1*ae771770SStanislav Sedov2005-12-15 Love Hörnquist Åstrand <lha@it.su.se> 2c19800e8SDoug Rabson 3c19800e8SDoug Rabson * kdc/kerberos5.c (tgs_make_reply): less const on hdb_entry_ex to 4c19800e8SDoug Rabson make samba happy 5c19800e8SDoug Rabson 6c19800e8SDoug Rabson * fix-export: Build kdc-private.h. 7c19800e8SDoug Rabson 8*ae771770SStanislav Sedov2005-12-14 Love Hörnquist Åstrand <lha@it.su.se> 9c19800e8SDoug Rabson 10c19800e8SDoug Rabson * kdc/kerberos5.c (tgs_rep2): also print the principal for which 11c19800e8SDoug Rabson the enctype was missing 12c19800e8SDoug Rabson 13*ae771770SStanislav Sedov2005-12-13 Love Hörnquist Åstrand <lha@it.su.se> 14c19800e8SDoug Rabson 15c19800e8SDoug Rabson * kdc/kaserver.c: Finish up transition from hdb_entry to 16c19800e8SDoug Rabson hdb_entry_ex. 17c19800e8SDoug Rabson 18c19800e8SDoug Rabson * kdc/kerberos4.c: Finish up transition from hdb_entry to 19c19800e8SDoug Rabson hdb_entry_ex. 20c19800e8SDoug Rabson 21c19800e8SDoug Rabson * kdc/524.c: Finish up transition from hdb_entry to hdb_entry_ex. 22c19800e8SDoug Rabson 23c19800e8SDoug Rabson * kdc/kerberos5.c: Finish up transition from hdb_entry with 24c19800e8SDoug Rabson hdb_entry_ex. 25c19800e8SDoug Rabson 26c19800e8SDoug Rabson * lib/krb5/cache.c (krb5_cc_set_default_name): use 27c19800e8SDoug Rabson KRB5_DEFAULT_CCNAME. 28c19800e8SDoug Rabson 29c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME, pointer to 30c19800e8SDoug Rabson default credential cache. 31c19800e8SDoug Rabson 32c19800e8SDoug Rabson * lib/hdb/ndbm.c: memset hdb_entry_ex before use 33c19800e8SDoug Rabson 34c19800e8SDoug Rabson * lib/hdb/db3.c: memset hdb_entry_ex before use 35c19800e8SDoug Rabson 36c19800e8SDoug Rabson * lib/hdb/db.c: memset hdb_entry_ex before use 37c19800e8SDoug Rabson 38*ae771770SStanislav Sedov2005-12-12 Love Hörnquist Åstrand <lha@it.su.se> 39c19800e8SDoug Rabson 40c19800e8SDoug Rabson * lib/krb5/krb5.3: Add some more entrypoints. 41c19800e8SDoug Rabson 42c19800e8SDoug Rabson * lib/krb5/changepw.c: If there is a target principal, use the 43c19800e8SDoug Rabson realm of the realm to change the password with, 44c19800e8SDoug Rabson 45c19800e8SDoug Rabson * kuser/kinit.c: Default to use DH when fetching keys. 46c19800e8SDoug Rabson 47c19800e8SDoug Rabson * lib/hdb, kdc, kadmin/load.c: Wrap hdb_entry with hdb_entry_ex, patch 48c19800e8SDoug Rabson originally from Andrew Bartlet 49c19800e8SDoug Rabson 50c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: Wrap hdb_entry with hdb_entry_ex, add url 51c19800e8SDoug Rabson support, add ldapi support. 52c19800e8SDoug Rabson 53c19800e8SDoug Rabson * kdc/kerberos5.c (tgs_make_reply): there are no such things a 54c19800e8SDoug Rabson keytypes any more, just use enctypes. 55c19800e8SDoug Rabson 56c19800e8SDoug Rabson * kdc/kdc_locl.h: Remove private prototypes and instead include 57c19800e8SDoug Rabson <kdc-private.h>. 58c19800e8SDoug Rabson 59c19800e8SDoug Rabson * kdc/Makefile.am: Build kdc-private.h and depend on it. 60c19800e8SDoug Rabson 61c19800e8SDoug Rabson * kdc/config.c (configure): wrap line 62c19800e8SDoug Rabson 63c19800e8SDoug Rabson * doc/kerberos4.texi: KDC 4 support is always compiled in. 64c19800e8SDoug Rabson 65c19800e8SDoug Rabson * TODO: Remove some stuff that have been done. 66c19800e8SDoug Rabson 67c19800e8SDoug Rabson * Makefile.am: Split long line 68c19800e8SDoug Rabson 69*ae771770SStanislav Sedov * doc/apps.texi: Spelling, From Måns Nilsson. 70c19800e8SDoug Rabson 71*ae771770SStanislav Sedov * doc/install.texi: spelling, From Måns Nilsson 72c19800e8SDoug Rabson 73*ae771770SStanislav Sedov2005-12-11 Love Hörnquist Åstrand <lha@it.su.se> 74c19800e8SDoug Rabson 75c19800e8SDoug Rabson * lib/krb5/krb5_principal.3: Constify principal argument to on 76c19800e8SDoug Rabson krb5_principal_get_ functions. 77c19800e8SDoug Rabson 78c19800e8SDoug Rabson * lib/krb5/principal.c: Constify principal argument to on 79c19800e8SDoug Rabson krb5_principal_get_ functions. 80c19800e8SDoug Rabson 81*ae771770SStanislav Sedov2005-12-08 Love Hörnquist Åstrand <lha@it.su.se> 82c19800e8SDoug Rabson 83c19800e8SDoug Rabson * lib/hdb: drop convert_db, 0.0 to 0.1 transition was a long long 84c19800e8SDoug Rabson time ago 85c19800e8SDoug Rabson 86*ae771770SStanislav Sedov2005-12-05 Love Hörnquist Åstrand <lha@it.su.se> 87c19800e8SDoug Rabson 88c19800e8SDoug Rabson * lib/krb5/test_keytab.c: more tests, From Andrew Bartlet 89c19800e8SDoug Rabson 90c19800e8SDoug Rabson * lib/krb5/keytab_memory.c (mkt_remove_entry): realloc can return 91c19800e8SDoug Rabson NULL on success in the case 0 entries are allocated, From Andrew 92c19800e8SDoug Rabson Bartlet 93c19800e8SDoug Rabson 94*ae771770SStanislav Sedov2005-12-02 Love Hörnquist Åstrand <lha@it.su.se> 95c19800e8SDoug Rabson 96c19800e8SDoug Rabson * lib/krb5/acl.c (acl_parse_format): tmp needs to be freed too on 97c19800e8SDoug Rabson failure to parse format specifier. 98c19800e8SDoug Rabson 99c19800e8SDoug Rabson * lib/krb5/store-test.c: Free more of the allocated memory. 100c19800e8SDoug Rabson 101c19800e8SDoug Rabson * lib/krb5/crypto.c (krb5_derive_key): Free more of the allocated 102c19800e8SDoug Rabson memory, this function is only used by the test program. 103c19800e8SDoug Rabson 104c19800e8SDoug Rabson * lib/krb5/parse-name-test.c: Free more of the allocated memory. 105c19800e8SDoug Rabson 106c19800e8SDoug Rabson * lib/krb5/derived-key-test.c: Free more of the allocated memory. 107c19800e8SDoug Rabson 108*ae771770SStanislav Sedov2005-12-01 Love Hörnquist Åstrand <lha@it.su.se> 109c19800e8SDoug Rabson 110*ae771770SStanislav Sedov * doc/setup.texi: spelling, From Måns Nilsson 111c19800e8SDoug Rabson 112c19800e8SDoug Rabson * lib/krb5/krb5_keytab.3: Memory keytab are now named and 113c19800e8SDoug Rabson refcounted. 114c19800e8SDoug Rabson 115c19800e8SDoug Rabson * lib/krb5/test_keytab.c: Test that memory keytab are refcounted. 116c19800e8SDoug Rabson 117c19800e8SDoug Rabson * lib/krb5/keytab_memory.c: Index by name and start reference 118c19800e8SDoug Rabson counting on entries. 119c19800e8SDoug Rabson 120*ae771770SStanislav Sedov2005-11-30 Love Hörnquist Åstrand <lha@it.su.se> 121c19800e8SDoug Rabson 122c19800e8SDoug Rabson * lib/krb5/krb5.h (krb5_address_type): add 123c19800e8SDoug Rabson KRB5_ADDRESS_NETBIOS (20) 124c19800e8SDoug Rabson 125c19800e8SDoug Rabson * lib/hdb/hdb.c (find_method): accept relative paths as old db 126c19800e8SDoug Rabson format too. 127c19800e8SDoug Rabson 128c19800e8SDoug Rabson * lib/krb5/aes-test.c: Remove usage of krb5_enctype_to_keytype. 129c19800e8SDoug Rabson 130c19800e8SDoug Rabson2005-11-29 Dave Love <fx@gnu.org> 131c19800e8SDoug Rabson 132c19800e8SDoug Rabson * kcm/connect.c (kcm_loop): Use HAVE_DOOR_CREATE, not HAVE_DOORS. 133c19800e8SDoug Rabson 134*ae771770SStanislav Sedov2005-11-29 Love Hörnquist Åstrand <lha@it.su.se> 135c19800e8SDoug Rabson 136c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c (libdefaults_entries): add 137c19800e8SDoug Rabson default_cc_name 138c19800e8SDoug Rabson 139c19800e8SDoug Rabson * lib/hdb/hdb.c: Only match db databases on filename starting with 140c19800e8SDoug Rabson '/'. 141c19800e8SDoug Rabson 142c19800e8SDoug Rabson * lib/krb5/rd_req.c (krb5_verify_ap_re2): check timestamp in 143c19800e8SDoug Rabson authenticator 144c19800e8SDoug Rabson 145c19800e8SDoug Rabson * lib/krb5/rd_req.c (check_transited): explain the TR-type 0 146c19800e8SDoug Rabson better and why it matters. 147c19800e8SDoug Rabson 148c19800e8SDoug Rabson * lib/krb5/test_cc.c: test krb5_cc_get_prefix_ops 149c19800e8SDoug Rabson 150c19800e8SDoug Rabson * lib/krb5/cache.c (krb5_cc_get_prefix_ops): change the behavior 151c19800e8SDoug Rabson to return NULL when its not found, and fcc when the name starts 152c19800e8SDoug Rabson with a '/'. Almost matches behavior in other parts of the code, 153c19800e8SDoug Rabson but can't really do that since the name passed in to this function 154c19800e8SDoug Rabson may only contain the prefix itself without the colon. 155c19800e8SDoug Rabson 156c19800e8SDoug Rabson * lib/krb5/cache.c (krb5_cc_get_prefix_ops): if there are not 157c19800e8SDoug Rabson colon (:) in the name, its a file credential cache 158c19800e8SDoug Rabson 159c19800e8SDoug Rabson * lib/hdb/db3.c (hdb_db_create): use calloc to callocate memory 160c19800e8SDoug Rabson 161c19800e8SDoug Rabson * lib/hdb/ndbm.c (hdb_ndbm_create): use calloc to allocate memory 162c19800e8SDoug Rabson 163c19800e8SDoug Rabson * lib/hdb/db.c (hdb_db_create): use calloc to allocate memory 164c19800e8SDoug Rabson 165*ae771770SStanislav Sedov2005-11-28 Love Hörnquist Åstrand <lha@it.su.se> 166c19800e8SDoug Rabson 167c19800e8SDoug Rabson * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use session 168c19800e8SDoug Rabson key for delegated credentials 169c19800e8SDoug Rabson 170c19800e8SDoug Rabson * kdc/kerberos5.c (_kdc_as_rep): add comment when we send 171c19800e8SDoug Rabson ETYPE-INFO and ETYPE-INFO2, from Andrew Bartlett 172c19800e8SDoug Rabson 173*ae771770SStanislav Sedov2005-11-25 Love Hörnquist Åstrand <lha@it.su.se> 174c19800e8SDoug Rabson 175c19800e8SDoug Rabson * lib/krb5/keytab.c (krb5_kt_get_full_name): new function 176c19800e8SDoug Rabson 177*ae771770SStanislav Sedov2005-11-24 Love Hörnquist Åstrand <lha@it.su.se> 178c19800e8SDoug Rabson 179c19800e8SDoug Rabson * lib/krb5/test_crypto.c: Split encryption and s2k iterations to 180c19800e8SDoug Rabson diffrent counters, 38seconds of aes256 s2k is way too long. 181c19800e8SDoug Rabson 182c19800e8SDoug Rabson * lib/krb5/test_crypto.c: Add timing code for s2k function. 183c19800e8SDoug Rabson 184*ae771770SStanislav Sedov2005-11-07 Love Hörnquist Åstrand <lha@it.su.se> 185c19800e8SDoug Rabson 186c19800e8SDoug Rabson * kdc/kerberos5.c: Print the time the principal expired, based on 187c19800e8SDoug Rabson patch from Andrew Bartlett. 188c19800e8SDoug Rabson 189*ae771770SStanislav Sedov2005-11-01 Love Hörnquist Åstrand <lha@it.su.se> 190c19800e8SDoug Rabson 191c19800e8SDoug Rabson * lib/krb5/cache.c (krb5_cc_get_full_name): Add 192c19800e8SDoug Rabson 193*ae771770SStanislav Sedov2005-11-01 Love Hörnquist Åstrand <lha@it.su.se> 194c19800e8SDoug Rabson 195c19800e8SDoug Rabson * configure.in: Spelling, From Michael Banck <mbanck@debian.org> 196c19800e8SDoug Rabson 197*ae771770SStanislav Sedov2005-10-30 Love Hörnquist Åstrand <lha@it.su.se> 198c19800e8SDoug Rabson 199c19800e8SDoug Rabson * kcm/headers.h: Maybe include <sys/param.h>. 200c19800e8SDoug Rabson 201*ae771770SStanislav Sedov2005-10-27 Love Hörnquist Åstrand <lha@it.su.se> 202c19800e8SDoug Rabson 203c19800e8SDoug Rabson * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): 204c19800e8SDoug Rabson understand KRB5_AUTHDATA_IF_RELEVANT and KRB5_AUTHDATA_AND_OR (but 205c19800e8SDoug Rabson have KRB5_AUTHDATA_KDC_ISSUED commented out for now) 206c19800e8SDoug Rabson 207*ae771770SStanislav Sedov2005-10-26 Love Hörnquist Åstrand <lha@it.su.se> 208c19800e8SDoug Rabson 209c19800e8SDoug Rabson * kuser/klist.c: In the list caches view, rename the Status field 210c19800e8SDoug Rabson to Expires. 211c19800e8SDoug Rabson 212c19800e8SDoug Rabson * lib/krb5/krb5_encrypt.3: Fix mdoc for 213c19800e8SDoug Rabson krb5_encrypt_EncryptedData, Johnny Lam <jlam@pkgsrc.org> 214c19800e8SDoug Rabson 215*ae771770SStanislav Sedov2005-10-25 Love Hörnquist Åstrand <lha@it.su.se> 216c19800e8SDoug Rabson 217c19800e8SDoug Rabson * appl/test/gssapi_client.c: Check return value from asprintf 218c19800e8SDoug Rabson instead of string != NULL since it undefined behavior on 219*ae771770SStanislav Sedov Linux. From Björn Sandell 220c19800e8SDoug Rabson 221*ae771770SStanislav Sedov2005-10-21 Love Hörnquist Åstrand <lha@it.su.se> 222c19800e8SDoug Rabson 223c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_dh_group_ok): if not enough bits are 224c19800e8SDoug Rabson generated from the DH groups, fail. 225c19800e8SDoug Rabson 226c19800e8SDoug Rabson * kdc/pkinit.c (get_dh_param): Pass down config so this function 227c19800e8SDoug Rabson can check pkinit_dh_min_bits 228c19800e8SDoug Rabson 229c19800e8SDoug Rabson * kdc/config.c: Fill in pkinit_dh_min_bits from configuration 230c19800e8SDoug Rabson file. 231c19800e8SDoug Rabson 232c19800e8SDoug Rabson * kdc/kdc.h: Add pkinit_dh_min_bits to krb5_kdc_configuration. 233c19800e8SDoug Rabson 234*ae771770SStanislav Sedov2005-10-20 Love Hörnquist Åstrand <lha@it.su.se> 235c19800e8SDoug Rabson 236c19800e8SDoug Rabson * lib/krb5/pkinit.c: Add option to require binding between reply 237c19800e8SDoug Rabson and response for the win2k version of the protocol. 238c19800e8SDoug Rabson 239*ae771770SStanislav Sedov2005-10-19 Love Hörnquist Åstrand <lha@it.su.se> 240c19800e8SDoug Rabson 241c19800e8SDoug Rabson * doc/programming.texi: Text about Kerberos errors. 242c19800e8SDoug Rabson 243c19800e8SDoug Rabson * lib/krb5/pkinit.c: Try both ReplyKey and ReplyKey-Win2k for the 244c19800e8SDoug Rabson Windows case to support the updated -09 protocol (using 245c19800e8SDoug Rabson asChecksum). Tell KDC we support this by sending 246c19800e8SDoug Rabson KRB5-PADATA-PK-AS-09-BINDING in the pa-data. 247c19800e8SDoug Rabson 248c19800e8SDoug Rabson * lib/krb5/test_cc.c: Test copy FILE -> FILE, and MEMORY -> MEMORY 249c19800e8SDoug Rabson too. 250c19800e8SDoug Rabson 251c19800e8SDoug Rabson * lib/krb5/test_cc.c: Test krb5_cc_copy_cache and 252c19800e8SDoug Rabson krb5_cc_cache_match. 253c19800e8SDoug Rabson 254c19800e8SDoug Rabson * lib/krb5/cache.c (krb5_cc_cache_match): add function that 255c19800e8SDoug Rabson iterates over all credential caches for a user and returns a 256c19800e8SDoug Rabson match. 257c19800e8SDoug Rabson 258c19800e8SDoug Rabson * lib/krb5/krb5_ccache.3: Add krb5_cc_start_seq_get and an 259c19800e8SDoug Rabson example. 260c19800e8SDoug Rabson 261*ae771770SStanislav Sedov2005-10-18 Love Hörnquist Åstrand <lha@it.su.se> 262c19800e8SDoug Rabson 263c19800e8SDoug Rabson * doc/programming.texi: Try to explain krb5_ccache, krb5_principal 264c19800e8SDoug Rabson and errors. 265c19800e8SDoug Rabson 266*ae771770SStanislav Sedov2005-10-13 Love Hörnquist Åstrand <lha@it.su.se> 267c19800e8SDoug Rabson 268c19800e8SDoug Rabson * lib/krb5/krb5_get_credentials.3: Add example how to use 269c19800e8SDoug Rabson krb5_get_credentials. 270c19800e8SDoug Rabson 271*ae771770SStanislav Sedov2005-10-12 Love Hörnquist Åstrand <lha@it.su.se> 272c19800e8SDoug Rabson 273c19800e8SDoug Rabson * lib/krb5/init_creds.c: Rename private to opt_private. 274c19800e8SDoug Rabson 275c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: Rename private to opt_private. 276c19800e8SDoug Rabson 277c19800e8SDoug Rabson * lib/krb5/pkinit.c: rename element private to opt_private to make 278c19800e8SDoug Rabson c++ picky compilers less upset. 279c19800e8SDoug Rabson 280c19800e8SDoug Rabson * lib/krb5/krb5.h (krb5_get_init_creds_opt): rename element 281c19800e8SDoug Rabson private to opt_private to make c++ picky compilers less upset. 282c19800e8SDoug Rabson 283*ae771770SStanislav Sedov2005-10-08 Love Hörnquist Åstrand <lha@it.su.se> 284c19800e8SDoug Rabson 285c19800e8SDoug Rabson * lib/krb5/krbhst.c (_krb5_krbhost_info_move): new function 286c19800e8SDoug Rabson (_krb5_free_krbhst_info): expose to internal use 287c19800e8SDoug Rabson 288c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: Prepare to pass down a 289c19800e8SDoug Rabson krb5_krbhst_info into the pre-auth mechs 290c19800e8SDoug Rabson 291c19800e8SDoug Rabson * lib/krb5/pkinit.c: Inline short functions, share more code, 292c19800e8SDoug Rabson rename COMPAT_27 to COMPAT_IETF, pass down a krb5_krbhst_info for 293c19800e8SDoug Rabson verification of KDC info, and general cleaning up. 294c19800e8SDoug Rabson 295*ae771770SStanislav Sedov2005-10-07 Love Hörnquist Åstrand <lha@it.su.se> 296c19800e8SDoug Rabson 297c19800e8SDoug Rabson * lib/krb5/Makefile.am: Install krb5.moduli in sysconfdir. 298c19800e8SDoug Rabson 299c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: rename moduli file to SYSCONFDIR 300c19800e8SDoug Rabson "/krb5.moduli" 301c19800e8SDoug Rabson 302c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Add forward declaration for 303c19800e8SDoug Rabson krb5_dh_moduli. Add define for MODULI_FILE. 304c19800e8SDoug Rabson 305c19800e8SDoug Rabson * kdc/pkinit.c: Removing PK-INIT-19 support. 306c19800e8SDoug Rabson 307c19800e8SDoug Rabson * lib/krb5/pkinit.c: Removing PK-INIT-19 support. 308c19800e8SDoug Rabson 309c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_dh_group_ok): return DH group name on 310c19800e8SDoug Rabson success. 311c19800e8SDoug Rabson (krb5_get_init_creds_opt_set_pkinit): use moduli file if it exists 312c19800e8SDoug Rabson 313c19800e8SDoug Rabson * kdc/pkinit.c: Save DH group name and print it on success. 314c19800e8SDoug Rabson 315c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_dh_group_ok): if q is zero, ignore it. 316c19800e8SDoug Rabson 317c19800e8SDoug Rabson * kdc/pkinit.c: Check dh group parameters from client. 318c19800e8SDoug Rabson 319c19800e8SDoug Rabson * lib/krb5/krb5_err.et: Match error code with pk-init-27. 320c19800e8SDoug Rabson 321c19800e8SDoug Rabson * lib/krb5/pkinit.c: Update error codes. Add name to group. Change 322c19800e8SDoug Rabson return value of _krb5_dh_group_ok. 323c19800e8SDoug Rabson 324c19800e8SDoug Rabson * lib/krb5/pkinit.c: Add support for reading a moduli-file for DH 325c19800e8SDoug Rabson parameters. 326c19800e8SDoug Rabson 327*ae771770SStanislav Sedov2005-10-06 Love Hörnquist Åstrand <lha@it.su.se> 328c19800e8SDoug Rabson 329c19800e8SDoug Rabson * kuser/klist.1: Document --list-caches 330c19800e8SDoug Rabson 331c19800e8SDoug Rabson * kuser/klist.c: Change short flag of --list-caches to -l (-v is 332c19800e8SDoug Rabson already used). 333c19800e8SDoug Rabson 334*ae771770SStanislav Sedov2005-10-03 Love Hörnquist Åstrand <lha@it.su.se> 335c19800e8SDoug Rabson 336c19800e8SDoug Rabson * lib/krb5/kerberos.8: RFC 1510 was obsoleted by 4120. 337c19800e8SDoug Rabson 338c19800e8SDoug Rabson * lib/krb5/acache.c (init_ccapi): return kerberos errors, callers 339c19800e8SDoug Rabson expect it 340c19800e8SDoug Rabson (acc_get_cache_first): don't leak memory or abort on malloc 341c19800e8SDoug Rabson failure 342c19800e8SDoug Rabson 343*ae771770SStanislav Sedov2005-10-02 Love Hörnquist Åstrand <lha@it.su.se> 344c19800e8SDoug Rabson 345c19800e8SDoug Rabson * lib/krb5/kerberos.8: Update text about Kerberos RFC's. 346c19800e8SDoug Rabson 347*ae771770SStanislav Sedov2005-10-01 Love Hörnquist Åstrand <lha@it.su.se> 348c19800e8SDoug Rabson 349c19800e8SDoug Rabson * kuser/klist.c: Add option --list-caches that lists the avaible 350c19800e8SDoug Rabson caches and their status. 351c19800e8SDoug Rabson 352c19800e8SDoug Rabson $ klist --list-caches 353c19800e8SDoug Rabson Principal Cache name Status 354c19800e8SDoug Rabson lha@E.KTH.SE 2 Valid 355c19800e8SDoug Rabson lha@SU.SE 1 Expired 356c19800e8SDoug Rabson lha/root@SU.SE 0 Expired 357c19800e8SDoug Rabson lha@N.L.NXS.SE Initial default ccache Expired 358c19800e8SDoug Rabson 359*ae771770SStanislav Sedov2005-09-30 Love Hörnquist Åstrand <lha@it.su.se> 360c19800e8SDoug Rabson 361c19800e8SDoug Rabson * lib/krb5/keytab_keyfile.c: Use all DES keys, not just 362c19800e8SDoug Rabson des-cbc-md5, verify that they all are the same. 363c19800e8SDoug Rabson 364c19800e8SDoug Rabson * lib/krb5/mcache.c Implement the cache iteration functions. 365c19800e8SDoug Rabson 366c19800e8SDoug Rabson * lib/krb5/acache.c: Implement the cache iteration functions. 367c19800e8SDoug Rabson 368c19800e8SDoug Rabson * lib/krb5/test_cc.c: Test the new cache iteration functions. 369c19800e8SDoug Rabson 370c19800e8SDoug Rabson * lib/krb5/cache.c: Add cache iteration funcations. Add internal 371c19800e8SDoug Rabson allocation function for the memory of a krb5_ccache, and use it. 372c19800e8SDoug Rabson 373c19800e8SDoug Rabson * lib/krb5/krb5.h (krb5_cc_ops): add cache iteration functions 374c19800e8SDoug Rabson 375*ae771770SStanislav Sedov2005-09-25 Love Hörnquist Åstrand <lha@it.su.se> 376c19800e8SDoug Rabson 377c19800e8SDoug Rabson * lib/krb5/krb5_mk_req.3: Remove leftovers, remove extra space. 378c19800e8SDoug Rabson 379c19800e8SDoug Rabson * kdc/kerberos5.c: More verbose PK-INIT logging. 380c19800e8SDoug Rabson 381c19800e8SDoug Rabson * kdc/pkinit.c: The public DH key is encoded as an INTEGER in 382c19800e8SDoug Rabson subjectPublicKey. Don't verify OID's for now. 383c19800e8SDoug Rabson 384c19800e8SDoug Rabson * lib/krb5/pkinit.c: Support cached DH variable (still need to 385c19800e8SDoug Rabson store it though), don't check the oid of the DH signedData for 386c19800e8SDoug Rabson now. 387c19800e8SDoug Rabson 388*ae771770SStanislav Sedov2005-09-22 Love Hörnquist Åstrand <lha@it.su.se> 389c19800e8SDoug Rabson 390c19800e8SDoug Rabson * lib/krb5/rd_cred.c (krb5_rd_cred): try both the session key and 391c19800e8SDoug Rabson the sender subkey. Both RFC1510 and RFC4120 say that you have to 392c19800e8SDoug Rabson use the session key, Heimdal uses subkey. 393c19800e8SDoug Rabson 394*ae771770SStanislav Sedov2005-09-21 Love Hörnquist Åstrand <lha@it.su.se> 395c19800e8SDoug Rabson 396c19800e8SDoug Rabson * lib/krb5/pkinit.c: Don't check oid's too closely, they change in 397c19800e8SDoug Rabson Windows Vista. 398c19800e8SDoug Rabson 399*ae771770SStanislav Sedov2005-09-20 Love Hörnquist Åstrand <lha@it.su.se> 400c19800e8SDoug Rabson 401c19800e8SDoug Rabson * lib/krb5/pkinit.c: Disable sending -19, fix parsing -27 of the 402c19800e8SDoug Rabson protocol. 403c19800e8SDoug Rabson 404c19800e8SDoug Rabson * kdc/pkinit.c: Support PK-INIT-27 DH (and remove -19) 405c19800e8SDoug Rabson 406c19800e8SDoug Rabson * lib/krb5/pkinit.c (pk_verify_chain_standard): set cert to NULL 407c19800e8SDoug Rabson to make sure its not freed. 408c19800e8SDoug Rabson 409*ae771770SStanislav Sedov2005-09-19 Love Hörnquist Åstrand <lha@it.su.se> 410c19800e8SDoug Rabson 411c19800e8SDoug Rabson * lib/krb5/crypto.c (krb5_DES_string_to_key): If the opaque length 412c19800e8SDoug Rabson it set to 1, and content is 0x01, use the afs3 string-to-key. 413c19800e8SDoug Rabson 414c19800e8SDoug Rabson * kdc/kerberos5.c (make_etype_info2_entry): When its a afs3-salted 415c19800e8SDoug Rabson key, use send the opaque, length 1 (with content set to 0x01) in 416c19800e8SDoug Rabson ETYPE-INFO2-ENTRY. 417c19800e8SDoug Rabson 418c19800e8SDoug Rabson * lib/krb5/kcm.c: Remove signedness warnings. 419c19800e8SDoug Rabson 420*ae771770SStanislav Sedov2005-09-15 Love Hörnquist Åstrand <lha@it.su.se> 421c19800e8SDoug Rabson 422c19800e8SDoug Rabson * configure.in: Use libtool's default values for building 423c19800e8SDoug Rabson shared/static libaries, ie remove AC_ENABLE_SHARED(no), solves 424c19800e8SDoug Rabson building problems users have on Mac OS X. 425c19800e8SDoug Rabson 426*ae771770SStanislav Sedov2005-09-08 Love Hörnquist Åstrand <lha@it.su.se> 427c19800e8SDoug Rabson 428c19800e8SDoug Rabson * lib/krb5/changepw.c: Constify password. 429c19800e8SDoug Rabson 430*ae771770SStanislav Sedov2005-09-05 Love Hörnquist Åstrand <lha@it.su.se> 431c19800e8SDoug Rabson 432c19800e8SDoug Rabson * lib/krb5/krb5_mk_req.3: Document krb5_rd_req. 433c19800e8SDoug Rabson 434c19800e8SDoug Rabson * lib/krb5/Makefile.am: MAN_mans+= krb5_mk_req.3 435c19800e8SDoug Rabson 436c19800e8SDoug Rabson * lib/krb5/krb5_mk_req.3: Document krb5_mk_req, krb5_mk_req_exact, 437c19800e8SDoug Rabson krb5_mk_req_extended, krb5_rd_req, krb5_rd_req_with_keyblock, 438c19800e8SDoug Rabson krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep, 439c19800e8SDoug Rabson krb5_build_ap_req, krb5_verify_ap_req. 440c19800e8SDoug Rabson 441*ae771770SStanislav Sedov2005-09-01 Love Hörnquist Åstrand <lha@it.su.se> 442c19800e8SDoug Rabson 443c19800e8SDoug Rabson * kdc/kerberos5.c (make_etype_info_entry): Dont send salttype at 444c19800e8SDoug Rabson all, use KRB5-PADATA-AFS3-SALT 445c19800e8SDoug Rabson 446*ae771770SStanislav Sedov2005-08-31 Love Hörnquist Åstrand <lha@it.su.se> 447c19800e8SDoug Rabson 448c19800e8SDoug Rabson * kdc/kerberos5.c (log_timestamp): endtime, not endtype 449c19800e8SDoug Rabson 450*ae771770SStanislav Sedov2005-08-30 Love Hörnquist Åstrand <lha@it.su.se> 451c19800e8SDoug Rabson 452c19800e8SDoug Rabson * configure.in: Check for <sys/ucred.h>. 453c19800e8SDoug Rabson 454c19800e8SDoug Rabson * kcm/connect.c (update_client_creds): in case there is no 455c19800e8SDoug Rabson UCRED_VERSION, skip LOCAL_PEERCRED 456c19800e8SDoug Rabson 457c19800e8SDoug Rabson * kcm/headers.h: include <sys/ucred.h> 458c19800e8SDoug Rabson 459*ae771770SStanislav Sedov2005-08-27 Love Hörnquist Åstrand <lha@it.su.se> 460c19800e8SDoug Rabson 461c19800e8SDoug Rabson * lib/krb5/rd_req.c (check_transited): Allow empty content of type 462c19800e8SDoug Rabson 0 because that is was Microsoft generates in their TGT. 463c19800e8SDoug Rabson 464c19800e8SDoug Rabson * kdc/kerberos5.c (fix_transited_encoding): Allow empty content of 465c19800e8SDoug Rabson type 0 because that is was Microsoft enerates in their TGT. 466c19800e8SDoug Rabson 467*ae771770SStanislav Sedov2005-08-26 Love Hörnquist Åstrand <lha@it.su.se> 468c19800e8SDoug Rabson 469c19800e8SDoug Rabson * doc/intro.texi: RFC 4120 replaces RFC 1510 470c19800e8SDoug Rabson 471*ae771770SStanislav Sedov2005-08-25 Love Hörnquist Åstrand <lha@it.su.se> 472c19800e8SDoug Rabson 473c19800e8SDoug Rabson * configure.in: Add --disable-afs-support. 474c19800e8SDoug Rabson 475*ae771770SStanislav Sedov2005-08-23 Love Hörnquist Åstrand <lha@it.su.se> 476c19800e8SDoug Rabson 477c19800e8SDoug Rabson * lib/krb5/Makefile.am: Add test_hostname to check_PROGRAMS but 478c19800e8SDoug Rabson not TESTS, I have no same dns to use. 479c19800e8SDoug Rabson 480c19800e8SDoug Rabson * lib/krb5/test_hostname.c: Testprogram for krb5_expand_hostname() 481c19800e8SDoug Rabson and krb5_expand_hostname_realms(). 482c19800e8SDoug Rabson 483c19800e8SDoug Rabson * configure.in: Build KCM if we have doors or unix sockets. 484c19800e8SDoug Rabson 485c19800e8SDoug Rabson * lib/krb5/principal.c (krb5_425_conv_principal_ex2): Remove 486c19800e8SDoug Rabson shadowing variable. 487c19800e8SDoug Rabson 488c19800e8SDoug Rabson * lib/krb5/get_host_realm.c (dns_find_realm): Fix const warnings, 489c19800e8SDoug Rabson plug memory leak. From: Stefan Metzmacher <metze@samba.org> 490c19800e8SDoug Rabson 491c19800e8SDoug Rabson * lib/krb5/krb5_config.3: Document what happens with NULL to 492c19800e8SDoug Rabson krb5_config_free_strings 493c19800e8SDoug Rabson (nothing). Mdoc nit. 494c19800e8SDoug Rabson 495*ae771770SStanislav Sedov2005-08-22 Love Hörnquist Åstrand <lha@it.su.se> 496c19800e8SDoug Rabson 497c19800e8SDoug Rabson * kuser/klist.c (check_for_tgt): Re-order code so it only free the 498c19800e8SDoug Rabson credential if one was returned. 499c19800e8SDoug Rabson 500c19800e8SDoug Rabson * lib/krb5/test_crypto_wrapping.c: Fix printing of size_t. 501c19800e8SDoug Rabson 502*ae771770SStanislav Sedov2005-08-19 Love Hörnquist Åstrand <lha@it.su.se> 503c19800e8SDoug Rabson 504c19800e8SDoug Rabson * lib/hdb/dbinfo.c: provide interface to find databases 505c19800e8SDoug Rabson 506c19800e8SDoug Rabson * lib/hdb/mkey.c: hdb_seal_key_mkey): dont double encrypt keys 507c19800e8SDoug Rabson 508*ae771770SStanislav Sedov2005-08-15 Love Hörnquist Åstrand <lha@it.su.se> 509c19800e8SDoug Rabson 510c19800e8SDoug Rabson * kdc/kdc_locl.h: Update prototype for _kdc_pk_mk_pa_reply. 511c19800e8SDoug Rabson 512*ae771770SStanislav Sedov2005-08-13 Love Hörnquist Åstrand <lha@it.su.se> 513c19800e8SDoug Rabson 514c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: Save the request buffer so that 515c19800e8SDoug Rabson pre-auth mechanism that needs it can verify the reply. 516c19800e8SDoug Rabson 517*ae771770SStanislav Sedov2005-08-12 Love Hörnquist Åstrand <lha@it.su.se> 518c19800e8SDoug Rabson 519c19800e8SDoug Rabson * lib/krb5/test_mem.c: Rename logf to avoid shadowing. 520c19800e8SDoug Rabson 521c19800e8SDoug Rabson * lib/krb5/krb5_keytab.3: Fix the version number for 522c19800e8SDoug Rabson fcc-mit-ticketflags. 523c19800e8SDoug Rabson 524c19800e8SDoug Rabson * lib/krb5/fcache.c: Revert previous, I was confused. 525c19800e8SDoug Rabson 526c19800e8SDoug Rabson * lib/krb5/krb5_keytab.3: Document fcc-mit-ticketflags in 527c19800e8SDoug Rabson COMPATIBILITY section. 528c19800e8SDoug Rabson 529c19800e8SDoug Rabson * lib/krb5/fcache.c (fcc_store_cred): default to MIT style ticket 530c19800e8SDoug Rabson flags. 531c19800e8SDoug Rabson 532c19800e8SDoug Rabson * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break; 533c19800e8SDoug Rabson 534c19800e8SDoug Rabson * lib/krb5/krb5_create_checksum.3: Update prototype for 535c19800e8SDoug Rabson krb5_create_checksum. 536c19800e8SDoug Rabson 537c19800e8SDoug Rabson * kdc/pkinit.c: Make compile. 538c19800e8SDoug Rabson 539c19800e8SDoug Rabson * lib/krb5/pkinit.c: Implement verification of asChecksum, now 540c19800e8SDoug Rabson client side code is using -27 of the pk-init draft. 541c19800e8SDoug Rabson 542c19800e8SDoug Rabson * kdc/kdc_locl.h: update prototype for _kdc_as_rep 543c19800e8SDoug Rabson 544c19800e8SDoug Rabson * kdc/pkinit.c: Fill in asChecksum, we now implements -27 in the KDC. 545c19800e8SDoug Rabson 546c19800e8SDoug Rabson * kdc/process.c: Pass down the request buffer to _kdc_as_rep(). 547c19800e8SDoug Rabson 548c19800e8SDoug Rabson * kdc/kerberos5.c (_kdc_as_rep): Pass down the request buffer to 549c19800e8SDoug Rabson _kdc_pk_mk_pa_reply. 550c19800e8SDoug Rabson 551*ae771770SStanislav Sedov2005-08-11 Love Hörnquist Åstrand <lha@it.su.se> 552c19800e8SDoug Rabson 553c19800e8SDoug Rabson * lib/hdb/ext.c: HDB extensions access glue. 554c19800e8SDoug Rabson 555c19800e8SDoug Rabson * kcm/acquire.c: Use krb5_set_password instead of 556c19800e8SDoug Rabson krb5_change_password. 557c19800e8SDoug Rabson 558c19800e8SDoug Rabson * configure.in: Add tests/Makefile and tests/db/Makefile. 559c19800e8SDoug Rabson 560c19800e8SDoug Rabson * NEWS: New ASN.1 compiler 561c19800e8SDoug Rabson 562c19800e8SDoug Rabson * lib/hdb/Makefile.am: Build extensions. 563c19800e8SDoug Rabson 564c19800e8SDoug Rabson * lib/hdb/print.c: Print extensions. 565c19800e8SDoug Rabson 566c19800e8SDoug Rabson * lib/hdb/hdb_err.et: Add error "Entry contains unknown mandatory 567c19800e8SDoug Rabson extension". 568c19800e8SDoug Rabson 569c19800e8SDoug Rabson * lib/hdb/hdb.h: Update interface version (and indent). 570c19800e8SDoug Rabson 571c19800e8SDoug Rabson * lib/hdb/hdb.asn1: Add support for HDB-extension. 572c19800e8SDoug Rabson 573*ae771770SStanislav Sedov2005-08-10 Love Hörnquist Åstrand <lha@it.su.se> 574c19800e8SDoug Rabson 575c19800e8SDoug Rabson * lib/krb5/test_pkinit_dh2key.c: add tests vectors from 576c19800e8SDoug Rabson "Liqiang(Larry) Zhu" <lzhu@windows.microsoft.com> 577c19800e8SDoug Rabson 578c19800e8SDoug Rabson * lib/hdb/mkey.c: Expose the crypto operations on the master key. 579c19800e8SDoug Rabson 580c19800e8SDoug Rabson * lib/krb5/test_pkinit_dh2key.c: even more bits, not done yet 581c19800e8SDoug Rabson 582*ae771770SStanislav Sedov2005-08-09 Love Hörnquist Åstrand <lha@it.su.se> 583c19800e8SDoug Rabson 584c19800e8SDoug Rabson * kdc/kerberos5.c (_kdc_as_rep): preserve the error code in the 585c19800e8SDoug Rabson ENC-TS case. From: Andrew Bartlett <abartlet@samba.org> 586c19800e8SDoug Rabson 587c19800e8SDoug Rabson * kdc/kerberos5.c (tgs_rep2): only needs to log "Failed to verify 588c19800e8SDoug Rabson authenticator" once, its already done by 589c19800e8SDoug Rabson tgs_check_authenticator(). 590c19800e8SDoug Rabson 591c19800e8SDoug Rabson * kdc/kerberos5.c: Indent strings. 592c19800e8SDoug Rabson 593c19800e8SDoug Rabson * kdc/kerberos5.c (log_timestamp): avoid shadow warnings From: 594c19800e8SDoug Rabson Andrew Bartlett <abartlet@samba.org> 595c19800e8SDoug Rabson 596c19800e8SDoug Rabson * lib/krb5/verify_user.c: Add krb5_verify_opt_alloc and 597c19800e8SDoug Rabson krb5_verify_opt_free. 598c19800e8SDoug Rabson 599c19800e8SDoug Rabson * lib/krb5/krb5_verify_user.3: Document krb5_verify_opt_alloc and 600c19800e8SDoug Rabson krb5_verify_opt_free. 601c19800e8SDoug Rabson 602c19800e8SDoug Rabson * lib/hdb/db3.c (DB_open): catch errors from the d->open calls 603c19800e8SDoug Rabson instead of letting them slip though to d->cursor. Bug repport from 604c19800e8SDoug Rabson Andrew Bartlett <abartlet@samba.org> 605c19800e8SDoug Rabson 606*ae771770SStanislav Sedov2005-07-29 Love Hörnquist Åstrand <lha@it.su.se> 607c19800e8SDoug Rabson 608c19800e8SDoug Rabson * kdc/Makefile.am (kdc_LDADD): add LDADD 609c19800e8SDoug Rabson 610*ae771770SStanislav Sedov2005-07-28 Love Hörnquist Åstrand <lha@it.su.se> 611c19800e8SDoug Rabson 612c19800e8SDoug Rabson * kdc/kerberos5.c (_kdc_as_rep): log what enctypes was using in 613c19800e8SDoug Rabson ENC-TS preauth, both for failure and success. 614c19800e8SDoug Rabson 615c19800e8SDoug Rabson * kdc/hprop.c: Use the _krb5_krb_life_to_time function from 616c19800e8SDoug Rabson libkrb5 instead of including our own here too. 617c19800e8SDoug Rabson 618c19800e8SDoug Rabson * kdc/kerberos5.c: indent printf strings 619c19800e8SDoug Rabson 620c19800e8SDoug Rabson * lib/hdb/mkey.c (hdb_unseal_key_mkey): try to unseal key with 621c19800e8SDoug Rabson keyusage 0 in case the key was encrypted with MIT Kerberos (old 622c19800e8SDoug Rabson patch from Johan) 623c19800e8SDoug Rabson 624*ae771770SStanislav Sedov2005-07-26 Love Hörnquist Åstrand <lha@it.su.se> 625c19800e8SDoug Rabson 626c19800e8SDoug Rabson * kdc/pkinit.c: update to pkinit-27 627c19800e8SDoug Rabson 628*ae771770SStanislav Sedov2005-07-23 Love Hörnquist Åstrand <lha@it.su.se> 629c19800e8SDoug Rabson 630c19800e8SDoug Rabson * lib/krb5/pkinit.c: Adapt to IMPLICIT changes in CMS module. 631c19800e8SDoug Rabson 632*ae771770SStanislav Sedov2005-07-20 Love Hörnquist Åstrand <lha@it.su.se> 633c19800e8SDoug Rabson 634c19800e8SDoug Rabson * lib/krb5/test_pkinit_dh2key.c: framework for testing 635c19800e8SDoug Rabson _krb5_pk_octetstring2key 636c19800e8SDoug Rabson 637c19800e8SDoug Rabson * kpasswd/kpasswdd.c (doit): krb5_addr2sockaddr takes a 638c19800e8SDoug Rabson krb5_socklen_t 639c19800e8SDoug Rabson 640c19800e8SDoug Rabson * kdc/connect.c (de_http): sscanf takes a char *, not unsigned 641c19800e8SDoug Rabson ditto, cast approriately 642c19800e8SDoug Rabson 643c19800e8SDoug Rabson * lib/krb5/crypto.c (_krb5_pk_octetstring2key): make sha1 output 644c19800e8SDoug Rabson unsigned char to match openssl 645c19800e8SDoug Rabson 646*ae771770SStanislav Sedov2005-07-14 Love Hörnquist Åstrand <lha@it.su.se> 647c19800e8SDoug Rabson 648c19800e8SDoug Rabson * lib/hdb/common.c: Check encoder lengths from ASN1_MALLOC_ENCODE. 649c19800e8SDoug Rabson 650*ae771770SStanislav Sedov2005-07-13 Love Hörnquist Åstrand <lha@it.su.se> 651c19800e8SDoug Rabson 652c19800e8SDoug Rabson * lib/krb5/rd_cred.c (krb5_rd_cred): don't leak memory 653c19800e8SDoug Rabson 654c19800e8SDoug Rabson * lib/krb5/get_cred.c (krb5_get_credentials_with_flags): only call 655c19800e8SDoug Rabson krb5_cc_retrieve_cred once, and plug memory leak. 656c19800e8SDoug Rabson 657*ae771770SStanislav Sedov2005-07-13 Love Hörnquist Åstrand <lha@it.su.se> 658c19800e8SDoug Rabson 659c19800e8SDoug Rabson * lib/hdb/Makefile.am: the new asn.1 compiler includes the modules 660c19800e8SDoug Rabson name in the depend file 661c19800e8SDoug Rabson 662c19800e8SDoug Rabson * lib/krb5/keytab_file.c (fkt_start_seq_get_int): check return 663c19800e8SDoug Rabson value from krb5_storage_from_fd 664c19800e8SDoug Rabson 665c19800e8SDoug Rabson * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): client do not contribute 666c19800e8SDoug Rabson to the DH when the server doesn't support the cached DH request. 667c19800e8SDoug Rabson 668c19800e8SDoug Rabson * lib/krb5/crypto.c (_krb5_pk_octetstring2key): fix arguments 669c19800e8SDoug Rabson 670*ae771770SStanislav Sedov2005-07-12 Love Hörnquist Åstrand <lha@it.su.se> 671c19800e8SDoug Rabson 672c19800e8SDoug Rabson * lib/krb5/pkinit.c: clean up pk-init DH support, not finished 673c19800e8SDoug Rabson yet; improve error reporting 674c19800e8SDoug Rabson 675c19800e8SDoug Rabson * lib/krb5/crypto.c (_krb5_pk_octetstring2key): string2key 676c19800e8SDoug Rabson function used in pk-init-25 677c19800e8SDoug Rabson 678c19800e8SDoug Rabson * configure.in: Use a configure switch to turn on PK-INIT, not by 679c19800e8SDoug Rabson detecting existence of the new ASN.1 library. 680c19800e8SDoug Rabson 681c19800e8SDoug Rabson * lib/asn1: Much improved ASN.1 compiler from joda-choice-branch. 682c19800e8SDoug Rabson 683c19800e8SDoug Rabson Highlighs for the compiler is support for CHOICE and in general better 684c19800e8SDoug Rabson support for tags. This compiler support most of what is needed for 685c19800e8SDoug Rabson PK-INIT, LDAP, X.509, PKCS-12 and many other protocols. 686c19800e8SDoug Rabson 687*ae771770SStanislav Sedov2005-07-10 Love Hörnquist Åstrand <lha@it.su.se> 688c19800e8SDoug Rabson 689c19800e8SDoug Rabson * lib/asn1: make scope variables unique to avoid shadow warnings 690c19800e8SDoug Rabson 691*ae771770SStanislav Sedov2005-07-09 Love Hörnquist Åstrand <lha@it.su.se> 692c19800e8SDoug Rabson 693c19800e8SDoug Rabson * lib/krb5/krb5.h: comment out paramenter name in typedef 694c19800e8SDoug Rabson functions to avoid shadow warnings 695c19800e8SDoug Rabson 696c19800e8SDoug Rabson * lib/krb5/crypto.c: make input data to krb5_encrypt{,_ivec} const 697c19800e8SDoug Rabson 698c19800e8SDoug Rabson * kuser/klist.c: If there are no addresses, print addressless 699c19800e8SDoug Rabson instead of nothing. 700c19800e8SDoug Rabson 701c19800e8SDoug Rabson * lib/krb5/Makefile.am (TESTS): add test_crypto_wrapping 702c19800e8SDoug Rabson 703c19800e8SDoug Rabson * lib/krb5/crypto.c (wrapped_length): the underived encrypted 704c19800e8SDoug Rabson types checksum are all unkeyed (matches the code in 705c19800e8SDoug Rabson encrypt_internal() and encrypt_internal_special()) 706c19800e8SDoug Rabson 707c19800e8SDoug Rabson * lib/krb5/test_crypto_wrapping.c: ETYPE_ARCFOUR_HMAC_MD5_56 isn't 708c19800e8SDoug Rabson not supported 709c19800e8SDoug Rabson 710c19800e8SDoug Rabson * lib/krb5/test_crypto_wrapping.c: test encryption wrapping 711c19800e8SDoug Rabson 712c19800e8SDoug Rabson * lib/krb5/test_crypto.c (time_encryption): free cleartext buffer 713c19800e8SDoug Rabson 714*ae771770SStanislav Sedov2005-07-08 Love Hörnquist Åstrand <lha@it.su.se> 715c19800e8SDoug Rabson 716c19800e8SDoug Rabson * configure.in: run AM_INIT_AUTOMAKE before AM_PROG_CC_C_O 717c19800e8SDoug Rabson otherwise am_aux_dir will be expanded using ac_aux_dir before the 718c19800e8SDoug Rabson later is set. 719c19800e8SDoug Rabson 720c19800e8SDoug Rabson * configure.in: check for strings.h explicitly instead of 721c19800e8SDoug Rabson depending on AC_HEADER_STDC to check it for us 722c19800e8SDoug Rabson 723c19800e8SDoug Rabson2005-07-07 Assar Westerlund <assar@kth.se> 724c19800e8SDoug Rabson 725c19800e8SDoug Rabson * configure.in: add AM_PROG_CC_C_O for automake 1.9 726c19800e8SDoug Rabson 727*ae771770SStanislav Sedov2005-07-06 Love Hörnquist Åstrand <lha@it.su.se> 728c19800e8SDoug Rabson 729c19800e8SDoug Rabson * lib/krb5/keytab.c (krb5_kt_get_entry): clear error string when 730c19800e8SDoug Rabson returning a new error 731c19800e8SDoug Rabson 732c19800e8SDoug Rabson * lib/krb5/keytab.c: krb5_kt_close frees all resources, even on 733c19800e8SDoug Rabson error. 734c19800e8SDoug Rabson 735c19800e8SDoug Rabson * lib/krb5/verify_init.c (krb5_verify_init_creds): `entry' unused, 736c19800e8SDoug Rabson remove From: "Henry B. Hotz" <hotz@jpl.nasa.gov> 737c19800e8SDoug Rabson 738*ae771770SStanislav Sedov2005-07-05 Love Hörnquist Åstrand <lha@it.su.se> 739c19800e8SDoug Rabson 740c19800e8SDoug Rabson * doc/win2k.texi: arcfour-hmac-md5 support for windows cross was 741c19800e8SDoug Rabson added in w2k3-sp1 From David Love 742c19800e8SDoug Rabson 743c19800e8SDoug Rabson * doc/setup.texi: document kadmin command password-quality instead 744c19800e8SDoug Rabson of the not installed test_pw_quality 745c19800e8SDoug Rabson 746c19800e8SDoug Rabson * lib/krb5/krb5_get_init_creds.3: Spelling, from David Love 747c19800e8SDoug Rabson 748c19800e8SDoug Rabson * fix-export: build kdc-protos.h 749c19800e8SDoug Rabson 750*ae771770SStanislav Sedov2005-07-01 Love Hörnquist Åstrand <lha@it.su.se> 751c19800e8SDoug Rabson 752c19800e8SDoug Rabson * kdc: prefix pkinit symbols with _kdc 753c19800e8SDoug Rabson 754c19800e8SDoug Rabson * kuser/kinit.c: avoid shadowing variables 755c19800e8SDoug Rabson 756c19800e8SDoug Rabson * kuser: s/optind/optidx/ 757c19800e8SDoug Rabson 758c19800e8SDoug Rabson * kdc: adapt pkinit code to libkdc split 759c19800e8SDoug Rabson 760*ae771770SStanislav Sedov2005-06-30 Love Hörnquist Åstrand <lha@it.su.se> 761c19800e8SDoug Rabson 762c19800e8SDoug Rabson * tools/Makefile.am: add depency on LIB_dlopen and LIB_door_create 763c19800e8SDoug Rabson 764c19800e8SDoug Rabson * tools/krb5-config.in: add depency on LIB_dlopen and LIB_door_create 765c19800e8SDoug Rabson 766c19800e8SDoug Rabson * kdc/kdc_locl.h: indent, remove dup prototypes 767c19800e8SDoug Rabson 768c19800e8SDoug Rabson * kdc/libkdc: don't pollute namespace, generate public headerfile 769c19800e8SDoug Rabson 770c19800e8SDoug Rabson * lib/krb5/principal.c: add krb5_425_conv_principal_ext2 that work 771c19800e8SDoug Rabson just like krb5_425_conv_principal_ext but takes a context variable 772c19800e8SDoug Rabson for the verification function 773c19800e8SDoug Rabson 774c19800e8SDoug Rabson * kdc/Makefile.am: there is no export script, not pretend there is 775c19800e8SDoug Rabson 776c19800e8SDoug Rabson * kdc: Merge in the libkdc/kdc configuration split from Andrew 777c19800e8SDoug Rabson Bartlet <abartlet@samba.org> 778c19800e8SDoug Rabson 779c19800e8SDoug Rabson * lib/krb5/crypto.c: optionally compile in support for afs string2key 780c19800e8SDoug Rabson 781c19800e8SDoug Rabson * configure.in: add --disable-afs-string-to-key to allow removal 782c19800e8SDoug Rabson of support for afs string2key (and dependency on crypt) 783c19800e8SDoug Rabson 784*ae771770SStanislav Sedov2005-06-29 Love Hörnquist Åstrand <lha@it.su.se> 785c19800e8SDoug Rabson 786c19800e8SDoug Rabson * kdc/kerberos5.c: Add logging of all timestamps in AS-REQ and 787c19800e8SDoug Rabson TGS-REQ, for auditing 788c19800e8SDoug Rabson 789c19800e8SDoug Rabson * kdc/kerberos5.c (as_req): print the supported encryption types 790c19800e8SDoug Rabson so its possible to know what clients to update. 791c19800e8SDoug Rabson (find_rpath): return const char * and update callers. 792c19800e8SDoug Rabson 793c19800e8SDoug Rabson2005-06-28 Luke Howard <lukeh@padl.com> 794c19800e8SDoug Rabson 795c19800e8SDoug Rabson * kcm/connect.c: fix arguments to kcm_log() when reporting 796c19800e8SDoug Rabson sendmsg() error 797c19800e8SDoug Rabson 798c19800e8SDoug Rabson * kcm/connect.c: don't send socket address in msghdr, it 799c19800e8SDoug Rabson returns an already connected error on Linux 800c19800e8SDoug Rabson 801*ae771770SStanislav Sedov2005-06-24 Love Hörnquist Åstrand <lha@it.su.se> 802c19800e8SDoug Rabson 803c19800e8SDoug Rabson * kdc/524.c: Always include <krb5-v4compat.h>. 804c19800e8SDoug Rabson 805*ae771770SStanislav Sedov2005-06-23 Love Hörnquist Åstrand <lha@it.su.se> 806c19800e8SDoug Rabson 807c19800e8SDoug Rabson * doc/intro.texi: no more libdes, gssapi lib is complete 808c19800e8SDoug Rabson 809c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: Documentation for password quality 810c19800e8SDoug Rabson control. From: "James F. Hranicky" <jfh@cise.ufl.edu> 811c19800e8SDoug Rabson 812c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c (password_quality_entries): add 813c19800e8SDoug Rabson min_length and min_classes 814c19800e8SDoug Rabson 815c19800e8SDoug Rabson * kdc/kaserver.c: log the kaserver requests, avoid shadowing 816c19800e8SDoug Rabson variables 817c19800e8SDoug Rabson 818c19800e8SDoug Rabson * lib/hdb/db3.c (DB_open): in case of error, close database 819c19800e8SDoug Rabson 820c19800e8SDoug Rabson * lib/hdb/ndbm.c (NDBM_open): in case of error, close database 821c19800e8SDoug Rabson 822c19800e8SDoug Rabson * lib/hdb/db.c (DB_open): in case of error, close database 823c19800e8SDoug Rabson 824*ae771770SStanislav Sedov2005-06-20 Love Hörnquist Åstrand <lha@it.su.se> 825c19800e8SDoug Rabson 826c19800e8SDoug Rabson * kcm/kcm.8: fix example 827c19800e8SDoug Rabson 828*ae771770SStanislav Sedov2005-06-17 Love Hörnquist Åstrand <lha@it.su.se> 829c19800e8SDoug Rabson 830c19800e8SDoug Rabson * lib/krb5/rd_rep.c: indent 831c19800e8SDoug Rabson 832c19800e8SDoug Rabson * lib/krb5/rd_rep.c (krb5_rd_rep): check if 833c19800e8SDoug Rabson KRB5_AUTH_CONTEXT_DO_TIME set and use that as a que that timestamp 834c19800e8SDoug Rabson should be checked, DCE-STYLE gssapi needs to be able to tweek this 835c19800e8SDoug Rabson 836c19800e8SDoug Rabson * kdc/string2key.c: rename optind to optidx 837c19800e8SDoug Rabson 838c19800e8SDoug Rabson * lib/hdb/convert_db.c: rename optind to optidx 839c19800e8SDoug Rabson 840c19800e8SDoug Rabson * lib/hdb/keytab.c: const poison, add a unconst where needed 841c19800e8SDoug Rabson 842c19800e8SDoug Rabson * lib/krb5/crypto.c (krb5_string_to_key): unconst password 843c19800e8SDoug Rabson 844c19800e8SDoug Rabson * lib/asn1/k5.asn1: rename pvno to krb5-pvno 845c19800e8SDoug Rabson 846c19800e8SDoug Rabson * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): 847c19800e8SDoug Rabson unconst argument 848c19800e8SDoug Rabson 849c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: rename optind to optidx 850c19800e8SDoug Rabson 851c19800e8SDoug Rabson * lib/krb5/transited.c: rename the temporary string variable to 852c19800e8SDoug Rabson `str' 853c19800e8SDoug Rabson 854c19800e8SDoug Rabson * lib/krb5/test_crypto.c: rename optind to optidx 855c19800e8SDoug Rabson 856c19800e8SDoug Rabson * lib/krb5/test_alname.c: rename optind to optidx 857c19800e8SDoug Rabson 858c19800e8SDoug Rabson * lib/krb5/store.c: unconst argument to krb5_store (XXX this 859c19800e8SDoug Rabson should be fixed, krb5_store doesn't need to modify its argument) 860c19800e8SDoug Rabson 861c19800e8SDoug Rabson * lib/krb5/send_to_kdc.c (krb5_sendto): remove shadowing 862c19800e8SDoug Rabson unnessecery variable ret 863c19800e8SDoug Rabson 864c19800e8SDoug Rabson * lib/krb5/rd_cred.c (krb5_rd_cred): remove shadowing unnessecery 865c19800e8SDoug Rabson variable len 866c19800e8SDoug Rabson 867c19800e8SDoug Rabson * lib/krb5/prog_setup.c: rename optind to optidx 868c19800e8SDoug Rabson 869c19800e8SDoug Rabson * lib/krb5/padata.c: rename variable index to idx 870c19800e8SDoug Rabson 871c19800e8SDoug Rabson * lib/krb5/log.c: rename variable time to timestr to avoid 872c19800e8SDoug Rabson shadowing 873c19800e8SDoug Rabson 874c19800e8SDoug Rabson * lib/krb5/krbhst.c (krb5_krbhst_init_flags): rename variable to 875c19800e8SDoug Rabson avoid shadowing 876c19800e8SDoug Rabson 877c19800e8SDoug Rabson * lib/krb5/krbhst-test.c: rename optind to optidx 878c19800e8SDoug Rabson 879c19800e8SDoug Rabson * lib/krb5/kcm.c: unconst argumen to connect, unconst argument to 880c19800e8SDoug Rabson krb5_store (XXX this should be fixed, krb5_store doesn't need to 881c19800e8SDoug Rabson modify its argument) 882c19800e8SDoug Rabson 883c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (default_s2k_func): unconst password 884c19800e8SDoug Rabson 885c19800e8SDoug Rabson * lib/krb5/crypto.c: rename `encrypt' to avoid shadow warning 886c19800e8SDoug Rabson 887*ae771770SStanislav Sedov2005-06-16 Love Hörnquist Åstrand <lha@it.su.se> 888c19800e8SDoug Rabson 889c19800e8SDoug Rabson * lib/krb5/principal.c: rename index to idx 890c19800e8SDoug Rabson 891c19800e8SDoug Rabson * lib/krb5/mk_error.c: use rk_UNCONST 892c19800e8SDoug Rabson 893c19800e8SDoug Rabson * lib/krb5/fcache.c: rename to avoid shadowing 894c19800e8SDoug Rabson 895c19800e8SDoug Rabson * lib/krb5/config_file.c: rename to avoid shadowing 896c19800e8SDoug Rabson 897c19800e8SDoug Rabson * lib/krb5/cache.c (_krb5_expand_default_cc_name): just copy the 898c19800e8SDoug Rabson string instead of losing const 899c19800e8SDoug Rabson 900c19800e8SDoug Rabson * lib/krb5/addr_families.c: use rk_UNCONST to silence const 901c19800e8SDoug Rabson warning 902c19800e8SDoug Rabson 903c19800e8SDoug Rabson * lib/krb5/addr_families.c: rename sin to sin4 904c19800e8SDoug Rabson 905c19800e8SDoug Rabson * lib/asn1/asn1_print.c: rename optind to optidx, remove shadowed 906c19800e8SDoug Rabson variables 907c19800e8SDoug Rabson 908c19800e8SDoug Rabson * lib/asn1/main.c: rename optind to optidx 909c19800e8SDoug Rabson 910c19800e8SDoug Rabson * lib/asn1/gen_copy.c: rename to avoid shadowing 911c19800e8SDoug Rabson 912c19800e8SDoug Rabson * lib/asn1/gen_locl.h: rename function filename to get_filename 913c19800e8SDoug Rabson 914c19800e8SDoug Rabson * lib/asn1/lex.l: use get_filename 915c19800e8SDoug Rabson 916c19800e8SDoug Rabson * lib/asn1/gen.c: rename function filename to get_filename 917c19800e8SDoug Rabson 918c19800e8SDoug Rabson * lib/krb5/acache.c: use HAVE_DLOPEN around cc_handle 919c19800e8SDoug Rabson 920c19800e8SDoug Rabson * configure.in: add headers and prototypes to logwtmp, logout and 921c19800e8SDoug Rabson openpty checks 922c19800e8SDoug Rabson 923c19800e8SDoug Rabson * configure.in: include headerfiles and set prototype for tgetent 924c19800e8SDoug Rabson 925c19800e8SDoug Rabson * kdc/kerberos5.c (make_etype_info2_entry): NUL terminate the 926c19800e8SDoug Rabson string 927c19800e8SDoug Rabson 928c19800e8SDoug Rabson * kdc/kerberos5.c: replace strndup with inline copy, free data on 929c19800e8SDoug Rabson failure 930c19800e8SDoug Rabson 931c19800e8SDoug Rabson * lib/krb5/cache.c (_krb5_expand_default_cc_name): replace strndup 932c19800e8SDoug Rabson with inline copy 933c19800e8SDoug Rabson 934c19800e8SDoug Rabson * lib/krb5/log.c: rename close and log to avoid shadow warnings 935c19800e8SDoug Rabson 936c19800e8SDoug Rabson * lib/krb5/get_in_tkt.c: rename index to i to avoid shadowing 937c19800e8SDoug Rabson 938c19800e8SDoug Rabson * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): rename two 939c19800e8SDoug Rabson of the local `realm' to srealm to avoid shadowing 940c19800e8SDoug Rabson 941c19800e8SDoug Rabson * kdc/kerberos5.c (tgs_rep2): rename one of the tkey to uukey to 942c19800e8SDoug Rabson avoid shadow warning 943c19800e8SDoug Rabson 944c19800e8SDoug Rabson * kdc/kerberos5.c (tgs_rep2): rename loop to nloop to avoid shadow 945c19800e8SDoug Rabson warning 946c19800e8SDoug Rabson 947*ae771770SStanislav Sedov2005-06-15 Love Hörnquist Åstrand <lha@it.su.se> 948c19800e8SDoug Rabson 949c19800e8SDoug Rabson * Release 0.7, see branch 950c19800e8SDoug Rabson 951*ae771770SStanislav Sedov2005-06-14 Love Hörnquist Åstrand <lha@it.su.se> 952c19800e8SDoug Rabson 953c19800e8SDoug Rabson * lib/krb5/Makefile.am: TESTS += test_mem libkrb5_la_SOURCES += 954c19800e8SDoug Rabson kcm.h 955c19800e8SDoug Rabson 956c19800e8SDoug Rabson * kuser/kinit.c (main): catch KRB5_CONFIG_BADFORMAT from 957c19800e8SDoug Rabson krb5_init_context 958c19800e8SDoug Rabson 959c19800e8SDoug Rabson * kdc/main.c (main): catch KRB5_CONFIG_BADFORMAT from 960c19800e8SDoug Rabson krb5_init_context 961c19800e8SDoug Rabson 962c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c (main): catch KRB5_CONFIG_BADFORMAT 963c19800e8SDoug Rabson from krb5_init_context From: Mathias Feiler 964c19800e8SDoug Rabson <feiler@uni-hohenheim.de> 965c19800e8SDoug Rabson 966c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: Add more missig entires, from 967c19800e8SDoug Rabson Mathias Feiler <feiler@uni-hohenheim.de> 968c19800e8SDoug Rabson 969*ae771770SStanislav Sedov2005-06-11 Love Hörnquist Åstrand <lha@it.su.se> 970c19800e8SDoug Rabson 971c19800e8SDoug Rabson * kdc/pkinit.c (pk_principal_from_X509): remember to free 972c19800e8SDoug Rabson KRB5PrincipalName 973c19800e8SDoug Rabson 974c19800e8SDoug Rabson * lib/krb5/log.c (krb5_closelog): free all content in 975c19800e8SDoug Rabson krb5_log_facility 976c19800e8SDoug Rabson 977*ae771770SStanislav Sedov2005-06-08 Love Hörnquist Åstrand <lha@it.su.se> 978c19800e8SDoug Rabson 979c19800e8SDoug Rabson * kdc/524.c: init kvno to please gcc 980c19800e8SDoug Rabson 981c19800e8SDoug Rabson * kdc/kaserver.c (do_authenticate): check return value from 982c19800e8SDoug Rabson unparse_auth_args 983c19800e8SDoug Rabson 984c19800e8SDoug Rabson2005-06-07 Dave Love <fx@gnu.org> 985c19800e8SDoug Rabson 986c19800e8SDoug Rabson * doc/setup.texi: Spelling. 987c19800e8SDoug Rabson 988c19800e8SDoug Rabson * doc/programming.texi: Spelling. 989c19800e8SDoug Rabson 990c19800e8SDoug Rabson2005-06-02 Dave Love <fx@gnu.org> 991c19800e8SDoug Rabson 992c19800e8SDoug Rabson * kcm/connect.c (kcm_door_server): Make static. 993c19800e8SDoug Rabson 994c19800e8SDoug Rabson * kcm/kcm_locl.h (disallow_getting_krbtgt): Declare. 995c19800e8SDoug Rabson 996*ae771770SStanislav Sedov2005-06-02 Love Hörnquist Åstrand <lha@it.su.se> 997c19800e8SDoug Rabson 998c19800e8SDoug Rabson * kdc/mit_dump.c (mit_prop_dump): cast argument to 999c19800e8SDoug Rabson krb5_parse_principal to avoid warning 1000c19800e8SDoug Rabson 1001c19800e8SDoug Rabson * kdc/mit_dump.c: rename KRB5_TL_MOD_PRINC to 1002c19800e8SDoug Rabson mit_KRB5_TL_MOD_PRINC to hint its a constant originating from mit 1003c19800e8SDoug Rabson codebase 1004c19800e8SDoug Rabson 1005*ae771770SStanislav Sedov2005-06-01 Love Hörnquist Åstrand <lha@it.su.se> 1006c19800e8SDoug Rabson 1007c19800e8SDoug Rabson * lib/krb5/store.c: If we are allocating 0 entires, avoid failing 1008c19800e8SDoug Rabson if ALLOC returns NULL 1009c19800e8SDoug Rabson 1010c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: Check for [kdc]v4-realm 1011c19800e8SDoug Rabson 1012c19800e8SDoug Rabson * lib/krb5/cache.c: When returning a new error code, set error 1013c19800e8SDoug Rabson string. 1014c19800e8SDoug Rabson 1015*ae771770SStanislav Sedov2005-05-31 Love Hörnquist Åstrand <lha@it.su.se> 1016c19800e8SDoug Rabson 1017c19800e8SDoug Rabson * lib/krb5/keytab_file.c: Adapt to changed signature of 1018c19800e8SDoug Rabson _krb5_xunlock, clear more error string where needed. 1019c19800e8SDoug Rabson 1020c19800e8SDoug Rabson * lib/krb5/fcache.c (_krb5_xunlock): catch the error and turn it 1021c19800e8SDoug Rabson into something sensable 1022c19800e8SDoug Rabson 1023*ae771770SStanislav Sedov2005-05-30 Love Hörnquist Åstrand <lha@it.su.se> 1024c19800e8SDoug Rabson 1025c19800e8SDoug Rabson * kdc/kerberos5.c (tgs_make_reply): copy ok-as-delegate flag from 1026c19800e8SDoug Rabson server entry to encrypted ticket flags 1027c19800e8SDoug Rabson 1028c19800e8SDoug Rabson2005-05-30 Johan Danielsson <joda@pdc.kth.se> 1029c19800e8SDoug Rabson 1030c19800e8SDoug Rabson * kdc/connect.c: rename sendlength to prependlength (which 1031c19800e8SDoug Rabson hopefully better represents its purpose), and change type to 1032c19800e8SDoug Rabson krb5_boolean 1033c19800e8SDoug Rabson 1034c19800e8SDoug Rabson * kdc/connect.c: log signal causing exit 1035c19800e8SDoug Rabson 1036c19800e8SDoug Rabson * kdc/main.c (sigterm): set exit_flag to signal causing exit; 1037c19800e8SDoug Rabson (main): trap SIGXCPU 1038c19800e8SDoug Rabson 1039*ae771770SStanislav Sedov2005-05-30 Love Hörnquist Åstrand <lha@it.su.se> 1040c19800e8SDoug Rabson 1041c19800e8SDoug Rabson * kcm/kcm.8: document --disallow-getting-krbtgt and --door-path 1042c19800e8SDoug Rabson 1043c19800e8SDoug Rabson * kcm/protocol.c (kcm_op_retrieve): check server for krbtgt, not 1044c19800e8SDoug Rabson client 1045c19800e8SDoug Rabson 1046c19800e8SDoug Rabson * kcm/main.c: ignore SIGPIPE 1047c19800e8SDoug Rabson 1048c19800e8SDoug Rabson * kcm/protocol.c: Add option to disallow getting krbtgt out from 1049c19800e8SDoug Rabson from KCM. KCM will do the fetching part itself. 1050c19800e8SDoug Rabson 1051c19800e8SDoug Rabson * kcm/config.c: Add option to disallow getting krbtgt out from 1052c19800e8SDoug Rabson from KCM. KCM will do the fetching part itself. 1053c19800e8SDoug Rabson 1054c19800e8SDoug Rabson2005-05-30 Luke Howard <lukeh@padl.com> 1055c19800e8SDoug Rabson 1056c19800e8SDoug Rabson * kcm/events.c: if credentials have expired when attempting 1057c19800e8SDoug Rabson to renew, attempt to reacquire them using initial creds 1058c19800e8SDoug Rabson 1059*ae771770SStanislav Sedov2005-05-29 Love Hörnquist Åstrand <lha@it.su.se> 1060c19800e8SDoug Rabson 1061*ae771770SStanislav Sedov * lib/krb5/krb5_principal.3: Spelling, from Björn Sandell 1062c19800e8SDoug Rabson 1063*ae771770SStanislav Sedov * doc/setup.texi: spelling, from Björn Sandell 1064c19800e8SDoug Rabson 1065c19800e8SDoug Rabson * lib/krb5/name-45-test.c: XXX don't run the test unless the 1066c19800e8SDoug Rabson machine is in kth.se or su.se because it depends on local resolver 1067c19800e8SDoug Rabson configuration. 1068c19800e8SDoug Rabson 1069c19800e8SDoug Rabson * lib/hdb/hdb.c: provde RTLD_NOW and RTLD_GLOBAL if they don't 1070c19800e8SDoug Rabson exists 1071c19800e8SDoug Rabson 1072c19800e8SDoug Rabson * kcm/connect.c: fix doors support, fix signedness warnings 1073c19800e8SDoug Rabson 1074c19800e8SDoug Rabson * kcm/config.c: add --door-path= 1075c19800e8SDoug Rabson 1076c19800e8SDoug Rabson * configure.in: comment what the "detect doors on solaris" 1077c19800e8SDoug Rabson fragment tries to do 1078c19800e8SDoug Rabson 1079c19800e8SDoug Rabson * kcm/acquire.c (generate_random_pw): fix signed-ness warnings 1080c19800e8SDoug Rabson 1081c19800e8SDoug Rabson * kcm/connect.c (update_client_creds): fix compile error in the 1082c19800e8SDoug Rabson getpeerucred case 1083c19800e8SDoug Rabson 1084c19800e8SDoug Rabson * lib/krb5/test_cc.c: change format for expantion variables in 1085c19800e8SDoug Rabson default_cc_name to %{variable} to not confuse them with shell 1086c19800e8SDoug Rabson ditto 1087c19800e8SDoug Rabson 1088c19800e8SDoug Rabson * kcm/headers.h: Maybe include <door.h>. 1089c19800e8SDoug Rabson 1090c19800e8SDoug Rabson * kcm/kcm_locl.h: add extern door_path; 1091c19800e8SDoug Rabson 1092c19800e8SDoug Rabson * configure.in: detect doors using door_create 1093c19800e8SDoug Rabson 1094c19800e8SDoug Rabson * kcm/Makefile.am: add dependcy on kcm_protos.h add lib depency on 1095c19800e8SDoug Rabson LIB_door_create 1096c19800e8SDoug Rabson 1097c19800e8SDoug Rabson * lib/krb5/kcm.h: add _PATH_KCM_DOOR, default path to kcm door 1098c19800e8SDoug Rabson 1099c19800e8SDoug Rabson * lib/krb5/kcm.c: use [libdefaults]kcm_door to find the door to 1100c19800e8SDoug Rabson kcm 1101c19800e8SDoug Rabson 1102c19800e8SDoug Rabson * lib/krb5/Makefile.am: libkrb5_la_LIBADD += LIB_door_create 1103c19800e8SDoug Rabson 1104c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Maybe include <sys/mman.h>, maybe include 1105c19800e8SDoug Rabson <door.h>. 1106c19800e8SDoug Rabson 1107c19800e8SDoug Rabson * lib/krb5/kcm.c (kcm_send_request): add support for doing a door 1108c19800e8SDoug Rabson call to kcm 1109c19800e8SDoug Rabson 1110c19800e8SDoug Rabson * lib/asn1: prefix Der_class with ASN1_C_ to avoid problems with 1111c19800e8SDoug Rabson system headerfiles that pollute the name space 1112c19800e8SDoug Rabson 1113c19800e8SDoug Rabson * kcm/kcm.8: change format for expantion variables in 1114c19800e8SDoug Rabson default_cc_name to %{variable} to not confuse them with shell 1115c19800e8SDoug Rabson ditto 1116c19800e8SDoug Rabson 1117c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: change format for expantion variables in 1118c19800e8SDoug Rabson default_cc_name to %{variable} to not confuse them with shell 1119c19800e8SDoug Rabson ditto 1120c19800e8SDoug Rabson 1121c19800e8SDoug Rabson * lib/krb5/cache.c (_krb5_expand_default_cc_name): change format 1122c19800e8SDoug Rabson for expantion variables to %{variable} to not confuse them with 1123c19800e8SDoug Rabson shell ditto 1124c19800e8SDoug Rabson 1125c19800e8SDoug Rabson * kcm/connect.c: add LOCAL_PEERCRED and experimental doors support 1126c19800e8SDoug Rabson 1127*ae771770SStanislav Sedov2005-05-27 Love Hörnquist Åstrand <lha@it.su.se> 1128c19800e8SDoug Rabson 1129c19800e8SDoug Rabson * appl/kf/kfd.c: case uid_t to unsigned long in printf format 1130c19800e8SDoug Rabson 1131*ae771770SStanislav Sedov2005-05-25 Love Hörnquist Åstrand <lha@it.su.se> 1132c19800e8SDoug Rabson 1133c19800e8SDoug Rabson * lib/krb5/krb5_auth_context.3: remove trailing space 1134c19800e8SDoug Rabson 1135*ae771770SStanislav Sedov2005-05-24 Love Hörnquist Åstrand <lha@it.su.se> 1136c19800e8SDoug Rabson 1137c19800e8SDoug Rabson * kcm/connect.c (do_request): use sendmsg to send the reply 1138c19800e8SDoug Rabson 1139c19800e8SDoug Rabson * fix-export: add make_proto for kcm/kcm_protos.h 1140c19800e8SDoug Rabson 1141c19800e8SDoug Rabson * kcm/kcm_locl.h: remove prototypes and add <kcm_protos.h> 1142c19800e8SDoug Rabson 1143c19800e8SDoug Rabson * kcm/Makefile.am (kcm_SOURCES): add headerfiles 1144c19800e8SDoug Rabson (kcm_protos.h): generate prototypes 1145c19800e8SDoug Rabson 1146c19800e8SDoug Rabson * kcm/protocol.c: fix error in last commit, use right function 1147c19800e8SDoug Rabson 1148c19800e8SDoug Rabson * kcm/headers.h: include <ucred.h> if we have getpeerucred 1149c19800e8SDoug Rabson 1150c19800e8SDoug Rabson * configure.in: check for functions getpeerucred and getpeereid 1151c19800e8SDoug Rabson 1152c19800e8SDoug Rabson * kcm/connect.c (update_client_creds): add support for 1153c19800e8SDoug Rabson getpeerucred and getpeereid 1154c19800e8SDoug Rabson 1155c19800e8SDoug Rabson * lib/krb5/kcm.c (kcm_alloc): allow kcm socket to be configured by 1156c19800e8SDoug Rabson [libdefaults]kcm_socket=/path 1157c19800e8SDoug Rabson 1158c19800e8SDoug Rabson2005-05-24 David Love <fx@gnu.org> 1159c19800e8SDoug Rabson 1160c19800e8SDoug Rabson * kcm/kcm.8: KRB5CCNAME needs an literal uid, not ${uid}, spelling 1161c19800e8SDoug Rabson 1162*ae771770SStanislav Sedov2005-05-23 Love Hörnquist Åstrand <lha@it.su.se> 1163c19800e8SDoug Rabson 1164c19800e8SDoug Rabson * kcm/protocol.c: Merge the description and function jumptables 1165c19800e8SDoug Rabson into one structure. Use the length of the array when checking if 1166c19800e8SDoug Rabson opcode is value, not a constant. 1167c19800e8SDoug Rabson 1168c19800e8SDoug Rabson * kcm/kcm_locl.h: struct kcm_op: jumptable structure 1169c19800e8SDoug Rabson 1170c19800e8SDoug Rabson * kcm/main.c: move declaration of detach_from_console away from 1171c19800e8SDoug Rabson here to kcm_locl.h, Don't test HAVE_DAEMON since roken supplies it. 1172c19800e8SDoug Rabson 1173c19800e8SDoug Rabson * kcm/kcm_locl.h: move declaration of detach_from_console here 1174c19800e8SDoug Rabson 1175c19800e8SDoug Rabson * kdc/config.c: Don't test HAVE_DAEMON since roken supplies it. 1176c19800e8SDoug Rabson 1177c19800e8SDoug Rabson2005-05-23 Dave Love <fx@gnu.org> 1178c19800e8SDoug Rabson 1179c19800e8SDoug Rabson * kcm/config.c: Don't test HAVE_DAEMON since roken supplies it. 1180c19800e8SDoug Rabson 1181c19800e8SDoug Rabson * kdc/main.c: Don't test HAVE_DAEMON since roken supplies it. 1182c19800e8SDoug Rabson 1183*ae771770SStanislav Sedov2005-05-23 Love Hörnquist Åstrand <lha@it.su.se> 1184c19800e8SDoug Rabson 1185c19800e8SDoug Rabson * lib/krb5/krb5_keytab.3: document WRFILE and JAVA14 1186c19800e8SDoug Rabson 1187*ae771770SStanislav Sedov2005-05-20 Love Hörnquist Åstrand <lha@it.su.se> 1188c19800e8SDoug Rabson 1189c19800e8SDoug Rabson * lib/krb5/krbhst.c (srv_get_hosts): if srv_get_hosts failes, 1190c19800e8SDoug Rabson return and ignore the error 1191c19800e8SDoug Rabson 1192c19800e8SDoug Rabson * lib/krb5/krbhst.c (srv_find_realm): make sure `res' and `count' 1193c19800e8SDoug Rabson have good values 1194c19800e8SDoug Rabson 1195c19800e8SDoug Rabson * lib/krb5/test_keytab.c: tests all keytab format 1196c19800e8SDoug Rabson 1197*ae771770SStanislav Sedov2005-05-19 Love Hörnquist Åstrand <lha@it.su.se> 1198c19800e8SDoug Rabson 1199c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): non non asn1 decoding 1200c19800e8SDoug Rabson errors, fail. Make sure we free memory on error. 1201c19800e8SDoug Rabson (pk_verify_chain_standard): make sure we provide good errors. 1202c19800e8SDoug Rabson 1203c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: add missing options, prompted by 1204c19800e8SDoug Rabson James F. Hranicky mail to heimdal-discuss 1205c19800e8SDoug Rabson 1206c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: add pkinit and password quailty 1207c19800e8SDoug Rabson check options 1208c19800e8SDoug Rabson 1209c19800e8SDoug Rabson * lib/krb5/pkinit.c (pk_verify_chain_standard): store better error 1210c19800e8SDoug Rabson message in the context for certificate errors. 1211c19800e8SDoug Rabson 1212c19800e8SDoug Rabson * lib/krb5/keytab.c (krb5_kt_free_entry): zero out content of all 1213c19800e8SDoug Rabson krb5_free_x_content like functions to make sure data doesnt get 1214c19800e8SDoug Rabson reused, idea from Wynn Wilkes <wwilkes@vintela.com> 1215c19800e8SDoug Rabson 1216c19800e8SDoug Rabson * configure.in: depend on automake 1.8, we don't test anything 1217c19800e8SDoug Rabson older 1218c19800e8SDoug Rabson 1219c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (process_pa_data_to_md): add comment 1220c19800e8SDoug Rabson that the caller always free out_md; remove comment about memory, 1221c19800e8SDoug Rabson it doesn't happen. 1222c19800e8SDoug Rabson (init_cred_loop): free ctx->as_req.padata when its reset (From Wynn 1223c19800e8SDoug Rabson Wilkes <wwilkes@vintela.com>), move a comment close the the code 1224c19800e8SDoug Rabson 1225c19800e8SDoug Rabson * lib/krb5/keytab_krb4.c (fkt_remove_entry): need to call 1226c19800e8SDoug Rabson krb5_kt_free_entry after each krb5_kt_next_entry. 1227c19800e8SDoug Rabson 1228c19800e8SDoug Rabson * lib/krb5/keytab_file.c (fkt_remove_entry): need to call 1229c19800e8SDoug Rabson krb5_kt_free_entry after each fkt_next_entry_int. From: Wynn 1230c19800e8SDoug Rabson Wilkes <wwilkes@vintela.com> 1231c19800e8SDoug Rabson 1232*ae771770SStanislav Sedov2005-05-18 Love Hörnquist Åstrand <lha@it.su.se> 1233c19800e8SDoug Rabson 1234c19800e8SDoug Rabson * lib/krb5/Makefile.am: TESTS += test_keytab 1235c19800e8SDoug Rabson 1236c19800e8SDoug Rabson * lib/krb5/keytab_krb4.c (krb4_kt_remove_entry): plug memory leaks, 1237c19800e8SDoug Rabson avoid crashing on empty keytab 1238c19800e8SDoug Rabson 1239c19800e8SDoug Rabson * lib/krb5/krb5_keytab.3: document behavior of 1240c19800e8SDoug Rabson krb5_kt_remove_entry 1241c19800e8SDoug Rabson 1242c19800e8SDoug Rabson * lib/krb5/keytab_memory.c (mkt_remove_entry): check if there 1243c19800e8SDoug Rabson isn't any entries in the keytab before removing any since that 1244c19800e8SDoug Rabson leads to bad pointer arithmetic and crashing. From: Wynn Wilkes 1245c19800e8SDoug Rabson <wwilkes@vintela.com>. Make the function return KRB5_KT_NOTFOUND 1246c19800e8SDoug Rabson if the entry wasn't in the keytab (just like the filebased 1247c19800e8SDoug Rabson keytab). 1248c19800e8SDoug Rabson 1249c19800e8SDoug Rabson * lib/krb5/test_keytab.c: test memory corruption in MEMORY keytab 1250c19800e8SDoug Rabson 1251c19800e8SDoug Rabson * lib/krb5{addr_families,context,creds,free,keyblock, 1252c19800e8SDoug Rabson mit_glue,rd_error}.c:zero out content of all krb5_free_x_content 1253c19800e8SDoug Rabson like functions to make sure data doesnt get reused, idea from 1254c19800e8SDoug Rabson Wynn Wilkes <wwilkes@vintela.com> 1255c19800e8SDoug Rabson 1256c19800e8SDoug Rabson * lib/krb5/krb5_get_credentials.3: document KRB5_GC_EXPIRED_OK 1257c19800e8SDoug Rabson 1258c19800e8SDoug Rabson * lib/krb5/krb5.3: add krb5_cc_new_unique 1259c19800e8SDoug Rabson 1260*ae771770SStanislav Sedov2005-05-17 Love Hörnquist Åstrand <lha@it.su.se> 1261c19800e8SDoug Rabson 1262c19800e8SDoug Rabson * lib/krb5/fcache.c (fcc_get_first): check return value from 1263c19800e8SDoug Rabson malloc, memset the structure, make sure cursor doesn't point to 1264c19800e8SDoug Rabson freed memory on failure. From: Wynn Wilkes <wwilkes@vintela.com> 1265c19800e8SDoug Rabson 1266c19800e8SDoug Rabson * lib/krb5/krb5_auth_context.3: document 1267c19800e8SDoug Rabson KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED 1268c19800e8SDoug Rabson 1269c19800e8SDoug Rabson * lib/krb5/get_cred.c: Remove expired credentials, based on 1270c19800e8SDoug Rabson patches and comments from Anders Magnusson <ragge@ltu.se> and Wynn 1271c19800e8SDoug Rabson Wilkes <wwilkes@vintela.com> 1272c19800e8SDoug Rabson 1273c19800e8SDoug Rabson * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): honor 1274c19800e8SDoug Rabson KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED and create unencrypted 1275c19800e8SDoug Rabson (ENCTYPE_NULL) credentials. for use with old mit server and java based 1276c19800e8SDoug Rabson ones as they can't handle encrypted KRB-CRED. Note that the option 1277c19800e8SDoug Rabson needs to turned on because if the consumer sends the KRB-CRED in 1278c19800e8SDoug Rabson clear bad things will happen. 1279c19800e8SDoug Rabson 1280c19800e8SDoug Rabson * lib/krb5/context.c (krb5_init_context): register krb5_javakt_ops 1281c19800e8SDoug Rabson 1282c19800e8SDoug Rabson * lib/krb5/krb5.h: KRB5_GC_EXPIRED_OK: expired credentials is ok 1283c19800e8SDoug Rabson to return from krb5_get_credentials. 1284c19800e8SDoug Rabson KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED: make forward credentials 1285c19800e8SDoug Rabson be unencrypted, for compatibility with mit kerberos and java 1286c19800e8SDoug Rabson kerberos. krb5_javakt_ops: export 1287c19800e8SDoug Rabson 1288*ae771770SStanislav Sedov2005-05-16 Love Hörnquist Åstrand <lha@it.su.se> 1289c19800e8SDoug Rabson 1290c19800e8SDoug Rabson * lib/krb5/keytab_file.c: Add new keytab file format JAVA14 that 1291c19800e8SDoug Rabson doesn't the use extended kvnos, as hinted, this is needed for 1292c19800e8SDoug Rabson Java's Kerberos implementation. 1293c19800e8SDoug Rabson 1294*ae771770SStanislav Sedov2005-05-10 Love Hörnquist Åstrand <lha@it.su.se> 1295c19800e8SDoug Rabson 1296c19800e8SDoug Rabson * lib/krb5/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 1297c19800e8SDoug Rabson enckey, still no DH 1298c19800e8SDoug Rabson 1299c19800e8SDoug Rabson * kdc/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 enckey, 1300c19800e8SDoug Rabson still no DH 1301c19800e8SDoug Rabson 1302c19800e8SDoug Rabson * kdc/kerberos5.c (as_rep): search for pkinit-9, pkinit-19, and 1303c19800e8SDoug Rabson pkinit-25 pa-data, return empty pkinit pa-data in the 1304c19800e8SDoug Rabson PREAUTH_REQUIRED krb-error 1305c19800e8SDoug Rabson 1306c19800e8SDoug Rabson * doc/ack.texi: add pkinit people 1307c19800e8SDoug Rabson 1308c19800e8SDoug Rabson * lib/krb5/krb5_storage.3: document krb5_storage_is_flags 1309c19800e8SDoug Rabson 1310c19800e8SDoug Rabson * lib/krb5/{krb5_compare_creds.3,krb5_get_init_creds.3, 1311c19800e8SDoug Rabson krb5_krbhst_init.3,krb5_storage.3}: 1312*ae771770SStanislav Sedov make more pretty, from Björn Sandell 1313c19800e8SDoug Rabson 1314c19800e8SDoug Rabson2005-05-09 Dave Love <fx@gnu.org> 1315c19800e8SDoug Rabson 1316c19800e8SDoug Rabson * doc/setup.texi: Fix and clarify password quality check examples. 1317c19800e8SDoug Rabson 1318*ae771770SStanislav Sedov2005-05-09 Love Hörnquist Åstrand <lha@it.su.se> 1319c19800e8SDoug Rabson 1320c19800e8SDoug Rabson * lib/krb5/kuserok.c (krb5_kuserok): use POSIX_GETPWNAM_R instead 1321c19800e8SDoug Rabson of HAVE_GETPWNAM_R From: Dave Love <d.love@dl.ac.uk> 1322c19800e8SDoug Rabson 1323*ae771770SStanislav Sedov2005-05-07 Love Hörnquist Åstrand <lha@it.su.se> 1324c19800e8SDoug Rabson 1325c19800e8SDoug Rabson * lib/krb5/addr_families.c (krb5_print_address): catch when the 1326*ae771770SStanislav Sedov unknown adress don't fit. From Björn Sandell <biorn@dce.chalmers.se> 1327c19800e8SDoug Rabson 1328c19800e8SDoug Rabson2005-05-05 Dave Love <d.love@dl.ac.uk> 1329c19800e8SDoug Rabson 1330c19800e8SDoug Rabson * configure.in: fix type right test, include <termios.h> for 1331c19800e8SDoug Rabson sys/strtty.h, not sys/ptyvar.h 1332c19800e8SDoug Rabson 1333*ae771770SStanislav Sedov2005-05-05 Love Hörnquist Åstrand <lha@it.su.se> 1334c19800e8SDoug Rabson 1335c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: spelling 1336c19800e8SDoug Rabson 1337*ae771770SStanislav Sedov2005-05-04 Love Hörnquist Åstrand <lha@it.su.se> 1338c19800e8SDoug Rabson 1339c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: expand on what "trailing component" means 1340c19800e8SDoug Rabson 1341c19800e8SDoug Rabson2005-05-04 Johan Danielsson <joda@pdc.kth.se> 1342c19800e8SDoug Rabson 1343c19800e8SDoug Rabson * lib/krb5/rd_cred.c: put address comparison in separate function 1344c19800e8SDoug Rabson 1345c19800e8SDoug Rabson * lib/krb5/krb5_kuserok.3: check the user's ~/.k5login.d directory 1346c19800e8SDoug Rabson for access files, all of which is handled like the regular 1347c19800e8SDoug Rabson ~/.k5login 1348c19800e8SDoug Rabson 1349c19800e8SDoug Rabson * lib/krb5/kuserok.c: check the user's ~/.k5login.d directory for 1350c19800e8SDoug Rabson access files, all of which is handled like the regular ~/.k5login 1351c19800e8SDoug Rabson 1352*ae771770SStanislav Sedov2005-05-03 Love Hörnquist Åstrand <lha@it.su.se> 1353c19800e8SDoug Rabson 1354c19800e8SDoug Rabson * doc/ack.texi: Clearify what version of libdes we are using and 1355c19800e8SDoug Rabson who's code in it we are using. 1356c19800e8SDoug Rabson 1357c19800e8SDoug Rabson * kcm/kcm.8: more text about usage 1358c19800e8SDoug Rabson 1359c19800e8SDoug Rabson * kcm/Makefile.am: man_MANS += kcm.8 1360c19800e8SDoug Rabson 1361c19800e8SDoug Rabson * kcm/kcm.8: initial manpage 1362c19800e8SDoug Rabson 1363c19800e8SDoug Rabson * configure.in: if we have a $srcdir/lib/asn1/pkcs12.asn1, define 1364c19800e8SDoug Rabson PKINIT 1365c19800e8SDoug Rabson 1366c19800e8SDoug Rabson2005-05-02 Dave Love <fx@gnu.org> 1367c19800e8SDoug Rabson 1368c19800e8SDoug Rabson * configure.in: sys/tty.h (for sys/ptyvar.h) might need termios.h. 1369c19800e8SDoug Rabson 1370*ae771770SStanislav Sedov2005-05-02 Love Hörnquist Åstrand <lha@it.su.se> 1371c19800e8SDoug Rabson 1372c19800e8SDoug Rabson * tools/krb5-config.in: add com_err to required libs 1373c19800e8SDoug Rabson 1374c19800e8SDoug Rabson * lib/krb5/pkinit.c (krb5_ui_method_read_string): use the fill in 1375c19800e8SDoug Rabson length 1376c19800e8SDoug Rabson 1377c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: Now that we fixed the signed-ness of 1378c19800e8SDoug Rabson nonce for windows, remove the code that removed the signed 1379c19800e8SDoug Rabson bit. Instead add comment that they still need to be the same 1380c19800e8SDoug Rabson (Kerberos protocol nonce and pk-init nonce) for Windows. 1381c19800e8SDoug Rabson 1382c19800e8SDoug Rabson2005-05-02 David Love <fx@gnu.org> 1383c19800e8SDoug Rabson 1384c19800e8SDoug Rabson * lib/krb5/crypto.c: Don't declare des_salt &c as static with 1385c19800e8SDoug Rabson incomplete type (invalid in c89, at least). 1386c19800e8SDoug Rabson 1387*ae771770SStanislav Sedov2005-05-02 Love Hörnquist Åstrand <lha@it.su.se> 1388c19800e8SDoug Rabson 1389c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: include <crypt.h> 1390c19800e8SDoug Rabson 1391c19800e8SDoug Rabson2005-05-02 David Love <fx@gnu.org> 1392c19800e8SDoug Rabson 1393c19800e8SDoug Rabson * kcm/connect.c (init_socket): rename variable sun to un to avoid 1394c19800e8SDoug Rabson namespace collision. 1395c19800e8SDoug Rabson (handle_stream): Cast arg of krb5_warnx. 1396c19800e8SDoug Rabson 1397*ae771770SStanislav Sedov2005-04-30 Love Hörnquist Åstrand <lha@it.su.se> 1398c19800e8SDoug Rabson 1399c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: if we are using PKINIT, strip of the 1400c19800e8SDoug Rabson highest bit to make windows PK-INIT happy. Also make the nonces 1401c19800e8SDoug Rabson the same, again for windows, they are using pk-init-9. 1402c19800e8SDoug Rabson 1403c19800e8SDoug Rabson XXX check if it isn't the that nonce is an unsigned variable so 1404c19800e8SDoug Rabson its just a asn1 mismatch. 1405c19800e8SDoug Rabson 1406c19800e8SDoug Rabson * kdc/pkinit.c: pass a NULL prompter data to _krb5_pk_load_openssl_id 1407c19800e8SDoug Rabson 1408c19800e8SDoug Rabson * kuser/kinit.c: krb5_get_init_creds_opt_set_pkinit 1409c19800e8SDoug Rabson 1410c19800e8SDoug Rabson * lib/krb5/pkinit.c: Pass prompter data to the prompter function, 1411c19800e8SDoug Rabson implement a UI prompter function wrapping the kerberos prompter 1412c19800e8SDoug Rabson function so that the the OpenSSL ENGINE can ask for a password 1413c19800e8SDoug Rabson when loading the private key. From: Douglas E. Engert 1414c19800e8SDoug Rabson 1415c19800e8SDoug Rabson * lib/krb5: add <err.h> in test programs 1416c19800e8SDoug Rabson 1417c19800e8SDoug Rabson * configure.in: sys/ptyvar.h might need <sys/tty.h> 1418c19800e8SDoug Rabson 1419c19800e8SDoug Rabson * lib/krb5/Makefile.am: use LIB_com_err for libkrb5.la 1420c19800e8SDoug Rabson 1421*ae771770SStanislav Sedov2005-04-29 Love Hörnquist Åstrand <lha@it.su.se> 1422c19800e8SDoug Rabson 1423c19800e8SDoug Rabson * lib/asn1/Makefile.am: use $(LIB_com_err) 1424c19800e8SDoug Rabson 1425*ae771770SStanislav Sedov2005-04-28 Love Hörnquist Åstrand <lha@it.su.se> 1426c19800e8SDoug Rabson 1427c19800e8SDoug Rabson * lib/krb5/context.c (krb5_set_config_files): ignore permission 1428c19800e8SDoug Rabson denied on configuration files, user might not be allowed to read 1429c19800e8SDoug Rabson /var/heimdal/kdc.conf 1430c19800e8SDoug Rabson 1431c19800e8SDoug Rabson2005-04-26 Dave Love <fx@gnu.org> 1432c19800e8SDoug Rabson 1433c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: define _POSIX_PTHREAD_SEMANTICS so we get 1434c19800e8SDoug Rabson posix getpwnam_r 1435c19800e8SDoug Rabson 1436*ae771770SStanislav Sedov2005-04-25 Love Hörnquist Åstrand <lha@it.su.se> 1437c19800e8SDoug Rabson 1438c19800e8SDoug Rabson * lib/asn1/gen_glue.c: switch the units variable to a 1439c19800e8SDoug Rabson function. gcc-4.1 needs the size of the structure if its defined 1440c19800e8SDoug Rabson as extern struct units foo_units[] an we don't want to include 1441c19800e8SDoug Rabson <parse_units.h> in the generate headerfile 1442c19800e8SDoug Rabson 1443*ae771770SStanislav Sedov2005-04-25 Love Hörnquist Åstrand <lha@it.su.se> 1444c19800e8SDoug Rabson 1445c19800e8SDoug Rabson * lib/hdb/hdb.schema: add EQUALITY rule for krb5ValidStart, 1446c19800e8SDoug Rabson krb5ValidEnd, krb5PasswordEnd From Howard Chu 1447c19800e8SDoug Rabson 1448*ae771770SStanislav Sedov2005-04-24 Love Hörnquist Åstrand <lha@it.su.se> 1449c19800e8SDoug Rabson 1450c19800e8SDoug Rabson * doc/whatis.texi: comment out docbook stuff for now 1451c19800e8SDoug Rabson 1452c19800e8SDoug Rabson * kuser/klist.c: use strlcpy 1453c19800e8SDoug Rabson 1454c19800e8SDoug Rabson * doc/ack.texi: we no longer use eay libdes, make acknowledgment 1455c19800e8SDoug Rabson still be there, but claim that we no longer use it. Mark editline 1456c19800e8SDoug Rabson to be a modified version as required by the license. 1457c19800e8SDoug Rabson 1458c19800e8SDoug Rabson * lib/krb5/pkinit.c: use the unexported oid_to_enctype function 1459c19800e8SDoug Rabson 1460c19800e8SDoug Rabson * lib/krb5/crypto.c: unexport the oid_to_enctype function, not for 1461c19800e8SDoug Rabson external consumers 1462c19800e8SDoug Rabson 1463c19800e8SDoug Rabson * kdc/Makefile.am: always add kaserver 1464c19800e8SDoug Rabson 1465c19800e8SDoug Rabson * lib/krb5/krb5_ccache.3: document krb5_cc_new_unique 1466c19800e8SDoug Rabson 1467c19800e8SDoug Rabson * lib/krb5/cache.c (krb5_cc_new_unique): new function to create a 1468c19800e8SDoug Rabson new credential cache 1469c19800e8SDoug Rabson 1470c19800e8SDoug Rabson * kdc/headers.h: don't include kerberos 4 headers here 1471c19800e8SDoug Rabson 1472c19800e8SDoug Rabson * kdc/hpropd.c: include kerberos 4 headers here 1473c19800e8SDoug Rabson 1474c19800e8SDoug Rabson * kdc/connect.c: add kaserver support independ of having krb4 1475c19800e8SDoug Rabson support 1476c19800e8SDoug Rabson 1477c19800e8SDoug Rabson * kdc/config.c: add kaserver support unconditionally, make kdc 1478c19800e8SDoug Rabson only fail to start when there are no v4 realm configured and 1479c19800e8SDoug Rabson krb4/kaserver is turned on 1480c19800e8SDoug Rabson 1481c19800e8SDoug Rabson * kdc/kaserver.c: Use the new Kerberos 4 functions in libkrb5 and 1482c19800e8SDoug Rabson so kaserver support is always compiled in (still default disabled) 1483c19800e8SDoug Rabson 1484c19800e8SDoug Rabson * lib/krb5/v4_glue.c: simplify error handling 1485c19800e8SDoug Rabson 1486c19800e8SDoug Rabson * doc/whatis.texi: add docbook version macro of @sub 1487c19800e8SDoug Rabson 1488c19800e8SDoug Rabson * doc/heimdal.texi: change the wrapping around the Top node to 1489c19800e8SDoug Rabson ifnottex, make html generation work 1490c19800e8SDoug Rabson 1491*ae771770SStanislav Sedov * lib/krb5/krb5_krbhst_init.3: spelling, from Björn Sandell 1492c19800e8SDoug Rabson <biorn@dce.chalmers.se> 1493c19800e8SDoug Rabson 1494*ae771770SStanislav Sedov * lib/krb5/krb5_get_krbhst.3: spelling, from Björn Sandell 1495c19800e8SDoug Rabson <biorn@dce.chalmers.se> 1496c19800e8SDoug Rabson 1497*ae771770SStanislav Sedov * lib/krb5/krb5_data.3: spelling, from Björn Sandell 1498c19800e8SDoug Rabson <biorn@dce.chalmers.se> 1499c19800e8SDoug Rabson 1500*ae771770SStanislav Sedov * lib/krb5/krb5_aname_to_localname.3: spelling, from Björn Sandell 1501c19800e8SDoug Rabson <biorn@dce.chalmers.se> 1502c19800e8SDoug Rabson 1503*ae771770SStanislav Sedov * lib/krb5/krb5_address.3: spelling, from Björn Sandell 1504c19800e8SDoug Rabson <biorn@dce.chalmers.se> 1505c19800e8SDoug Rabson 1506*ae771770SStanislav Sedov2005-04-23 Love Hörnquist Åstrand <lha@it.su.se> 1507c19800e8SDoug Rabson 1508c19800e8SDoug Rabson * kdc/config.c: Use the new Kerberos 4 functions in libkrb5 and so 1509c19800e8SDoug Rabson kerberos 4 is always compiled in (still default disabled) 1510c19800e8SDoug Rabson 1511c19800e8SDoug Rabson * kdc/kerberos4.c: Use the new Kerberos 4 functions in libkrb5 and 1512c19800e8SDoug Rabson so kerberos 4 is always compiled in (still default disabled) 1513c19800e8SDoug Rabson 1514c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: forward declaration of _krb5_krb_auth_data 1515c19800e8SDoug Rabson 1516c19800e8SDoug Rabson * lib/krb5/convert_creds.c: Move the kerberos v4 replacement 1517c19800e8SDoug Rabson functions to v4_glue.c 1518c19800e8SDoug Rabson 1519c19800e8SDoug Rabson * lib/krb5/v4_glue.c: Implement enough of kerberos 4 protocol to 1520c19800e8SDoug Rabson be a KDC, move the v4 bits over here 1521c19800e8SDoug Rabson 1522c19800e8SDoug Rabson * lib/krb5/krb5-v4compat.h: add more v4 defines 1523c19800e8SDoug Rabson 1524*ae771770SStanislav Sedov2005-04-22 Love Hörnquist Åstrand <lha@it.su.se> 1525c19800e8SDoug Rabson 1526c19800e8SDoug Rabson * kpasswd/kpasswdd.c: Support multi-realms databases, requires 1527c19800e8SDoug Rabson that all the realms are configured on the KDC in krb5.conf with 1528c19800e8SDoug Rabson [libdefaults]default_realm stanzas. 1529c19800e8SDoug Rabson 1530*ae771770SStanislav Sedov2005-04-21 Love Hörnquist Åstrand <lha@it.su.se> 1531c19800e8SDoug Rabson 1532c19800e8SDoug Rabson * kdc/kerberos5.c: spell succeeded correctly, From Sean Chittenden 1533c19800e8SDoug Rabson 1534c19800e8SDoug Rabson * lib/krb5/addr_families.c: catch two more snprintf problems 1535c19800e8SDoug Rabson 1536*ae771770SStanislav Sedov2005-04-20 Love Hörnquist Åstrand <lha@it.su.se> 1537c19800e8SDoug Rabson 1538c19800e8SDoug Rabson * lib/hdb/Makefile.am: this lib include com_err, add -com_err to 1539c19800e8SDoug Rabson CHECK_SYMBOLS 1540c19800e8SDoug Rabson 1541c19800e8SDoug Rabson * appl/test/http_client.c: cast ssize_t to unsigned long, fix 1542c19800e8SDoug Rabson printf format 1543c19800e8SDoug Rabson 1544*ae771770SStanislav Sedov2005-04-19 Love Hörnquist Åstrand <lha@it.su.se> 1545c19800e8SDoug Rabson 1546c19800e8SDoug Rabson * lib/krb5/kuserok.c: use asprintf to avoid truncating pathnames 1547c19800e8SDoug Rabson 1548c19800e8SDoug Rabson * lib/krb5/get_host_realm.c: check return value of snprintf 1549c19800e8SDoug Rabson 1550c19800e8SDoug Rabson * lib/krb5/test_addr.c: check address truncation 1551c19800e8SDoug Rabson 1552c19800e8SDoug Rabson * lib/krb5/addr_families.c: check return values from snprintf and 1553c19800e8SDoug Rabson clean up semantics of ret_len 1554c19800e8SDoug Rabson 1555c19800e8SDoug Rabson * lib/krb5/krb5_address.3: clarify what ret_len is in 1556c19800e8SDoug Rabson krb5_print_address 1557c19800e8SDoug Rabson 1558c19800e8SDoug Rabson * lib/krb5/test_kuserok.c: add --version and --help 1559c19800e8SDoug Rabson 1560c19800e8SDoug Rabson * lib/krb5/kuserok.c: use getpwnamn_r if it exists 1561c19800e8SDoug Rabson 1562c19800e8SDoug Rabson * lib/krb5/Makefile.am: noinst_PROGRAMS += test_kuserok 1563c19800e8SDoug Rabson 1564c19800e8SDoug Rabson * lib/krb5/test_kuserok.c: test program for krb5_kuserok 1565c19800e8SDoug Rabson 1566*ae771770SStanislav Sedov2005-04-18 Love Hörnquist Åstrand <lha@it.su.se> 1567c19800e8SDoug Rabson 1568c19800e8SDoug Rabson * lib/krb5/acache.c (acc_resolve): if open_default_ccache failed 1569c19800e8SDoug Rabson with ccErrCCacheNotFound try again with create_default_ccache, 1570c19800e8SDoug Rabson this fixes the problem where the security server apperenly haven't 1571c19800e8SDoug Rabson started yet on Mac OS X 1572c19800e8SDoug Rabson 1573c19800e8SDoug Rabson * lib/krb5/get_default_principal.c 1574c19800e8SDoug Rabson (_krb5_get_default_principal_local): add, for use of functions 1575c19800e8SDoug Rabson that in ccache layer to avoid recursive calls. 1576c19800e8SDoug Rabson 1577c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: drop <ctype.h>, no longer use any of the is* 1578c19800e8SDoug Rabson macros in this file 1579c19800e8SDoug Rabson 1580c19800e8SDoug Rabson * include/make_crypto.c: cast to unsigned char to make sure its 1581c19800e8SDoug Rabson not negative when passing it to is* functions 1582c19800e8SDoug Rabson 1583*ae771770SStanislav Sedov2005-04-15 Love Hörnquist Åstrand <lha@it.su.se> 1584c19800e8SDoug Rabson 1585c19800e8SDoug Rabson * doc/programming.texi: remove manpage macro, add some more 1586c19800e8SDoug Rabson references to manpages 1587c19800e8SDoug Rabson 1588c19800e8SDoug Rabson * doc/heimdal.texi: define manpage macro 1589c19800e8SDoug Rabson 1590c19800e8SDoug Rabson * doc/setup.texi: document new password policy code 1591c19800e8SDoug Rabson 1592c19800e8SDoug Rabson * kpasswd/kpasswdd.c: add verifier libraries with 1593c19800e8SDoug Rabson kadm5_add_passwd_quality_verifier 1594c19800e8SDoug Rabson 1595c19800e8SDoug Rabson * lib/krb5/krb5_keyblock.3: document krb5_keyblock_init 1596c19800e8SDoug Rabson 1597*ae771770SStanislav Sedov2005-04-14 Love Hörnquist Åstrand <lha@it.su.se> 1598c19800e8SDoug Rabson 1599c19800e8SDoug Rabson * kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the 1600c19800e8SDoug Rabson same, and clients 1601c19800e8SDoug Rabson (klog) can deal with that the kaserver returns the same thing for 1602c19800e8SDoug Rabson both 1603c19800e8SDoug Rabson 1604c19800e8SDoug Rabson * lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill 1605c19800e8SDoug Rabson in a keyblock from key data. 1606c19800e8SDoug Rabson 1607*ae771770SStanislav Sedov2005-04-12 Love Hörnquist Åstrand <lha@it.su.se> 1608c19800e8SDoug Rabson 1609c19800e8SDoug Rabson * configure.in: rk_WIN32_EXPORT for roken 1610c19800e8SDoug Rabson 1611*ae771770SStanislav Sedov2005-04-10 Love Hörnquist Åstrand <lha@it.su.se> 1612c19800e8SDoug Rabson 1613c19800e8SDoug Rabson * appl/test/gssapi_server.c: print out client principla of 1614c19800e8SDoug Rabson delegated credential 1615c19800e8SDoug Rabson 1616*ae771770SStanislav Sedov2005-04-07 Love Hörnquist Åstrand <lha@it.su.se> 1617c19800e8SDoug Rabson 1618c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check 1619c19800e8SDoug Rabson for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert 1620c19800e8SDoug Rabson 1621*ae771770SStanislav Sedov2005-04-07 Love Hörnquist Åstrand <lha@it.su.se> 1622c19800e8SDoug Rabson 1623c19800e8SDoug Rabson * .cvsignore: ignore more generate files 1624c19800e8SDoug Rabson 1625*ae771770SStanislav Sedov2005-04-04 Love Hörnquist Åstrand <lha@it.su.se> 1626c19800e8SDoug Rabson 1627c19800e8SDoug Rabson * lib/asn1/check-der.c: use size_t, print size_t by casting to 1628c19800e8SDoug Rabson unsigned long 1629c19800e8SDoug Rabson 1630c19800e8SDoug Rabson * lib/krb5/test_crypto.c: print size_t by casting to unsigned long 1631c19800e8SDoug Rabson 1632c19800e8SDoug Rabson * lib/krb5/acache.c: Argument to create_new_ccache is a principal, 1633c19800e8SDoug Rabson not a credential cache name. Clean up lossage related to this 1634c19800e8SDoug Rabson problem. 1635c19800e8SDoug Rabson 1636c19800e8SDoug Rabson * lib/hdb/Makefile.am: CHECK_SYMBOLS += HDBFlags2int 1637c19800e8SDoug Rabson 1638c19800e8SDoug Rabson * lib/krb5/addr_families.c 1639c19800e8SDoug Rabson (krb5_address_prefixlen_boundary,krb5_free_address): 1640c19800e8SDoug Rabson use find_atype when we are dealing with a kerberos address type 1641c19800e8SDoug Rabson 1642c19800e8SDoug Rabson * lib/krb5/aes-test.c: size_t vs int + fix printf 1643c19800e8SDoug Rabson 1644c19800e8SDoug Rabson * lib/krb5/pkinit.c: Since the decode can't make out the diffrence 1645c19800e8SDoug Rabson between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to 1646c19800e8SDoug Rabson verify both cases 1647c19800e8SDoug Rabson 1648*ae771770SStanislav Sedov2005-04-03 Love Hörnquist Åstrand <lha@it.su.se> 1649c19800e8SDoug Rabson 1650c19800e8SDoug Rabson * appl/test/uu_client.c: print size_t by casting to unsigned long 1651c19800e8SDoug Rabson 1652c19800e8SDoug Rabson2005-04-01 Johan Danielsson <joda@pdc.kth.se> 1653c19800e8SDoug Rabson 1654c19800e8SDoug Rabson * kdc/kerberos4.c (do_version4): check client and server max_life 1655c19800e8SDoug Rabson 1656c19800e8SDoug Rabson * kdc/kaserver.c (do_getticket): check client max_life 1657c19800e8SDoug Rabson 1658c19800e8SDoug Rabson2005-03-31 Love <lha@kth.se> 1659c19800e8SDoug Rabson 1660c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: const poison 1661c19800e8SDoug Rabson 1662c19800e8SDoug Rabson * lib/krb5/test_alname.c: const poison 1663c19800e8SDoug Rabson 1664c19800e8SDoug Rabson * lib/asn1/main.c: const poison 1665c19800e8SDoug Rabson 1666c19800e8SDoug Rabson * lib/krb5/test_addr.c: test parse IPv6 RANGE addresses 1667c19800e8SDoug Rabson 1668c19800e8SDoug Rabson * lib/krb5/addr_families.c: implement mask boundary for IPv6 1669c19800e8SDoug Rabson 1670c19800e8SDoug Rabson * lib/asn1/gen.c: avoid const string warnings steming from 1671c19800e8SDoug Rabson writeable-string 1672c19800e8SDoug Rabson 1673*ae771770SStanislav Sedov2005-03-28 Love Hörnquist Åstrand <lha@it.su.se> 1674c19800e8SDoug Rabson 1675c19800e8SDoug Rabson * lib/krb5/Makefile.am: TESTS += test_addr 1676c19800e8SDoug Rabson 1677c19800e8SDoug Rabson * lib/krb5/test_addr.c: simple test for addresses 1678c19800e8SDoug Rabson 1679c19800e8SDoug Rabson * lib/krb5/addr_families.c: make RANGE parse prefixlen style 1680c19800e8SDoug Rabson addresses too, fix printing of RANGE addresses, add 1681c19800e8SDoug Rabson krb5_address_prefixlen_boundary 1682c19800e8SDoug Rabson 1683c19800e8SDoug Rabson * lib/krb5/krb5_keytab.3: stop memory leak in example, expand on 1684c19800e8SDoug Rabson wildcards 1685c19800e8SDoug Rabson 1686*ae771770SStanislav Sedov2005-03-26 Love Hörnquist Åstrand <lha@it.su.se> 1687c19800e8SDoug Rabson 1688c19800e8SDoug Rabson * lib/krb5/krb5_principal.3: spelling, from Tomas Olsson 1689c19800e8SDoug Rabson 1690c19800e8SDoug Rabson * lib/krb5/krb5_warn.3: spelling, from Tomas Olsson 1691c19800e8SDoug Rabson 1692*ae771770SStanislav Sedov2005-03-19 Love Hörnquist Åstrand <lha@it.su.se> 1693c19800e8SDoug Rabson 1694c19800e8SDoug Rabson * lib/krb5/acache.c: add mutex for global variables, clean up 1695c19800e8SDoug Rabson returned error codes, implement storing addresses into the ccapi 1696c19800e8SDoug Rabson 1697c19800e8SDoug Rabson * appl/test/gssapi_server.c: free memory, make error strings match 1698c19800e8SDoug Rabson 1699c19800e8SDoug Rabson * appl/test/gssapi_server.c: use print_gss_name, print server name 1700c19800e8SDoug Rabson too 1701c19800e8SDoug Rabson 1702c19800e8SDoug Rabson * appl/test/gss_common.h (print_gss_name): common code for 1703c19800e8SDoug Rabson printing gss name 1704c19800e8SDoug Rabson 1705c19800e8SDoug Rabson * appl/test/gss_common.c (print_gss_name): common code for 1706c19800e8SDoug Rabson printing gss name 1707c19800e8SDoug Rabson 1708c19800e8SDoug Rabson * appl/test/http_client.c: Make constent with rest of the gssapi 1709c19800e8SDoug Rabson test programs 1710c19800e8SDoug Rabson 1711*ae771770SStanislav Sedov2005-03-17 Love Hörnquist Åstrand <lha@it.su.se> 1712c19800e8SDoug Rabson 1713c19800e8SDoug Rabson * lib/hdb/keys.c: AES is enabled by default, remove ifdefs 1714c19800e8SDoug Rabson 1715c19800e8SDoug Rabson * lib/krb5/crypto.c: AES is enabled by default, remove ifdefs 1716c19800e8SDoug Rabson 1717c19800e8SDoug Rabson * lib/krb5/aes-test.c: use hex encoder from roken AES is enabled 1718c19800e8SDoug Rabson by default, remove ifdefs 1719c19800e8SDoug Rabson 1720c19800e8SDoug Rabson * kdc/kerberos5.c: AES is enabled by default, remove ifdefs 1721c19800e8SDoug Rabson 1722*ae771770SStanislav Sedov2005-03-16 Love Hörnquist Åstrand <lha@it.su.se> 1723c19800e8SDoug Rabson 1724c19800e8SDoug Rabson * doc/setup.texi: Add some text about modifying the database 1725c19800e8SDoug Rabson 1726*ae771770SStanislav Sedov2005-03-15 Love Hörnquist Åstrand <lha@it.su.se> 1727c19800e8SDoug Rabson 1728c19800e8SDoug Rabson * kuser/kinit.c: widen lifetime/renewal warning text field, also 1729c19800e8SDoug Rabson make use of unparse_time_approx, no need to be specific to the 1730c19800e8SDoug Rabson second when ticket needs to be renewed or their lifetime. 1731c19800e8SDoug Rabson 1732c19800e8SDoug Rabson * doc/heimdal.texi: copyright maintenance, drop eay, use updated 1733c19800e8SDoug Rabson UCB license 1734c19800e8SDoug Rabson 1735c19800e8SDoug Rabson * lib/krb5/crypto.c: more static and unsigned issues 1736c19800e8SDoug Rabson 1737c19800e8SDoug Rabson * lib/krb5/crypto.c: fix signedness issues, prompted by report of 1738c19800e8SDoug Rabson Magnus Ahltorp 1739c19800e8SDoug Rabson 1740*ae771770SStanislav Sedov2005-03-13 Love Hörnquist Åstrand <lha@it.su.se> 1741c19800e8SDoug Rabson 1742c19800e8SDoug Rabson * lib/krb5/krb5_keytab.3: more text about how to free returned 1743c19800e8SDoug Rabson resources 1744c19800e8SDoug Rabson 1745*ae771770SStanislav Sedov2005-03-10 Love Hörnquist Åstrand <lha@it.su.se> 1746c19800e8SDoug Rabson 1747c19800e8SDoug Rabson * lib/krb5/pkinit.c: handle the -25 generation path 1748c19800e8SDoug Rabson 1749c19800e8SDoug Rabson * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_19 1750c19800e8SDoug Rabson 1751c19800e8SDoug Rabson * lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes 1752c19800e8SDoug Rabson 1753*ae771770SStanislav Sedov2005-03-09 Love Hörnquist Åstrand <lha@it.su.se> 1754c19800e8SDoug Rabson 1755c19800e8SDoug Rabson * kdc/pkinit.c: use generated oid's 1756c19800e8SDoug Rabson 1757c19800e8SDoug Rabson * lib/krb5/pkinit.c: use generated oid's 1758c19800e8SDoug Rabson 1759*ae771770SStanislav Sedov2005-03-08 Love Hörnquist Åstrand <lha@it.su.se> 1760c19800e8SDoug Rabson 1761c19800e8SDoug Rabson * kdc/pkinit.c: update to the asn1 structures used in -25's 1762c19800e8SDoug Rabson 1763c19800e8SDoug Rabson * lib/krb5/pkinit.c: update to the asn1 structures used in -25's 1764c19800e8SDoug Rabson 1765*ae771770SStanislav Sedov2005-03-04 Love Hörnquist Åstrand <lha@it.su.se> 1766c19800e8SDoug Rabson 1767c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: use the newly written hex function from 1768c19800e8SDoug Rabson roken and remove the old implementation 1769c19800e8SDoug Rabson 1770*ae771770SStanislav Sedov2005-03-01 Love Hörnquist Åstrand <lha@it.su.se> 1771c19800e8SDoug Rabson 1772c19800e8SDoug Rabson * appl/test/http_client.c: allow specifing port to connect to 1773c19800e8SDoug Rabson 1774*ae771770SStanislav Sedov2005-02-24 Love Hörnquist Åstrand <lha@it.su.se> 1775c19800e8SDoug Rabson 1776c19800e8SDoug Rabson * lib/krb5/Makefile.am: bump version to 21:0:4 1777c19800e8SDoug Rabson 1778c19800e8SDoug Rabson * lib/hdb/Makefile.am: bump version to 8:0:1 1779c19800e8SDoug Rabson 1780c19800e8SDoug Rabson * lib/asn1/Makefile.am: bump version to 7:0:1 1781c19800e8SDoug Rabson 1782*ae771770SStanislav Sedov2005-02-23 Love Hörnquist Åstrand <lha@it.su.se> 1783c19800e8SDoug Rabson 1784c19800e8SDoug Rabson * lib/krb5/crypto.c (DES_string_to_key_int): must check for weak 1785c19800e8SDoug Rabson keys after doing the DES_cbc_cksum 1786c19800e8SDoug Rabson 1787c19800e8SDoug Rabson2005-02-19 Luke Howard <lukeh@padl.com> 1788c19800e8SDoug Rabson 1789c19800e8SDoug Rabson * lib/krb5/krbhst.c: set KD_CONFIG after calling 1790c19800e8SDoug Rabson config_get_hosts() in kpasswd_get_next() 1791c19800e8SDoug Rabson From: Wynn Wilkes <wynnw@vintela.com> 1792c19800e8SDoug Rabson 1793*ae771770SStanislav Sedov2005-02-15 Love Hörnquist Åstrand <lha@it.su.se> 1794c19800e8SDoug Rabson 1795c19800e8SDoug Rabson * lib/hdb/db3.c (DB_open): correct the check for O_RDONLY 1796c19800e8SDoug Rabson From: Chaskiel M Grundman <cg2v@andrew.cmu.edu> 1797c19800e8SDoug Rabson 1798*ae771770SStanislav Sedov2005-02-09 Love Hörnquist Åstrand <lha@it.su.se> 1799c19800e8SDoug Rabson 1800c19800e8SDoug Rabson * lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to 1801c19800e8SDoug Rabson make %d work 1802c19800e8SDoug Rabson 1803*ae771770SStanislav Sedov2005-02-08 Love Hörnquist Åstrand <lha@it.su.se> 1804c19800e8SDoug Rabson 1805c19800e8SDoug Rabson * lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the 1806c19800e8SDoug Rabson caller requested to provide the user with a glue what the caller 1807c19800e8SDoug Rabson was asking for. 1808c19800e8SDoug Rabson 1809c19800e8SDoug Rabson2005-02-05 Luke Howard <lukeh@padl.com> 1810c19800e8SDoug Rabson 1811c19800e8SDoug Rabson * lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop 1812c19800e8SDoug Rabson 1813c19800e8SDoug Rabson * kcm/acquire.c: don't leak salt if keyproc called multiple 1814c19800e8SDoug Rabson times 1815c19800e8SDoug Rabson 1816c19800e8SDoug Rabson * kcm/config.c: allow KCM system ccache to be configured from 1817c19800e8SDoug Rabson krb5.conf, in the system_ccache stanza of [kcm] 1818c19800e8SDoug Rabson 1819*ae771770SStanislav Sedov2005-02-03 Love Hörnquist Åstrand <lha@it.su.se> 1820c19800e8SDoug Rabson 1821c19800e8SDoug Rabson * kcm/protocol.c: use -1 as the invalid pid number 1822c19800e8SDoug Rabson 1823c19800e8SDoug Rabson * kcm/connect.c: support SCM_CREDS (for NetBSD) 1824c19800e8SDoug Rabson 1825c19800e8SDoug Rabson * kcm/Makefile.am: LDADD += LIB_pidfile 1826c19800e8SDoug Rabson 1827c19800e8SDoug Rabson * kcm/connect.c: make it possible to build on systems without 1828c19800e8SDoug Rabson SO_PEERCRED (still doesn't work) 1829c19800e8SDoug Rabson 1830c19800e8SDoug Rabson * kcm/config.c: cast argument to isdigit to unsigned char 1831c19800e8SDoug Rabson 1832c19800e8SDoug Rabson * lib/krb5/krb5.conf.5: document large_msg_size 1833c19800e8SDoug Rabson 1834c19800e8SDoug Rabson * lib/krb5/context.c (init_context_from_config_file): init 1835c19800e8SDoug Rabson large_msg_size to 6000 1836c19800e8SDoug Rabson 1837c19800e8SDoug Rabson * lib/krb5/krb5.h (krb5_context_data): add large_msg_size, 1838c19800e8SDoug Rabson threshold where we start to use transport protocols without tiny 1839c19800e8SDoug Rabson max data transport sizes. 1840c19800e8SDoug Rabson 1841c19800e8SDoug Rabson * lib/krb5/kcm.h: drop prototypes, they all live in krb5-private.h 1842c19800e8SDoug Rabson by now 1843c19800e8SDoug Rabson 1844c19800e8SDoug Rabson2005-02-02 Luke Howard <lukeh@padl.com> 1845c19800e8SDoug Rabson 1846c19800e8SDoug Rabson * configure.in: generate kcm/Makefile 1847c19800e8SDoug Rabson 1848c19800e8SDoug Rabson * Makefile.am: recurse into kcm/ if KCM defined 1849c19800e8SDoug Rabson 1850c19800e8SDoug Rabson * kcm: add KCM daemon 1851c19800e8SDoug Rabson 1852*ae771770SStanislav Sedov2005-02-02 Love Hörnquist Åstrand <lha@it.su.se> 1853c19800e8SDoug Rabson 1854c19800e8SDoug Rabson * lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again 1855c19800e8SDoug Rabson 1856c19800e8SDoug Rabson * lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add 1857c19800e8SDoug Rabson some more error strings 1858c19800e8SDoug Rabson 1859c19800e8SDoug Rabson2005-02-02 Luke Howard <lukeh@padl.com> 1860c19800e8SDoug Rabson 1861c19800e8SDoug Rabson * configure.in: add --enable-kcm option for Kerberos 1862c19800e8SDoug Rabson Credentials Manager (KCM) 1863c19800e8SDoug Rabson 1864c19800e8SDoug Rabson * lib/krb5/Makefile.am: add kcm.c 1865c19800e8SDoug Rabson 1866c19800e8SDoug Rabson * lib/krb5/cache.c: use cc_retrieve_cred if present rather 1867c19800e8SDoug Rabson than enumerating ccache 1868c19800e8SDoug Rabson 1869c19800e8SDoug Rabson * lib/krb5/context.c: register KCM cc_ops 1870c19800e8SDoug Rabson 1871c19800e8SDoug Rabson * lib/krb5/get_cred.c: pass all options to cc_retrieve_cred 1872c19800e8SDoug Rabson 1873c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: add krb5_get_init_creds_keyblock 1874c19800e8SDoug Rabson 1875c19800e8SDoug Rabson * lib/krb5/kcm.[ch]: add initial implementation of KCM 1876c19800e8SDoug Rabson client library 1877c19800e8SDoug Rabson 1878c19800e8SDoug Rabson * lib/krb5/krb5.h: fix cc_retrieve prototype, add KCM cc_ops 1879c19800e8SDoug Rabson 1880c19800e8SDoug Rabson * lib/krb5/send_to_kdc.c: add _krb5_send_and_recv_tcp 1881c19800e8SDoug Rabson 1882c19800e8SDoug Rabson * lib/krb5/store.c: add krb5_store_creds_tag, krb5_ret_creds_tag 1883c19800e8SDoug Rabson 1884c19800e8SDoug Rabson2005-01-24 Luke Howard <lukeh@padl.com> 1885c19800e8SDoug Rabson 1886c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: allow NULL in_options to be passed 1887c19800e8SDoug Rabson krb5_get_init_creds_password() 1888c19800e8SDoug Rabson 1889c19800e8SDoug Rabson * kdc/kerberos5.c: don't crash when logging no server etype 1890c19800e8SDoug Rabson support if client == NULL 1891c19800e8SDoug Rabson 1892*ae771770SStanislav Sedov2005-01-17 Love Hörnquist Åstrand <lha@it.su.se> 1893c19800e8SDoug Rabson 1894c19800e8SDoug Rabson * kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love 1895c19800e8SDoug Rabson <d.love@dl.ac.uk> 1896c19800e8SDoug Rabson 1897*ae771770SStanislav Sedov2005-01-12 Love Hörnquist Åstrand <lha@it.su.se> 1898c19800e8SDoug Rabson 1899c19800e8SDoug Rabson * doc/apps.texi: Texinfo fixes. Text about irix 6.5 using 1900c19800e8SDoug Rabson PAM. From: Dave Love <d.love@dl.ac.uk> 1901c19800e8SDoug Rabson 1902*ae771770SStanislav Sedov2005-01-08 Love Hörnquist Åstrand <lha@it.su.se> 1903c19800e8SDoug Rabson 1904c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: cast argument to isdigit to 1905c19800e8SDoug Rabson unsigned char 1906c19800e8SDoug Rabson 1907c19800e8SDoug Rabson * lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned 1908c19800e8SDoug Rabson char 1909c19800e8SDoug Rabson 1910c19800e8SDoug Rabson * lib/asn1/hash.c (hashcaseadd): cast argument to toupper to 1911c19800e8SDoug Rabson unsigned char 1912c19800e8SDoug Rabson 1913c19800e8SDoug Rabson * appl/kf/kfd.c (kfd_match_version): cast argument to islower to 1914c19800e8SDoug Rabson unsigned char 1915c19800e8SDoug Rabson 1916c19800e8SDoug Rabson * lib/krb5/krb5.3: drop krb5_{checksum,enctype}_is_disabled 1917c19800e8SDoug Rabson 1918c19800e8SDoug Rabson * lib/krb5/krb5_encrypt.3: drop krb5_enctype_is_disabled, more 1919c19800e8SDoug Rabson text about krb5_enctype_valid 1920c19800e8SDoug Rabson 1921c19800e8SDoug Rabson * lib/krb5/krb5_create_checksum.3: drop 1922c19800e8SDoug Rabson krb5_checksum_is_disabled 1923c19800e8SDoug Rabson 1924c19800e8SDoug Rabson * lib/krb5/crypto.c: drop krb5_{checksum,enctype}_isdisabled 1925c19800e8SDoug Rabson 1926c19800e8SDoug Rabson * lib/krb5/context.c: krb5_enctype_is_disabled is the same thing 1927c19800e8SDoug Rabson as krb5_enctype_valid, so use the later since its older and the 1928c19800e8SDoug Rabson api doesn't really need another entry point 1929c19800e8SDoug Rabson 1930c19800e8SDoug Rabson * lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as 1931c19800e8SDoug Rabson krb5_enctype_valid, so use the later since its older and the api 1932c19800e8SDoug Rabson doesn't really need another entry point 1933c19800e8SDoug Rabson 1934c19800e8SDoug Rabson * kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as 1935c19800e8SDoug Rabson krb5_enctype_valid, so use the later since its older and the api 1936c19800e8SDoug Rabson doesn't really need another entry point 1937c19800e8SDoug Rabson 1938*ae771770SStanislav Sedov2005-01-05 Love Hörnquist Åstrand <lha@it.su.se> 1939c19800e8SDoug Rabson 1940c19800e8SDoug Rabson * kpasswd/kpasswdd.8: document --addresses, controls what 1941c19800e8SDoug Rabson addresses kpasswd should listen too 1942c19800e8SDoug Rabson 1943c19800e8SDoug Rabson * kpasswd/kpasswdd.c: add --addresses, controls what addresses 1944c19800e8SDoug Rabson kpasswd should listen too 1945c19800e8SDoug Rabson 1946c19800e8SDoug Rabson * lib/krb5/addr_families.c (krb5_parse_address): filter out dup 1947c19800e8SDoug Rabson addresses from getaddrinfo 1948c19800e8SDoug Rabson 1949c19800e8SDoug Rabson * kpasswd/kpasswd.1: document -c 1950c19800e8SDoug Rabson 1951c19800e8SDoug Rabson * kpasswd/kpasswd.c: allow specifying a credential cache to use 1952c19800e8SDoug Rabson for the admin principal 1953c19800e8SDoug Rabson 1954c19800e8SDoug Rabson * include/bits.c: constify to avoid warning with -Wwrite-string 1955c19800e8SDoug Rabson 1956c19800e8SDoug Rabson * NEWS: add 0.6.2 and 0.6.3 items 1957c19800e8SDoug Rabson 1958c19800e8SDoug Rabson * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey_extended 1959c19800e8SDoug Rabson 1960c19800e8SDoug Rabson * lib/krb5/krb5_is_thread_safe.3: document function 1961c19800e8SDoug Rabson 1962c19800e8SDoug Rabson * lib/krb5/Makefile.am (man_MANS) += krb5_is_thread_safe.3 1963c19800e8SDoug Rabson 1964c19800e8SDoug Rabson * lib/krb5/context.c (krb5_is_thread_safe): return TRUE is the 1965c19800e8SDoug Rabson library was compiled with multithreading support. If not, 1966c19800e8SDoug Rabson application must global lock the library, it it uses threads that 1967c19800e8SDoug Rabson call kerberos functions at the same time. 1968c19800e8SDoug Rabson 1969c19800e8SDoug Rabson2005-01-05 Luke Howard <lukeh@padl.com> 1970c19800e8SDoug Rabson 1971c19800e8SDoug Rabson * lib/krb5/auth_context.c: use krb5_generate_subkey_extended() 1972c19800e8SDoug Rabson 1973c19800e8SDoug Rabson * lib/krb5/appdefault.c: remove redundant KRB5_LIB_FUNCTION 1974c19800e8SDoug Rabson 1975c19800e8SDoug Rabson * lib/krb5/build_auth.c: support for enctype negotiation 1976c19800e8SDoug Rabson (client sends EtypeList in Authenticator authz data) 1977c19800e8SDoug Rabson 1978c19800e8SDoug Rabson * lib/krb5/context.c: mutex should be destroyed last in 1979c19800e8SDoug Rabson krb5_free_context() 1980c19800e8SDoug Rabson 1981c19800e8SDoug Rabson * lib/krb5/generate_subkey.c: add krb5_generate_subkey_extended(), 1982c19800e8SDoug Rabson set *subkey to NULL if key geneartion fails 1983c19800e8SDoug Rabson 1984c19800e8SDoug Rabson * lib/krb5/krb5.h: add KRB5_KU_PA_SERVER_REFERRAL_DATA 1985c19800e8SDoug Rabson 1986c19800e8SDoug Rabson * lib/krb5/mk_req_ext.c: support ETYPE_ARCFOUR_HMAC_MD5_56 1987c19800e8SDoug Rabson 1988c19800e8SDoug Rabson * lib/krb5/rd_req.c: support for enctype negotiation 1989c19800e8SDoug Rabson (client sends EtypeList in Authenticator authz data) 1990c19800e8SDoug Rabson 1991c19800e8SDoug Rabson2005-01-04 Luke Howard <lukeh@padl.com> 1992c19800e8SDoug Rabson 1993c19800e8SDoug Rabson * lib/asn1/k5.asn1: add authorization data types for enctype 1994c19800e8SDoug Rabson negotiation implementation 1995c19800e8SDoug Rabson 1996*ae771770SStanislav Sedov2005-01-04 Love Hörnquist Åstrand <lha@it.su.se> 1997c19800e8SDoug Rabson 1998c19800e8SDoug Rabson * lib/krb5/changepw.c (change_password_loop): on failing to find a 1999c19800e8SDoug Rabson kdc, set result_code to KRB5_KPASSWD_HARDERROR 2000c19800e8SDoug Rabson 2001*ae771770SStanislav Sedov2005-01-01 Love Hörnquist Åstrand <lha@it.su.se> 2002c19800e8SDoug Rabson 2003c19800e8SDoug Rabson * doc/heimdal.texi: Happy New Year 2004c19800e8SDoug Rabson 2005