Lines Matching +refs:cc +refs:check +refs:function +refs:in +refs:lib
17 * lib/krb5/ticket.c: add krb5_ticket_get_endtime
19 * lib/krb5/krb5_ticket.3: Document krb5_ticket_get_endtime
21 * kdc/digest.c: Remove <digest_asn.h>, its already included in
26 * lib/krb5/digest.c (krb5_ntlm_rep_get_sessionkey): return value
31 * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): use md5 for
43 * lib/krb5/digest.c: Add krb5_ntlm_init_get_targetinfo.
70 * lib/krb5/digest.c: Add sessionkey accessor functions.
79 * lib/krb5/store.c (krb5_ret_principal): Fix a bug in the malloc
80 failure part, noticed by Arnaud Lacombe in NetBSD coverity scan.
84 * lib/krb5/fcache.c (fcc_get_cache_next): avoid const warning.
101 * lib/Makefile.am: hook in ntlm
103 * configure.in (AC_CONFIG_FILES): add lib/ntlm/Makefile
105 * lib/krb5/digest.c: API to authenticate ntlm requests.
107 * lib/krb5/fcache.c: Support "iteration" of file credential caches
111 * lib/krb5/krb5_locl.h: Expand the default root for some of the cc
116 * lib/krb5/init_creds_pw.c (free_paid): free the krb5_data
126 * kuser/kdigest-commands.in: prefix digest commands with digest-
135 * lib/krb5/pkinit.c: sprinkle more _krb5_pk_copy_error
137 * lib/krb5/pkinit.c: Copy more hx509 error strings to krb5 error
149 * kdc/pkinit.c (_kdc_add_inital_verified_cas): new function, adds
153 * kdc/kerberos5.c (_kdc_tkt_add_if_relevant_ad): new function.
155 * lib/Makefile.am: Make the directories test automake conditional
156 so automake can include directories in make dist step.
163 * kdc/pkinit.c: Add comment that the anchors in the signed data
174 * lib/hdb/hdb-ldap.c: Clear errno before calling the strtol
178 * lib/krb5/config_file.c: Use strcspn to remove \n from fgets
188 * lib/krb5/krbhst.c (plugin_get_hosts): be more paranoid and pass
189 in a NULLed plugin list
193 * lib/krb5/verify_krb5_conf.c: add more pkinit options.
195 * lib/krb5/pkinit.c: Store what PK-INIT type we used to know reply
202 * lib/hdb/Makefile.am: Add LIB_com_err to pacify AIX
206 * lib/hdb/hdb-ldap.c: Make build again from the hdb_entry
209 * kdc/pkinit.c: Need better code in the DH parameter rejection
219 * lib/krb5/pkinit.c (build_auth_pack): set supportedCMSTypes.
223 * lib/krb5/pkinit.c: Pass down hx509_peer_info.
226 pass in into hx509_cms_create_signed_1 via hx509_peer_info blob.
229 pass in into hx509_cms_create_signed_1 via hx509_peer_info blob.
233 * lib/krb5/send_to_kdc.c: Set the large_msg_size to 1400, lets not
239 * lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users
240 certs in the pool to make sure a path is returned, without this
247 * lib/krb5/log.c (krb5_get_warn_dest): return warn_dest from
250 * lib/krb5/krb5_warn.3: document krb5_[gs]et_warn_dest
252 * lib/krb5/krb5.h: Drop KRB5_KU_TGS_IMPERSONATE.
257 * lib/krb5/get_cred.c: Use KRB5_KU_OTHER_CKSUM for the impersonate
262 * lib/krb5/verify_user.c: Make krb5_get_init_creds_opt_free take a
265 * lib/krb5/krb5_get_init_creds.3: Make
268 * lib/krb5/init_creds_pw.c: Make krb5_get_init_creds_opt_free take
283 * lib/krb5/init_creds.c: Make krb5_get_init_creds_opt_free take a
304 * lib/krb5/pkinit.c: Make app pkinit options prefixed with pkinit_
306 * lib/krb5/mit_glue.c (krb5_c_keylengths): make compile again.
308 * lib/krb5/mit_glue.c (krb5_c_keylengths): rename.
310 * lib/krb5/mit_glue.c (krb5_c_keylength): mit changed the api,
315 * lib/krb5/pac.c (fill_zeros): stop using MIN.
319 * lib/krb5/test_plugin.c: Use NOTHERE.H5L.SE.
321 * lib/krb5/krbhst.c: Fill in hints for picky getaddrinfo()s.
323 * lib/krb5/test_plugin.c: Set sin_len if it exists.
325 * lib/krb5/krbhst.c: Use plugin for the other realm locate types
330 * lib/krb5/krb5_locl.h: Add plugin api
332 * lib/krb5/Makefile.am: Add plugin api.
334 * lib/krb5/krbhst.c: Use the resolve plugin interface.
336 * lib/krb5/locate_plugin.h: Add plugin interface for resolving
339 * lib/krb5/plugin.c: Add first version of the plugin interface.
341 * lib/krb5/test_pac.c: Test signing.
343 * lib/krb5/pac.c: Add code to sign PACs, only arcfour for now.
345 * lib/krb5/krb5.h: Add struct krb5_pac.
349 * lib/krb5/test_pac.c: PAC testing.
351 * lib/krb5/pac.c: Sprinkle error strings.
353 * lib/krb5/pac.c: Verify LOGON_NAME.
359 _kdc_pk_check_client since its not valid in canonicalize case
361 * lib/krb5/krb5_c_make_checksum.3: Document krb5_c_keylength.
363 * lib/krb5/mit_glue.c: Add krb5_c_keylength.
367 * lib/krb5/pac.c: Almost enough code to do PAC parsing and
368 verification, missing in the unix2NTTIME and ucs2 corner. The
371 * lib/krb5/krb5_init_context.3: document krb5_[gs]et_max_time_skew
377 * lib/krb5/context.c: rename krb5_[gs]et_time_wrap to
383 * lib/krb5/rd_req.c: Add more krb5_rd_req_out_get functions.
387 * lib/krb5/krb5.h: krb5_rd_req{,_in,_out}_ctx.
389 * lib/krb5/rd_req.c (krb5_rd_req_ctx): Add context all singing-all
399 * lib/krb5/expand_hostname.c: Rename various routines and
402 * lib/krb5/context.c: Add krb5_[gs]et_time_wrap
404 * lib/krb5/krb5_locl.h: Rename various routines and constants from
412 * include/Makefile.am: Move version.h and version.h.in to
426 * configure.in: heimdal 0.8-RC1
430 * lib/krb5/digest.c: Try to not leak memory.
447 * lib/hdb/keys.c (hdb_generate_key_set): free list of enctype when
450 * lib/krb5/crypto.c: Allocate the memory we later use.
452 * lib/krb5/test_princ.c: Try to not leak memory.
454 * lib/krb5/test_crypto_wrapping.c: Try to not leak memory.
456 * lib/krb5/test_cc.c: Try to not leak memory.
458 * lib/krb5/addr_families.c (arange_free): Try to not leak memory.
460 * lib/krb5/crypto.c (AES_string_to_key): Try to not leak memory.
468 * lib/hdb/Makefile.am: remove dependency on et files covert_db
475 * lib/hdb/hdb-ldap.c: Make compile.
477 * configure.in: add include/gssapi/Makefile.
491 * lib/krb5/context.c (krb5_free_context): free send_to_kdc context
493 * doc/heimdal.texi: Put Heimdal in the dircategory Security.
495 * lib/krb5/send_to_kdc.c: Add sent_to_kdc hook, from Andrew
498 * lib/krb5/krb5_locl.h: Add send_to_kdc hook.
500 * lib/krb5/krb5.h: Add krb5_send_to_kdc_func prototype.
506 * lib/hdb/Makefile.am: more files
508 * lib/krb5/Makefile.am: add more files
514 * configure.in: Don't check for timegm, libroken provides it for
517 * lib/krb5/acache.c: Does function typecasts instead of void *
520 * lib/krb5/krb5.h: Remove bonus , that Love sneeked in.
522 * configure.in: make --disable-pk-init help text also negative
531 * lib/hdb/db3.c: Wrap function call pointer calls in (*func) to
534 * lib/krb5/Makefile.am: Add test_princ.
536 * lib/krb5/principal.c: More error strings, handle realm-less
539 * lib/krb5/test_princ.c: Test principal parsing and unparsing.
543 * lib/krb5/get_host_realm.c (krb5_get_host_realm): make sure we
546 * lib/krb5/get_host_realm.c (krb5_get_host_realm): no components
549 * lib/krb5/krb5.h: Add flags for krb5_unparse_name_flags
551 * lib/krb5/krb5_principal.3: Document
554 * lib/krb5/principal.c: Add krb5_unparse_name_flags and
557 * lib/krb5/krb5_principal.3: Document krb5_parse_name_flags.
559 * lib/krb5/principal.c: Add krb5_parse_name_flags.
561 * lib/krb5/principal.c: Add krb5_parse_name_flags.
563 * lib/krb5/krb5.h: Add krb5_parse_name_flags flags.
565 * lib/krb5/krb5_locl.h: Hide krb5_context_data from public
568 * lib/krb5/krb5.h: Hide krb5_context_data from public exposure.
572 * lib/krb5/context.c: Document krb5_get_kdc_sec_offset()
574 * lib/krb5/krb5_init_context.3: Add krb5_get_kdc_sec_offset()
576 * lib/krb5/krb5_init_context.3: Add krb5_set_dns_canonize_hostname
579 * lib/krb5/verify_krb5_conf.c:
582 * lib/krb5/expand_hostname.c: use dns_canonize_hostname to
586 * lib/krb5/krb5.h (krb5_context): add dns_canonize_hostname.
596 * fix-export: Build lib/asn1/der-protos.h.
606 * lib/hdb/ext.c: Prefix der primitives with der_.
608 * lib/hdb/ext.c: Prefix der primitives with der_.
610 * lib/krb5/crypto.c: Remove workaround from when there wasn't
613 * lib/krb5/ticket.c: Prefix der primitives with der_.
615 * lib/krb5/digest.c: Prefix der primitives with der_.
617 * lib/krb5/crypto.c: Prefix der primitives with der_.
619 * lib/krb5/data.c: Prefix der primitives with der_.
647 * kdc/config.c: check for [kdc]max-kdc-datagram-reply-length
651 * lib/hdb/keytab.c: Change || to |, From metze.
653 * lib/hdb/keytab.c: Add back :file to sample format.
655 * lib/hdb/keytab.c: Add more HDB_F flags to hdb_fetch. Pointed out
684 * lib/krb5/aes-test.c: Make argument to PKCS5_PBKDF2_HMAC_SHA1
692 * lib/hdb/Makefile.am: split build files into dist_ and noinst_
695 * lib/krb5/Makefile.am: split build files into dist_ and noinst_
703 * lib/krb5/krbhst.c (common_init): don't try DNS when there is
712 * lib/krb5/get_in_tkt.c: Adapt to signature change of
715 * lib/krb5/rd_cred.c: Adapt to signature change of
718 * lib/krb5/rd_req.c: Adapt to signature change of
721 * lib/krb5/asn1_glue.c (_krb5_principalname2krb5_principal): add
727 * lib/hdb/keytab.c (hdb_get_entry): close and destroy the database
754 * configure.in: Call AB_INIT.
758 * kdc/pkinit.c: Sign the request in the encKey case. Bug reported
761 * lib/krb5/Makefile.am: man_MANS += krb5_digest.3
763 * lib/krb5/krb5_digest.3: Add all protos
767 * lib/krb5/krb5_digest.3: Basic krb5_digest manpage.
773 * lib/krb5/init_creds_pw.c: minimize layering and remove
776 * lib/krb5/get_in_tkt.c: Always use the kdc_flags in the right bit
779 * lib/krb5/init_creds_pw.c: Always use the kdc_flags in the right
784 * lib/krb5/digest.c (digest_request): if NULL is passed in as
791 * appl/gssmask/gssmaestro.c: Handle FIRST_CALL in the context
826 * lib/krb5/rd_req.c: disable ETypeList parsing usage for now, cfx
850 * appl/gssmask/gssmaestro.c: Log port in connection message.
852 * configure.in: Make pk-init turned on by default.
856 * fix-export: Build lib/hx509/{hx509-protos.h,hx509-private.h}.
864 * kdc/krb5tgs.c: Check the adtkt in the constrained delegation
872 * lib/krb5/krb5_timeofday.3: Fixes from Björn Sandell.
874 * lib/krb5/krb5_get_init_creds.3: Fixes from Björn Sandell.
878 * tools/krb5-config.in: Add "kafs" option.
882 * lib/hdb/db.c: By using full function calling conversion (*func)
885 * lib/krb5/cache.c: By using full function calling
896 * lib/krb5/pkinit.c: Adapt to new signature of
901 * lib/krb5/pkinit.c (pk_verify_host): set errorstrings in a
906 * lib/krb5/krb5_init_context.3: Prevent a font generation warning,
911 * lib/krb5/context.c (krb5_init_ets): Add the hx errortable
913 * lib/krb5/krb5_locl.h: Include hx509_err.h.
915 * lib/krb5/pkinit.c (_krb5_pk_verify_sign): catch the error string
916 from the hx509 lib
920 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags):
923 * lib/krb5/init_creds_pw.c (init_cred_loop): try to catch the
926 * lib/krb5/init_creds_pw.c: Remove debug printfs.
930 * lib/krb5/krb5_get_init_creds.3: Document
933 * kuser/kinit.c: Use new function
936 * lib/krb5/krb5_locl.h: use new addressless, convert pa-pac option
939 * lib/krb5/init_creds_pw.c: use new addressless, convert pa-pac
943 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_addressless):
945 instead of passing in the empty set of address into
957 * lib/krb5/krbhst.c (fallback_get_hosts): limit the fallback
960 * configure.in: Add special tests for <sys/ucred.h>, include test
972 * lib/krb5/digest.c: Catch more error.
984 * lib/krb5/digest.c: In the case where we get a DigestError back,
995 allow-digest flag in the HDB entry for the client.
997 * kdc/process.c (krb5_kdc_process_generic_request): check if we
1007 memory in cleanup code.
1016 * lib/krb5/context.c (krb5_kerberos_enctypes): new function,
1017 returns the list of Kerberos encryption types sorted in order of
1020 * kdc/misc.c (_kdc_get_preferred_key): new function, Use the order
1050 * kuser/kdigest-commands.in: Add --kerberos-realm, add client
1053 * lib/krb5/Makefile.am: digest.c
1055 * lib/krb5/krb5.h: Add digest glue.
1057 * lib/krb5/digest.c (krb5_digest_set_authentication_user): use
1060 * lib/krb5/digest.c: Add digest support to the client side.
1064 * lib/krb5/rd_rep.c (krb5_rd_rep): free krb5_ap_rep_enc_part on
1070 * kdc/{Makefile.am,kdigest.c,kdigest-commands.in}:
1071 Frontend for remote digest service in KDC
1073 * lib/krb5/krb5_storage.3: Document krb5_{ret,store}_stringnl
1076 * lib/krb5/store.c: Add krb5_{ret,store}_stringnl functions,
1079 * lib/krb5/krb5_locl.h: Default to address-less tickets.
1081 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): clear
1086 * lib/krb5/crypto.c: remove aes-192 (CMS)
1088 * lib/krb5/crypto.c: Remove more CMS bits.
1090 * lib/krb5/crypto.c: Remove CMS symmetric encryption support.
1097 * kdc/pkinit.c (_kdc_pk_check_client): use the acl in the kerberos
1100 * lib/hdb/hdb.asn1: Rename HDB-Ext-PKINIT-certificate to
1103 * lib/hdb/Makefile.am: rename asn1_HDB_Ext_PKINIT_certificate to
1106 * lib/hdb/ext.c: Add hdb_entry_get_pkinit_hash().
1115 * lib/krb5/krb5_string_to_key.3: Remove duplicate to.
1120 principals, check the second component of the krbtgt, otherwise
1127 (handle_tcp): if the high bit it set in the unknown case, send
1144 function
1153 * lib/krb5/principal.c (krb5_parse_name): set *principal to NULL
1160 * appl/gssmask: break out common function; add gssmaestro (that
1165 * lib/krb5/store_fd.c (krb5_storage_from_fd): don't leak fd on
1173 * lib/krb5/cache.c (krb5_cc_new_unique): use KRB5_DEFAULT_CCNAME
1182 * lib/krb5/init_creds.c: Add storing and getting KRB-ERROR in the
1185 * lib/krb5/init_creds_pw.c: Save KRB-ERROR on error.
1187 * lib/krb5/krb5_locl.h (_krb5_get_init_creds_opt_private): add
1192 * doc/setup.texi: section about verify_krb5_conf and kadmin check
1196 * lib/krb5/init_creds_pw.c (get_init_creds_common): drop cred
1199 * lib/krb5/Makefile.am: install krb5_get_creds.3
1201 * lib/krb5/krb5_get_creds.3: new file
1205 * lib/hdb/hdb-ldap.c: don't use the sambaNTPassword if there is
1209 * kdc/kerberos4.c: Use enable_v4_per_principal and check the new
1231 * lib/krb5/get_cred.c: Allow setting additional tickets in the
1243 * lib/krb5/get_cred.c (krb5_get_creds): add
1246 * lib/krb5/misc.c: Add impersonate support functions.
1248 * lib/krb5/get_cred.c: Add impersonate and new krb5_get_creds interface.
1250 * lib/hdb/hdb.asn1 (HDBFlags): add trusted-for-delegation
1252 * lib/krb5/krb5.h: Add krb5_get_creds_opt_data and some more
1257 * lib/hdb/ext.c (hdb_entry_get_ConstrainedDelegACL): new function.
1259 * lib/krb5/pkinit.c: Avoid more shadowing.
1263 * kdc/krb5tgs.c: Split up the reverse cross krbtgt check and local
1276 * lib/krb5/krb5_get_init_creds.3: spelling Björn Sandell
1278 * lib/krb5/krb5_get_in_cred.3: spelling Björn Sandell
1285 * lib/krb5/krb5_get_init_creds.3: Add KRB5_PROMPT_TYPE_INFO
1287 * lib/krb5/krb5.h: Add KRB5_PROMPT_TYPE_INFO
1291 * lib/krb5/pkinit.c: Hidden field of hx509 prompter is removed.
1302 * lib/krb5/pkinit.c (_krb5_pk_load_id): only use password if its
1307 * lib/krb5/krb5_acl_match_file.3: Various tweaks, from Jason
1315 * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit): move
1319 * lib/krb5/pkinit.c (_krb5_pk_load_id): pass the hx509_lock to
1322 * lib/krb5/pkinit.c (hx_pass_prompter): return 0 on success and 1
1327 * lib/krb5/crypto.c: Catches both keyed checkout w/o crypto
1331 * lib/krb5/crypto.c: Drop aes-cbc, rc2 and CMS padding support,
1332 its all containted in libhcrypto and libhx509 now.
1336 * lib/krb5/pkinit.c (_krb5_pk_verify_sign): Use
1339 * lib/krb5/crypto.c (create_checksum): provide a error message
1344 * lib/krb5/pkinit.c: Now that hcrypto supports DH, remove check
1347 * kdc/pkinit.c: Don't call DH_check_pubkey, it doesn't exists in
1362 * lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Björn
1365 * lib/krb5/krb5_rcache.3: Spelling/mdoc from Björn Sandell
1367 * lib/krb5/krb5_keytab.3: Spelling/mdoc from Björn Sandell
1369 * lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Björn Sandell
1371 * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Björn
1374 * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Björn
1377 * lib/krb5/keytab_file.c (fkt_next_entry_int): read the 32 bit
1378 kvno if the reset of the data is longer then 4 bytes in hope to be
1389 * lib/hdb: Rename u_intXX_t to uintXX_t
1391 * lib/45]: Rename u_intXX_t to uintXX_t
1393 * lib/krb5: Rename u_intXX_t to uintXX_t
1395 * lib/krb5/Makefile.am: Add test_store to TESTS
1397 * lib/krb5/pkinit.c: Catch using hx509 null DH and print a more
1400 * lib/krb5/store.c: Rewrite the krb5_ret_u as proposed by Johan.
1409 * lib/krb5/krb5_storage.3: Document ret and store function for the
1412 * lib/krb5/v4_glue.c: Use the new unsigned integer storage
1415 * lib/krb5/store.c: Add ret and store function for the unsigned
1418 * lib/krb5/test_store.c: Test the integer storage types.
1422 * lib/krb5/store.c (krb5_store_principal): make it take a
1425 * lib/krb5/krb5_storage.3: krb5_store_principal takes a
1428 * lib/krb5/pkinit.c: Deal with that hx509_prompt.reply is no
1443 * lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Björn Sandell.
1445 * lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Björn
1448 * lib/krb5/krb5_verify_init_creds.3: Spelling/mdoc changes, from
1451 * lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Björn
1454 * lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Björn
1457 * lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Björn
1460 * lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Björn
1463 * lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Björn
1466 * lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Björn
1469 * lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Björn
1472 * lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Björn
1475 * lib/krb5/krb5_is_thread_safe.3: Spelling/mdoc changes, from
1478 * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes,
1481 * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes,
1484 * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc changes, from
1487 * lib/krb5/krb5_check_transited.3: Spelling/mdoc changes, from
1490 * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc changes, from
1493 * lib/krb5/krb5_address.3: Spelling/mdoc changes, from
1496 * lib/krb5/krb5_acl_match_file.3: Spelling/mdoc changes, from
1499 * lib/krb5/krb5.3: Spelling, from Björn Sandell.
1505 * lib/krb5/pkinit.c (cert2epi): don't include subject if its null
1509 * lib/krb5/pkinit.c: Send over what trust anchors the client have
1512 * lib/krb5/pkinit.c (pk_verify_host): set better error string,
1513 only check kdc name/address when we got a hostname/address passed
1514 in the the function.
1528 * lib/krb5/pkinit.c (pk_verify_host): verify hostname/address
1530 * lib/hdb/hdb.h: Bump hdb interface version to 4.
1536 * kdc/kerberos5.c (tgs_rep2): check that the client exists in the
1546 principal from the entry and pass it in as a seprate argument.
1548 * lib/hdb/keytab.c (hdb_get_entry): Break out the that we request
1549 from principal from the entry and pass it in as a seprate
1552 * lib/hdb/common.c: Break out the that we request from principal
1553 from the entry and pass it in as a seprate argument.
1555 * lib/hdb/hdb.h: Break out the that we request from principal from
1556 the entry and pass it in as a seprate argument. Add more flags to
1566 * lib/krb5/pkinit.c (_krb5_pk_allow_proxy_certificates): expose
1586 * configure.in: make tests/kdc/Makefile
1591 * lib/hdb/ext.c (hdb_replace_extension): set error message on
1594 * lib/hdb/keys.c (parse_key_set): handle error case better
1599 * lib/hdb/hdb.c (hdb_create): print out what we don't support
1601 * lib/krb5/principal.c: Remove a double free introduced in 1.93
1603 * lib/krb5/log.c (log_file): reset pointer to freed memory
1605 * lib/krb5/keytab_keyfile.c (get_cell_and_realm): reset d->cell to
1608 * tools/krb5-config.in: libhcrypto might depend on libasn1, switch
1611 * lib/krb5/recvauth.c: indent
1616 * lib/krb5/pkinit.c: Pass down realm to pk_verify_host so the
1617 function can verify the certificate is from the right realm.
1619 * lib/krb5/init_creds_pw.c: Pass down realm to
1624 * lib/krb5/pkinit.c (pk_verify_host): Add begining of finding
1627 * lib/krb5/sendauth.c: reindent
1635 * lib/krb5/pkinit.c: Add pkinit_require_eku and
1644 * kdc/pkinit.c: Adapt to change in hx509_cms_create_signed_1.
1646 * lib/krb5/pkinit.c: Adapt to change in hx509_cms_create_signed_1.
1655 * lib/krb5/pkinit.c: Handle diffrences between libhcrypto and
1663 * lib/krb5/rd_priv.c: Fix argument to krb5_data_zero.
1673 * lib/krb5/pkinit.c (_krb5_pk_load_id): Added certificate revoke
1678 * lib/krb5/replay.c (krb5_rc_resolve_full): make compile again.
1680 * lib/krb5/keytab_krb4.c (krb4_kt_start_seq_get_int): make compile
1683 * lib/krb5/transited.c (make_path): make sure we return allocated
1686 * lib/krb5/transited.c (make_path): make sure we return allocated
1689 * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): on
1692 * lib/krb5/principal.c (krb5_parse_name): remember to free realm
1693 in case of error Coverity, NetBSD CID#1883
1695 * lib/krb5/principal.c (krb5_425_conv_principal_ext2): remove
1696 memory leak in case of weird formated dns replys.
1699 * lib/krb5/replay.c (krb5_rc_resolve_full): don't return pointer
1700 to a allocated krb5_rcache in case of error.
1702 * lib/krb5/log.c (krb5_addlog_dest): free fn in case of error
1705 * lib/krb5/keytab_krb4.c: Fix deref before NULL check, fix error
1708 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
1711 * lib/krb5/keytab_any.c (any_next_entry): restructure to make it
1714 * lib/krb5/crypto.c (krb5_string_to_key_derived): deref after NULL
1715 check. Coverity NetBSD CID#2367
1717 * lib/krb5/build_auth.c (krb5_build_authenticator): use
1718 calloc. removed check that was never really used. Coverity NetBSD
1723 * lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket´
1724 points to NULL in case of error, add error handling, use calloc.
1726 * kpasswd/kpasswdd.c (doit): when done, close all fd in the
1731 * lib/krb5/store.c (krb5_ret_principal): fix memory leak Coverity,
1739 * lib/krb5/keytab_file.c (krb5_kt_ret_principal): plug a memory
1759 * lib/hdb/keytab.c: Remove a delta from last revision that should
1760 have gone in later.
1762 * lib/krb5/krbhst.c: fix spelling
1764 * lib/krb5/send_to_kdc.c (send_and_recv_http): don't expose freed
1767 * lib/krb5/rd_cred.c (krb5_rd_cred): don't expose freed pointer,
1770 * lib/krb5/addr_families.c (krb5_make_addrport): clear return
1780 * lib/krb5/v4_glue.c: Avoid using free memory, found by IBM
1783 * lib/krb5/transited.c (expand_realm): avoid passing NULL to
1786 * lib/krb5/rd_cred.c (krb5_rd_cred): avoid a memory leak on malloc
1789 * lib/krb5/krbhst.c (_krb5_krbhost_info_move): replace a strcpy
1792 * lib/krb5/keytab_keyfile.c (get_cell_and_realm): plug a memory
1795 * lib/krb5/keytab_file.c (fkt_next_entry_int): remove a
1798 * lib/krb5/init_creds_pw.c (init_creds_init_as_req): in AS-REQ the
1802 * lib/krb5/init_creds_pw.c (default_s2k_func): avoid exposing
1805 * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): use
1808 * lib/krb5/data.c (krb5_copy_data): avoid exposing free-ed memory
1811 * lib/krb5/fcache.c (fcc_gen_new): fix a use after free, found by
1814 * lib/krb5/config_file.c (krb5_config_vget_strings): IBM checker
1816 error in the code, lets fix that instead.
1818 * lib/krb5/cache.c (_krb5_expand_default_cc_name): plug memory
1821 * lib/krb5/cache.c (_krb5_expand_default_cc_name): avoid return
1822 pointer to freed memory in the error case. Found by IBM checker.
1824 * lib/hdb/keytab.c (hdb_resolve): off by one, found by IBM
1827 * lib/hdb/keys.c (hdb_generate_key_set): set ret_key_set before
1832 * lib/krb5/log.c (krb5_addlog_dest): make string length match
1833 strings in strcasecmp. Found by IBM checker.
1837 * lib/hdb/hdb-ldap.c (LDAP_message2entry): in declaration set
1839 (hdb_ldap_common): change "arg" in condition (if) to "search_base"
1843 * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit); fix
1847 building for clients sending incomplete path in the signedData.
1852 building for clients sending incomplete path in the signedData.
1854 * lib/krb5/pkinit.c: Add pool of certificates to help certificate
1855 path building for clients sending incomplete path in the
1860 * kdc/config.c: Allow passing in related certificates used to
1863 * kdc/pkinit.c: Allow passing in related certificates used to
1871 * tools/krb5-config.in: Add hx509 when using PK-INIT.
1877 * lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS
1880 * lib/krb5/krb5_ccapi.h: Add ticket flags definitions
1882 * lib/krb5/pkinit.c: Use less openssl, spell chelling.
1887 * configure.in (AC_CONFIG_FILES): add lib/hx509/Makefile
1889 * lib/Makefile.am: Add hx509.
1891 * lib/krb5/Makefile.am: Add libhx509.la when PKINIT is used.
1893 * configure.in: define automake PKINIT variable
1897 * lib/krb5/pkinit.c: Switch to hx509.
1906 * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the
1907 req_buffer in the w2k case too. From Douglas E. Engert.
1911 * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto
1917 * lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in
1924 * lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but
1927 * lib/krb5/get_for_creds.c (add_addrs): handle the case where
1930 * lib/krb5/crypto.c (decrypt_*): handle the case where the
1935 * lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived.
1937 * lib/krb5/krb5.3: Remove krb5_string_to_key_derived.
1939 * lib/krb5/crypto.c (AES_string_to_key): drop _krb5_PKCS5_PBKDF2
1942 * lib/krb5/aes-test.c: reformat, avoid free-ing un-init'd memory
1944 * lib/krb5/aes-test.c: Only use PKCS5_PBKDF2_HMAC_SHA1.
1950 probably shouldn't be used in html at all
1954 * lib/krb5/krb5_warn.3: Document that applications want to use
1959 * lib/krb5/crypto.c (krb5_generate_random_block): check return
1962 * lib/krb5/error_string.c: Change indentation, update (c)
1966 * lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when
1971 * lib/krb5/pkinit.c: update to new paChecksum definition, update
1979 * lib/krb5/krb5_locl.h: Move Configurable options to last in the
1982 * lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef
1987 client in case the password change was rejected.
1989 * lib/krb5/krb5_warn.3: Document krb5_get_error_message.
1991 * lib/krb5/error_string.c (krb5_get_error_message): new function,
1994 * lib/krb5/krb5.3: sort, and krb5_get_error_message
1996 * lib/hdb/hdb-ldap.c: Log the filter string to the error message
1999 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags):
2003 * lib/krb5/get_cred.c (get_cred_from_kdc_flags): Use
2007 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
2011 * lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that
2016 * lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION
2018 * lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE
2027 * tools/krb5-config.in: Move depenency on @LIB_dbopen@ to
2033 in hcrypto/. Add hcrypto to SUBDIRS.