.c: clean up pk-init DH support, not finished 673178825Sdfr yet; improve error reporting 674178825Sdfr 675178825Sdfr * lib/krb5/crypto.c (_krb5_pk_octetstring2key): string2key 676178825Sdfr function used in pk-init-25 677178825Sdfr 678178825Sdfr * configure.in: Use a configure switch to turn on PK-INIT, not by 679178825Sdfr detecting existence of the new ASN.1 library. 680178825Sdfr 681178825Sdfr * lib/asn1: Much improved ASN.1 compiler from joda-choice-branch. 682178825Sdfr 683178825Sdfr Highlighs for the compiler is support for CHOICE and in general better 684178825Sdfr support for tags. This compiler support most of what is needed for 685178825Sdfr PK-INIT, LDAP, X.509, PKCS-12 and many other protocols. 686178825Sdfr 687178825Sdfr2005-07-10 Love H�rnquist �strand <lha@it.su.se> 688178825Sdfr 689178825Sdfr * lib/asn1: make scope variables unique to avoid shadow warnings 690178825Sdfr 691178825Sdfr2005-07-09 Love H�rnquist �strand <lha@it.su.se> 692178825Sdfr 693178825Sdfr * lib/krb5/krb5.h: comment out paramenter name in typedef 694178825Sdfr functions to avoid shadow warnings 695178825Sdfr 696178825Sdfr * lib/krb5/crypto.c: make input data to krb5_encrypt{,_ivec} const 697178825Sdfr 698178825Sdfr * kuser/klist.c: If there are no addresses, print addressless 699178825Sdfr instead of nothing. 700178825Sdfr 701178825Sdfr * lib/krb5/Makefile.am (TESTS): add test_crypto_wrapping 702178825Sdfr 703178825Sdfr * lib/krb5/crypto.c (wrapped_length): the underived encrypted 704178825Sdfr types checksum are all unkeyed (matches the code in 705178825Sdfr encrypt_internal() and encrypt_internal_special()) 706178825Sdfr 707178825Sdfr * lib/krb5/test_crypto_wrapping.c: ETYPE_ARCFOUR_HMAC_MD5_56 isn't 708178825Sdfr not supported 709178825Sdfr 710178825Sdfr * lib/krb5/test_crypto_wrapping.c: test encryption wrapping 711178825Sdfr 712178825Sdfr * lib/krb5/test_crypto.c (time_encryption): free cleartext buffer 713178825Sdfr 714178825Sdfr2005-07-08 Love H�rnquist �strand <lha@it.su.se> 715178825Sdfr 716178825Sdfr * configure.in: run AM_INIT_AUTOMAKE before AM_PROG_CC_C_O 717178825Sdfr otherwise am_aux_dir will be expanded using ac_aux_dir before the 718178825Sdfr later is set. 719178825Sdfr 720178825Sdfr * configure.in: check for strings.h explicitly instead of 721178825Sdfr depending on AC_HEADER_STDC to check it for us 722178825Sdfr 723178825Sdfr2005-07-07 Assar Westerlund <assar@kth.se> 724178825Sdfr 725178825Sdfr * configure.in: add AM_PROG_CC_C_O for automake 1.9 726178825Sdfr 727178825Sdfr2005-07-06 Love H�rnquist �strand <lha@it.su.se> 728178825Sdfr 729178825Sdfr * lib/krb5/keytab.c (krb5_kt_get_entry): clear error string when 730178825Sdfr returning a new error 731178825Sdfr 732178825Sdfr * lib/krb5/keytab.c: krb5_kt_close frees all resources, even on 733178825Sdfr error. 734178825Sdfr 735178825Sdfr * lib/krb5/verify_init.c (krb5_verify_init_creds): `entry' unused, 736178825Sdfr remove From: "Henry B. Hotz" <hotz@jpl.nasa.gov> 737178825Sdfr 738178825Sdfr2005-07-05 Love H�rnquist �strand <lha@it.su.se> 739178825Sdfr 740178825Sdfr * doc/win2k.texi: arcfour-hmac-md5 support for windows cross was 741178825Sdfr added in w2k3-sp1 From David Love 742178825Sdfr 743178825Sdfr * doc/setup.texi: document kadmin command password-quality instead 744178825Sdfr of the not installed test_pw_quality 745178825Sdfr 746178825Sdfr * lib/krb5/krb5_get_init_creds.3: Spelling, from David Love 747178825Sdfr 748178825Sdfr * fix-export: build kdc-protos.h 749178825Sdfr 750178825Sdfr2005-07-01 Love H�rnquist �strand <lha@it.su.se> 751178825Sdfr 752178825Sdfr * kdc: prefix pkinit symbols with _kdc 753178825Sdfr 754178825Sdfr * kuser/kinit.c: avoid shadowing variables 755178825Sdfr 756178825Sdfr * kuser: s/optind/optidx/ 757178825Sdfr 758178825Sdfr * kdc: adapt pkinit code to libkdc split 759178825Sdfr 760178825Sdfr2005-06-30 Love H�rnquist �strand <lha@it.su.se> 761178825Sdfr 762178825Sdfr * tools/Makefile.am: add depency on LIB_dlopen and LIB_door_create 763178825Sdfr 764178825Sdfr * tools/krb5-config.in: add depency on LIB_dlopen and LIB_door_create 765178825Sdfr 766178825Sdfr * kdc/kdc_locl.h: indent, remove dup prototypes 767178825Sdfr 768178825Sdfr * kdc/libkdc: don't pollute namespace, generate public headerfile 769178825Sdfr 770178825Sdfr * lib/krb5/principal.c: add krb5_425_conv_principal_ext2 that work 771178825Sdfr just like krb5_425_conv_principal_ext but takes a context variable 772178825Sdfr for the verification function 773178825Sdfr 774178825Sdfr * kdc/Makefile.am: there is no export script, not pretend there is 775178825Sdfr 776178825Sdfr * kdc: Merge in the libkdc/kdc configuration split from Andrew 777178825Sdfr Bartlet <abartlet@samba.org> 778178825Sdfr 779178825Sdfr * lib/krb5/crypto.c: optionally compile in support for afs string2key 780178825Sdfr 781178825Sdfr * configure.in: add --disable-afs-string-to-key to allow removal 782178825Sdfr of support for afs string2key (and dependency on crypt) 783178825Sdfr 784178825Sdfr2005-06-29 Love H�rnquist �strand <lha@it.su.se> 785178825Sdfr 786178825Sdfr * kdc/kerberos5.c: Add logging of all timestamps in AS-REQ and 787178825Sdfr TGS-REQ, for auditing 788178825Sdfr 789178825Sdfr * kdc/kerberos5.c (as_req): print the supported encryption types 790178825Sdfr so its possible to know what clients to update. 791178825Sdfr (find_rpath): return const char * and update callers. 792178825Sdfr 793178825Sdfr2005-06-28 Luke Howard <lukeh@padl.com> 794178825Sdfr 795178825Sdfr * kcm/connect.c: fix arguments to kcm_log() when reporting 796178825Sdfr sendmsg() error 797178825Sdfr 798178825Sdfr * kcm/connect.c: don't send socket address in msghdr, it 799178825Sdfr returns an already connected error on Linux 800178825Sdfr 801178825Sdfr2005-06-24 Love H�rnquist �strand <lha@it.su.se> 802178825Sdfr 803178825Sdfr * kdc/524.c: Always include <krb5-v4compat.h>. 804178825Sdfr 805178825Sdfr2005-06-23 Love H�rnquist �strand <lha@it.su.se> 806178825Sdfr 807178825Sdfr * doc/intro.texi: no more libdes, gssapi lib is complete 808178825Sdfr 809178825Sdfr * lib/krb5/krb5.conf.5: Documentation for password quality 810178825Sdfr control. From: "James F. Hranicky" <jfh@cise.ufl.edu> 811178825Sdfr 812178825Sdfr * lib/krb5/verify_krb5_conf.c (password_quality_entries): add 813178825Sdfr min_length and min_classes 814178825Sdfr 815178825Sdfr * kdc/kaserver.c: log the kaserver requests, avoid shadowing 816178825Sdfr variables 817178825Sdfr 818178825Sdfr * lib/hdb/db3.c (DB_open): in case of error, close database 819178825Sdfr 820178825Sdfr * lib/hdb/ndbm.c (NDBM_open): in case of error, close database 821178825Sdfr 822178825Sdfr * lib/hdb/db.c (DB_open): in case of error, close database 823178825Sdfr 824178825Sdfr2005-06-20 Love H�rnquist �strand <lha@it.su.se> 825178825Sdfr 826178825Sdfr * kcm/kcm.8: fix example 827178825Sdfr 828178825Sdfr2005-06-17 Love H�rnquist �strand <lha@it.su.se> 829178825Sdfr 830178825Sdfr * lib/krb5/rd_rep.c: indent 831178825Sdfr 832178825Sdfr * lib/krb5/rd_rep.c (krb5_rd_rep): check if 833178825Sdfr KRB5_AUTH_CONTEXT_DO_TIME set and use that as a que that timestamp 834178825Sdfr should be checked, DCE-STYLE gssapi needs to be able to tweek this 835178825Sdfr 836178825Sdfr * kdc/string2key.c: rename optind to optidx 837178825Sdfr 838178825Sdfr * lib/hdb/convert_db.c: rename optind to optidx 839178825Sdfr 840178825Sdfr * lib/hdb/keytab.c: const poison, add a unconst where needed 841178825Sdfr 842178825Sdfr * lib/krb5/crypto.c (krb5_string_to_key): unconst password 843178825Sdfr 844178825Sdfr * lib/asn1/k5.asn1: rename pvno to krb5-pvno 845178825Sdfr 846178825Sdfr * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): 847178825Sdfr unconst argument 848178825Sdfr 849178825Sdfr * lib/krb5/verify_krb5_conf.c: rename optind to optidx 850178825Sdfr 851178825Sdfr * lib/krb5/transited.c: rename the temporary string variable to 852178825Sdfr `str' 853178825Sdfr 854178825Sdfr * lib/krb5/test_crypto.c: rename optind to optidx 855178825Sdfr 856178825Sdfr * lib/krb5/test_alname.c: rename optind to optidx 857178825Sdfr 858178825Sdfr * lib/krb5/store.c: unconst argument to krb5_store (XXX this 859178825Sdfr should be fixed, krb5_store doesn't need to modify its argument) 860178825Sdfr 861178825Sdfr * lib/krb5/send_to_kdc.c (krb5_sendto): remove shadowing 862178825Sdfr unnessecery variable ret 863178825Sdfr 864178825Sdfr * lib/krb5/rd_cred.c (krb5_rd_cred): remove shadowing unnessecery 865178825Sdfr variable len 866178825Sdfr 867178825Sdfr * lib/krb5/prog_setup.c: rename optind to optidx 868178825Sdfr 869178825Sdfr * lib/krb5/padata.c: rename variable index to idx 870178825Sdfr 871178825Sdfr * lib/krb5/log.c: rename variable time to timestr to avoid 872178825Sdfr shadowing 873178825Sdfr 874178825Sdfr * lib/krb5/krbhst.c (krb5_krbhst_init_flags): rename variable to 875178825Sdfr avoid shadowing 876178825Sdfr 877178825Sdfr * lib/krb5/krbhst-test.c: rename optind to optidx 878178825Sdfr 879178825Sdfr * lib/krb5/kcm.c: unconst argumen to connect, unconst argument to 880178825Sdfr krb5_store (XXX this should be fixed, krb5_store doesn't need to 881178825Sdfr modify its argument) 882178825Sdfr 883178825Sdfr * lib/krb5/init_creds_pw.c (default_s2k_func): unconst password 884178825Sdfr 885178825Sdfr * lib/krb5/crypto.c: rename `encrypt' to avoid shadow warning 886178825Sdfr 887178825Sdfr2005-06-16 Love H�rnquist �strand <lha@it.su.se> 888178825Sdfr 889178825Sdfr * lib/krb5/principal.c: rename index to idx 890178825Sdfr 891178825Sdfr * lib/krb5/mk_error.c: use rk_UNCONST 892178825Sdfr 893178825Sdfr * lib/krb5/fcache.c: rename to avoid shadowing 894178825Sdfr 895178825Sdfr * lib/krb5/config_file.c: rename to avoid shadowing 896178825Sdfr 897178825Sdfr * lib/krb5/cache.c (_krb5_expand_default_cc_name): just copy the 898178825Sdfr string instead of losing const 899178825Sdfr 900178825Sdfr * lib/krb5/addr_families.c: use rk_UNCONST to silence const 901178825Sdfr warning 902178825Sdfr 903178825Sdfr * lib/krb5/addr_families.c: rename sin to sin4 904178825Sdfr 905178825Sdfr * lib/asn1/asn1_print.c: rename optind to optidx, remove shadowed 906178825Sdfr variables 907178825Sdfr 908178825Sdfr * lib/asn1/main.c: rename optind to optidx 909178825Sdfr 910178825Sdfr * lib/asn1/gen_copy.c: rename to avoid shadowing 911178825Sdfr 912178825Sdfr * lib/asn1/gen_locl.h: rename function filename to get_filename 913178825Sdfr 914178825Sdfr * lib/asn1/lex.l: use get_filename 915178825Sdfr 916178825Sdfr * lib/asn1/gen.c: rename function filename to get_filename 917178825Sdfr 918178825Sdfr * lib/krb5/acache.c: use HAVE_DLOPEN around cc_handle 919178825Sdfr 920178825Sdfr * configure.in: add headers and prototypes to logwtmp, logout and 921178825Sdfr openpty checks 922178825Sdfr 923178825Sdfr * configure.in: include headerfiles and set prototype for tgetent 924178825Sdfr 925178825Sdfr * kdc/kerberos5.c (make_etype_info2_entry): NUL terminate the 926178825Sdfr string 927178825Sdfr 928178825Sdfr * kdc/kerberos5.c: replace strndup with inline copy, free data on 929178825Sdfr failure 930178825Sdfr 931178825Sdfr * lib/krb5/cache.c (_krb5_expand_default_cc_name): replace strndup 932178825Sdfr with inline copy 933178825Sdfr 934178825Sdfr * lib/krb5/log.c: rename close and log to avoid shadow warnings 935178825Sdfr 936178825Sdfr * lib/krb5/get_in_tkt.c: rename index to i to avoid shadowing 937178825Sdfr 938178825Sdfr * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): rename two 939178825Sdfr of the local `realm' to srealm to avoid shadowing 940178825Sdfr 941178825Sdfr * kdc/kerberos5.c (tgs_rep2): rename one of the tkey to uukey to 942178825Sdfr avoid shadow warning 943178825Sdfr 944178825Sdfr * kdc/kerberos5.c (tgs_rep2): rename loop to nloop to avoid shadow 945178825Sdfr warning 946178825Sdfr 947178825Sdfr2005-06-15 Love H�rnquist �strand <lha@it.su.se> 948178825Sdfr 949178825Sdfr * Release 0.7, see branch 950178825Sdfr 951178825Sdfr2005-06-14 Love H�rnquist �strand <lha@it.su.se> 952178825Sdfr 953178825Sdfr * lib/krb5/Makefile.am: TESTS += test_mem libkrb5_la_SOURCES += 954178825Sdfr kcm.h 955178825Sdfr 956178825Sdfr * kuser/kinit.c (main): catch KRB5_CONFIG_BADFORMAT from 957178825Sdfr krb5_init_context 958178825Sdfr 959178825Sdfr * kdc/main.c (main): catch KRB5_CONFIG_BADFORMAT from 960178825Sdfr krb5_init_context 961178825Sdfr 962178825Sdfr * lib/krb5/verify_krb5_conf.c (main): catch KRB5_CONFIG_BADFORMAT 963178825Sdfr from krb5_init_context From: Mathias Feiler 964178825Sdfr <feiler@uni-hohenheim.de> 965178825Sdfr 966178825Sdfr * lib/krb5/verify_krb5_conf.c: Add more missig entires, from 967178825Sdfr Mathias Feiler <feiler@uni-hohenheim.de> 968178825Sdfr 969178825Sdfr2005-06-11 Love H�rnquist �strand <lha@it.su.se> 970178825Sdfr 971178825Sdfr * kdc/pkinit.c (pk_principal_from_X509): remember to free 972178825Sdfr KRB5PrincipalName 973178825Sdfr 974178825Sdfr * lib/krb5/log.c (krb5_closelog): free all content in 975178825Sdfr krb5_log_facility 976178825Sdfr 977178825Sdfr2005-06-08 Love H�rnquist �strand <lha@it.su.se> 978178825Sdfr 979178825Sdfr * kdc/524.c: init kvno to please gcc 980178825Sdfr 981178825Sdfr * kdc/kaserver.c (do_authenticate): check return value from 982178825Sdfr unparse_auth_args 983178825Sdfr 984178825Sdfr2005-06-07 Dave Love <fx@gnu.org> 985178825Sdfr 986178825Sdfr * doc/setup.texi: Spelling. 987178825Sdfr 988178825Sdfr * doc/programming.texi: Spelling. 989178825Sdfr 990178825Sdfr2005-06-02 Dave Love <fx@gnu.org> 991178825Sdfr 992178825Sdfr * kcm/connect.c (kcm_door_server): Make static. 993178825Sdfr 994178825Sdfr * kcm/kcm_locl.h (disallow_getting_krbtgt): Declare. 995178825Sdfr 996178825Sdfr2005-06-02 Love H�rnquist �strand <lha@it.su.se> 997178825Sdfr 998178825Sdfr * kdc/mit_dump.c (mit_prop_dump): cast argument to 999178825Sdfr krb5_parse_principal to avoid warning 1000178825Sdfr 1001178825Sdfr * kdc/mit_dump.c: rename KRB5_TL_MOD_PRINC to 1002178825Sdfr mit_KRB5_TL_MOD_PRINC to hint its a constant originating from mit 1003178825Sdfr codebase 1004178825Sdfr 1005178825Sdfr2005-06-01 Love H�rnquist �strand <lha@it.su.se> 1006178825Sdfr 1007178825Sdfr * lib/krb5/store.c: If we are allocating 0 entires, avoid failing 1008178825Sdfr if ALLOC returns NULL 1009178825Sdfr 1010178825Sdfr * lib/krb5/verify_krb5_conf.c: Check for [kdc]v4-realm 1011178825Sdfr 1012178825Sdfr * lib/krb5/cache.c: When returning a new error code, set error 1013178825Sdfr string. 1014178825Sdfr 1015178825Sdfr2005-05-31 Love H�rnquist �strand <lha@it.su.se> 1016178825Sdfr 1017178825Sdfr * lib/krb5/keytab_file.c: Adapt to changed signature of 1018178825Sdfr _krb5_xunlock, clear more error string where needed. 1019178825Sdfr 1020178825Sdfr * lib/krb5/fcache.c (_krb5_xunlock): catch the error and turn it 1021178825Sdfr into something sensable 1022178825Sdfr 1023178825Sdfr2005-05-30 Love H�rnquist �strand <lha@it.su.se> 1024178825Sdfr 1025178825Sdfr * kdc/kerberos5.c (tgs_make_reply): copy ok-as-delegate flag from 1026178825Sdfr server entry to encrypted ticket flags 1027178825Sdfr 1028178825Sdfr2005-05-30 Johan Danielsson <joda@pdc.kth.se> 1029178825Sdfr 1030178825Sdfr * kdc/connect.c: rename sendlength to prependlength (which 1031178825Sdfr hopefully better represents its purpose), and change type to 1032178825Sdfr krb5_boolean 1033178825Sdfr 1034178825Sdfr * kdc/connect.c: log signal causing exit 1035178825Sdfr 1036178825Sdfr * kdc/main.c (sigterm): set exit_flag to signal causing exit; 1037178825Sdfr (main): trap SIGXCPU 1038178825Sdfr 1039178825Sdfr2005-05-30 Love H�rnquist �strand <lha@it.su.se> 1040178825Sdfr 1041178825Sdfr * kcm/kcm.8: document --disallow-getting-krbtgt and --door-path 1042178825Sdfr 1043178825Sdfr * kcm/protocol.c (kcm_op_retrieve): check server for krbtgt, not 1044178825Sdfr client 1045178825Sdfr 1046178825Sdfr * kcm/main.c: ignore SIGPIPE 1047178825Sdfr 1048178825Sdfr * kcm/protocol.c: Add option to disallow getting krbtgt out from 1049178825Sdfr from KCM. KCM will do the fetching part itself. 1050178825Sdfr 1051178825Sdfr * kcm/config.c: Add option to disallow getting krbtgt out from 1052178825Sdfr from KCM. KCM will do the fetching part itself. 1053178825Sdfr 1054178825Sdfr2005-05-30 Luke Howard <lukeh@padl.com> 1055178825Sdfr 1056178825Sdfr * kcm/events.c: if credentials have expired when attempting 1057178825Sdfr to renew, attempt to reacquire them using initial creds 1058178825Sdfr 1059178825Sdfr2005-05-29 Love H�rnquist �strand <lha@it.su.se> 1060178825Sdfr 1061178825Sdfr * lib/krb5/krb5_principal.3: Spelling, from Bj�rn Sandell 1062178825Sdfr 1063178825Sdfr * doc/setup.texi: spelling, from Bj�rn Sandell 1064178825Sdfr 1065178825Sdfr * lib/krb5/name-45-test.c: XXX don't run the test unless the 1066178825Sdfr machine is in kth.se or su.se because it depends on local resolver 1067178825Sdfr configuration. 1068178825Sdfr 1069178825Sdfr * lib/hdb/hdb.c: provde RTLD_NOW and RTLD_GLOBAL if they don't 1070178825Sdfr exists 1071178825Sdfr 1072178825Sdfr * kcm/connect.c: fix doors support, fix signedness warnings 1073178825Sdfr 1074178825Sdfr * kcm/config.c: add --door-path= 1075178825Sdfr 1076178825Sdfr * configure.in: comment what the "detect doors on solaris" 1077178825Sdfr fragment tries to do 1078178825Sdfr 1079178825Sdfr * kcm/acquire.c (generate_random_pw): fix signed-ness warnings 1080178825Sdfr 1081178825Sdfr * kcm/connect.c (update_client_creds): fix compile error in the 1082178825Sdfr getpeerucred case 1083178825Sdfr 1084178825Sdfr * lib/krb5/test_cc.c: change format for expantion variables in 1085178825Sdfr default_cc_name to %{variable} to not confuse them with shell 1086178825Sdfr ditto 1087178825Sdfr 1088178825Sdfr * kcm/headers.h: Maybe include <door.h>. 1089178825Sdfr 1090178825Sdfr * kcm/kcm_locl.h: add extern door_path; 1091178825Sdfr 1092178825Sdfr * configure.in: detect doors using door_create 1093178825Sdfr 1094178825Sdfr * kcm/Makefile.am: add dependcy on kcm_protos.h add lib depency on 1095178825Sdfr LIB_door_create 1096178825Sdfr 1097178825Sdfr * lib/krb5/kcm.h: add _PATH_KCM_DOOR, default path to kcm door 1098178825Sdfr 1099178825Sdfr * lib/krb5/kcm.c: use [libdefaults]kcm_door to find the door to 1100178825Sdfr kcm 1101178825Sdfr 1102178825Sdfr * lib/krb5/Makefile.am: libkrb5_la_LIBADD += LIB_door_create 1103178825Sdfr 1104178825Sdfr * lib/krb5/krb5_locl.h: Maybe include <sys/mman.h>, maybe include 1105178825Sdfr <door.h>. 1106178825Sdfr 1107178825Sdfr * lib/krb5/kcm.c (kcm_send_request): add support for doing a door 1108178825Sdfr call to kcm 1109178825Sdfr 1110178825Sdfr * lib/asn1: prefix Der_class with ASN1_C_ to avoid problems with 1111178825Sdfr system headerfiles that pollute the name space 1112178825Sdfr 1113178825Sdfr * kcm/kcm.8: change format for expantion variables in 1114178825Sdfr default_cc_name to %{variable} to not confuse them with shell 1115178825Sdfr ditto 1116178825Sdfr 1117178825Sdfr * lib/krb5/krb5.conf.5: change format for expantion variables in 1118178825Sdfr default_cc_name to %{variable} to not confuse them with shell 1119178825Sdfr ditto 1120178825Sdfr 1121178825Sdfr * lib/krb5/cache.c (_krb5_expand_default_cc_name): change format 1122178825Sdfr for expantion variables to %{variable} to not confuse them with 1123178825Sdfr shell ditto 1124178825Sdfr 1125178825Sdfr * kcm/connect.c: add LOCAL_PEERCRED and experimental doors support 1126178825Sdfr 1127178825Sdfr2005-05-27 Love H�rnquist �strand <lha@it.su.se> 1128178825Sdfr 1129178825Sdfr * appl/kf/kfd.c: case uid_t to unsigned long in printf format 1130178825Sdfr 1131178825Sdfr2005-05-25 Love H�rnquist �strand <lha@it.su.se> 1132178825Sdfr 1133178825Sdfr * lib/krb5/krb5_auth_context.3: remove trailing space 1134178825Sdfr 1135178825Sdfr2005-05-24 Love H�rnquist �strand <lha@it.su.se> 1136178825Sdfr 1137178825Sdfr * kcm/connect.c (do_request): use sendmsg to send the reply 1138178825Sdfr 1139178825Sdfr * fix-export: add make_proto for kcm/kcm_protos.h 1140178825Sdfr 1141178825Sdfr * kcm/kcm_locl.h: remove prototypes and add <kcm_protos.h> 1142178825Sdfr 1143178825Sdfr * kcm/Makefile.am (kcm_SOURCES): add headerfiles 1144178825Sdfr (kcm_protos.h): generate prototypes 1145178825Sdfr 1146178825Sdfr * kcm/protocol.c: fix error in last commit, use right function 1147178825Sdfr 1148178825Sdfr * kcm/headers.h: include <ucred.h> if we have getpeerucred 1149178825Sdfr 1150178825Sdfr * configure.in: check for functions getpeerucred and getpeereid 1151178825Sdfr 1152178825Sdfr * kcm/connect.c (update_client_creds): add support for 1153178825Sdfr getpeerucred and getpeereid 1154178825Sdfr 1155178825Sdfr * lib/krb5/kcm.c (kcm_alloc): allow kcm socket to be configured by 1156178825Sdfr [libdefaults]kcm_socket=/path 1157178825Sdfr 1158178825Sdfr2005-05-24 David Love <fx@gnu.org> 1159178825Sdfr 1160178825Sdfr * kcm/kcm.8: KRB5CCNAME needs an literal uid, not ${uid}, spelling 1161178825Sdfr 1162178825Sdfr2005-05-23 Love H�rnquist �strand <lha@it.su.se> 1163178825Sdfr 1164178825Sdfr * kcm/protocol.c: Merge the description and function jumptables 1165178825Sdfr into one structure. Use the length of the array when checking if 1166178825Sdfr opcode is value, not a constant. 1167178825Sdfr 1168178825Sdfr * kcm/kcm_locl.h: struct kcm_op: jumptable structure 1169178825Sdfr 1170178825Sdfr * kcm/main.c: move declaration of detach_from_console away from 1171178825Sdfr here to kcm_locl.h, Don't test HAVE_DAEMON since roken supplies it. 1172178825Sdfr 1173178825Sdfr * kcm/kcm_locl.h: move declaration of detach_from_console here 1174178825Sdfr 1175178825Sdfr * kdc/config.c: Don't test HAVE_DAEMON since roken supplies it. 1176178825Sdfr 1177178825Sdfr2005-05-23 Dave Love <fx@gnu.org> 1178178825Sdfr 1179178825Sdfr * kcm/config.c: Don't test HAVE_DAEMON since roken supplies it. 1180178825Sdfr 1181178825Sdfr * kdc/main.c: Don't test HAVE_DAEMON since roken supplies it. 1182178825Sdfr 1183178825Sdfr2005-05-23 Love H�rnquist �strand <lha@it.su.se> 1184178825Sdfr 1185178825Sdfr * lib/krb5/krb5_keytab.3: document WRFILE and JAVA14 1186178825Sdfr 1187178825Sdfr2005-05-20 Love H�rnquist �strand <lha@it.su.se> 1188178825Sdfr 1189178825Sdfr * lib/krb5/krbhst.c (srv_get_hosts): if srv_get_hosts failes, 1190178825Sdfr return and ignore the error 1191178825Sdfr 1192178825Sdfr * lib/krb5/krbhst.c (srv_find_realm): make sure `res' and `count' 1193178825Sdfr have good values 1194178825Sdfr 1195178825Sdfr * lib/krb5/test_keytab.c: tests all keytab format 1196178825Sdfr 1197178825Sdfr2005-05-19 Love H�rnquist �strand <lha@it.su.se> 1198178825Sdfr 1199178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): non non asn1 decoding 1200178825Sdfr errors, fail. Make sure we free memory on error. 1201178825Sdfr (pk_verify_chain_standard): make sure we provide good errors. 1202178825Sdfr 1203178825Sdfr * lib/krb5/verify_krb5_conf.c: add missing options, prompted by 1204178825Sdfr James F. Hranicky mail to heimdal-discuss 1205178825Sdfr 1206178825Sdfr * lib/krb5/verify_krb5_conf.c: add pkinit and password quailty 1207178825Sdfr check options 1208178825Sdfr 1209178825Sdfr * lib/krb5/pkinit.c (pk_verify_chain_standard): store better error 1210178825Sdfr message in the context for certificate errors. 1211178825Sdfr 1212178825Sdfr * lib/krb5/keytab.c (krb5_kt_free_entry): zero out content of all 1213178825Sdfr krb5_free_x_content like functions to make sure data doesnt get 1214178825Sdfr reused, idea from Wynn Wilkes <wwilkes@vintela.com> 1215178825Sdfr 1216178825Sdfr * configure.in: depend on automake 1.8, we don't test anything 1217178825Sdfr older 1218178825Sdfr 1219178825Sdfr * lib/krb5/init_creds_pw.c (process_pa_data_to_md): add comment 1220178825Sdfr that the caller always free out_md; remove comment about memory, 1221178825Sdfr it doesn't happen. 1222178825Sdfr (init_cred_loop): free ctx->as_req.padata when its reset (From Wynn 1223178825Sdfr Wilkes <wwilkes@vintela.com>), move a comment close the the code 1224178825Sdfr 1225178825Sdfr * lib/krb5/keytab_krb4.c (fkt_remove_entry): need to call 1226178825Sdfr krb5_kt_free_entry after each krb5_kt_next_entry. 1227178825Sdfr 1228178825Sdfr * lib/krb5/keytab_file.c (fkt_remove_entry): need to call 1229178825Sdfr krb5_kt_free_entry after each fkt_next_entry_int. From: Wynn 1230178825Sdfr Wilkes <wwilkes@vintela.com> 1231178825Sdfr 1232178825Sdfr2005-05-18 Love H�rnquist �strand <lha@it.su.se> 1233178825Sdfr 1234178825Sdfr * lib/krb5/Makefile.am: TESTS += test_keytab 1235178825Sdfr 1236178825Sdfr * lib/krb5/keytab_krb4.c (krb4_kt_remove_entry): plug memory leaks, 1237178825Sdfr avoid crashing on empty keytab 1238178825Sdfr 1239178825Sdfr * lib/krb5/krb5_keytab.3: document behavior of 1240178825Sdfr krb5_kt_remove_entry 1241178825Sdfr 1242178825Sdfr * lib/krb5/keytab_memory.c (mkt_remove_entry): check if there 1243178825Sdfr isn't any entries in the keytab before removing any since that 1244178825Sdfr leads to bad pointer arithmetic and crashing. From: Wynn Wilkes 1245178825Sdfr <wwilkes@vintela.com>. Make the function return KRB5_KT_NOTFOUND 1246178825Sdfr if the entry wasn't in the keytab (just like the filebased 1247178825Sdfr keytab). 1248178825Sdfr 1249178825Sdfr * lib/krb5/test_keytab.c: test memory corruption in MEMORY keytab 1250178825Sdfr 1251178825Sdfr * lib/krb5{addr_families,context,creds,free,keyblock, 1252178825Sdfr mit_glue,rd_error}.c:zero out content of all krb5_free_x_content 1253178825Sdfr like functions to make sure data doesnt get reused, idea from 1254178825Sdfr Wynn Wilkes <wwilkes@vintela.com> 1255178825Sdfr 1256178825Sdfr * lib/krb5/krb5_get_credentials.3: document KRB5_GC_EXPIRED_OK 1257178825Sdfr 1258178825Sdfr * lib/krb5/krb5.3: add krb5_cc_new_unique 1259178825Sdfr 1260178825Sdfr2005-05-17 Love H�rnquist �strand <lha@it.su.se> 1261178825Sdfr 1262178825Sdfr * lib/krb5/fcache.c (fcc_get_first): check return value from 1263178825Sdfr malloc, memset the structure, make sure cursor doesn't point to 1264178825Sdfr freed memory on failure. From: Wynn Wilkes <wwilkes@vintela.com> 1265178825Sdfr 1266178825Sdfr * lib/krb5/krb5_auth_context.3: document 1267178825Sdfr KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED 1268178825Sdfr 1269178825Sdfr * lib/krb5/get_cred.c: Remove expired credentials, based on 1270178825Sdfr patches and comments from Anders Magnusson <ragge@ltu.se> and Wynn 1271178825Sdfr Wilkes <wwilkes@vintela.com> 1272178825Sdfr 1273178825Sdfr * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): honor 1274178825Sdfr KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED and create unencrypted 1275178825Sdfr (ENCTYPE_NULL) credentials. for use with old mit server and java based 1276178825Sdfr ones as they can't handle encrypted KRB-CRED. Note that the option 1277178825Sdfr needs to turned on because if the consumer sends the KRB-CRED in 1278178825Sdfr clear bad things will happen. 1279178825Sdfr 1280178825Sdfr * lib/krb5/context.c (krb5_init_context): register krb5_javakt_ops 1281178825Sdfr 1282178825Sdfr * lib/krb5/krb5.h: KRB5_GC_EXPIRED_OK: expired credentials is ok 1283178825Sdfr to return from krb5_get_credentials. 1284178825Sdfr KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED: make forward credentials 1285178825Sdfr be unencrypted, for compatibility with mit kerberos and java 1286178825Sdfr kerberos. krb5_javakt_ops: export 1287178825Sdfr 1288178825Sdfr2005-05-16 Love H�rnquist �strand <lha@it.su.se> 1289178825Sdfr 1290178825Sdfr * lib/krb5/keytab_file.c: Add new keytab file format JAVA14 that 1291178825Sdfr doesn't the use extended kvnos, as hinted, this is needed for 1292178825Sdfr Java's Kerberos implementation. 1293178825Sdfr 1294178825Sdfr2005-05-10 Love H�rnquist �strand <lha@it.su.se> 1295178825Sdfr 1296178825Sdfr * lib/krb5/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 1297178825Sdfr enckey, still no DH 1298178825Sdfr 1299178825Sdfr * kdc/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 enckey, 1300178825Sdfr still no DH 1301178825Sdfr 1302178825Sdfr * kdc/kerberos5.c (as_rep): search for pkinit-9, pkinit-19, and 1303178825Sdfr pkinit-25 pa-data, return empty pkinit pa-data in the 1304178825Sdfr PREAUTH_REQUIRED krb-error 1305178825Sdfr 1306178825Sdfr * doc/ack.texi: add pkinit people 1307178825Sdfr 1308178825Sdfr * lib/krb5/krb5_storage.3: document krb5_storage_is_flags 1309178825Sdfr 1310178825Sdfr * lib/krb5/{krb5_compare_creds.3,krb5_get_init_creds.3, 1311178825Sdfr krb5_krbhst_init.3,krb5_storage.3}: 1312178825Sdfr make more pretty, from Bj�rn Sandell 1313178825Sdfr 1314178825Sdfr2005-05-09 Dave Love <fx@gnu.org> 1315178825Sdfr 1316178825Sdfr * doc/setup.texi: Fix and clarify password quality check examples. 1317178825Sdfr 1318178825Sdfr2005-05-09 Love H�rnquist �strand <lha@it.su.se> 1319178825Sdfr 1320178825Sdfr * lib/krb5/kuserok.c (krb5_kuserok): use POSIX_GETPWNAM_R instead 1321178825Sdfr of HAVE_GETPWNAM_R From: Dave Love <d.love@dl.ac.uk> 1322178825Sdfr 1323178825Sdfr2005-05-07 Love H�rnquist �strand <lha@it.su.se> 1324178825Sdfr 1325178825Sdfr * lib/krb5/addr_families.c (krb5_print_address): catch when the 1326178825Sdfr unknown adress don't fit. From Bj�rn Sandell <biorn@dce.chalmers.se> 1327178825Sdfr 1328178825Sdfr2005-05-05 Dave Love <d.love@dl.ac.uk> 1329178825Sdfr 1330178825Sdfr * configure.in: fix type right test, include <termios.h> for 1331178825Sdfr sys/strtty.h, not sys/ptyvar.h 1332178825Sdfr 1333178825Sdfr2005-05-05 Love H�rnquist �strand <lha@it.su.se> 1334178825Sdfr 1335178825Sdfr * lib/krb5/krb5.conf.5: spelling 1336178825Sdfr 1337178825Sdfr2005-05-04 Love H�rnquist �strand <lha@it.su.se> 1338178825Sdfr 1339178825Sdfr * lib/krb5/krb5.conf.5: expand on what "trailing component" means 1340178825Sdfr 1341178825Sdfr2005-05-04 Johan Danielsson <joda@pdc.kth.se> 1342178825Sdfr 1343178825Sdfr * lib/krb5/rd_cred.c: put address comparison in separate function 1344178825Sdfr 1345178825Sdfr * lib/krb5/krb5_kuserok.3: check the user's ~/.k5login.d directory 1346178825Sdfr for access files, all of which is handled like the regular 1347178825Sdfr ~/.k5login 1348178825Sdfr 1349178825Sdfr * lib/krb5/kuserok.c: check the user's ~/.k5login.d directory for 1350178825Sdfr access files, all of which is handled like the regular ~/.k5login 1351178825Sdfr 1352178825Sdfr2005-05-03 Love H�rnquist �strand <lha@it.su.se> 1353178825Sdfr 1354178825Sdfr * doc/ack.texi: Clearify what version of libdes we are using and 1355178825Sdfr who's code in it we are using. 1356178825Sdfr 1357178825Sdfr * kcm/kcm.8: more text about usage 1358178825Sdfr 1359178825Sdfr * kcm/Makefile.am: man_MANS += kcm.8 1360178825Sdfr 1361178825Sdfr * kcm/kcm.8: initial manpage 1362178825Sdfr 1363178825Sdfr * configure.in: if we have a $srcdir/lib/asn1/pkcs12.asn1, define 1364178825Sdfr PKINIT 1365178825Sdfr 1366178825Sdfr2005-05-02 Dave Love <fx@gnu.org> 1367178825Sdfr 1368178825Sdfr * configure.in: sys/tty.h (for sys/ptyvar.h) might need termios.h. 1369178825Sdfr 1370178825Sdfr2005-05-02 Love H�rnquist �strand <lha@it.su.se> 1371178825Sdfr 1372178825Sdfr * tools/krb5-config.in: add com_err to required libs 1373178825Sdfr 1374178825Sdfr * lib/krb5/pkinit.c (krb5_ui_method_read_string): use the fill in 1375178825Sdfr length 1376178825Sdfr 1377178825Sdfr * lib/krb5/init_creds_pw.c: Now that we fixed the signed-ness of 1378178825Sdfr nonce for windows, remove the code that removed the signed 1379178825Sdfr bit. Instead add comment that they still need to be the same 1380178825Sdfr (Kerberos protocol nonce and pk-init nonce) for Windows. 1381178825Sdfr 1382178825Sdfr2005-05-02 David Love <fx@gnu.org> 1383178825Sdfr 1384178825Sdfr * lib/krb5/crypto.c: Don't declare des_salt &c as static with 1385178825Sdfr incomplete type (invalid in c89, at least). 1386178825Sdfr 1387178825Sdfr2005-05-02 Love H�rnquist �strand <lha@it.su.se> 1388178825Sdfr 1389178825Sdfr * lib/krb5/krb5_locl.h: include <crypt.h> 1390178825Sdfr 1391178825Sdfr2005-05-02 David Love <fx@gnu.org> 1392178825Sdfr 1393178825Sdfr * kcm/connect.c (init_socket): rename variable sun to un to avoid 1394178825Sdfr namespace collision. 1395178825Sdfr (handle_stream): Cast arg of krb5_warnx. 1396178825Sdfr 1397178825Sdfr2005-04-30 Love H�rnquist �strand <lha@it.su.se> 1398178825Sdfr 1399178825Sdfr * lib/krb5/init_creds_pw.c: if we are using PKINIT, strip of the 1400178825Sdfr highest bit to make windows PK-INIT happy. Also make the nonces 1401178825Sdfr the same, again for windows, they are using pk-init-9. 1402178825Sdfr 1403178825Sdfr XXX check if it isn't the that nonce is an unsigned variable so 1404178825Sdfr its just a asn1 mismatch. 1405178825Sdfr 1406178825Sdfr * kdc/pkinit.c: pass a NULL prompter data to _krb5_pk_load_openssl_id 1407178825Sdfr 1408178825Sdfr * kuser/kinit.c: krb5_get_init_creds_opt_set_pkinit 1409178825Sdfr 1410178825Sdfr * lib/krb5/pkinit.c: Pass prompter data to the prompter function, 1411178825Sdfr implement a UI prompter function wrapping the kerberos prompter 1412178825Sdfr function so that the the OpenSSL ENGINE can ask for a password 1413178825Sdfr when loading the private key. From: Douglas E. Engert 1414178825Sdfr 1415178825Sdfr * lib/krb5: add <err.h> in test programs 1416178825Sdfr 1417178825Sdfr * configure.in: sys/ptyvar.h might need <sys/tty.h> 1418178825Sdfr 1419178825Sdfr * lib/krb5/Makefile.am: use LIB_com_err for libkrb5.la 1420178825Sdfr 1421178825Sdfr2005-04-29 Love H�rnquist �strand <lha@it.su.se> 1422178825Sdfr 1423178825Sdfr * lib/asn1/Makefile.am: use $(LIB_com_err) 1424178825Sdfr 1425178825Sdfr2005-04-28 Love H�rnquist �strand <lha@it.su.se> 1426178825Sdfr 1427178825Sdfr * lib/krb5/context.c (krb5_set_config_files): ignore permission 1428178825Sdfr denied on configuration files, user might not be allowed to read 1429178825Sdfr /var/heimdal/kdc.conf 1430178825Sdfr 1431178825Sdfr2005-04-26 Dave Love <fx@gnu.org> 1432178825Sdfr 1433178825Sdfr * lib/krb5/krb5_locl.h: define _POSIX_PTHREAD_SEMANTICS so we get 1434178825Sdfr posix getpwnam_r 1435178825Sdfr 1436178825Sdfr2005-04-25 Love H�rnquist �strand <lha@it.su.se> 1437178825Sdfr 1438178825Sdfr * lib/asn1/gen_glue.c: switch the units variable to a 1439178825Sdfr function. gcc-4.1 needs the size of the structure if its defined 1440178825Sdfr as extern struct units foo_units[] an we don't want to include 1441178825Sdfr <parse_units.h> in the generate headerfile 1442178825Sdfr 1443178825Sdfr2005-04-25 Love H�rnquist �strand <lha@it.su.se> 1444178825Sdfr 1445178825Sdfr * lib/hdb/hdb.schema: add EQUALITY rule for krb5ValidStart, 1446178825Sdfr krb5ValidEnd, krb5PasswordEnd From Howard Chu 1447178825Sdfr 1448178825Sdfr2005-04-24 Love H�rnquist �strand <lha@it.su.se> 1449178825Sdfr 1450178825Sdfr * doc/whatis.texi: comment out docbook stuff for now 1451178825Sdfr 1452178825Sdfr * kuser/klist.c: use strlcpy 1453178825Sdfr 1454178825Sdfr * doc/ack.texi: we no longer use eay libdes, make acknowledgment 1455178825Sdfr still be there, but claim that we no longer use it. Mark editline 1456178825Sdfr to be a modified version as required by the license. 1457178825Sdfr 1458178825Sdfr * lib/krb5/pkinit.c: use the unexported oid_to_enctype function 1459178825Sdfr 1460178825Sdfr * lib/krb5/crypto.c: unexport the oid_to_enctype function, not for 1461178825Sdfr external consumers 1462178825Sdfr 1463178825Sdfr * kdc/Makefile.am: always add kaserver 1464178825Sdfr 1465178825Sdfr * lib/krb5/krb5_ccache.3: document krb5_cc_new_unique 1466178825Sdfr 1467178825Sdfr * lib/krb5/cache.c (krb5_cc_new_unique): new function to create a 1468178825Sdfr new credential cache 1469178825Sdfr 1470178825Sdfr * kdc/headers.h: don't include kerberos 4 headers here 1471178825Sdfr 1472178825Sdfr * kdc/hpropd.c: include kerberos 4 headers here 1473178825Sdfr 1474178825Sdfr * kdc/connect.c: add kaserver support independ of having krb4 1475178825Sdfr support 1476178825Sdfr 1477178825Sdfr * kdc/config.c: add kaserver support unconditionally, make kdc 1478178825Sdfr only fail to start when there are no v4 realm configured and 1479178825Sdfr krb4/kaserver is turned on 1480178825Sdfr 1481178825Sdfr * kdc/kaserver.c: Use the new Kerberos 4 functions in libkrb5 and 1482178825Sdfr so kaserver support is always compiled in (still default disabled) 1483178825Sdfr 1484178825Sdfr * lib/krb5/v4_glue.c: simplify error handling 1485178825Sdfr 1486178825Sdfr * doc/whatis.texi: add docbook version macro of @sub 1487178825Sdfr 1488178825Sdfr * doc/heimdal.texi: change the wrapping around the Top node to 1489178825Sdfr ifnottex, make html generation work 1490178825Sdfr 1491178825Sdfr * lib/krb5/krb5_krbhst_init.3: spelling, from Bj�rn Sandell 1492178825Sdfr <biorn@dce.chalmers.se> 1493178825Sdfr 1494178825Sdfr * lib/krb5/krb5_get_krbhst.3: spelling, from Bj�rn Sandell 1495178825Sdfr <biorn@dce.chalmers.se> 1496178825Sdfr 1497178825Sdfr * lib/krb5/krb5_data.3: spelling, from Bj�rn Sandell 1498178825Sdfr <biorn@dce.chalmers.se> 1499178825Sdfr 1500178825Sdfr * lib/krb5/krb5_aname_to_localname.3: spelling, from Bj�rn Sandell 1501178825Sdfr <biorn@dce.chalmers.se> 1502178825Sdfr 1503178825Sdfr * lib/krb5/krb5_address.3: spelling, from Bj�rn Sandell 1504178825Sdfr <biorn@dce.chalmers.se> 1505178825Sdfr 1506178825Sdfr2005-04-23 Love H�rnquist �strand <lha@it.su.se> 1507178825Sdfr 1508178825Sdfr * kdc/config.c: Use the new Kerberos 4 functions in libkrb5 and so 1509178825Sdfr kerberos 4 is always compiled in (still default disabled) 1510178825Sdfr 1511178825Sdfr * kdc/kerberos4.c: Use the new Kerberos 4 functions in libkrb5 and 1512178825Sdfr so kerberos 4 is always compiled in (still default disabled) 1513178825Sdfr 1514178825Sdfr * lib/krb5/krb5_locl.h: forward declaration of _krb5_krb_auth_data 1515178825Sdfr 1516178825Sdfr * lib/krb5/convert_creds.c: Move the kerberos v4 replacement 1517178825Sdfr functions to v4_glue.c 1518178825Sdfr 1519178825Sdfr * lib/krb5/v4_glue.c: Implement enough of kerberos 4 protocol to 1520178825Sdfr be a KDC, move the v4 bits over here 1521178825Sdfr 1522178825Sdfr * lib/krb5/krb5-v4compat.h: add more v4 defines 1523178825Sdfr 1524178825Sdfr2005-04-22 Love H�rnquist �strand <lha@it.su.se> 1525178825Sdfr 1526178825Sdfr * kpasswd/kpasswdd.c: Support multi-realms databases, requires 1527178825Sdfr that all the realms are configured on the KDC in krb5.conf with 1528178825Sdfr [libdefaults]default_realm stanzas. 1529178825Sdfr 1530178825Sdfr2005-04-21 Love H�rnquist �strand <lha@it.su.se> 1531178825Sdfr 1532178825Sdfr * kdc/kerberos5.c: spell succeeded correctly, From Sean Chittenden 1533178825Sdfr 1534178825Sdfr * lib/krb5/addr_families.c: catch two more snprintf problems 1535178825Sdfr 1536178825Sdfr2005-04-20 Love H�rnquist �strand <lha@it.su.se> 1537178825Sdfr 1538178825Sdfr * lib/hdb/Makefile.am: this lib include com_err, add -com_err to 1539178825Sdfr CHECK_SYMBOLS 1540178825Sdfr 1541178825Sdfr * appl/test/http_client.c: cast ssize_t to unsigned long, fix 1542178825Sdfr printf format 1543178825Sdfr 1544178825Sdfr2005-04-19 Love H�rnquist �strand <lha@it.su.se> 1545178825Sdfr 1546178825Sdfr * lib/krb5/kuserok.c: use asprintf to avoid truncating pathnames 1547178825Sdfr 1548178825Sdfr * lib/krb5/get_host_realm.c: check return value of snprintf 1549178825Sdfr 1550178825Sdfr * lib/krb5/test_addr.c: check address truncation 1551178825Sdfr 1552178825Sdfr * lib/krb5/addr_families.c: check return values from snprintf and 1553178825Sdfr clean up semantics of ret_len 1554178825Sdfr 1555178825Sdfr * lib/krb5/krb5_address.3: clarify what ret_len is in 1556178825Sdfr krb5_print_address 1557178825Sdfr 1558178825Sdfr * lib/krb5/test_kuserok.c: add --version and --help 1559178825Sdfr 1560178825Sdfr * lib/krb5/kuserok.c: use getpwnamn_r if it exists 1561178825Sdfr 1562178825Sdfr * lib/krb5/Makefile.am: noinst_PROGRAMS += test_kuserok 1563178825Sdfr 1564178825Sdfr * lib/krb5/test_kuserok.c: test program for krb5_kuserok 1565178825Sdfr 1566178825Sdfr2005-04-18 Love H�rnquist �strand <lha@it.su.se> 1567178825Sdfr 1568178825Sdfr * lib/krb5/acache.c (acc_resolve): if open_default_ccache failed 1569178825Sdfr with ccErrCCacheNotFound try again with create_default_ccache, 1570178825Sdfr this fixes the problem where the security server apperenly haven't 1571178825Sdfr started yet on Mac OS X 1572178825Sdfr 1573178825Sdfr * lib/krb5/get_default_principal.c 1574178825Sdfr (_krb5_get_default_principal_local): add, for use of functions 1575178825Sdfr that in ccache layer to avoid recursive calls. 1576178825Sdfr 1577178825Sdfr * lib/hdb/hdb-ldap.c: drop <ctype.h>, no longer use any of the is* 1578178825Sdfr macros in this file 1579178825Sdfr 1580178825Sdfr * include/make_crypto.c: cast to unsigned char to make sure its 1581178825Sdfr not negative when passing it to is* functions 1582178825Sdfr 1583178825Sdfr2005-04-15 Love H�rnquist �strand <lha@it.su.se> 1584178825Sdfr 1585178825Sdfr * doc/programming.texi: remove manpage macro, add some more 1586178825Sdfr references to manpages 1587178825Sdfr 1588178825Sdfr * doc/heimdal.texi: define manpage macro 1589178825Sdfr 1590178825Sdfr * doc/setup.texi: document new password policy code 1591178825Sdfr 1592178825Sdfr * kpasswd/kpasswdd.c: add verifier libraries with 1593178825Sdfr kadm5_add_passwd_quality_verifier 1594178825Sdfr 1595178825Sdfr * lib/krb5/krb5_keyblock.3: document krb5_keyblock_init 1596178825Sdfr 1597178825Sdfr2005-04-14 Love H�rnquist �strand <lha@it.su.se> 1598178825Sdfr 1599178825Sdfr * kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the 1600178825Sdfr same, and clients 1601178825Sdfr (klog) can deal with that the kaserver returns the same thing for 1602178825Sdfr both 1603178825Sdfr 1604178825Sdfr * lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill 1605178825Sdfr in a keyblock from key data. 1606178825Sdfr 1607178825Sdfr2005-04-12 Love H�rnquist �strand <lha@it.su.se> 1608178825Sdfr 1609178825Sdfr * configure.in: rk_WIN32_EXPORT for roken 1610178825Sdfr 1611178825Sdfr2005-04-10 Love H�rnquist �strand <lha@it.su.se> 1612178825Sdfr 1613178825Sdfr * appl/test/gssapi_server.c: print out client principla of 1614178825Sdfr delegated credential 1615178825Sdfr 1616178825Sdfr2005-04-07 Love H�rnquist �strand <lha@it.su.se> 1617178825Sdfr 1618178825Sdfr * lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check 1619178825Sdfr for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert 1620178825Sdfr 1621178825Sdfr2005-04-07 Love H�rnquist �strand <lha@it.su.se> 1622178825Sdfr 1623178825Sdfr * .cvsignore: ignore more generate files 1624178825Sdfr 1625178825Sdfr2005-04-04 Love H�rnquist �strand <lha@it.su.se> 1626178825Sdfr 1627178825Sdfr * lib/asn1/check-der.c: use size_t, print size_t by casting to 1628178825Sdfr unsigned long 1629178825Sdfr 1630178825Sdfr * lib/krb5/test_crypto.c: print size_t by casting to unsigned long 1631178825Sdfr 1632178825Sdfr * lib/krb5/acache.c: Argument to create_new_ccache is a principal, 1633178825Sdfr not a credential cache name. Clean up lossage related to this 1634178825Sdfr problem. 1635178825Sdfr 1636178825Sdfr * lib/hdb/Makefile.am: CHECK_SYMBOLS += HDBFlags2int 1637178825Sdfr 1638178825Sdfr * lib/krb5/addr_families.c 1639178825Sdfr (krb5_address_prefixlen_boundary,krb5_free_address): 1640178825Sdfr use find_atype when we are dealing with a kerberos address type 1641178825Sdfr 1642178825Sdfr * lib/krb5/aes-test.c: size_t vs int + fix printf 1643178825Sdfr 1644178825Sdfr * lib/krb5/pkinit.c: Since the decode can't make out the diffrence 1645178825Sdfr between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to 1646178825Sdfr verify both cases 1647178825Sdfr 1648178825Sdfr2005-04-03 Love H�rnquist �strand <lha@it.su.se> 1649178825Sdfr 1650178825Sdfr * appl/test/uu_client.c: print size_t by casting to unsigned long 1651178825Sdfr 1652178825Sdfr2005-04-01 Johan Danielsson <joda@pdc.kth.se> 1653178825Sdfr 1654178825Sdfr * kdc/kerberos4.c (do_version4): check client and server max_life 1655178825Sdfr 1656178825Sdfr * kdc/kaserver.c (do_getticket): check client max_life 1657178825Sdfr 1658178825Sdfr2005-03-31 Love <lha@kth.se> 1659178825Sdfr 1660178825Sdfr * lib/krb5/verify_krb5_conf.c: const poison 1661178825Sdfr 1662178825Sdfr * lib/krb5/test_alname.c: const poison 1663178825Sdfr 1664178825Sdfr * lib/asn1/main.c: const poison 1665178825Sdfr 1666178825Sdfr * lib/krb5/test_addr.c: test parse IPv6 RANGE addresses 1667178825Sdfr 1668178825Sdfr * lib/krb5/addr_families.c: implement mask boundary for IPv6 1669178825Sdfr 1670178825Sdfr * lib/asn1/gen.c: avoid const string warnings steming from 1671178825Sdfr writeable-string 1672178825Sdfr 1673178825Sdfr2005-03-28 Love H�rnquist �strand <lha@it.su.se> 1674178825Sdfr 1675178825Sdfr * lib/krb5/Makefile.am: TESTS += test_addr 1676178825Sdfr 1677178825Sdfr * lib/krb5/test_addr.c: simple test for addresses 1678178825Sdfr 1679178825Sdfr * lib/krb5/addr_families.c: make RANGE parse prefixlen style 1680178825Sdfr addresses too, fix printing of RANGE addresses, add 1681178825Sdfr krb5_address_prefixlen_boundary 1682178825Sdfr 1683178825Sdfr * lib/krb5/krb5_keytab.3: stop memory leak in example, expand on 1684178825Sdfr wildcards 1685178825Sdfr 1686178825Sdfr2005-03-26 Love H�rnquist �strand <lha@it.su.se> 1687178825Sdfr 1688178825Sdfr * lib/krb5/krb5_principal.3: spelling, from Tomas Olsson 1689178825Sdfr 1690178825Sdfr * lib/krb5/krb5_warn.3: spelling, from Tomas Olsson 1691178825Sdfr 1692178825Sdfr2005-03-19 Love H�rnquist �strand <lha@it.su.se> 1693178825Sdfr 1694178825Sdfr * lib/krb5/acache.c: add mutex for global variables, clean up 1695178825Sdfr returned error codes, implement storing addresses into the ccapi 1696178825Sdfr 1697178825Sdfr * appl/test/gssapi_server.c: free memory, make error strings match 1698178825Sdfr 1699178825Sdfr * appl/test/gssapi_server.c: use print_gss_name, print server name 1700178825Sdfr too 1701178825Sdfr 1702178825Sdfr * appl/test/gss_common.h (print_gss_name): common code for 1703178825Sdfr printing gss name 1704178825Sdfr 1705178825Sdfr * appl/test/gss_common.c (print_gss_name): common code for 1706178825Sdfr printing gss name 1707178825Sdfr 1708178825Sdfr * appl/test/http_client.c: Make constent with rest of the gssapi 1709178825Sdfr test programs 1710178825Sdfr 1711178825Sdfr2005-03-17 Love H�rnquist �strand <lha@it.su.se> 1712178825Sdfr 1713178825Sdfr * lib/hdb/keys.c: AES is enabled by default, remove ifdefs 1714178825Sdfr 1715178825Sdfr * lib/krb5/crypto.c: AES is enabled by default, remove ifdefs 1716178825Sdfr 1717178825Sdfr * lib/krb5/aes-test.c: use hex encoder from roken AES is enabled 1718178825Sdfr by default, remove ifdefs 1719178825Sdfr 1720178825Sdfr * kdc/kerberos5.c: AES is enabled by default, remove ifdefs 1721178825Sdfr 1722178825Sdfr2005-03-16 Love H�rnquist �strand <lha@it.su.se> 1723178825Sdfr 1724178825Sdfr * doc/setup.texi: Add some text about modifying the database 1725178825Sdfr 1726178825Sdfr2005-03-15 Love H�rnquist �strand <lha@it.su.se> 1727178825Sdfr 1728178825Sdfr * kuser/kinit.c: widen lifetime/renewal warning text field, also 1729178825Sdfr make use of unparse_time_approx, no need to be specific to the 1730178825Sdfr second when ticket needs to be renewed or their lifetime. 1731178825Sdfr 1732178825Sdfr * doc/heimdal.texi: copyright maintenance, drop eay, use updated 1733178825Sdfr UCB license 1734178825Sdfr 1735178825Sdfr * lib/krb5/crypto.c: more static and unsigned issues 1736178825Sdfr 1737178825Sdfr * lib/krb5/crypto.c: fix signedness issues, prompted by report of 1738178825Sdfr Magnus Ahltorp 1739178825Sdfr 1740178825Sdfr2005-03-13 Love H�rnquist �strand <lha@it.su.se> 1741178825Sdfr 1742178825Sdfr * lib/krb5/krb5_keytab.3: more text about how to free returned 1743178825Sdfr resources 1744178825Sdfr 1745178825Sdfr2005-03-10 Love H�rnquist �strand <lha@it.su.se> 1746178825Sdfr 1747178825Sdfr * lib/krb5/pkinit.c: handle the -25 generation path 1748178825Sdfr 1749178825Sdfr * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_19 1750178825Sdfr 1751178825Sdfr * lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes 1752178825Sdfr 1753178825Sdfr2005-03-09 Love H�rnquist �strand <lha@it.su.se> 1754178825Sdfr 1755178825Sdfr * kdc/pkinit.c: use generated oid's 1756178825Sdfr 1757178825Sdfr * lib/krb5/pkinit.c: use generated oid's 1758178825Sdfr 1759178825Sdfr2005-03-08 Love H�rnquist �strand <lha@it.su.se> 1760178825Sdfr 1761178825Sdfr * kdc/pkinit.c: update to the asn1 structures used in -25's 1762178825Sdfr 1763178825Sdfr * lib/krb5/pkinit.c: update to the asn1 structures used in -25's 1764178825Sdfr 1765178825Sdfr2005-03-04 Love H�rnquist �strand <lha@it.su.se> 1766178825Sdfr 1767178825Sdfr * lib/hdb/hdb-ldap.c: use the newly written hex function from 1768178825Sdfr roken and remove the old implementation 1769178825Sdfr 1770178825Sdfr2005-03-01 Love H�rnquist �strand <lha@it.su.se> 1771178825Sdfr 1772178825Sdfr * appl/test/http_client.c: allow specifing port to connect to 1773178825Sdfr 1774178825Sdfr2005-02-24 Love H�rnquist �strand <lha@it.su.se> 1775178825Sdfr 1776178825Sdfr * lib/krb5/Makefile.am: bump version to 21:0:4 1777178825Sdfr 1778178825Sdfr * lib/hdb/Makefile.am: bump version to 8:0:1 1779178825Sdfr 1780178825Sdfr * lib/asn1/Makefile.am: bump version to 7:0:1 1781178825Sdfr 1782178825Sdfr2005-02-23 Love H�rnquist �strand <lha@it.su.se> 1783178825Sdfr 1784178825Sdfr * lib/krb5/crypto.c (DES_string_to_key_int): must check for weak 1785178825Sdfr keys after doing the DES_cbc_cksum 1786178825Sdfr 1787178825Sdfr2005-02-19 Luke Howard <lukeh@padl.com> 1788178825Sdfr 1789178825Sdfr * lib/krb5/krbhst.c: set KD_CONFIG after calling 1790178825Sdfr config_get_hosts() in kpasswd_get_next() 1791178825Sdfr From: Wynn Wilkes <wynnw@vintela.com> 1792178825Sdfr 1793178825Sdfr2005-02-15 Love H�rnquist �strand <lha@it.su.se> 1794178825Sdfr 1795178825Sdfr * lib/hdb/db3.c (DB_open): correct the check for O_RDONLY 1796178825Sdfr From: Chaskiel M Grundman <cg2v@andrew.cmu.edu> 1797178825Sdfr 1798178825Sdfr2005-02-09 Love H�rnquist �strand <lha@it.su.se> 1799178825Sdfr 1800178825Sdfr * lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to 1801178825Sdfr make %d work 1802178825Sdfr 1803178825Sdfr2005-02-08 Love H�rnquist �strand <lha@it.su.se> 1804178825Sdfr 1805178825Sdfr * lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the 1806178825Sdfr caller requested to provide the user with a glue what the caller 1807178825Sdfr was asking for. 1808178825Sdfr 1809178825Sdfr2005-02-05 Luke Howard <lukeh@padl.com> 1810178825Sdfr 1811178825Sdfr * lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop 1812178825Sdfr 1813178825Sdfr * kcm/acquire.c: don't leak salt if keyproc called multiple 1814178825Sdfr times 1815178825Sdfr 1816178825Sdfr * kcm/config.c: allow KCM system ccache to be configured from 1817178825Sdfr krb5.conf, in the system_ccache stanza of [kcm] 1818178825Sdfr 1819178825Sdfr2005-02-03 Love H�rnquist �strand <lha@it.su.se> 1820178825Sdfr 1821178825Sdfr * kcm/protocol.c: use -1 as the invalid pid number 1822178825Sdfr 1823178825Sdfr * kcm/connect.c: support SCM_CREDS (for NetBSD) 1824178825Sdfr 1825178825Sdfr * kcm/Makefile.am: LDADD += LIB_pidfile 1826178825Sdfr 1827178825Sdfr * kcm/connect.c: make it possible to build on systems without 1828178825Sdfr SO_PEERCRED (still doesn't work) 1829178825Sdfr 1830178825Sdfr * kcm/config.c: cast argument to isdigit to unsigned char 1831178825Sdfr 1832178825Sdfr * lib/krb5/krb5.conf.5: document large_msg_size 1833178825Sdfr 1834178825Sdfr * lib/krb5/context.c (init_context_from_config_file): init 1835178825Sdfr large_msg_size to 6000 1836178825Sdfr 1837178825Sdfr * lib/krb5/krb5.h (krb5_context_data): add large_msg_size, 1838178825Sdfr threshold where we start to use transport protocols without tiny 1839178825Sdfr max data transport sizes. 1840178825Sdfr 1841178825Sdfr * lib/krb5/kcm.h: drop prototypes, they all live in krb5-private.h 1842178825Sdfr by now 1843178825Sdfr 1844178825Sdfr2005-02-02 Luke Howard <lukeh@padl.com> 1845178825Sdfr 1846178825Sdfr * configure.in: generate kcm/Makefile 1847178825Sdfr 1848178825Sdfr * Makefile.am: recurse into kcm/ if KCM defined 1849178825Sdfr 1850178825Sdfr * kcm: add KCM daemon 1851178825Sdfr 1852178825Sdfr2005-02-02 Love H�rnquist �strand <lha@it.su.se> 1853178825Sdfr 1854178825Sdfr * lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again 1855178825Sdfr 1856178825Sdfr * lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add 1857178825Sdfr some more error strings 1858178825Sdfr 1859178825Sdfr2005-02-02 Luke Howard <lukeh@padl.com> 1860178825Sdfr 1861178825Sdfr * configure.in: add --enable-kcm option for Kerberos 1862178825Sdfr Credentials Manager (KCM) 1863178825Sdfr 1864178825Sdfr * lib/krb5/Makefile.am: add kcm.c 1865178825Sdfr 1866178825Sdfr * lib/krb5/cache.c: use cc_retrieve_cred if present rather 1867178825Sdfr than enumerating ccache 1868178825Sdfr 1869178825Sdfr * lib/krb5/context.c: register KCM cc_ops 1870178825Sdfr 1871178825Sdfr * lib/krb5/get_cred.c: pass all options to cc_retrieve_cred 1872178825Sdfr 1873178825Sdfr * lib/krb5/init_creds_pw.c: add krb5_get_init_creds_keyblock 1874178825Sdfr 1875178825Sdfr * lib/krb5/kcm.[ch]: add initial implementation of KCM 1876178825Sdfr client library 1877178825Sdfr 1878178825Sdfr * lib/krb5/krb5.h: fix cc_retrieve prototype, add KCM cc_ops 1879178825Sdfr 1880178825Sdfr * lib/krb5/send_to_kdc.c: add _krb5_send_and_recv_tcp 1881178825Sdfr 1882178825Sdfr * lib/krb5/store.c: add krb5_store_creds_tag, krb5_ret_creds_tag 1883178825Sdfr 1884178825Sdfr2005-01-24 Luke Howard <lukeh@padl.com> 1885178825Sdfr 1886178825Sdfr * lib/krb5/init_creds_pw.c: allow NULL in_options to be passed 1887178825Sdfr krb5_get_init_creds_password() 1888178825Sdfr 1889178825Sdfr * kdc/kerberos5.c: don't crash when logging no server etype 1890178825Sdfr support if client == NULL 1891178825Sdfr 1892178825Sdfr2005-01-17 Love H�rnquist �strand <lha@it.su.se> 1893178825Sdfr 1894178825Sdfr * kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love 1895178825Sdfr <d.love@dl.ac.uk> 1896178825Sdfr 1897178825Sdfr2005-01-12 Love H�rnquist �strand <lha@it.su.se> 1898178825Sdfr 1899178825Sdfr * doc/apps.texi: Texinfo fixes. Text about irix 6.5 using 1900178825Sdfr PAM. From: Dave Love <d.love@dl.ac.uk> 1901178825Sdfr 1902178825Sdfr2005-01-08 Love H�rnquist �strand <lha@it.su.se> 1903178825Sdfr 1904178825Sdfr * lib/krb5/verify_krb5_conf.c: cast argument to isdigit to 1905178825Sdfr unsigned char 1906178825Sdfr 1907178825Sdfr * lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned 1908178825Sdfr char 1909178825Sdfr 1910178825Sdfr * lib/asn1/hash.c (hashcaseadd): cast argument to toupper to 1911178825Sdfr unsigned char 1912178825Sdfr 1913178825Sdfr * appl/kf/kfd.c (kfd_match_version): cast argument to islower to 1914178825Sdfr unsigned char 1915178825Sdfr 1916178825Sdfr * lib/krb5/krb5.3: drop krb5_{checksum,enctype}_is_disabled 1917178825Sdfr 1918178825Sdfr * lib/krb5/krb5_encrypt.3: drop krb5_enctype_is_disabled, more 1919178825Sdfr text about krb5_enctype_valid 1920178825Sdfr 1921178825Sdfr * lib/krb5/krb5_create_checksum.3: drop 1922178825Sdfr krb5_checksum_is_disabled 1923178825Sdfr 1924178825Sdfr * lib/krb5/crypto.c: drop krb5_{checksum,enctype}_isdisabled 1925178825Sdfr 1926178825Sdfr * lib/krb5/context.c: krb5_enctype_is_disabled is the same thing 1927178825Sdfr as krb5_enctype_valid, so use the later since its older and the 1928178825Sdfr api doesn't really need another entry point 1929178825Sdfr 1930178825Sdfr * lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as 1931178825Sdfr krb5_enctype_valid, so use the later since its older and the api 1932178825Sdfr doesn't really need another entry point 1933178825Sdfr 1934178825Sdfr * kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as 1935178825Sdfr krb5_enctype_valid, so use the later since its older and the api 1936178825Sdfr doesn't really need another entry point 1937178825Sdfr 1938178825Sdfr2005-01-05 Love H�rnquist �strand <lha@it.su.se> 1939178825Sdfr 1940178825Sdfr * kpasswd/kpasswdd.8: document --addresses, controls what 1941178825Sdfr addresses kpasswd should listen too 1942178825Sdfr 1943178825Sdfr * kpasswd/kpasswdd.c: add --addresses, controls what addresses 1944178825Sdfr kpasswd should listen too 1945178825Sdfr 1946178825Sdfr * lib/krb5/addr_families.c (krb5_parse_address): filter out dup 1947178825Sdfr addresses from getaddrinfo 1948178825Sdfr 1949178825Sdfr * kpasswd/kpasswd.1: document -c 1950178825Sdfr 1951178825Sdfr * kpasswd/kpasswd.c: allow specifying a credential cache to use 1952178825Sdfr for the admin principal 1953178825Sdfr 1954178825Sdfr * include/bits.c: constify to avoid warning with -Wwrite-string 1955178825Sdfr 1956178825Sdfr * NEWS: add 0.6.2 and 0.6.3 items 1957178825Sdfr 1958178825Sdfr * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey_extended 1959178825Sdfr 1960178825Sdfr * lib/krb5/krb5_is_thread_safe.3: document function 1961178825Sdfr 1962178825Sdfr * lib/krb5/Makefile.am (man_MANS) += krb5_is_thread_safe.3 1963178825Sdfr 1964178825Sdfr * lib/krb5/context.c (krb5_is_thread_safe): return TRUE is the 1965178825Sdfr library was compiled with multithreading support. If not, 1966178825Sdfr application must global lock the library, it it uses threads that 1967178825Sdfr call kerberos functions at the same time. 1968178825Sdfr 1969178825Sdfr2005-01-05 Luke Howard <lukeh@padl.com> 1970178825Sdfr 1971178825Sdfr * lib/krb5/auth_context.c: use krb5_generate_subkey_extended() 1972178825Sdfr 1973178825Sdfr * lib/krb5/appdefault.c: remove redundant KRB5_LIB_FUNCTION 1974178825Sdfr 1975178825Sdfr * lib/krb5/build_auth.c: support for enctype negotiation 1976178825Sdfr (client sends EtypeList in Authenticator authz data) 1977178825Sdfr 1978178825Sdfr * lib/krb5/context.c: mutex should be destroyed last in 1979178825Sdfr krb5_free_context() 1980178825Sdfr 1981178825Sdfr * lib/krb5/generate_subkey.c: add krb5_generate_subkey_extended(), 1982178825Sdfr set *subkey to NULL if key geneartion fails 1983178825Sdfr 1984178825Sdfr * lib/krb5/krb5.h: add KRB5_KU_PA_SERVER_REFERRAL_DATA 1985178825Sdfr 1986178825Sdfr * lib/krb5/mk_req_ext.c: support ETYPE_ARCFOUR_HMAC_MD5_56 1987178825Sdfr 1988178825Sdfr * lib/krb5/rd_req.c: support for enctype negotiation 1989178825Sdfr (client sends EtypeList in Authenticator authz data) 1990178825Sdfr 1991178825Sdfr2005-01-04 Luke Howard <lukeh@padl.com> 1992178825Sdfr 1993178825Sdfr * lib/asn1/k5.asn1: add authorization data types for enctype 1994178825Sdfr negotiation implementation 1995178825Sdfr 1996178825Sdfr2005-01-04 Love H�rnquist �strand <lha@it.su.se> 1997178825Sdfr 1998178825Sdfr * lib/krb5/changepw.c (change_password_loop): on failing to find a 1999178825Sdfr kdc, set result_code to KRB5_KPASSWD_HARDERROR 2000178825Sdfr 2001178825Sdfr2005-01-01 Love H�rnquist �strand <lha@it.su.se> 2002178825Sdfr 2003178825Sdfr * doc/heimdal.texi: Happy New Year 2004178825Sdfr 2005