1*ae771770SStanislav Sedov2004-12-30 Love Hörnquist Åstrand <lha@it.su.se> 2c19800e8SDoug Rabson 3c19800e8SDoug Rabson * lib/krb5/Makefile.am (CHECK_SYMBOLS): add heim_ and pkcs7_ for 4c19800e8SDoug Rabson now (used in pkinit) 5c19800e8SDoug Rabson 6*ae771770SStanislav Sedov2004-12-29 Love Hörnquist Åstrand <lha@it.su.se> 7c19800e8SDoug Rabson 8c19800e8SDoug Rabson * lib/hdb/Makefile.am: add CHECK_SYMBOLS 9c19800e8SDoug Rabson 10c19800e8SDoug Rabson * lib/hdb/keys.c: make all_etypes static 11c19800e8SDoug Rabson 12c19800e8SDoug Rabson * lib/krb5/Makefile.am: add CHECK_SYMBOLS, approve of: -com_err 13c19800e8SDoug Rabson -version krb5_ _krb5_ __heimdal krb524_ krb4_fkt_ops 14c19800e8SDoug Rabson 15c19800e8SDoug Rabson * kdc/kerberos5.c: use private version of principalname 16c19800e8SDoug Rabson 17c19800e8SDoug Rabson * kdc/kerberos4.c: use private version of principalname 18c19800e8SDoug Rabson 19c19800e8SDoug Rabson * kdc/hpropd.c: use private version of principalname 20c19800e8SDoug Rabson 21c19800e8SDoug Rabson * kdc/524.c: use private version of principalname 22c19800e8SDoug Rabson 23c19800e8SDoug Rabson * lib/krb5/rd_req.c: use private version of principalname 24c19800e8SDoug Rabson 25c19800e8SDoug Rabson * lib/krb5/rd_cred.c: use private version of principalname 26c19800e8SDoug Rabson 27c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: use private version of principalname 28c19800e8SDoug Rabson 29c19800e8SDoug Rabson * lib/krb5/get_in_tkt.c: use private version of principalname 30c19800e8SDoug Rabson 31c19800e8SDoug Rabson * lib/krb5/asn1_glue.c: make principalname functions private 32c19800e8SDoug Rabson 33c19800e8SDoug Rabson * lib/krb5/krb5.h: add key usage for server referrals 34c19800e8SDoug Rabson 35*ae771770SStanislav Sedov2004-12-29 Love Hörnquist Åstrand <lha@it.su.se> 36c19800e8SDoug Rabson 37c19800e8SDoug Rabson * lib/krb5/principal.c: make default_v4_name_convert static 38c19800e8SDoug Rabson 39c19800e8SDoug Rabson * lib/krb5/crypto.c: make lots of crypto related variables static 40c19800e8SDoug Rabson 41c19800e8SDoug Rabson * lib/krb5/acache.c: make default_acc_name static 42c19800e8SDoug Rabson 43*ae771770SStanislav Sedov2004-12-28 Love Hörnquist Åstrand <lha@it.su.se> 44c19800e8SDoug Rabson 45c19800e8SDoug Rabson * doc/setup.texi: add some text about samba, use example.com 46c19800e8SDoug Rabson 47c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: Add account expiration for samba from James 48c19800e8SDoug Rabson F. Hranicky <jfh@cise.ufl.edu>. 49c19800e8SDoug Rabson Add LDAP_addmod_integer and use it. 50c19800e8SDoug Rabson 51*ae771770SStanislav Sedov2004-12-27 Love Hörnquist Åstrand <lha@it.su.se> 52c19800e8SDoug Rabson 53c19800e8SDoug Rabson * doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text 54c19800e8SDoug Rabson fixes, from Dave Love 55c19800e8SDoug Rabson 56*ae771770SStanislav Sedov2004-12-18 Love Hörnquist Åstrand <lha@it.su.se> 57c19800e8SDoug Rabson 58c19800e8SDoug Rabson * lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just 59c19800e8SDoug Rabson needs pthread.h, threadlib is dead 60c19800e8SDoug Rabson 61*ae771770SStanislav Sedov2004-12-17 Love Hörnquist Åstrand <lha@it.su.se> 62c19800e8SDoug Rabson 63c19800e8SDoug Rabson * kdc/config.c (configure): check for deprecated 64c19800e8SDoug Rabson enforce-transited-policy is set and fail if it is 65c19800e8SDoug Rabson 66c19800e8SDoug Rabson * lib/asn1/asn1_print.c: don't print garabage for octet strings 67c19800e8SDoug Rabson 68*ae771770SStanislav Sedov2004-12-13 Love Hörnquist Åstrand <lha@it.su.se> 69c19800e8SDoug Rabson 70c19800e8SDoug Rabson * kdc/main.c (main): catch sigpipe, we don't bother select()ing 71c19800e8SDoug Rabson for errors 72c19800e8SDoug Rabson 73c19800e8SDoug Rabson * kdc/connect.c (handle_http_tcp): handle error from write(2) 74c19800e8SDoug Rabson 75c19800e8SDoug Rabson * doc/setup.texi: clarify credentials refreshing stuff 76c19800e8SDoug Rabson 77c19800e8SDoug Rabson * doc/setup.texi: add new node: Providing Kerberos credentials to 78c19800e8SDoug Rabson servers and programs 79c19800e8SDoug Rabson 80c19800e8SDoug Rabson * doc/whatis.texi: fix spurious cross-reference makeinfo warning 81c19800e8SDoug Rabson 82c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (pos): uppercase in character 83c19800e8SDoug Rabson 84*ae771770SStanislav Sedov2004-12-12 Love Hörnquist Åstrand <lha@it.su.se> 85c19800e8SDoug Rabson 86c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode 87c19800e8SDoug Rabson nibbels in the other order 88c19800e8SDoug Rabson 89c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: s/objectclass/objectClass/ check if 90c19800e8SDoug Rabson attribute exists before we try to delete it LDAP__bytes2hex 91c19800e8SDoug Rabson encodes in strange byte order, is this really right ? 92c19800e8SDoug Rabson 93*ae771770SStanislav Sedov2004-12-11 Love Hörnquist Åstrand <lha@it.su.se> 94c19800e8SDoug Rabson 95c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all 96c19800e8SDoug Rabson entries, search for samba accounts too, From: "James F. Hranicky" 97c19800e8SDoug Rabson <jfh@cise.ufl.edu> 98c19800e8SDoug Rabson 99c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (krb5kdcentry_attrs): ask for attribute uid 100c19800e8SDoug Rabson too 101c19800e8SDoug Rabson 102c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (LDAP_message2entry): if the entry is missing 103c19800e8SDoug Rabson both krb5PrincipalName and uid, it must be broken, ignore it and 104c19800e8SDoug Rabson return it doesn't exists. 105c19800e8SDoug Rabson 106*ae771770SStanislav Sedov2004-12-10 Love Hörnquist Åstrand <lha@it.su.se> 107c19800e8SDoug Rabson 108c19800e8SDoug Rabson * kdc/hpropd.8: spelling, from OpenBSD 109c19800e8SDoug Rabson 110c19800e8SDoug Rabson * kdc/kdc.8: use keeps for options, From OpenBSD k 111c19800e8SDoug Rabson 112*ae771770SStanislav Sedov2004-12-09 Love Hörnquist Åstrand <lha@it.su.se> 113c19800e8SDoug Rabson 114c19800e8SDoug Rabson * doc/setup.texi: document --random-key and the need to do backup 115c19800e8SDoug Rabson of the master key 116c19800e8SDoug Rabson 117c19800e8SDoug Rabson * kdc/kstash.8: add --random-key 118c19800e8SDoug Rabson 119c19800e8SDoug Rabson * kdc/kstash.c: add --random-key 120c19800e8SDoug Rabson 121*ae771770SStanislav Sedov2004-12-08 Love Hörnquist Åstrand <lha@it.su.se> 122c19800e8SDoug Rabson 123c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.8: spelling, from openbsd 124c19800e8SDoug Rabson 125c19800e8SDoug Rabson * lib/krb5/krb5_init_context.3: spelling, from openbsd 126c19800e8SDoug Rabson 127c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: spelling, from openbsd 128c19800e8SDoug Rabson 129c19800e8SDoug Rabson * kuser/kdestroy.1: use keeps around options, spelling, from 130c19800e8SDoug Rabson openbsd 131c19800e8SDoug Rabson 132c19800e8SDoug Rabson * kpasswd/kpasswdd.8: use ., use keeps around options, from OpenBSD 133c19800e8SDoug Rabson 134c19800e8SDoug Rabson * kdc/hpropd.8: use keeps around options, from OpenBSD 135c19800e8SDoug Rabson 136c19800e8SDoug Rabson * kdc/hprop.8: use keeps around options, from OpenBSD 137c19800e8SDoug Rabson 138*ae771770SStanislav Sedov2004-11-30 Love Hörnquist Åstrand <lha@it.su.se> 139c19800e8SDoug Rabson 140c19800e8SDoug Rabson * lib/krb5/context.c (krb5_free_context): clear error string 141c19800e8SDoug Rabson before destroying mutex 142c19800e8SDoug Rabson (krb5_init_context): don't call krb5_free_context before there is a 143c19800e8SDoug Rabson mutex initialized 144c19800e8SDoug Rabson 145*ae771770SStanislav Sedov2004-11-18 Love Hörnquist Åstrand <lha@it.su.se> 146c19800e8SDoug Rabson 147c19800e8SDoug Rabson * kuser/kinit.c (get_new_tickets): only complain about ticket 148c19800e8SDoug Rabson renewable lifetime when the user asked for a specific renewable 149c19800e8SDoug Rabson lifetime 150c19800e8SDoug Rabson 151*ae771770SStanislav Sedov2004-11-15 Love Hörnquist Åstrand <lha@it.su.se> 152c19800e8SDoug Rabson 153c19800e8SDoug Rabson * kdc/kerberos5.c (find_keys): log what principal is missing 154c19800e8SDoug Rabson enctypes 155c19800e8SDoug Rabson 156*ae771770SStanislav Sedov2004-11-13 Love Hörnquist Åstrand <lha@it.su.se> 157c19800e8SDoug Rabson 158c19800e8SDoug Rabson * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after 159c19800e8SDoug Rabson freeing data 160c19800e8SDoug Rabson 161c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (change_password): handle old_options 162c19800e8SDoug Rabson being NULL From Guenther Deschner on samba-technical. 163c19800e8SDoug Rabson 164*ae771770SStanislav Sedov2004-11-12 Love Hörnquist Åstrand <lha@it.su.se> 165c19800e8SDoug Rabson 166c19800e8SDoug Rabson * lib/krb5/krb5_get_init_creds.3: add more text describing the 167c19800e8SDoug Rabson krb5_get_init_creds functions 168c19800e8SDoug Rabson 169*ae771770SStanislav Sedov2004-11-11 Love Hörnquist Åstrand <lha@it.su.se> 170c19800e8SDoug Rabson 171c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work 172c19800e8SDoug Rabson again 173c19800e8SDoug Rabson 174*ae771770SStanislav Sedov2004-11-10 Love Hörnquist Åstrand <lha@it.su.se> 175c19800e8SDoug Rabson 176c19800e8SDoug Rabson * lib/hdb/hdb.asn1: use constrained integers 177c19800e8SDoug Rabson 178*ae771770SStanislav Sedov2004-11-09 Love Hörnquist Åstrand <lha@it.su.se> 179c19800e8SDoug Rabson 180c19800e8SDoug Rabson * lib/krb5/krb5_get_init_creds.3: add description for opt_init, 181c19800e8SDoug Rabson opt_alloc, opt_free 182c19800e8SDoug Rabson 183c19800e8SDoug Rabson * lib/krb5/pkinit.c: unexport krb5_get_init_creds_opt_free_pkinit 184c19800e8SDoug Rabson 185c19800e8SDoug Rabson * lib/krb5/init_creds.c: unexport 186c19800e8SDoug Rabson krb5_get_init_creds_opt_free_pkinit 187c19800e8SDoug Rabson 188c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: fold init_init_creds_ctx into 189c19800e8SDoug Rabson get_init_creds_common 190c19800e8SDoug Rabson 191c19800e8SDoug Rabson * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in 192c19800e8SDoug Rabson options NULL, just make a clean copy 193c19800e8SDoug Rabson 194*ae771770SStanislav Sedov2004-11-01 Love Hörnquist Åstrand <lha@it.su.se> 195c19800e8SDoug Rabson 196c19800e8SDoug Rabson * lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier 197c19800e8SDoug Rabson so we don't leak it on error 198c19800e8SDoug Rabson 199*ae771770SStanislav Sedov2004-10-31 Love Hörnquist Åstrand <lha@it.su.se> 200c19800e8SDoug Rabson 201c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: unbreak 2b entry 202c19800e8SDoug Rabson 203c19800e8SDoug Rabson * lib/krb5/acache.c (make_cred_from_ccred): the address isn't a 204c19800e8SDoug Rabson sockaddr but rather a kerberos address, deal with that. Based on 205c19800e8SDoug Rabson bug report from Jakob Schlyter <jakob@rfc.se>. 206c19800e8SDoug Rabson 207*ae771770SStanislav Sedov2004-10-30 Love Hörnquist Åstrand <lha@it.su.se> 208c19800e8SDoug Rabson 209c19800e8SDoug Rabson * kdc/connect.c: Make sure argument passed to ctype isn't signed 210c19800e8SDoug Rabson char 211c19800e8SDoug Rabson 212*ae771770SStanislav Sedov2004-10-14 Love Hörnquist Åstrand <lha@it.su.se> 213c19800e8SDoug Rabson 214c19800e8SDoug Rabson * lib/krb5/pkinit.c: match new error names 215c19800e8SDoug Rabson 216c19800e8SDoug Rabson * lib/krb5/krb5_err.et: make error messages sane again 217c19800e8SDoug Rabson 218*ae771770SStanislav Sedov2004-10-13 Love Hörnquist Åstrand <lha@it.su.se> 219c19800e8SDoug Rabson 220c19800e8SDoug Rabson * lib/krb5/keytab.c: use KRB5_KT_BADNAME 221c19800e8SDoug Rabson 222c19800e8SDoug Rabson * lib/krb5/krb5_err.et: sync with mit krb5_err.et (require major 223c19800e8SDoug Rabson version bump) add KRB5_DELTAT_BADFORMAT 224c19800e8SDoug Rabson 225c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: time defaults to "s" 226c19800e8SDoug Rabson 227c19800e8SDoug Rabson * lib/krb5/time.c (krb5_string_to_deltat): default to "s" again, 228c19800e8SDoug Rabson MIT's behavior was actually that it failed to parse the number 229c19800e8SDoug Rabson (and thus used the default). Even better, ticket_lifetime (that 230c19800e8SDoug Rabson was a consumer supposed a of the interface) was documented but 231c19800e8SDoug Rabson never implemented, when it was implemented, people configuraiton 232c19800e8SDoug Rabson files started to fail. Also, use KRB5_DELTAT_BADFORMAT as a 233c19800e8SDoug Rabson failure code. 234c19800e8SDoug Rabson 235c19800e8SDoug Rabson * lib/asn1/k5.asn1: sync enctypes with pkinit branch 236c19800e8SDoug Rabson 237c19800e8SDoug Rabson * lib/asn1/parse.y (readd) support negative numbers 238c19800e8SDoug Rabson 239c19800e8SDoug Rabson * lib/asn1/lex.l: support hex numbers 240c19800e8SDoug Rabson 241*ae771770SStanislav Sedov2004-10-12 Love Hörnquist Åstrand <lha@it.su.se> 242c19800e8SDoug Rabson 243c19800e8SDoug Rabson * kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS 244c19800e8SDoug Rabson 245c19800e8SDoug Rabson * lib/krb5/crypto.c: add enctype_des3_cbc_none_cms add cms padding 246c19800e8SDoug Rabson for rc2 don't to padding for blocksize 1 247c19800e8SDoug Rabson 248c19800e8SDoug Rabson * lib/hdb/{keys.c,Makefile.am},lib/kadm5/{keys,set_keys}.c: 249c19800e8SDoug Rabson Move keyset parsing and password based keyset generation into hdb. 250c19800e8SDoug Rabson Requested by Andrew Bartlett <abartlet@samba.org> for hdb-ldb 251c19800e8SDoug Rabson backend. 252c19800e8SDoug Rabson 253*ae771770SStanislav Sedov2004-10-07 Love Hörnquist Åstrand <lha@it.su.se> 254c19800e8SDoug Rabson 255c19800e8SDoug Rabson * kuser/kinit.c: adapt to new signature of 256c19800e8SDoug Rabson krb5_get_init_creds_opt_set_pkinit 257c19800e8SDoug Rabson 258c19800e8SDoug Rabson * lib/krb5/pkinit.c: free openssl engine deal with 259c19800e8SDoug Rabson RecipientIdentifier -> CMSIdentifier and heim_any -> name change 260c19800e8SDoug Rabson improve error messages 261c19800e8SDoug Rabson 262c19800e8SDoug Rabson * kdc/pkinit.c: free openssl engine deal with RecipientIdentifier 263c19800e8SDoug Rabson -> CMSIdentifier and heim_any -> name change 264c19800e8SDoug Rabson 265c19800e8SDoug Rabson2004-10-04 Johan Danielsson <joda@pdc.kth.se> 266c19800e8SDoug Rabson 267c19800e8SDoug Rabson * kuser/klist.c: use rtbl_set_separator 268c19800e8SDoug Rabson 269*ae771770SStanislav Sedov2004-10-03 Love Hörnquist Åstrand <lha@it.su.se> 270c19800e8SDoug Rabson 271c19800e8SDoug Rabson * lib/krb5/pkinit.c: filter out dup openssl engine keys, parse 272c19800e8SDoug Rabson user options first 273c19800e8SDoug Rabson 274c19800e8SDoug Rabson * lib/krb5/pkinit.c: stop using AlgorithmIdentifierNonOpt, add 275c19800e8SDoug Rabson openssl engine support for private key 276c19800e8SDoug Rabson 277c19800e8SDoug Rabson * lib/krb5/crypto.c: support padding as its done in CMS 278c19800e8SDoug Rabson 279c19800e8SDoug Rabson * kdc/pkinit.c: improve error logging 280c19800e8SDoug Rabson 281c19800e8SDoug Rabson * kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt 282c19800e8SDoug Rabson 283*ae771770SStanislav Sedov2004-09-30 Love Hörnquist Åstrand <lha@it.su.se> 284c19800e8SDoug Rabson 285c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: assume minutes for time 286c19800e8SDoug Rabson 287c19800e8SDoug Rabson * lib/krb5/config_file.c (krb5_config_vget_time_default): use 288c19800e8SDoug Rabson krb5_string_to_deltat 289c19800e8SDoug Rabson 290c19800e8SDoug Rabson * lib/krb5/appdefault.c (krb5_appdefault_time): use 291c19800e8SDoug Rabson krb5_string_to_deltat 292c19800e8SDoug Rabson 293c19800e8SDoug Rabson * lib/krb5/time.c (krb5_string_to_deltat): set default unit to 294c19800e8SDoug Rabson minute for compatibility with MIT Kerberos. 295c19800e8SDoug Rabson 296c19800e8SDoug Rabson 297*ae771770SStanislav Sedov2004-09-28 Love Hörnquist Åstrand <lha@it.su.se> 298c19800e8SDoug Rabson 299c19800e8SDoug Rabson * lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large 300c19800e8SDoug Rabson message safe" transport if we get back 301c19800e8SDoug Rabson KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner 302c19800e8SDoug Rabson <gd@sernet.de> 303c19800e8SDoug Rabson 304c19800e8SDoug Rabson2004-09-23 Johan Danielsson <joda@pdc.kth.se> 305c19800e8SDoug Rabson 306c19800e8SDoug Rabson * admin/list.c: use rtbl 307c19800e8SDoug Rabson 308c19800e8SDoug Rabson * admin/ktutil-commands.in: slc source file 309c19800e8SDoug Rabson 310c19800e8SDoug Rabson * lib/krb5/constants.c: check 311c19800e8SDoug Rabson /Library/Preferences/edu.mit.Kerberos on OSX 312c19800e8SDoug Rabson 313c19800e8SDoug Rabson2004-09-21 Johan Danielsson <joda@pdc.kth.se> 314c19800e8SDoug Rabson 315c19800e8SDoug Rabson * lib/krb5/time.c (krb5_format_time): check return value from 316c19800e8SDoug Rabson localtime and strftime 317c19800e8SDoug Rabson 318c19800e8SDoug Rabson2004-09-14 Johan Danielsson <joda@pdc.kth.se> 319c19800e8SDoug Rabson 320c19800e8SDoug Rabson * kuser/kinit.c: make sure we don't always get renewable creds 321c19800e8SDoug Rabson 322*ae771770SStanislav Sedov2004-09-11 Love Hörnquist Åstrand <lha@it.su.se> 323c19800e8SDoug Rabson 324c19800e8SDoug Rabson * lib/krb5/acache.c: use krb5_ccapi.h 325c19800e8SDoug Rabson 326c19800e8SDoug Rabson * lib/krb5/krb5_ccapi.h: break out krb5 api definitions to 327c19800e8SDoug Rabson separate (not installed) file 328c19800e8SDoug Rabson 329c19800e8SDoug Rabson * lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS 330c19800e8SDoug Rabson since AM_CPPFLAGS overridden by target specific _CPPFLAGS 331c19800e8SDoug Rabson 332*ae771770SStanislav Sedov2004-09-08 Love Hörnquist Åstrand <lha@it.su.se> 333c19800e8SDoug Rabson 334c19800e8SDoug Rabson * lib/krb5/pkinit.c: make variable shorter, make error messages 335c19800e8SDoug Rabson from pkinit, make freeing easier 336c19800e8SDoug Rabson 337*ae771770SStanislav Sedov2004-09-06 Love Hörnquist Åstrand <lha@it.su.se> 338c19800e8SDoug Rabson 339c19800e8SDoug Rabson * lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen 340c19800e8SDoug Rabson 341c19800e8SDoug Rabson * lib/krb5/crypto.c (seed_something): avoid poking at memory that 342c19800e8SDoug Rabson is uninitialized, make valgrind unhappy. Pointd out by 343c19800e8SDoug Rabson abartlet@samba.org. While where, plug the fd leak. 344c19800e8SDoug Rabson 345*ae771770SStanislav Sedov2004-09-05 Love Hörnquist Åstrand <lha@it.su.se> 346c19800e8SDoug Rabson 347c19800e8SDoug Rabson * lib/asn1/der_get.c (decode_*): name all tag-length variables the 348c19800e8SDoug Rabson same 349c19800e8SDoug Rabson (decode_enumerated): check that the tag-length is not longer the length 350c19800e8SDoug Rabson 351c19800e8SDoug Rabson * lib/asn1/der_get.c (decode_boolean): fail if length of tag is 352c19800e8SDoug Rabson larger then len 353c19800e8SDoug Rabson 354*ae771770SStanislav Sedov2004-08-31 Love Hörnquist Åstrand <lha@it.su.se> 355c19800e8SDoug Rabson 356c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be 357c19800e8SDoug Rabson set in case of failure too, free unconditionally on exit to avoid 358c19800e8SDoug Rabson memory leak 359c19800e8SDoug Rabson 360*ae771770SStanislav Sedov2004-08-23 Love Hörnquist Åstrand <lha@it.su.se> 361c19800e8SDoug Rabson 362c19800e8SDoug Rabson * lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after 363c19800e8SDoug Rabson free 364c19800e8SDoug Rabson 365*ae771770SStanislav Sedov2004-08-20 Love Hörnquist Åstrand <lha@it.su.se> 366c19800e8SDoug Rabson 367c19800e8SDoug Rabson * lib/krb5/context.c (krb5_get_err_text): if neither of com_right 368c19800e8SDoug Rabson nor strerror finds the error-code, return Unknown error. 369c19800e8SDoug Rabson 370c19800e8SDoug Rabson2004-08-19 Johan Danielsson <joda@pdc.kth.se> 371c19800e8SDoug Rabson 372c19800e8SDoug Rabson * lib/krb5/krb5_kuserok.3: update to reality 373c19800e8SDoug Rabson 374c19800e8SDoug Rabson * lib/krb5/kuserok.c: if a .k5login file exist, don't give 375c19800e8SDoug Rabson implicit rights to anyone; also check owner/mode of .k5login 376c19800e8SDoug Rabson 377*ae771770SStanislav Sedov2004-08-15 Love Hörnquist Åstrand <lha@it.su.se> 378c19800e8SDoug Rabson 379c19800e8SDoug Rabson * lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3 380c19800e8SDoug Rabson 381c19800e8SDoug Rabson * lib/krb5/krb5_getportbyname.3: manpage for krb5_getportbyname 382c19800e8SDoug Rabson 383c19800e8SDoug Rabson * lib/krb5/krb5.3: add krb5_getportbyname 384c19800e8SDoug Rabson 385c19800e8SDoug Rabson * lib/krb5/krb5.3: krb5_free_salt and krb5_enctype_valid 386c19800e8SDoug Rabson 387c19800e8SDoug Rabson * lib/krb5/krb5_encrypt.3: document krb5_enctype_valid 388c19800e8SDoug Rabson 389*ae771770SStanislav Sedov2004-08-13 Love Hörnquist Åstrand <lha@it.su.se> 390c19800e8SDoug Rabson 391c19800e8SDoug Rabson * kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes 392c19800e8SDoug Rabson from the client and filter them out. 393c19800e8SDoug Rabson 394c19800e8SDoug Rabson * lib/krb5/krb5_string_to_key.3: document krb5_free_salt 395c19800e8SDoug Rabson 396*ae771770SStanislav Sedov2004-08-12 Love Hörnquist Åstrand <lha@it.su.se> 397c19800e8SDoug Rabson 398c19800e8SDoug Rabson * lib/krb5/krb5_ticket.3: data needs to be freed when using 399c19800e8SDoug Rabson krb5_ticket_get_authorization_data_type 400c19800e8SDoug Rabson 401*ae771770SStanislav Sedov2004-08-11 Love Hörnquist Åstrand <lha@it.su.se> 402c19800e8SDoug Rabson 403c19800e8SDoug Rabson * lib/krb5/test_cc.c: test variables in default_cc_name 404c19800e8SDoug Rabson 405c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: explain support for varibles in 406c19800e8SDoug Rabson [libdefaults]default_cc_name 407c19800e8SDoug Rabson 408c19800e8SDoug Rabson * lib/krb5/cache.c: drop ${time}, its not very useful 409c19800e8SDoug Rabson 410c19800e8SDoug Rabson * lib/krb5/cache.c: Add _krb5_expand_default_cc_name that expand 411c19800e8SDoug Rabson variables in the default cc name. Supported variables now are: 412c19800e8SDoug Rabson ${time},${uid} and ${null} 413c19800e8SDoug Rabson 414c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: document default_cc_name 415c19800e8SDoug Rabson 416c19800e8SDoug Rabson * lib/krb5/cache.c (krb5_cc_set_default_name): 417c19800e8SDoug Rabson s/libdefault/libdefaults/ 418c19800e8SDoug Rabson 419*ae771770SStanislav Sedov2004-08-06 Love Hörnquist Åstrand <lha@it.su.se> 420c19800e8SDoug Rabson 421c19800e8SDoug Rabson * lib/krb5/acache.c: replace magic 3 with ccapi_version_3 422c19800e8SDoug Rabson 423c19800e8SDoug Rabson * lib/krb5/Makefile.am: libkrb5_la_SOURCES += acache.c 424c19800e8SDoug Rabson 425c19800e8SDoug Rabson * lib/krb5/krb5.h: add krb5_acc_ops 426c19800e8SDoug Rabson 427c19800e8SDoug Rabson * lib/krb5/acache.c: CCAPI v3 implementation, the read only 428c19800e8SDoug Rabson support was from Magnus Ahltorp and then extended by me to support 429c19800e8SDoug Rabson all other operations. Tested with MIT kerberos cc cache 430c19800e8SDoug Rabson implementation on MacOS 10.3.3 431c19800e8SDoug Rabson 432c19800e8SDoug Rabson * lib/krb5/cache.c (krb5_cc_set_default_name): allow setting the 433c19800e8SDoug Rabson default cc name, this is not very useful for general purpose glue 434c19800e8SDoug Rabson since its not possible to glue in user information (like uid), but 435c19800e8SDoug Rabson for CCAPI it works just fine 436c19800e8SDoug Rabson 437*ae771770SStanislav Sedov2004-08-05 Love Hörnquist Åstrand <lha@it.su.se> 438c19800e8SDoug Rabson 439c19800e8SDoug Rabson * kuser/kgetcred.1: document --cache/-c 440c19800e8SDoug Rabson 441c19800e8SDoug Rabson * kuser/kgetcred.c: allow to specify what credential cache to use 442c19800e8SDoug Rabson 443*ae771770SStanislav Sedov2004-08-03 Love Hörnquist Åstrand <lha@it.su.se> 444c19800e8SDoug Rabson 445c19800e8SDoug Rabson * lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3 446c19800e8SDoug Rabson 447c19800e8SDoug Rabson * lib/krb5/krb5_eai_to_heim_errno.3: document 448c19800e8SDoug Rabson krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno 449c19800e8SDoug Rabson 450c19800e8SDoug Rabson * lib/krb5/krb5.3: add krb5_eai_to_heim_errno, 451c19800e8SDoug Rabson krb5_h_errno_to_heim_errno 452c19800e8SDoug Rabson 453*ae771770SStanislav Sedov2004-07-26 Love Hörnquist Åstrand <lha@it.su.se> 454c19800e8SDoug Rabson 455c19800e8SDoug Rabson * lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms 456c19800e8SDoug Rabson result should be free with krb5_free_host_realm drop 457c19800e8SDoug Rabson krb5_get_host_realm text 458c19800e8SDoug Rabson 459c19800e8SDoug Rabson * lib/krb5/krb5_set_default_realm.3: krb5_get_host_realm result 460c19800e8SDoug Rabson should be free with krb5_free_host_realm 461c19800e8SDoug Rabson 462c19800e8SDoug Rabson * lib/krb5/krb5_get_in_cred.3: document krb5_free_kdc_rep 463c19800e8SDoug Rabson 464c19800e8SDoug Rabson * lib/krb5/krb5_get_init_creds.3: remove dup krb5_get_init_creds 465c19800e8SDoug Rabson 466c19800e8SDoug Rabson * lib/krb5/krb5_auth_context.3: sort, add krb5_free_authenticator 467c19800e8SDoug Rabson 468c19800e8SDoug Rabson * lib/krb5/Makefile.am: man_MANS += krb5_rd_error 469c19800e8SDoug Rabson 470c19800e8SDoug Rabson * lib/krb5/krb5_rd_error.3: krb5_rd_error and friends 471c19800e8SDoug Rabson 472c19800e8SDoug Rabson * lib/krb5/krb5_warn.3: clarify on what string 473c19800e8SDoug Rabson krb5_free_error_string should operate on 474c19800e8SDoug Rabson 475c19800e8SDoug Rabson * lib/krb5/krb5_get_credentials.3: add krb5_get_kdc_cred 476c19800e8SDoug Rabson 477c19800e8SDoug Rabson * lib/krb5/Makefile.am: krb5_get_credentials, 478c19800e8SDoug Rabson krb5_get_forwarded_creds and friends 479c19800e8SDoug Rabson 480c19800e8SDoug Rabson * lib/krb5/krb5_get_forwarded_creds.3: krb5_get_forwarded_creds 481c19800e8SDoug Rabson and friends 482c19800e8SDoug Rabson 483c19800e8SDoug Rabson * lib/krb5/krb5_get_credentials.3: krb5_get_credentials and 484c19800e8SDoug Rabson friends 485c19800e8SDoug Rabson 486*ae771770SStanislav Sedov2004-07-23 Love Hörnquist Åstrand <lha@it.su.se> 487c19800e8SDoug Rabson 488c19800e8SDoug Rabson * kuser/klist.c (print_cred_verbose): keytypes are no longer, use 489c19800e8SDoug Rabson enctype 490c19800e8SDoug Rabson 491*ae771770SStanislav Sedov2004-07-22 Love Hörnquist Åstrand <lha@it.su.se> 492c19800e8SDoug Rabson 493c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99 494c19800e8SDoug Rabson compilers, From metze at samba.org 495c19800e8SDoug Rabson 496*ae771770SStanislav Sedov2004-07-20 Love Hörnquist Åstrand <lha@it.su.se> 497c19800e8SDoug Rabson 498c19800e8SDoug Rabson * lib/krb5/test_cc.c: more cc tests 499c19800e8SDoug Rabson 500c19800e8SDoug Rabson * lib/krb5/krb5_check_transited.3: document krb5_check_transited 501c19800e8SDoug Rabson 502*ae771770SStanislav Sedov2004-07-19 Love Hörnquist Åstrand <lha@it.su.se> 503c19800e8SDoug Rabson 504c19800e8SDoug Rabson * kdc/pkinit.c (pk_principal_from_X509): reverse test, makes 505c19800e8SDoug Rabson principal in cert work From: Mayur Patel <patelm4@rpi.edu> 506c19800e8SDoug Rabson 507*ae771770SStanislav Sedov2004-07-18 Love Hörnquist Åstrand <lha@it.su.se> 508c19800e8SDoug Rabson 509c19800e8SDoug Rabson * lib/krb5/Makefile.am: add krb5_verify_init_creds.3 510c19800e8SDoug Rabson 511c19800e8SDoug Rabson * lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds 512c19800e8SDoug Rabson 513*ae771770SStanislav Sedov2004-07-15 Love Hörnquist Åstrand <lha@it.su.se> 514c19800e8SDoug Rabson 515c19800e8SDoug Rabson * lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org 516c19800e8SDoug Rabson description for krb5_passwd_result_to_string 517c19800e8SDoug Rabson 518*ae771770SStanislav Sedov2004-07-14 Love Hörnquist Åstrand <lha@it.su.se> 519c19800e8SDoug Rabson 520c19800e8SDoug Rabson * lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar 521c19800e8SDoug Rabson fixes; split sentence in two for better understanding. From 522c19800e8SDoug Rabson wiz@NetBSD.org. Describe krb5_set_password_using_ccache while here. 523c19800e8SDoug Rabson 524c19800e8SDoug Rabson * lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan 525c19800e8SDoug Rabson Stone <jonathan@dsg.stanford.edu> 526c19800e8SDoug Rabson 527c19800e8SDoug Rabson * lib/krb5/changepw.c (process_reply): cast ssize_t to long and 528c19800e8SDoug Rabson print that From NetBSD via Havard Eidnes. 529c19800e8SDoug Rabson 530*ae771770SStanislav Sedov2004-07-09 Love Hörnquist Åstrand <lha@it.su.se> 531c19800e8SDoug Rabson 532c19800e8SDoug Rabson * configure.in: fix helpstring for hdb-openldap-module 533c19800e8SDoug Rabson 534c19800e8SDoug Rabson * lib/krb5/test_cc.c: don't use krb5_err on error code 0 535c19800e8SDoug Rabson 536*ae771770SStanislav Sedov2004-07-08 Love Hörnquist Åstrand <lha@it.su.se> 537c19800e8SDoug Rabson 538c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better 539c19800e8SDoug Rabson 540*ae771770SStanislav Sedov2004-07-02 Love Hörnquist Åstrand <lha@it.su.se> 541c19800e8SDoug Rabson 542c19800e8SDoug Rabson * lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const 543c19800e8SDoug Rabson 544*ae771770SStanislav Sedov2004-07-01 Love Hörnquist Åstrand <lha@it.su.se> 545c19800e8SDoug Rabson 546c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with 547c19800e8SDoug Rabson right argument 548c19800e8SDoug Rabson 549c19800e8SDoug Rabson2004-06-27 Johan Danielsson <joda@pdc.kth.se> 550c19800e8SDoug Rabson 551c19800e8SDoug Rabson * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the 552c19800e8SDoug Rabson krbtgt is without addresses, default to not sending our own 553c19800e8SDoug Rabson addrport 554c19800e8SDoug Rabson 555c19800e8SDoug Rabson * lib/asn1/lex.l: add support for /* */ and partial line -- 556c19800e8SDoug Rabson comments 557c19800e8SDoug Rabson 558c19800e8SDoug Rabson * kuser/Makefile.am: don't install copy_cred_cache manpage 559c19800e8SDoug Rabson 560c19800e8SDoug Rabson2004-06-24 Johan Danielsson <joda@pdc.kth.se> 561c19800e8SDoug Rabson 562c19800e8SDoug Rabson * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if 563c19800e8SDoug Rabson copying a static opt, make sure to allocate the "private" field 564c19800e8SDoug Rabson 565c19800e8SDoug Rabson2004-06-24 Love <lha@stacken.kth.se> 566c19800e8SDoug Rabson 567c19800e8SDoug Rabson * kdc/config.c: add enable_pkinit_princ_in_cert 568c19800e8SDoug Rabson 569c19800e8SDoug Rabson * kdc/kdc_locl.h: enable_pkinit_princ_in_cert 570c19800e8SDoug Rabson 571c19800e8SDoug Rabson * kdc/pkinit.c: Check certificate for Kerberos Principal in 572c19800e8SDoug Rabson OtherName of subjectAltName Based on patch from Mayur Patel 573c19800e8SDoug Rabson <patelm4@rpi.edu> 574c19800e8SDoug Rabson 575*ae771770SStanislav Sedov2004-06-21 Love Hörnquist Åstrand <lha@it.su.se> 576c19800e8SDoug Rabson 577c19800e8SDoug Rabson * lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use 578c19800e8SDoug Rabson session key for authorization-data 579c19800e8SDoug Rabson 580*ae771770SStanislav Sedov2004-06-15 Love Hörnquist Åstrand <lha@it.su.se> 581c19800e8SDoug Rabson 582c19800e8SDoug Rabson * kdc/connect.c (handle_tcp): note who is what that closed the 583c19800e8SDoug Rabson connection on us 584c19800e8SDoug Rabson 585*ae771770SStanislav Sedov2004-06-09 Love Hörnquist Åstrand <lha@it.su.se> 586c19800e8SDoug Rabson 587c19800e8SDoug Rabson * admin/get.c (kt_get): catch errors from krb5_parse_name 588c19800e8SDoug Rabson 589*ae771770SStanislav Sedov2004-06-05 Love Hörnquist Åstrand <lha@it.su.se> 590c19800e8SDoug Rabson 591c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: if its the entry just contains the 592c19800e8SDoug Rabson structural object (no samba nor heimdal object), add an aux 593c19800e8SDoug Rabson heimdal object on to it. 594c19800e8SDoug Rabson 595*ae771770SStanislav Sedov2004-06-02 Love Hörnquist Åstrand <lha@it.su.se> 596c19800e8SDoug Rabson 597c19800e8SDoug Rabson * kpasswd/kpasswd.c: use krb5_set_password_using_ccache 598c19800e8SDoug Rabson 599c19800e8SDoug Rabson * lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache 600c19800e8SDoug Rabson 601c19800e8SDoug Rabson * lib/krb5/changepw.c: implement krb5_set_password_using_ccache 602c19800e8SDoug Rabson 603c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: Allow the objectClass to be 604c19800e8SDoug Rabson "sambaSamAccount" or structural_object when searching for uid 605c19800e8SDoug Rabson entries. 606c19800e8SDoug Rabson 607c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base 608c19800e8SDoug Rabson 609c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: add creation base that defaults to the 610c19800e8SDoug Rabson search base 611c19800e8SDoug Rabson 612c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: indent like the rest of the code 613c19800e8SDoug Rabson 614*ae771770SStanislav Sedov2004-06-01 Love Hörnquist Åstrand <lha@it.su.se> 615c19800e8SDoug Rabson 616c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: check return values from ldap operations and 617c19800e8SDoug Rabson close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you 618c19800e8SDoug Rabson should retry by yourself. 619c19800e8SDoug Rabson 620c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: require search base to be configured, create 621c19800e8SDoug Rabson local context structure 622c19800e8SDoug Rabson 623*ae771770SStanislav Sedov2004-05-31 Love Hörnquist Åstrand <lha@it.su.se> 624c19800e8SDoug Rabson 625c19800e8SDoug Rabson * doc/setup.texi: more ldap text, partly from Tarjei Huse 626c19800e8SDoug Rabson <tarjei@nu.no> 627c19800e8SDoug Rabson 628*ae771770SStanislav Sedov2004-05-28 Love Hörnquist Åstrand <lha@it.su.se> 629c19800e8SDoug Rabson 630c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: clean, indent 631c19800e8SDoug Rabson 632c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure 633c19800e8SDoug Rabson krb5KeyVersionNumber is added on new entires 634c19800e8SDoug Rabson 635*ae771770SStanislav Sedov2004-05-27 Love Hörnquist Åstrand <lha@it.su.se> 636c19800e8SDoug Rabson 637c19800e8SDoug Rabson * doc/setup.texi: minor fixes, partly from Tarjei Huse 638c19800e8SDoug Rabson <tarjei@nu.no> 639c19800e8SDoug Rabson 640c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: some text about dbname and realm 641c19800e8SDoug Rabson 642c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: default value for 643c19800e8SDoug Rabson hdb-ldap-structural-object is account 644c19800e8SDoug Rabson 645*ae771770SStanislav Sedov2004-05-26 Love Hörnquist Åstrand <lha@it.su.se> 646c19800e8SDoug Rabson 647c19800e8SDoug Rabson * tools/Makefile.am: use ! instead of , as sed delimiter 648c19800e8SDoug Rabson 649*ae771770SStanislav Sedov2004-05-25 Love Hörnquist Åstrand <lha@it.su.se> 650c19800e8SDoug Rabson 651c19800e8SDoug Rabson * lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions 652c19800e8SDoug Rabson 653*ae771770SStanislav Sedov2004-05-23 Love Hörnquist Åstrand <lha@it.su.se> 654c19800e8SDoug Rabson 655c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean 656c19800e8SDoug Rabson 657c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure 658c19800e8SDoug Rabson option 659c19800e8SDoug Rabson 660c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From: 661c19800e8SDoug Rabson Andrew Bartlett <abartlet@samba.org> 662c19800e8SDoug Rabson 663c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length 664c19800e8SDoug Rabson check From: Andrew Bartlett <abartlet@samba.org> 665c19800e8SDoug Rabson 666c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword 667c19800e8SDoug Rabson case, make sure ent->etypes are allocated, From: Andrew Bartlett 668c19800e8SDoug Rabson <abartlet@samba.org> 669c19800e8SDoug Rabson 670*ae771770SStanislav Sedov2004-05-14 Love Hörnquist Åstrand <lha@it.su.se> 671c19800e8SDoug Rabson 672c19800e8SDoug Rabson * kuser/kinit.c: move "setpag if (argc < 1)" to common path 673c19800e8SDoug Rabson 674*ae771770SStanislav Sedov2004-05-12 Love Hörnquist Åstrand <lha@it.su.se> 675c19800e8SDoug Rabson 676c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers 677c19800e8SDoug Rabson 678c19800e8SDoug Rabson * fix-export: use right argument for -E 679c19800e8SDoug Rabson 680c19800e8SDoug Rabson2004-05-06 Johan Danielsson <joda@pdc.kth.se> 681c19800e8SDoug Rabson 682c19800e8SDoug Rabson * kuser/kinit.c: print some diagnostics if the exec fails 683c19800e8SDoug Rabson 684*ae771770SStanislav Sedov2004-04-29 Love Hörnquist Åstrand <lha@it.su.se> 685c19800e8SDoug Rabson 686c19800e8SDoug Rabson * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key 687c19800e8SDoug Rabson From: Luke Howard <lukeh@padl.com> 688c19800e8SDoug Rabson 689c19800e8SDoug Rabson * lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket, 690c19800e8SDoug Rabson not just a pointer size of it From: Luke Howard <lukeh@padl.com> 691c19800e8SDoug Rabson 692*ae771770SStanislav Sedov2004-04-28 Love Hörnquist Åstrand <lha@it.su.se> 693c19800e8SDoug Rabson 694c19800e8SDoug Rabson * fix-export: add -E flag where needed to make-proto 695c19800e8SDoug Rabson 696*ae771770SStanislav Sedov2004-04-26 Love Hörnquist Åstrand <lha@it.su.se> 697c19800e8SDoug Rabson 698c19800e8SDoug Rabson * lib/krb5/crypto.c: add set_param for RC2 699c19800e8SDoug Rabson 700c19800e8SDoug Rabson * lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids 701c19800e8SDoug Rabson that are no longer needed 702c19800e8SDoug Rabson 703c19800e8SDoug Rabson * kdc/pkinit.c: use krb5_enctype_to_oid 704c19800e8SDoug Rabson 705c19800e8SDoug Rabson * lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists 706c19800e8SDoug Rabson before we compare with it 707c19800e8SDoug Rabson 708c19800e8SDoug Rabson * lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length 709c19800e8SDoug Rabson before returning it add aes-oids 710c19800e8SDoug Rabson 711c19800e8SDoug Rabson * lib/krb5/crypto.c: add krb5_enctype_to_oid and 712c19800e8SDoug Rabson krb5_oid_to_enctype 713c19800e8SDoug Rabson 714c19800e8SDoug Rabson * kdc/pkinit.c: use krb5_crypto_set_params 715c19800e8SDoug Rabson 716c19800e8SDoug Rabson * lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none 717c19800e8SDoug Rabson 718c19800e8SDoug Rabson * lib/krb5/krb5.h: add KEYTYPE_AES192 719c19800e8SDoug Rabson 720c19800e8SDoug Rabson * lib/krb5/pkinit.c: use krb5_crypto_get_params to implement 721c19800e8SDoug Rabson kcrypto RC2 support 722c19800e8SDoug Rabson 723c19800e8SDoug Rabson * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype 724c19800e8SDoug Rabson rc2-cbc XXX RC2CBCParameter is wrong because the compiler is 725c19800e8SDoug Rabson broken 726c19800e8SDoug Rabson 727c19800e8SDoug Rabson * lib/krb5/krb5.h: add KEYTYPE_RC2 728c19800e8SDoug Rabson 729c19800e8SDoug Rabson * lib/krb5/crypto.c: add partial CMS parameter handling, this is 730c19800e8SDoug Rabson needed for RC2 731c19800e8SDoug Rabson 732c19800e8SDoug Rabson * lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp 733c19800e8SDoug Rabson 734c19800e8SDoug Rabson * lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c 735c19800e8SDoug Rabson 736c19800e8SDoug Rabson * lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp 737c19800e8SDoug Rabson 738c19800e8SDoug Rabson * lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE 739c19800e8SDoug Rabson 740c19800e8SDoug Rabson * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype 741c19800e8SDoug Rabson rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken 742c19800e8SDoug Rabson 743c19800e8SDoug Rabson2004-04-26 Johan Danielsson <joda@pdc.kth.se> 744c19800e8SDoug Rabson 745c19800e8SDoug Rabson * lib/krb5/config_file.c: allow parsing directly from strings with 746c19800e8SDoug Rabson krb5_config_parse_string_multi 747c19800e8SDoug Rabson 748c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: try to resolve hostnames 749c19800e8SDoug Rabson 750c19800e8SDoug Rabson2004-04-25 Johan Danielsson <joda@pdc.kth.se> 751c19800e8SDoug Rabson 752c19800e8SDoug Rabson * lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file 753c19800e8SDoug Rabson descriptor so we don't have to keep track of it in two places 754c19800e8SDoug Rabson 755c19800e8SDoug Rabson * kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in 756c19800e8SDoug Rabson libkrb5 757c19800e8SDoug Rabson 758c19800e8SDoug Rabson * lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its 759c19800e8SDoug Rabson own manpage 760c19800e8SDoug Rabson 761c19800e8SDoug Rabson * replace krb5_free_creds_contents by krb5_free_cred_contents 762c19800e8SDoug Rabson 763c19800e8SDoug Rabson * lib/krb5/cache.c: add krb5_cc_next_cred_match() and 764c19800e8SDoug Rabson krb5_cc_copy_cred_match() 765c19800e8SDoug Rabson 766c19800e8SDoug Rabson * lib/krb5/creds.c (krb5_compare_creds): add more matching options 767c19800e8SDoug Rabson 768c19800e8SDoug Rabson * lib/krb5/krb5.h: add more creds match flags 769c19800e8SDoug Rabson 770c19800e8SDoug Rabson * kuser/copy_cred_cache: add --valid-for option 771c19800e8SDoug Rabson 772c19800e8SDoug Rabson * lib/krb5/store.c (krb5_store_creds): set is_skey flag if length 773c19800e8SDoug Rabson of second ticket is > 0 774c19800e8SDoug Rabson 775*ae771770SStanislav Sedov2004-04-25 Love Hörnquist Åstrand <lha@it.su.se> 776c19800e8SDoug Rabson 777c19800e8SDoug Rabson * lib/krb5/pkinit.c: use the right oid for pkauthdata 778c19800e8SDoug Rabson 779c19800e8SDoug Rabson * lib/krb5/pkinit.c: always send both win2k compat version and the 780c19800e8SDoug Rabson ietf draft one, this is possible since microsoft use 781c19800e8SDoug Rabson wrong/diffrent PA number. Make the configuration flag boolean 782c19800e8SDoug Rabson configuring if NOT to send the win2k compat glue. 783c19800e8SDoug Rabson 784c19800e8SDoug Rabson * lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec 785c19800e8SDoug Rabson 786c19800e8SDoug Rabson * kuser/copy_cred_cache.1: pacify mdoclint 787c19800e8SDoug Rabson 788c19800e8SDoug Rabson * kdc/pkinit.c: use IV for envelopeddata encryption, patch 789c19800e8SDoug Rabson originally from Luke Howard <lukeh@padl.com>, tweeked by me. 790c19800e8SDoug Rabson 791c19800e8SDoug Rabson * lib/krb5/krb5_storage.3: document 792c19800e8SDoug Rabson KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 793c19800e8SDoug Rabson 794c19800e8SDoug Rabson * lib/krb5/krb5_data.3: document that krb5_data_free cleans the 795c19800e8SDoug Rabson structure too 796c19800e8SDoug Rabson 797c19800e8SDoug Rabson * lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch 798c19800e8SDoug Rabson originally from Luke Howard <lukeh@padl.com>, tweeked by me. 799c19800e8SDoug Rabson 800c19800e8SDoug Rabson2004-04-24 Johan Danielsson <joda@pdc.kth.se> 801c19800e8SDoug Rabson 802c19800e8SDoug Rabson * kuser/copy_cred_cache.{c,1}: add cred cache copy tool 803c19800e8SDoug Rabson 804c19800e8SDoug Rabson * configure.in: use rk_SYS_LARGEFILE 805c19800e8SDoug Rabson 806c19800e8SDoug Rabson * lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder 807c19800e8SDoug Rabson issue with a storage flag instead of a separate function. 808c19800e8SDoug Rabson 809*ae771770SStanislav Sedov2004-04-24 Love Hörnquist Åstrand <lha@it.su.se> 810c19800e8SDoug Rabson 811c19800e8SDoug Rabson * lib/krb5/pkinit.c: move out the oid check from get_reply_key 812c19800e8SDoug Rabson 813c19800e8SDoug Rabson * lib/krb5/pkinit.c: uniquify error messages 814c19800e8SDoug Rabson 815c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: make the pkinit nonce same os the 816c19800e8SDoug Rabson plain nonce for now 817c19800e8SDoug Rabson 818c19800e8SDoug Rabson * lib/krb5/pkinit.c: more w2k compat from Luke Howard 819c19800e8SDoug Rabson <lukeh@padl.com> add RC2 support, clean up error messages 820c19800e8SDoug Rabson 821c19800e8SDoug Rabson * lib/krb5/pkinit.c: remove more dependency on 822c19800e8SDoug Rabson krb5_config->pkinit_flags 823c19800e8SDoug Rabson 824c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft 825c19800e8SDoug Rabson style answer to IETF, From Luke Howard <lukeh@padl.com> 826c19800e8SDoug Rabson (_krb5_pk_create_sign): ms handles NULL in param, so always send it 827c19800e8SDoug Rabson (_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool } 828c19800e8SDoug Rabson 829c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the 830c19800e8SDoug Rabson digestAlgorithm to sha1 (both for SignerInfo and SignedData, add 831c19800e8SDoug Rabson new function _set_digest_alg to set it 832c19800e8SDoug Rabson 833*ae771770SStanislav Sedov2004-04-23 Love Hörnquist Åstrand <lha@it.su.se> 834c19800e8SDoug Rabson 835c19800e8SDoug Rabson * include/make_crypto.c: include rc2.h, and when I'm here, make 836c19800e8SDoug Rabson aes mandatory 837c19800e8SDoug Rabson 838c19800e8SDoug Rabson * lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT 839c19800e8SDoug Rabson kerberos 840c19800e8SDoug Rabson 841c19800e8SDoug Rabson * lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on 842c19800e8SDoug Rabson failure 843c19800e8SDoug Rabson 844c19800e8SDoug Rabson * lib/krb5/crypto.c (DES3_random_to_key): make it produce the 845c19800e8SDoug Rabson right result 846c19800e8SDoug Rabson (DES3_postproc): use DES3_random_to_key 847c19800e8SDoug Rabson (krb5_random_to_key): check the required number of bits (not the size 848c19800e8SDoug Rabson of the key) 849c19800e8SDoug Rabson 850c19800e8SDoug Rabson * lib/krb5/aes-test.c: test random to key function 851c19800e8SDoug Rabson 852c19800e8SDoug Rabson * lib/krb5/string-to-key-test.c: comment out the "@"/"" test for 853c19800e8SDoug Rabson now 854c19800e8SDoug Rabson 855*ae771770SStanislav Sedov2004-04-22 Love Hörnquist Åstrand <lha@it.su.se> 856c19800e8SDoug Rabson 857c19800e8SDoug Rabson * lib/krb5/krb5_string_to_key.3: document that 858c19800e8SDoug Rabson krb5_string_to_key_derived is broken for non 3des enctypes and 859c19800e8SDoug Rabson thus deprecated 860c19800e8SDoug Rabson 861c19800e8SDoug Rabson * kdc/pkinit.c (generate_dh_keyblock): use the new function 862c19800e8SDoug Rabson krb5_random_to_key 863c19800e8SDoug Rabson 864c19800e8SDoug Rabson * lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they 865c19800e8SDoug Rabson need special processing 866c19800e8SDoug Rabson 867c19800e8SDoug Rabson * lib/krb5/crypto.c (krb5_random_to_key): new function 868c19800e8SDoug Rabson 869c19800e8SDoug Rabson * lib/krb5/krb5_keyblock.3: document krb5_random_to_key 870c19800e8SDoug Rabson 871*ae771770SStanislav Sedov2004-04-21 Love Hörnquist Åstrand <lha@it.su.se> 872c19800e8SDoug Rabson 873c19800e8SDoug Rabson * kdc/pkinit.c: use the first proposed enable enctype 874c19800e8SDoug Rabson 875c19800e8SDoug Rabson * lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the 876c19800e8SDoug Rabson return from krb5_enctype_valid 877c19800e8SDoug Rabson 878c19800e8SDoug Rabson * kdc/pkinit.c: at least try to handle diffrent enveloped enctypes 879c19800e8SDoug Rabson 880*ae771770SStanislav Sedov2004-04-21 Love Hörnquist Åstrand <lha@it.su.se> 881c19800e8SDoug Rabson 882c19800e8SDoug Rabson * lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid 883c19800e8SDoug Rabson components being smaller then 127 and allocate one extra element 884c19800e8SDoug Rabson since first byte is split to to elements. 885c19800e8SDoug Rabson 886*ae771770SStanislav Sedov2004-04-20 Love Hörnquist Åstrand <lha@it.su.se> 887c19800e8SDoug Rabson 888c19800e8SDoug Rabson * lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE: 889c19800e8SDoug Rabson private use, lukeh@padl.com 890c19800e8SDoug Rabson 891*ae771770SStanislav Sedov2004-04-19 Love Hörnquist Åstrand <lha@it.su.se> 892c19800e8SDoug Rabson 893c19800e8SDoug Rabson * lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode 894c19800e8SDoug Rabson DH public key 895c19800e8SDoug Rabson 896*ae771770SStanislav Sedov2004-04-18 Love Hörnquist Åstrand <lha@it.su.se> 897c19800e8SDoug Rabson 898c19800e8SDoug Rabson * lib/krb5/krb5_init_context.3: add krb5_context to so its added 899c19800e8SDoug Rabson as manpage-link too 900c19800e8SDoug Rabson 901*ae771770SStanislav Sedov2004-04-17 Love Hörnquist Åstrand <lha@it.su.se> 902c19800e8SDoug Rabson 903c19800e8SDoug Rabson * lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation, 904c19800e8SDoug Rabson XXX add locking 905c19800e8SDoug Rabson 906c19800e8SDoug Rabson * kuser/kdestroy.c: add --credential argument that just remove one 907c19800e8SDoug Rabson credential entry out of the cache specified 908c19800e8SDoug Rabson 909c19800e8SDoug Rabson * kdc/pkinit.c: replace the krb5.conf configuration option that 910c19800e8SDoug Rabson describes the mapping between principals and subject names with a 911c19800e8SDoug Rabson file, default /var/heimdal/pki-mapping. XXX this should be pushed 912c19800e8SDoug Rabson into HDB. XXX should add issuer too 913c19800e8SDoug Rabson 914c19800e8SDoug Rabson * kdc/config.c: merge certificate/private_key to a user_id 915c19800e8SDoug Rabson 916*ae771770SStanislav Sedov2004-04-16 Love Hörnquist Åstrand <lha@it.su.se> 917c19800e8SDoug Rabson 918c19800e8SDoug Rabson * kdc/kdc_locl.h: update prototype for pk_initialize 919c19800e8SDoug Rabson 920c19800e8SDoug Rabson * kuser/kinit.c: merge certificate/private_key to a user_id 921c19800e8SDoug Rabson 922c19800e8SDoug Rabson * kdc/pkinit.c: adapt to heim_integer changes 923c19800e8SDoug Rabson 924c19800e8SDoug Rabson * lib/krb5/pkinit.c: merge certificate/private_key to a user_id 925c19800e8SDoug Rabson 926c19800e8SDoug Rabson * kdc/pkinit.c: adapt to heim_integer changes, 927c19800e8SDoug Rabson merge certificate/private_key to a user_id 928c19800e8SDoug Rabson 929*ae771770SStanislav Sedov2004-04-15 Love Hörnquist Åstrand <lha@it.su.se> 930c19800e8SDoug Rabson 931c19800e8SDoug Rabson * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE 932c19800e8SDoug Rabson 933*ae771770SStanislav Sedov2004-04-13 Love Hörnquist Åstrand <lha@it.su.se> 934c19800e8SDoug Rabson 935c19800e8SDoug Rabson * lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building 936c19800e8SDoug Rabson libkrb5.la, add KRB5_LIB_FUNCTION proto 937c19800e8SDoug Rabson 938c19800e8SDoug Rabson * lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION 939c19800e8SDoug Rabson 940c19800e8SDoug Rabson * configure.in: export KRB5_LIB_FUNCTION when building with 941c19800e8SDoug Rabson BUILD_KRB5_LIB 942c19800e8SDoug Rabson 943c19800e8SDoug Rabson * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add 944c19800e8SDoug Rabson error strings 945c19800e8SDoug Rabson 946c19800e8SDoug Rabson * lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing 947c19800e8SDoug Rabson is printed on stderr, fflush it 948c19800e8SDoug Rabson 949c19800e8SDoug Rabson * lib/krb5/krb5_keyblock.3: free functions also zeros out the key 950c19800e8SDoug Rabson 951c19800e8SDoug Rabson * lib/krb5/krb5_get_init_creds.3: some text about 952c19800e8SDoug Rabson krb5_prompter_posix 953c19800e8SDoug Rabson 954c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: document hdb-ldap-structural-object 955c19800e8SDoug Rabson 956c19800e8SDoug Rabson * lib/krb5/cache.c: add krb5_cc_get_prefix_ops 957c19800e8SDoug Rabson 958c19800e8SDoug Rabson * lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops 959c19800e8SDoug Rabson 960*ae771770SStanislav Sedov2004-04-05 Love Hörnquist Åstrand <lha@it.su.se> 961c19800e8SDoug Rabson 962c19800e8SDoug Rabson * appl/test/http_client.c: support GSS_C_DELEG_FLAG and 963c19800e8SDoug Rabson GSS_C_MUTUAL_FLAG 964c19800e8SDoug Rabson 965c19800e8SDoug Rabson * appl/test/http_client.c: verbose logging 966c19800e8SDoug Rabson 967*ae771770SStanislav Sedov2004-04-02 Love Hörnquist Åstrand <lha@it.su.se> 968c19800e8SDoug Rabson 969c19800e8SDoug Rabson * kdc/connect.c: case size_t to unsigned long for LP64 platforms 970c19800e8SDoug Rabson 971*ae771770SStanislav Sedov2004-04-01 Love Hörnquist Åstrand <lha@it.su.se> 972c19800e8SDoug Rabson 973c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of 974c19800e8SDoug Rabson default structural object 975c19800e8SDoug Rabson 976c19800e8SDoug Rabson * tools/Makefile.am: handle sed expression breaking 977c19800e8SDoug Rabson 978*ae771770SStanislav Sedov2004-03-31 Love Hörnquist Åstrand <lha@it.su.se> 979c19800e8SDoug Rabson 980c19800e8SDoug Rabson * lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr 981c19800e8SDoug Rabson 982c19800e8SDoug Rabson * lib/krb5/changepw.c: add tcp support to the set protocol, should 983c19800e8SDoug Rabson be cleaned up to enable sharing code with krb5_sendto 984c19800e8SDoug Rabson 985c19800e8SDoug Rabson * kpasswd/kpasswd.c (change_password): remove extra free 986c19800e8SDoug Rabson 987c19800e8SDoug Rabson * lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on 988c19800e8SDoug Rabson osf/1 989c19800e8SDoug Rabson 990*ae771770SStanislav Sedov2004-03-30 Love Hörnquist Åstrand <lha@it.su.se> 991c19800e8SDoug Rabson 992c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't 993c19800e8SDoug Rabson increase md->len, krb5_padata_add already does that 994c19800e8SDoug Rabson 995c19800e8SDoug Rabson * lib/krb5/init_creds.c: its PAC not PAQ 996c19800e8SDoug Rabson 997c19800e8SDoug Rabson * kuser/kinit.c: its PAC not PAQ 998c19800e8SDoug Rabson 999c19800e8SDoug Rabson * kdc/kerberos4.c: stop the client from renewing tickets into the 1000c19800e8SDoug Rabson future From: Jeffrey Hutzelman <jhutz@cmu.edu> 1001c19800e8SDoug Rabson 1002*ae771770SStanislav Sedov2004-03-29 Love Hörnquist Åstrand <lha@it.su.se> 1003c19800e8SDoug Rabson 1004c19800e8SDoug Rabson * configure.in: try to handle sys/strtty.h needing sys/stream.h 1005c19800e8SDoug Rabson 1006*ae771770SStanislav Sedov2004-03-23 Love Hörnquist Åstrand <lha@it.su.se> 1007c19800e8SDoug Rabson 1008c19800e8SDoug Rabson * lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no 1009c19800e8SDoug Rabson longer used 1010c19800e8SDoug Rabson 1011c19800e8SDoug Rabson * kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/ 1012c19800e8SDoug Rabson 1013c19800e8SDoug Rabson * lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to 1014c19800e8SDoug Rabson external users by prefixing it with _ 1015c19800e8SDoug Rabson 1016c19800e8SDoug Rabson * lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/ 1017c19800e8SDoug Rabson 1018c19800e8SDoug Rabson * lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external 1019c19800e8SDoug Rabson users by prefixing it with _ 1020c19800e8SDoug Rabson 1021*ae771770SStanislav Sedov2004-03-22 Love Hörnquist Åstrand <lha@it.su.se> 1022c19800e8SDoug Rabson 1023c19800e8SDoug Rabson * lib/krb5/pkinit.c: add missing } 1024c19800e8SDoug Rabson 1025*ae771770SStanislav Sedov2004-03-21 Love Hörnquist Åstrand <lha@it.su.se> 1026c19800e8SDoug Rabson 1027c19800e8SDoug Rabson * kdc/pkinit.c: adapt to change of signature of 1028c19800e8SDoug Rabson _krb5_pk_load_openssl_id 1029c19800e8SDoug Rabson 1030c19800e8SDoug Rabson * lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add 1031c19800e8SDoug Rabson prompter argument and use it 1032c19800e8SDoug Rabson 1033c19800e8SDoug Rabson * kuser/kinit.c: adapt to signature change of 1034c19800e8SDoug Rabson krb5_get_init_creds_opt_set_pkinit 1035c19800e8SDoug Rabson 1036c19800e8SDoug Rabson * lib/krb5/krb5.3: add more stuff, 105 functions to go 1037c19800e8SDoug Rabson 1038c19800e8SDoug Rabson * lib/krb5/krb5_rcache.3: add krb5_get_server_rcache 1039c19800e8SDoug Rabson 1040c19800e8SDoug Rabson * lib/krb5/krb5_rcache.3: framework for replay cache manpage 1041c19800e8SDoug Rabson 1042c19800e8SDoug Rabson * lib/krb5/krb5_string_to_key.3: document string to key functions 1043c19800e8SDoug Rabson 1044c19800e8SDoug Rabson * lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3 1045c19800e8SDoug Rabson krb5_find_padata.3 krb5_generate_random_block.3 1046c19800e8SDoug Rabson 1047c19800e8SDoug Rabson * lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length 1048c19800e8SDoug Rabson 1049c19800e8SDoug Rabson * lib/krb5/krb5.3: add some more, 137 to go 1050c19800e8SDoug Rabson 1051c19800e8SDoug Rabson * lib/krb5/krb5_principal.3: document krb5_get_default_principal 1052c19800e8SDoug Rabson 1053c19800e8SDoug Rabson * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey 1054c19800e8SDoug Rabson 1055c19800e8SDoug Rabson * lib/krb5/krb5_generate_random_block.3: document 1056c19800e8SDoug Rabson krb5_generate_random_block 1057c19800e8SDoug Rabson 1058c19800e8SDoug Rabson * lib/krb5/krb5_find_padata.3: document padata functions 1059c19800e8SDoug Rabson 1060c19800e8SDoug Rabson * lib/krb5/krb5.3: add some more, 142 to go 1061c19800e8SDoug Rabson 1062c19800e8SDoug Rabson * lib/krb5/krb5_creds.3: drop .Pp before .Sh 1063c19800e8SDoug Rabson 1064c19800e8SDoug Rabson * lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm 1065c19800e8SDoug Rabson 1066c19800e8SDoug Rabson * lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname 1067c19800e8SDoug Rabson and krb5_expand_hostname_realms 1068c19800e8SDoug Rabson 1069c19800e8SDoug Rabson * lib/krb5/krb5.3: add more functions, 147 to go 1070c19800e8SDoug Rabson 1071c19800e8SDoug Rabson * lib/krb5/krb5_creds.3: document krb5_creds 1072c19800e8SDoug Rabson 1073c19800e8SDoug Rabson * lib/krb5/krb5_get_init_creds.3: add more functions, some more 1074c19800e8SDoug Rabson text 1075c19800e8SDoug Rabson 1076c19800e8SDoug Rabson * lib/krb5/krb5_ticket.3: document 1077c19800e8SDoug Rabson krb5_ticket_get_authorization_data_type 1078c19800e8SDoug Rabson 1079*ae771770SStanislav Sedov2004-03-20 Love Hörnquist Åstrand <lha@it.su.se> 1080c19800e8SDoug Rabson 1081c19800e8SDoug Rabson * lib/krb5/aes-test.c: remove #if 0'ed code 1082c19800e8SDoug Rabson 1083c19800e8SDoug Rabson * lib/krb5/krb5.3: add keyblock functions, 177 functions to go 1084c19800e8SDoug Rabson 1085c19800e8SDoug Rabson * lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache 1086c19800e8SDoug Rabson 1087c19800e8SDoug Rabson * lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket 1088c19800e8SDoug Rabson 1089c19800e8SDoug Rabson * lib/krb5/krb5_config.3: document krb5_config_free_strings and 1090c19800e8SDoug Rabson krb5_config_file_free 1091c19800e8SDoug Rabson 1092c19800e8SDoug Rabson * lib/krb5/krb5_create_checksum.3: add krb5_hmac 1093c19800e8SDoug Rabson 1094c19800e8SDoug Rabson * lib/krb5/krb5.3: add keyblock functions, 190 functions to go 1095c19800e8SDoug Rabson 1096c19800e8SDoug Rabson * lib/krb5/krb5_keyblock.3: update .Dd 1097c19800e8SDoug Rabson 1098c19800e8SDoug Rabson * lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and 1099c19800e8SDoug Rabson krb5_generate_random_keyblock 1100c19800e8SDoug Rabson 1101c19800e8SDoug Rabson * lib/krb5/krb5_init_context.3: add krb5_init_ets 1102c19800e8SDoug Rabson 1103c19800e8SDoug Rabson * lib/krb5/krb5_config.3: add more krb5_config_ functions and 1104c19800e8SDoug Rabson prototypes 1105c19800e8SDoug Rabson 1106c19800e8SDoug Rabson * lib/krb5/krb5_init_context.3: document context modifcation 1107c19800e8SDoug Rabson functions: address list, config file, use admin kdc, fcc version 1108c19800e8SDoug Rabson 1109c19800e8SDoug Rabson * lib/krb5/krb5_storage.3: document krb5_storage and related 1110c19800e8SDoug Rabson functions 1111c19800e8SDoug Rabson 1112c19800e8SDoug Rabson * lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc 1113c19800e8SDoug Rabson manpages and test_acl test program 1114c19800e8SDoug Rabson 1115c19800e8SDoug Rabson * lib/krb5/krb5.3: add error string functions and sort 1116c19800e8SDoug Rabson 1117c19800e8SDoug Rabson * lib/krb5/krb5_warn.3: document krb5_abort and error string 1118c19800e8SDoug Rabson functions 1119c19800e8SDoug Rabson 1120c19800e8SDoug Rabson * lib/krb5/krb5.3: add missing functions, only 285 left to 1121c19800e8SDoug Rabson document 1122c19800e8SDoug Rabson 1123c19800e8SDoug Rabson * lib/krb5/krb5_crypto_init.3: remove various enctype related 1124c19800e8SDoug Rabson function 1125c19800e8SDoug Rabson 1126c19800e8SDoug Rabson * lib/krb5/krb5_encrypt.3: add various enctype related function 1127c19800e8SDoug Rabson here 1128c19800e8SDoug Rabson 1129c19800e8SDoug Rabson * lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid 1130c19800e8SDoug Rabson krb5_cksumtype_valid 1131c19800e8SDoug Rabson 1132c19800e8SDoug Rabson * lib/krb5/crypto.c: real return values for 1133c19800e8SDoug Rabson krb5_{enctype,cksumtype}_valid 1134c19800e8SDoug Rabson 1135c19800e8SDoug Rabson * lib/krb5/krb5_create_checksum.3: add some functions and 1136c19800e8SDoug Rabson descriptions 1137c19800e8SDoug Rabson 1138c19800e8SDoug Rabson * lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions 1139c19800e8SDoug Rabson 1140c19800e8SDoug Rabson * lib/krb5/krb5_auth_context.3: document 1141c19800e8SDoug Rabson krb5_auth_con_generatelocalsubkey 1142c19800e8SDoug Rabson 1143c19800e8SDoug Rabson * lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags 1144c19800e8SDoug Rabson 1145c19800e8SDoug Rabson * lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name 1146c19800e8SDoug Rabson 1147c19800e8SDoug Rabson * lib/krb5/krb5_init_context.3: document krb5_add_et_list 1148c19800e8SDoug Rabson 1149c19800e8SDoug Rabson * lib/krb5/krb524_convert_creds_kdc.3: document 1150c19800e8SDoug Rabson krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache 1151c19800e8SDoug Rabson 1152c19800e8SDoug Rabson * lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_* 1153c19800e8SDoug Rabson 1154c19800e8SDoug Rabson * lib/krb5/test_acl.c: test for generic acl code 1155c19800e8SDoug Rabson 1156c19800e8SDoug Rabson * lib/krb5/acl.c: plug memory leak on file matching, 1157c19800e8SDoug Rabson make it not fall over when no non matching acl, 1158c19800e8SDoug Rabson make fnmatch matching useful by switching arguments 1159c19800e8SDoug Rabson 1160*ae771770SStanislav Sedov2004-03-19 Love Hörnquist Åstrand <lha@it.su.se> 1161c19800e8SDoug Rabson 1162c19800e8SDoug Rabson * kdc/config.c: add --builtin-hdb command 1163c19800e8SDoug Rabson 1164c19800e8SDoug Rabson * lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin 1165c19800e8SDoug Rabson backends 1166c19800e8SDoug Rabson 1167c19800e8SDoug Rabson * doc/setup.texi: include Luke Howard of PADL.COM ldap hdb 1168c19800e8SDoug Rabson documentation 1169c19800e8SDoug Rabson 1170c19800e8SDoug Rabson * doc/win2k.texi: fix bugs in examples, add more restrictions, use 1171c19800e8SDoug Rabson example.com as an example. From: Pavel Ferdan 1172c19800e8SDoug Rabson <xferdan@informatics.muni.cz> 1173c19800e8SDoug Rabson 1174c19800e8SDoug Rabson2004-03-18 Johan Danielsson <joda@pdc.kth.se> 1175c19800e8SDoug Rabson 1176c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin] 1177c19800e8SDoug Rabson password_lifetime; from Henry B. Hotz 1178c19800e8SDoug Rabson 1179*ae771770SStanislav Sedov2004-03-14 Love Hörnquist Åstrand <lha@it.su.se> 1180c19800e8SDoug Rabson 1181c19800e8SDoug Rabson * lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY 1182c19800e8SDoug Rabson is set send subkey 1183c19800e8SDoug Rabson (generate if needed) 1184c19800e8SDoug Rabson 1185c19800e8SDoug Rabson * lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY 1186c19800e8SDoug Rabson 1187*ae771770SStanislav Sedov2004-03-14 Love Hörnquist Åstrand <lha@it.su.se> 1188c19800e8SDoug Rabson 1189c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks, 1190c19800e8SDoug Rabson and free memory in error path, assume realloc(NULL, ...) works, 1191c19800e8SDoug Rabson factor out common code, indent 1192c19800e8SDoug Rabson 1193*ae771770SStanislav Sedov2004-03-12 Love Hörnquist Åstrand <lha@it.su.se> 1194c19800e8SDoug Rabson 1195c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: understand [password_quality] 1196c19800e8SDoug Rabson spelling 1197c19800e8SDoug Rabson 1198c19800e8SDoug Rabson * kuser/kgetcred.1: document --canonicalize 1199c19800e8SDoug Rabson 1200c19800e8SDoug Rabson * kuser/kgetcred.c: add --canonicalize 1201c19800e8SDoug Rabson 1202*ae771770SStanislav Sedov2004-03-10 Love Hörnquist Åstrand <lha@it.su.se> 1203c19800e8SDoug Rabson 1204c19800e8SDoug Rabson * lib/krb5/fcache.c (fcc_store_cred): NULL terminate 1205c19800e8SDoug Rabson krb5_config_get_bool_default' arglist 1206c19800e8SDoug Rabson 1207*ae771770SStanislav Sedov2004-03-09 Love Hörnquist Åstrand <lha@it.su.se> 1208c19800e8SDoug Rabson 1209c19800e8SDoug Rabson * kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply 1210c19800e8SDoug Rabson 1211c19800e8SDoug Rabson * kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry 1212c19800e8SDoug Rabson 1213c19800e8SDoug Rabson * kdc/pkinit.c: pass client hdb_entry to pk_check_client 1214c19800e8SDoug Rabson 1215c19800e8SDoug Rabson * kdc/kdc_locl.h: pass client hdb_entry to pk_check_client 1216c19800e8SDoug Rabson 1217c19800e8SDoug Rabson * kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its 1218c19800e8SDoug Rabson more like that language in RFC3280 1219c19800e8SDoug Rabson 1220c19800e8SDoug Rabson * lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since 1221c19800e8SDoug Rabson its more like that language in RFC3280 1222c19800e8SDoug Rabson 1223c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: document 1224c19800e8SDoug Rabson [libdefaults]fcc-mit-ticketflags=boolean 1225c19800e8SDoug Rabson 1226c19800e8SDoug Rabson * lib/krb5/fcache.c (fcc_store_cred): use 1227c19800e8SDoug Rabson [libdefaults]fcc-mit-ticketflags=boolean to decide what format to 1228c19800e8SDoug Rabson write the fcc in. Default to mit version (aka heimdal 0.7) 1229c19800e8SDoug Rabson 1230c19800e8SDoug Rabson * lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and 1231c19800e8SDoug Rabson _krb5_store_creds_heimdal_pre_0_7 that store the creds in just 1232c19800e8SDoug Rabson that format make krb5_store_creds default to mit format 1233c19800e8SDoug Rabson 1234c19800e8SDoug Rabson * lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is 1235c19800e8SDoug Rabson the higher bits of the bitfield 1236c19800e8SDoug Rabson 1237*ae771770SStanislav Sedov2004-03-08 Love Hörnquist Åstrand <lha@it.su.se> 1238c19800e8SDoug Rabson 1239c19800e8SDoug Rabson * lib/krb5/store.c (krb5_store_creds): add disabled code that 1240c19800e8SDoug Rabson store the ticket flags in reverse order 1241c19800e8SDoug Rabson (bitswap32): new function 1242c19800e8SDoug Rabson 1243c19800e8SDoug Rabson * lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags 1244c19800e8SDoug Rabson are set, its a mit cache, reverse the bits, bug pointed out by 1245c19800e8SDoug Rabson Sergio Gelato <Sergio.Gelato@astro.su.se> 1246c19800e8SDoug Rabson 1247*ae771770SStanislav Sedov2004-03-07 Love Hörnquist Åstrand <lha@it.su.se> 1248c19800e8SDoug Rabson 1249c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP * 1250c19800e8SDoug Rabson 1251c19800e8SDoug Rabson * kuser/kinit.c: when running kinit with a subprocess, fetch new 1252c19800e8SDoug Rabson tickets after half the tickets lifetime 1253c19800e8SDoug Rabson 1254c19800e8SDoug Rabson * lib/hdb/hdb.c: spelling 1255c19800e8SDoug Rabson 1256c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba 1257c19800e8SDoug Rabson password database. From: Andrew Bartlett <abartlet@samba.org> 1258c19800e8SDoug Rabson 1259c19800e8SDoug Rabson * kdc/config.c: add --disable-DES 1260c19800e8SDoug Rabson 1261c19800e8SDoug Rabson * kdc/kdc.8: document --detach and --disable-DES 1262c19800e8SDoug Rabson 1263c19800e8SDoug Rabson * kdc/kerberos5.c: check if enctype is disabled before using it 1264c19800e8SDoug Rabson 1265c19800e8SDoug Rabson * lib/krb5/crypto.c: add support for disabling checksum/encryption 1266c19800e8SDoug Rabson types 1267c19800e8SDoug Rabson 1268c19800e8SDoug Rabson * tools/kdc-log-analyze.pl: add more cases 1269c19800e8SDoug Rabson 1270c19800e8SDoug Rabson * kdc/connect.c: on strange tcp error; log local port number and 1271c19800e8SDoug Rabson socket type 1272c19800e8SDoug Rabson 1273c19800e8SDoug Rabson * lib/asn1/der.h: fix prototype of encode_utf8string 1274c19800e8SDoug Rabson 1275c19800e8SDoug Rabson * lib/asn1/gen.c: catch CHOICE and generate dummy placeholder 1276c19800e8SDoug Rabson 1277c19800e8SDoug Rabson * lib/asn1/lex.l: added dummy parsing of CHOICE 1278c19800e8SDoug Rabson 1279c19800e8SDoug Rabson * lib/asn1/parse.y: added dummy parsing of CHOICE 1280c19800e8SDoug Rabson 1281c19800e8SDoug Rabson * lib/asn1/k5.asn1: drop SMTP_NAME 1282c19800e8SDoug Rabson 1283*ae771770SStanislav Sedov2004-03-06 Love Hörnquist Åstrand <lha@it.su.se> 1284c19800e8SDoug Rabson 1285c19800e8SDoug Rabson * lib/hdb/Makefile.am: support building ldap backend as module 1286c19800e8SDoug Rabson sort asn1 hdb files 1287c19800e8SDoug Rabson 1288c19800e8SDoug Rabson * lib/hdb/hdb.c: when building ldap as a shared module, don't 1289c19800e8SDoug Rabson include it in the list 1290c19800e8SDoug Rabson 1291c19800e8SDoug Rabson * configure.in: add --enable-hdb-openldap-module 1292c19800e8SDoug Rabson 1293c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: make ldap possible to build as a shared 1294c19800e8SDoug Rabson module 1295c19800e8SDoug Rabson 1296c19800e8SDoug Rabson * lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew 1297c19800e8SDoug Rabson Bartlett <abartlet@samba.org> 1298c19800e8SDoug Rabson 1299c19800e8SDoug Rabson * lib/krb5/crypto.c (decrypt_internal_special): do not not modify 1300c19800e8SDoug Rabson the original data test case from Ronnie Sahlberg 1301c19800e8SDoug Rabson <ronnie_sahlberg@ozemail.com.au> 1302c19800e8SDoug Rabson 1303*ae771770SStanislav Sedov2004-03-03 Love Hörnquist Åstrand <lha@it.su.se> 1304c19800e8SDoug Rabson 1305c19800e8SDoug Rabson * lib/krb5/test_cc.c: more cc tests, mostly related to mcc 1306c19800e8SDoug Rabson behavior 1307c19800e8SDoug Rabson 1308c19800e8SDoug Rabson * lib/krb5/mcache.c (mcc_get_principal): also check for 1309c19800e8SDoug Rabson primary_principal == NULL now that that isn't used as dead flag 1310c19800e8SDoug Rabson 1311c19800e8SDoug Rabson * lib/krb5/mcache.c: don't overload the primary_principal == NULL 1312c19800e8SDoug Rabson as dead since that doesn't always work. Based on patch from 1313c19800e8SDoug Rabson Jeffrey Hutzelman <jhutz@cmu.edu>, tweeked by me 1314c19800e8SDoug Rabson 1315*ae771770SStanislav Sedov2004-02-22 Love Hörnquist Åstrand <lha@it.su.se> 1316c19800e8SDoug Rabson 1317c19800e8SDoug Rabson * kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp 1318c19800e8SDoug Rabson 1319c19800e8SDoug Rabson * lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp 1320c19800e8SDoug Rabson 1321c19800e8SDoug Rabson * lib/hdb/db3.c: fix all db >= 4.1 cases 1322c19800e8SDoug Rabson 1323c19800e8SDoug Rabson * doc/setup.texi: add text about hostname to realm mapping using 1324c19800e8SDoug Rabson DNS 1325c19800e8SDoug Rabson 1326*ae771770SStanislav Sedov2004-02-20 Love Hörnquist Åstrand <lha@it.su.se> 1327c19800e8SDoug Rabson 1328c19800e8SDoug Rabson * kdc/pkinit.c: update error codes 1329c19800e8SDoug Rabson 1330c19800e8SDoug Rabson * lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_ 1331c19800e8SDoug Rabson 1332c19800e8SDoug Rabson * lib/krb5/pkinit.c: update error codes 1333c19800e8SDoug Rabson 1334*ae771770SStanislav Sedov2004-02-19 Love Hörnquist Åstrand <lha@it.su.se> 1335c19800e8SDoug Rabson 1336c19800e8SDoug Rabson * lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort() 1337c19800e8SDoug Rabson 1338c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling 1339c19800e8SDoug Rabson 1340c19800e8SDoug Rabson * lib/krb5/store.c: handle memory allocate errors 1341c19800e8SDoug Rabson 1342c19800e8SDoug Rabson * lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok, 1343c19800e8SDoug Rabson and don't put an error in the error strings then 1344c19800e8SDoug Rabson 1345*ae771770SStanislav Sedov2004-02-13 Love Hörnquist Åstrand <lha@it.su.se> 1346c19800e8SDoug Rabson 1347c19800e8SDoug Rabson * kdc/pkinit.c: s/heim_big_integer/heim_integer/ 1348c19800e8SDoug Rabson 1349c19800e8SDoug Rabson * lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/ 1350c19800e8SDoug Rabson 1351c19800e8SDoug Rabson * kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors 1352c19800e8SDoug Rabson 1353c19800e8SDoug Rabson * lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT 1354c19800e8SDoug Rabson errors 1355c19800e8SDoug Rabson 1356c19800e8SDoug Rabson * lib/krb5/heim_err.et: add HEIM_PKINIT specific errors 1357c19800e8SDoug Rabson 1358*ae771770SStanislav Sedov2004-02-12 Love Hörnquist Åstrand <lha@it.su.se> 1359c19800e8SDoug Rabson 1360c19800e8SDoug Rabson * configure.in: rename AC_WFLAGS to rk_WFLAGS 1361c19800e8SDoug Rabson 1362c19800e8SDoug Rabson * acinclude.m4: use m4_define, over-quote string 1363c19800e8SDoug Rabson 1364*ae771770SStanislav Sedov2004-02-11 Love Hörnquist Åstrand <lha@it.su.se> 1365c19800e8SDoug Rabson 1366c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (change_password): handle that 1367c19800e8SDoug Rabson printf("%.*s", 0, (void*)NULL); doesn't work on solaris 1368c19800e8SDoug Rabson 1369*ae771770SStanislav Sedov2004-02-10 Love Hörnquist Åstrand <lha@it.su.se> 1370c19800e8SDoug Rabson 1371c19800e8SDoug Rabson * kpasswd/kpasswd.c (change_password): handle that printf("%.*s", 1372c19800e8SDoug Rabson 0, (void*)NULL); doesn't work on solaris 1373c19800e8SDoug Rabson 1374c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses 1375c19800e8SDoug Rabson some locate.updatedb, use FILES section to describe where the file 1376c19800e8SDoug Rabson is instead. 1377c19800e8SDoug Rabson 1378*ae771770SStanislav Sedov2004-02-07 Love Hörnquist Åstrand <lha@it.su.se> 1379c19800e8SDoug Rabson 1380c19800e8SDoug Rabson * lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned 1381c19800e8SDoug Rabson for certain negative integers, it got the length wrong" , from 1382c19800e8SDoug Rabson Panasas, Inc. 1383c19800e8SDoug Rabson 1384c19800e8SDoug Rabson * lib/asn1/der_length.c: Fix len_unsigned for certain negative 1385c19800e8SDoug Rabson integers, it got the length wrong, fix from Panasas, Inc. 1386c19800e8SDoug Rabson 1387c19800e8SDoug Rabson rename len_int and len_unsigned to _heim_\& 1388c19800e8SDoug Rabson 1389c19800e8SDoug Rabson * lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int 1390c19800e8SDoug Rabson 1391c19800e8SDoug Rabson2004-02-06 Dave Love <d.love@dl.ac.uk> 1392c19800e8SDoug Rabson 1393c19800e8SDoug Rabson * configure.in: Check for sys/socket.h, net/if.h. Modify term.h, 1394c19800e8SDoug Rabson security/pam_appl.h tests. 1395c19800e8SDoug Rabson 1396*ae771770SStanislav Sedov2004-02-03 Love Hörnquist Åstrand <lha@it.su.se> 1397c19800e8SDoug Rabson 1398c19800e8SDoug Rabson * lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add 1399c19800e8SDoug Rabson up the size of all the elements, don't use just the size of the 1400c19800e8SDoug Rabson last element. 1401c19800e8SDoug Rabson 1402c19800e8SDoug Rabson * lib/krb5/aes-test.c: add "next iv" test for aes128, check 1403c19800e8SDoug Rabson decryption case too 1404c19800e8SDoug Rabson 1405c19800e8SDoug Rabson * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of 1406c19800e8SDoug Rabson the next to last block, fix decryption case too 1407c19800e8SDoug Rabson 1408c19800e8SDoug Rabson * lib/krb5/aes-test.c: add "next iv" test for aes128 1409c19800e8SDoug Rabson 1410c19800e8SDoug Rabson * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of 1411c19800e8SDoug Rabson the next to last block 1412c19800e8SDoug Rabson 1413c19800e8SDoug Rabson * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode 1414c19800e8SDoug Rabson error 1415c19800e8SDoug Rabson 1416c19800e8SDoug Rabson * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode 1417c19800e8SDoug Rabson error 1418c19800e8SDoug Rabson 1419c19800e8SDoug Rabson * lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1 1420c19800e8SDoug Rabson encode error 1421c19800e8SDoug Rabson 1422c19800e8SDoug Rabson * lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode 1423c19800e8SDoug Rabson error 1424c19800e8SDoug Rabson 1425c19800e8SDoug Rabson * lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1 1426c19800e8SDoug Rabson encode error 1427c19800e8SDoug Rabson 1428c19800e8SDoug Rabson * lib/krb5/build_auth.c (krb5_build_authenticator): abort on 1429c19800e8SDoug Rabson internal asn1 encode error 1430c19800e8SDoug Rabson 1431c19800e8SDoug Rabson * lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal 1432c19800e8SDoug Rabson asn1 encode error 1433c19800e8SDoug Rabson 1434*ae771770SStanislav Sedov2004-01-30 Love Hörnquist Åstrand <lha@it.su.se> 1435c19800e8SDoug Rabson 1436c19800e8SDoug Rabson * doc/setup.texi: some text about order of [capaths] realms 1437c19800e8SDoug Rabson 1438*ae771770SStanislav Sedov2004-01-25 Love Hörnquist Åstrand <lha@it.su.se> 1439c19800e8SDoug Rabson 1440c19800e8SDoug Rabson * lib/krb5/context.c: register WRFILE ops 1441c19800e8SDoug Rabson 1442c19800e8SDoug Rabson * lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE) 1443c19800e8SDoug Rabson 1444c19800e8SDoug Rabson * lib/krb5/krb5.h: add krb5_wrfkt_ops 1445c19800e8SDoug Rabson 1446c19800e8SDoug Rabson * kpasswd/kpasswdd.c (change): use the right password when 1447c19800e8SDoug Rabson changing the password 1448c19800e8SDoug Rabson 1449*ae771770SStanislav Sedov2004-01-21 Love Hörnquist Åstrand <lha@it.su.se> 1450c19800e8SDoug Rabson 1451c19800e8SDoug Rabson * lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it 1452c19800e8SDoug Rabson means that the filesystem doesn't support locking 1453c19800e8SDoug Rabson 1454c19800e8SDoug Rabson * lib/krb5/keytab.c: remove #if 0 out file locking code 1455c19800e8SDoug Rabson 1456*ae771770SStanislav Sedov2004-01-19 Love Hörnquist Åstrand <lha@it.su.se> 1457c19800e8SDoug Rabson 1458c19800e8SDoug Rabson * lib/asn1/gen_length.c (length_type): TSequenceOf: add up the 1459c19800e8SDoug Rabson size of all the elements, don't use just the size of the last 1460c19800e8SDoug Rabson element. 1461c19800e8SDoug Rabson 1462*ae771770SStanislav Sedov2004-01-13 Love Hörnquist Åstrand <lha@it.su.se> 1463c19800e8SDoug Rabson 1464c19800e8SDoug Rabson * kuser/kinit.c (renew_validate): if renewable_flag and not time 1465c19800e8SDoug Rabson specifed, use "1 month" 1466c19800e8SDoug Rabson 1467*ae771770SStanislav Sedov2004-01-08 Love Hörnquist Åstrand <lha@it.su.se> 1468c19800e8SDoug Rabson 1469c19800e8SDoug Rabson * lib/krb5/krb5_keyblock.3: add prototypes, describe 1470c19800e8SDoug Rabson krb5_keyblock_zero 1471c19800e8SDoug Rabson 1472*ae771770SStanislav Sedov2004-01-05 Love Hörnquist Åstrand <lha@it.su.se> 1473c19800e8SDoug Rabson 1474c19800e8SDoug Rabson * lib/krb5/get_for_creds.c (add_addrs): don't add same address 1475c19800e8SDoug Rabson multiple times 1476c19800e8SDoug Rabson 1477c19800e8SDoug Rabson * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to 1478c19800e8SDoug Rabson handle errors better for previous commit 1479c19800e8SDoug Rabson 1480c19800e8SDoug Rabson * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets 1481c19800e8SDoug Rabson are address-less, forward address-less tickets. 1482c19800e8SDoug Rabson 1483c19800e8SDoug Rabson * lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and 1484c19800e8SDoug Rabson export it 1485c19800e8SDoug Rabson 1486